16ba6d461a8b1c9597c4550dcc10a913_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16ba6d461a8b1c9597c4550dcc10a913_JaffaCakes118
Size

585KB
MD5

16ba6d461a8b1c9597c4550dcc10a913
SHA1

23cb4d8b68801b89b46e82526f6051c92ab1fc18
SHA256

1f3b2bfccbedd8e02200a81e42581500736f0d9df480888afe4f690bc7e60ad0
SHA512

487287721a1aa886de970df113c6769b3a992a8523422faf53780d1663e258e1a253599d715badfb5f2340e6776ca4af57a866a5708cf8b596051b8ee3fc60d6
SSDEEP

12288:om6ApAtwsnwX0jhcyRZA+Q75bwGkEXdFNp8FE09X24d00ruvL6ApABwX0b:om6WewsnwHujQ+GkEPWEQTd00ruvL6We

Score

3^/10

Malware Config

Signatures

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/DLLDownLoader120308.dll
unpack001/$PLUGINSDIR/DLLWaitForKillProgram.dll
unpack001/$PLUGINSDIR/DLLWebCount120207.dll
unpack001/$PLUGINSDIR/ExAddPage20120308.dll
unpack001/$PLUGINSDIR/FILEDownPlug120308.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/IsVista.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/LiveChk20120308.dll
unpack001/$PLUGINSDIR/SetHoldDate2.dll
unpack001/$PLUGINSDIR/UserMgr.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/processes_second.dll
unpack001/$PLUGINSDIR/stack.dll
unpack001/$PLUGINSDIR/xml.dll
unpack001/ancamera4.exe
unpack001/ancameraup.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

16ba6d461a8b1c9597c4550dcc10a913_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

01/01/2021, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:74:d9:37:78:84:64:82:59:b4:bd:65:fa:2a:02:1f
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

01/09/2011, 00:00

Not After

31/08/2013, 23:59

Subject

CN=(주)이비즈네트웍스,O=(주)이비즈네트웍스,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DLLDownLoader120308.dll
.dll windows:4 windows x86 arch:x86

2be5c75b54508e5f9ce230cd7d1c100a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3346
ord3831
ord2554
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1176
ord1243
ord2396
ord5199
ord1089
ord3922
ord5731
ord3830
ord2512
ord4486
ord6375
ord3825
ord4274
ord6467
ord1578
ord600
ord269
ord826

msvcrt

sprintf
__CxxFrameHandler
__dllonexit
_onexit
??1type_info@@UAE@XZ
atoi

kernel32

LocalFree
lstrcpyA
GlobalFree
GetTempPathA
GetPrivateProfileStringA
LocalAlloc

user32

wsprintfA
MessageBoxA

advapi32

RegCloseKey
RegQueryValueExA
RegCreateKeyExA

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

Exports

Exports

DownLoader
myFunction

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DLLWaitForKillProgram.dll
.dll windows:4 windows x86 arch:x86

2e92645153848ef99816d61ac6e2a921

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
Sleep
Process32Next
Process32First
CreateToolhelp32Snapshot
GlobalFree
lstrcpyA
LocalFree
LocalAlloc

mfc42

ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord6375
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1176
ord1243
ord6467
ord4274
ord2982
ord269
ord826
ord600
ord1578

msvcrt

_strupr
toupper
??1type_info@@UAE@XZ
_onexit
__dllonexit
_EH_prolog
__CxxFrameHandler

user32

wsprintfA
MessageBoxA

Exports

Exports

DLLWaitForKillProcess
myFunction

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DLLWebCount120207.dll
.dll windows:4 windows x86 arch:x86

20f16464083ccb9be4a9dc460a3ddbad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord3922
ord3738
ord561
ord825
ord815
ord1199
ord1247
ord690
ord1988
ord2393
ord800
ord5207
ord860
ord6059
ord389
ord540
ord941
ord823
ord939
ord858
ord922
ord6112
ord1176
ord5731
ord2512
ord2554
ord4486
ord6375
ord4424
ord4274
ord1243
ord6467
ord1578
ord600
ord826
ord269

msvcrt

_EH_prolog
__dllonexit
_onexit
??1type_info@@UAE@XZ
__CxxFrameHandler

kernel32

LocalFree
GlobalAlloc
lstrcpynA
lstrcpyA
GlobalFree
LocalAlloc

user32

wsprintfA
MessageBoxA

wsock32

WSAStartup
WSACleanup

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile

Exports

Exports

DLLInstallCheck
DLLWebCount
SocketCount
WebCount
myFunction

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ExAddPage20120308.dll
.dll windows:4 windows x86 arch:x86

a31423df96accd7f6a5fcbbc3f31973a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord823
ord6597
ord6650
ord6591
ord6807
ord6857
ord6823
ord6855
ord6832
ord6859
ord6867
ord6847
ord6814
ord6839
ord6846
ord6858
ord6816
ord6815
ord6812
ord6845
ord6856
ord6808
ord6835
ord4589
ord4588
ord4899
ord4370
ord4892
ord6817
ord5076
ord4340
ord4347
ord4720
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord4078
ord1776
ord4407
ord5240
ord2385
ord5163
ord6374
ord4353
ord5281
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3748
ord5065
ord1725
ord5260
ord2446
ord6614
ord5277
ord6691
ord4627
ord2396
ord4486
ord6514
ord6800
ord4284
ord2233
ord3610
ord6055
ord5290
ord3402
ord3721
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord5241
ord5280
ord3749
ord1727
ord5261
ord2124
ord4425
ord3597
ord795
ord800
ord641
ord567
ord540
ord324
ord656
ord2302
ord4234
ord858
ord5651
ord3127
ord3616
ord3663
ord665
ord5572
ord5442
ord2915
ord3318
ord353
ord922
ord4129
ord5683
ord537
ord1168
ord6199
ord3092
ord6805
ord6215
ord4299
ord2864
ord4710
ord755
ord470
ord2379
ord4047
ord2086
ord2867
ord6242
ord6467
ord765
ord3698
ord3742
ord818
ord4275
ord535
ord6320
ord3571
ord3626
ord2414
ord1768
ord640
ord5785
ord1641
ord1146
ord1640
ord323
ord1105
ord2614
ord861
ord3811
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord5199
ord1089
ord3922
ord5731
ord2512
ord4432
ord2554
ord600
ord826
ord269
ord6375
ord6478
ord4274
ord1116

msvcrt

_onexit
??1type_info@@UAE@XZ
free
_initterm
malloc
_adjust_fdiv
_EH_prolog
_ftol
__CxxFrameHandler
__dllonexit

kernel32

LocalFree
ResumeThread
GetTempPathA
lstrcpyA
GlobalFree
LocalAlloc

user32

wsprintfA
DispatchMessageA
LoadBitmapA
OffsetRect
GetParent
FindWindowExA
SendMessageA
EnableWindow
InvalidateRect
PostMessageA
ShowWindow
IsWindowVisible
GetMessageA
IsDialogMessageA
TranslateMessage
GetClientRect

gdi32

BitBlt
CreateCompatibleDC

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

wininet

InternetGetConnectedState

shlwapi

StrFormatByteSizeA

Exports

Exports

showPage
sponPage

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FILEDownPlug120308.dll
.dll windows:4 windows x86 arch:x86

1b6303fba3c09e3c12e1f0a7f2cc93ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
RtlUnwind

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry

Exports

Exports

Download

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/IsVista.dll
.dll windows:4 windows x86 arch:x86

efa700f367af492674a29b601d27bd91

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
lstrcpynA
GlobalAlloc
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

IsVista

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

602d7a78172a6f5b4541df0fb5a6b875

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
GetOEMCP
GetACP
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA

user32

GetWindow
GetClassNameA
PostMessageA
GetDesktopWindow
FindWindowA

shell32

ShellExecuteA

Exports

Exports

KillExplorer
KillExplorer1
KillIExplorer
KillProc

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LiveChk20120308.dll
.dll windows:4 windows x86 arch:x86

61d7250d1f0e49e7d8f5ab4e906c3bf3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileStringA
GlobalFree
lstrcpyA
lstrcpynA
FindFirstFileA
FindClose
GetTempPathA
GlobalAlloc
DeleteFileA
LCMapStringW
LCMapStringA
CloseHandle
GetLastError
SetFilePointer
GetStdHandle
DeleteCriticalSection
WriteFile
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
InitializeCriticalSection
SetStdHandle
ExitProcess
HeapAlloc
HeapFree
TerminateProcess
GetCurrentProcess
RtlUnwind
GetCurrentThreadId
TlsSetValue
SetLastError
TlsGetValue
GetModuleFileNameA
VirtualFree
VirtualAlloc
HeapReAlloc
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA

user32

wsprintfA
MessageBoxA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

Exports

Exports

LiveChker
myFunction

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISPromotionEx.ini
$PLUGINSDIR/SetHoldDate2.dll
.dll windows:4 windows x86 arch:x86

64043ebf9d5bf4e8ead17ce6db58991e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
RtlUnwind
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
HeapAlloc
HeapFree
HeapSize
FlushFileBuffers
ExitProcess
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFilePointer
WriteFile
GetCurrentProcess
GetOEMCP
GetCPInfo
GetProcessVersion
LoadLibraryA
FreeLibrary
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
GlobalFlags
lstrcmpiA
lstrcmpA
GetLastError
SetLastError
GetVersion
GetModuleFileNameA
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
GetCurrentThreadId
CloseHandle
GlobalLock
GlobalUnlock
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalAlloc
lstrcpynA
lstrcpyA
HeapReAlloc
GlobalFree

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

comctl32

ord17

user32

LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
TabbedTextOutA
DrawTextA
GrayStringA
PostQuitMessage
DestroyMenu
PostMessageA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
GetClientRect
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetDlgItem
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
GetLastActivePopup
IsWindowEnabled
MessageBoxA
EnableWindow
SetFocus
GetFocus
GetParent
GetWindowTextA
SetWindowsHookExA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetMenu
LoadIconA
PeekMessageA
CallNextHookEx
GetKeyState
SendMessageA
DispatchMessageA
UnhookWindowsHookEx
UnregisterClassA
LoadStringA
GetMenuItemID
GetWindowLongA
GetClassNameA
GetMenuItemCount
GetSubMenu
GetMenuState

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
GetDeviceCaps

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

Exports

Exports

??0CSetHoldDate2@@QAE@XZ
??4CSetHoldDate2@@QAEAAV0@ABV0@@Z
?fnSetHoldDate2@@YAHXZ
?nSetHoldDate2@@3HA
SetHoldData
SetHoldDate2

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserMgr.dll
.dll windows:4 windows x86 arch:x86

bac2b3d4a0df9a23aee940b8ecd0d168

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalAlloc
LocalFree
GetEnvironmentVariableA
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcess
GetLastError
CloseHandle
FlushFileBuffers
GetStringTypeW
GetStringTypeA
SetStdHandle
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
SetFilePointer
VirtualAlloc

advapi32

LsaOpenPolicy
LsaEnumerateAccountRights
LsaNtStatusToWinError
LsaFreeMemory
GetNamedSecurityInfoA
SetEntriesInAclA
SetNamedSecurityInfoA
LsaClose
ConvertStringSidToSidA
LookupAccountSidA
GetUserNameA
RegUnLoadKeyA
ConvertSidToStringSidA
RegOpenKeyExA
LsaAddAccountRights
LsaRemoveAccountRights
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
LookupAccountNameA
LogonUserA
RegLoadKeyA
RegCloseKey
RegQueryValueExA

netapi32

NetUserAdd
NetUserDel
NetGroupDelUser
NetLocalGroupGetMembers
NetLocalGroupAddMembers
NetLocalGroupAdd
NetLocalGroupDel
NetUserChangePassword
NetUserSetInfo
NetUserGetInfo
NetWkstaUserGetInfo
NetApiBufferFree

userenv

LoadUserProfileA
UnloadUserProfile

Exports

Exports

AddPrivilege
AddToGroup
BuiltAccountEnv
ChangeUserPassword
CreateAccount
CreateAccountEx
CreateGroup
DeleteAccount
DeleteGroup
GetCurrentDomain
GetCurrentUserName
GetLocalizedStdAccountName
GetSIDFromUserName
GetUserInfo
GetUserNameFromSID
HasPrivilege
IsMemberOfGroup
RegLoadUserHive
RegUnLoadUserHive
RemoveFromGroup
RemovePrivilege
SetRegKeyAccess
SetUserInfo

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ancameralicense4.txt
$PLUGINSDIR/installoption.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/processes_second.dll
.dll windows:4 windows x86 arch:x86

522ca24d77f428ea710f83ca6b5d4867

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Nsis\플러그인\processes\setup-processes\src\Debug\processes.pdb

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
OpenProcess
TerminateProcess
GlobalFree
lstrcpyA
CompareStringW
CompareStringA
GetLocaleInfoW
GetSystemInfo
VirtualProtect
GetCurrentThreadId
GetCommandLineA
GetVersionExA
DebugBreak
RaiseException
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetModuleFileNameA
GetCurrentProcess
ExitProcess
GetModuleHandleA
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetLastError
GetLastError
GetCurrentThread
IsBadWritePtr
IsBadReadPtr
HeapValidate
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
UnhandledExceptionFilter
RtlUnwind
HeapAlloc
GetProcessHeap
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
SetConsoleCtrlHandler
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
VirtualQuery
InterlockedExchange
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
LCMapStringA
LCMapStringW
FlushFileBuffers
GetTimeZoneInformation
SetEnvironmentVariableA

user32

FindWindowA
UpdateWindow
GetDesktopWindow
wsprintfA

Exports

Exports

FindDevice
FindProcess
KillProcess

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/stack.dll
.dll windows:4 windows x86 arch:x86

55ae76a2cfe164921f566c03cfbba5ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcmpiA
lstrcpyA
lstrcpynA
GlobalUnlock
lstrcatA
GlobalLock
lstrlenA

user32

CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
wsprintfA
SendMessageA
GetDlgItem
EndDialog
DialogBoxParamA

Exports

Exports

_Debug
_Unload
_dll_clear
_dll_create
_dll_delete
_dll_delete_range
_dll_destroy
_dll_exchange
_dll_insert
_dll_move
_dll_move_range
_dll_push_sort
_dll_push_sort_int
_dll_read
_dll_reverse_range
_dll_size
_dll_sort_all
_dll_sort_all_int
_dll_write
_ns_clear
_ns_pop_front
_ns_push_back
_ns_push_front
_ns_read
_ns_size
_ns_write

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 622B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/xml.dll
.dll windows:4 windows x86 arch:x86

b5ed5b3a951d4443ce56e5453702d536

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpynA
lstrcmpA
lstrcmpiA
lstrcpyA
RtlUnwind
GetModuleFileNameA
RaiseException
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapSize
GetLastError
LoadLibraryA
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
CloseHandle
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileA
VirtualProtect
GetSystemInfo
VirtualQuery
SetStdHandle
GetLocaleInfoA
InterlockedExchange
SetEndOfFile

Exports

Exports

_CloneNode
_Coordinate
_CreateNode
_CreateText
_CurrentAttribute
_DeclarationEncoding
_DeclarationStandalone
_DeclarationVersion
_ElementPath
_FindCloseElement
_FindNextElement
_FirstAttribute
_FirstChild
_FirstChildElement
_FreeNode
_GetAttribute
_GetNodeValue
_GetText
_GotoHandle
_GotoPath
_InsertAfterNode
_InsertBeforeNode
_InsertEndChild
_IsCDATA
_LastAttribute
_LastChild
_LoadFile
_NextAttribute
_NextSibling
_NextSiblingElement
_NoChildren
_NodeHandle
_NodeType
_Parent
_PreviousAttribute
_PreviousSibling
_RemoveAllChild
_RemoveAttribute
_RemoveNode
_ReplaceNode
_RootElement
_SaveFile
_SetAttribute
_SetAttributeName
_SetAttributeValue
_SetCDATA
_SetCondenseWhiteSpace
_SetEncoding
_SetNodeValue
_SetText
_Unload
_XPathAttribute
_XPathNode
_XPathString

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/ancamera.xml
.xml
Uninstall.exe.nsis
ancamera4.exe
.exe windows:4 windows x86 arch:x86

08acdca9c6f299787117c2cf2f04ce4d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord6052
ord1775
ord4407
ord4425
ord3597
ord2575
ord6055
ord4078
ord1776
ord4396
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3402
ord4627
ord3574
ord609
ord567
ord324
ord6453
ord2302
ord4234
ord3619
ord3092
ord1641
ord823
ord1768
ord6197
ord4710
ord5280
ord3874
ord860
ord3663
ord3626
ord2414
ord6805
ord4299
ord1949
ord818
ord4275
ord2379
ord3571
ord3573
ord3693
ord613
ord640
ord1168
ord6880
ord6605
ord5788
ord5787
ord2405
ord5785
ord1640
ord323
ord289
ord2452
ord1146
ord3610
ord1200
ord6380
ord755
ord470
ord6172
ord5875
ord6710
ord2863
ord6378
ord4284
ord4220
ord3825
ord3654
ord5981
ord2438
ord6270
ord1175
ord1644
ord3097
ord5953
ord5710
ord4129
ord5683
ord858
ord6877
ord4998
ord482
ord3499
ord3177
ord2515
ord355
ord2645
ord6597
ord6650
ord6591
ord6807
ord6857
ord6823
ord6855
ord6832
ord6859
ord6867
ord6847
ord6839
ord6846
ord6858
ord6816
ord6815
ord6812
ord6845
ord6856
ord6808
ord6835
ord4589
ord4588
ord4899
ord4370
ord4892
ord6817
ord5076
ord4340
ord4347
ord4720
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord5260
ord6614
ord6691
ord4432
ord6478
ord6514
ord6800
ord2233
ord539
ord6814
ord809
ord556
ord2754
ord2859
ord6358
ord1088
ord2122
ord3692
ord2450
ord6699
ord1601
ord1871
ord3721
ord795
ord3089
ord3797
ord5789
ord2860
ord941
ord4476
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4853
ord4376
ord5265
ord924
ord6199
ord2642
ord2915
ord5572
ord535
ord1134
ord2621
ord2818
ord2864
ord6215
ord2514
ord656
ord641
ord537
ord825
ord561
ord540
ord2614
ord815
ord800
ord3738
ord4424
ord4622
ord4080
ord2527
ord3079
ord4486
ord6375
ord2584
ord4274
ord1576

msvcrt

_stricmp
__CxxFrameHandler
_splitpath
_strupr
_setmbcp
atoi
atol
free
malloc
_ftol
_mbscmp
sprintf
wcscmp
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

kernel32

GetCurrentThreadId
GetVersion
CreateFileA
WriteFile
CloseHandle
GetTickCount
FindFirstFileA
FindClose
GetVersionExA
GetProcAddress
GetPrivateProfileIntA
GlobalAlloc
GlobalLock
GetPrivateProfileStringA
WritePrivateProfileStringA
Sleep
GetModuleHandleA
GetModuleFileNameA
lstrcmpiA
CreateMutexA
GetLastError
ReleaseMutex
GetStartupInfoA

user32

ChildWindowFromPointEx
WindowFromPoint
SetWindowTextA
GetDC
PostQuitMessage
LoadAcceleratorsA
GetSysColor
DrawFocusRect
DrawEdge
GetCapture
SetWindowRgn
ReleaseCapture
GetNextDlgGroupItem
PeekMessageA
FillRect
AppendMenuA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
RegisterWindowMessageA
SetFocus
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SendMessageA
FindWindowA
GetLastActivePopup
MessageBoxA
GetWindowLongA
SetWindowLongA
RedrawWindow
IsWindow
ReleaseDC
IsIconic
InvalidateRect
LoadImageA
PostMessageA
PtInRect
SetCursor
TranslateAcceleratorA
LoadIconA
LoadBitmapA
ValidateRect
GetSystemMetrics
GetCursorPos
ScreenToClient
ClientToScreen
OffsetRect
LoadCursorA
DrawIcon
KillTimer
SetTimer
EnableWindow
GetClientRect
LoadMenuA
GetSubMenu
SetMenuDefaultItem
SetForegroundWindow
GetWindowRect
SetWindowPos
GetParent
ModifyMenuA
EnableMenuItem
TranslateMessage
BringWindowToTop
GetSystemMenu
GetDesktopWindow
DispatchMessageA

gdi32

CreateSolidBrush
StretchBlt
GetObjectA
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
GetDeviceCaps
BitBlt
SelectObject
RestoreDC
EndDoc
EndPage
CreatePen
StartPage
StartDocA
GetDIBits
DeleteObject
DeleteDC
SelectClipRgn
CombineRgn
CreateRectRgn
GetPixel
CreateDIBSection
GetBitmapBits
GetStockObject
StretchDIBits
CreateFontA
Rectangle

comdlg32

GetSaveFileNameA

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA
ShellExecuteA

comctl32

_TrackMouseEvent

oleaut32

SysFreeString

shlwapi

PathCompactPathA

gdiplus

GdipBitmapUnlockBits
GdipBitmapLockBits
GdipAlloc
GdipFree
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipDisposeImage
GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ancameraup.exe
.exe windows:4 windows x86 arch:x86

e44aa8bad4824598e696f20203b73f50

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord3663
ord3626
ord641
ord800
ord795
ord2414
ord686
ord765
ord609
ord2514
ord2621
ord1134
ord540
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord3698
ord2575
ord4396
ord3574
ord6055
ord1776
ord5290
ord3402
ord3721
ord3571
ord3619
ord1146
ord1168
ord384
ord567
ord2302
ord1768
ord5943
ord4224
ord6805
ord6199
ord858
ord6215
ord4299
ord4160
ord2863
ord2379
ord755
ord470
ord1105
ord2642
ord3089
ord4476
ord2820
ord3811
ord2862
ord2096
ord2123
ord6442
ord2116
ord3831
ord668
ord1980
ord3181
ord4058
ord2781
ord2770
ord926
ord537
ord356
ord941
ord939
ord922
ord924
ord4129
ord2764
ord860
ord2818
ord535
ord2614
ord861
ord3610
ord656
ord4275
ord3398
ord3733
ord810
ord4271
ord2864
ord3303
ord3914
ord6008
ord4000
ord3297
ord3290
ord823
ord1929
ord3573
ord3797
ord1200
ord923
ord6597
ord6650
ord6591
ord6807
ord6857
ord6823
ord6855
ord6832
ord6859
ord6867
ord6847
ord6814
ord6839
ord6846
ord6858
ord6816
ord6815
ord6812
ord6845
ord6856
ord6808
ord6835
ord4589
ord4588
ord4899
ord4370
ord4892
ord6817
ord5076
ord4340
ord4347
ord4720
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord5260
ord6614
ord6691
ord4432
ord6478
ord6514
ord6800
ord4284
ord2233
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord1641
ord4673
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_setmbcp
__CxxFrameHandler
sprintf
atoi
_mbscmp
malloc
fclose
fopen
_ftol
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_controlfp

kernel32

GetTempPathA
GetPrivateProfileStringA
CreateProcessA
GetStartupInfoA
OpenMutexA
WaitForSingleObject
RemoveDirectoryA
DeleteFileA
GetModuleHandleA
lstrlenA
ResumeThread
GetLastError
CreateMutexA
CreateDirectoryA
GetCommandLineA
GetModuleFileNameA

user32

GetSysColor
SetWindowLongA
MessageBeep
IsWindowVisible
SetCursor
LoadCursorA
SetTimer
LoadBitmapA
GetMessagePos
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
EnableWindow
GetParent
FindWindowA
InvalidateRect
LoadIconA
SetFocus
KillTimer
wsprintfA
ScreenToClient

gdi32

CreateSolidBrush
CreateFontA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA

comctl32

ImageList_AddMasked

urlmon

URLDownloadToFileA

wininet

InternetGetConnectedState

shlwapi

PathRemoveFileSpecA
StrFormatByteSizeA

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

3b:74:d9:37:78:84:64:82:59:b4:bd:65:fa:2a:02:1fCertificate

Extended Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 96KB

.rsrc Size: 25KB - Virtual size: 24KB

2be5c75b54508e5f9ce230cd7d1c100a

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

urlmon

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 5KB

.CRT Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 880B

.reloc Size: 4KB - Virtual size: 518B

2e92645153848ef99816d61ac6e2a921

Headers

File Characteristics

Imports

kernel32

mfc42

msvcrt

user32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

.CRT Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 944B

.reloc Size: 4KB - Virtual size: 544B

20f16464083ccb9be4a9dc460a3ddbad

Headers

File Characteristics

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

3b:74:d9:37:78:84:64:82:59:b4:bd:65:fa:2a:02:1f
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 96KB

.rsrc
Size: 25KB - Virtual size: 24KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 5KB

.CRT
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 880B

.reloc
Size: 4KB - Virtual size: 518B

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.CRT
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 944B

.reloc
Size: 4KB - Virtual size: 544B

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.CRT
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 1008B

.reloc
Size: 4KB - Virtual size: 568B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 132KB - Virtual size: 128KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB