$RYYZLFA[.]exe

Resubmissions

05/05/2024, 11:09

240505-m9cwnsgb7v 8

Sharing

Copy URL Twitter E-mail

General

Target

$RYYZLFA.exe
Size

16.2MB
MD5

2200a17ff232c6487ff86c2a4f1b1008
SHA1

7e9b3b790717af8a2a168e278d3d6d7a25769495
SHA256

83de3d35f8e1d37a48c48051027f791adf1627a6e9c356c926cc6a17b8a9e1b7
SHA512

4f01267d6f57b7635054de5ffd5d5c49ae9cd0625f43315e20956babdb142587d9161044cab38f389c5cd623114fcfd7c70206ed9878a4a3abb4a2bf51ab5150
SSDEEP

393216:62Ukj/b+TxPQpiQH3l9/pFnk482YmYC+SsSkJ8:ee/b+RhMIIYmYpSo8

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UserInfo.dll
unpack002/$SYSDIR/winhttp.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/UserInfo.dll
unpack003/$PLUGINSDIR/nsDialogs.dll

Files

$RYYZLFA.exe
.exe windows:5 windows x86 arch:x86

bd0641e21b10edfc0a54866bde1ee66c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:ff:4c:1a:af:db:3b:a8:6c:db:cb:8b:36:ad:8e:2e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/05/2013, 00:00

Not After

20/07/2015, 23:59

Subject

CN=Electronic Arts\, Inc.,OU=EAC+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Electronic Arts\, Inc.,L=Burnaby,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:37:10:3e:ac:c1:d8:51:ca:4c:17:87:81:b5:12:0f:75:79:83:ef
Signer

Actual PE Digest

4d:37:10:3e:ac:c1:d8:51:ca:4c:17:87:81:b5:12:0f:75:79:83:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
CreateFileW
lstrcatW
lstrcpyW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
GetVersionExW
GetEnvironmentVariableW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
MessageBoxExW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Setup.exe
.exe windows:5 windows x86 arch:x86

bd0641e21b10edfc0a54866bde1ee66c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:ff:4c:1a:af:db:3b:a8:6c:db:cb:8b:36:ad:8e:2e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/05/2013, 00:00

Not After

20/07/2015, 23:59

Subject

CN=Electronic Arts\, Inc.,OU=EAC+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Electronic Arts\, Inc.,L=Burnaby,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:9d:90:23:0e:86:8c:b4:3f:e2:6b:8a:43:af:b5:d8:a4:44:30:70
Signer

Actual PE Digest

8d:9d:90:23:0e:86:8c:b4:3f:e2:6b:8a:43:af:b5:d8:a4:44:30:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
CreateFileW
lstrcatW
lstrcpyW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
GetVersionExW
GetEnvironmentVariableW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
MessageBoxExW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 204KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:5 windows x86 arch:x86

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/winhttp.dll
.dll regsvr32 windows:5 windows x86 arch:x86

86660019029121b29ff1b3398c0c83d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

winhttp.pdb

Imports

msvcrt

_wcsicmp
wcscpy
wcsncmp
_ltoa
wcsstr
wcscat
sprintf
isalpha
iscntrl
isspace
time
islower
iswlower
iswdigit
iswxdigit
wcstol
wcschr
isdigit
memchr
wcstok
_wtoi
wcsncpy
wcsncat
_wcsnicmp
wcscmp
rand
free
_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit
_purecall
isxdigit
wcsrchr
_except_handler3

shlwapi

StrStrW
StrCmpW
StrCmpNIW
StrCpyNW
StrStrIA
StrCmpIW
StrChrA
ord342
ord151
SHGetValueA
StrToIntA
StrCmpNIA
StrNCatA
StrRChrA
UrlCombineA
UrlCanonicalizeA
ord153
StrStrA
UrlUnescapeA

advapi32

RegOpenKeyA
RegCreateKeyExW
AllocateAndInitializeSid
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
GetUserNameA
OpenProcessToken
GetTokenInformation
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
OpenThreadToken
RevertToSelf
SetThreadToken
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryValueA

kernel32

ResetEvent
RtlMoveMemory
CreateFileA
lstrcpynA
SetFilePointer
SetEndOfFile
WriteFile
OutputDebugStringA
SetErrorMode
GetDateFormatA
GetSystemTime
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatus
CreateThread
FreeLibraryAndExitThread
Sleep
SetEvent
InterlockedCompareExchange
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
LocalAlloc
LocalFree
InterlockedIncrement
GetCPInfo
IsDBCSLeadByteEx
WaitForSingleObject
ReleaseMutex
CreateMutexA
GlobalAlloc
TlsFree
TlsGetValue
TlsAlloc
TlsSetValue
InterlockedExchangeAdd
GetExitCodeThread
LocalFileTimeToFileTime
GetModuleHandleA
lstrcmpA
FormatMessageW
GlobalUnlock
GlobalLock
LoadLibraryW
CompareFileTime
GlobalSize
DeviceIoControl
GetComputerNameA
VirtualFree
VirtualAlloc
CreateSemaphoreA
ReleaseSemaphore
RaiseException
GlobalMemoryStatus
IsBadStringPtrA
PostQueuedCompletionStatus
GetLastError
MultiByteToWideChar
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
lstrlenA
lstrcatA
lstrcpyA
InterlockedExchange
GetVersionExA
GlobalFree
SetLastError
IsBadWritePtr
IsBadStringPtrW
IsBadReadPtr
WideCharToMultiByte
lstrlenW
IsBadCodePtr
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
lstrcmpiA
CreateEventA
CloseHandle
GetCurrentThread
lstrcmpiW
GetModuleFileNameW

user32

wsprintfW
CreateWindowExA
SetWindowLongA
MsgWaitForMultipleObjects
UnregisterClassA
RegisterClassA
PostMessageA
GetWindowLongA
DefWindowProcA
DestroyWindow
PeekMessageA
TranslateMessage
DispatchMessageA
CharLowerA
CharUpperA
CharToOemA
wsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
WinHttpAddRequestHeaders
WinHttpCheckPlatform
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpCreateUrl
WinHttpDetectAutoProxyConfigUrl
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryAuthSchemes
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetCredentials
WinHttpSetDefaultProxyConfiguration
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpTimeFromSystemTime
WinHttpTimeToSystemTime
WinHttpWriteData

Sections

.text
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Origin.exe
.exe windows:5 windows x86 arch:x86

ea492bfca8d10d16b4aa9b84e17b834d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:ff:4c:1a:af:db:3b:a8:6c:db:cb:8b:36:ad:8e:2e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/05/2013, 00:00

Not After

20/07/2015, 23:59

Subject

CN=Electronic Arts\, Inc.,OU=EAC+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Electronic Arts\, Inc.,L=Burnaby,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c7:d5:ff:55:f6:83:e0:24:be:dc:10:f2:3e:9d:d5:ab:3f:2b:d8:2d
Signer

Actual PE Digest

c7:d5:ff:55:f6:83:e0:24:be:dc:10:f2:3e:9d:d5:ab:3f:2b:d8:2d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\ebisu\hudson\workspace\Origin-HL\origin\HL\originClient\dev\runtime\Origin.pdb

Imports

gdi32

CreateFontW
SetTextColor
GetStockObject
GetObjectW
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
GetDeviceCaps
CreateSolidBrush

user32

EndDialog
LoadIconW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
CreateAcceleratorTableW
RegisterClassExW
LoadCursorW
GetClassInfoExW
IsWindow
SendMessageW
SetFocus
GetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
GetParent
MapWindowPoints
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
GetDlgItemTextW
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
GetSysColor
CharNextW
CreateDialogParamW
SetWindowTextW
GetMessageW
TranslateMessage
DispatchMessageW
GetWindowLongW
SetWindowLongW
ShowWindow
SetDlgItemTextW
GetDlgItem
SendNotifyMessageW
PostMessageW
MessageBoxExW
wsprintfW
DefWindowProcW
RegisterClassW
GetWindowRect
MapDialogRect
IsDialogMessageW
ReleaseDC
EnableWindow
CreateWindowExW
DestroyWindow
UnregisterClassA
GetWindow
IsWindowVisible
SetForegroundWindow
GetWindowThreadProcessId
FindWindowW
SendMessageTimeoutW
IsChild

advapi32

SetSecurityInfo
SetEntriesInAclW
ConvertStringSidToSidW
GetSecurityInfo
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
GetUserNameW

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReadData
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetOption
WinHttpSendRequest
WinHttpCloseHandle
WinHttpReceiveResponse

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

msvcp100

?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?_BADOFF@std@@3_JB
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
?id@?$codecvt@DDH@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ

msvcr100

fgetc
fputc
ungetc
_lock_file
_unlock_file
fflush
setvbuf
tolower
fwrite
memcpy_s
fgetpos
_fseeki64
fsetpos
fclose
asctime
wcsftime
malloc
exit
wcsncpy_s
towlower
??0bad_cast@std@@QAE@ABV01@@Z
swprintf_s
__argv
__argc
strncmp
wcstombs_s
_wcslwr_s
_itow_s
mbstowcs_s
sprintf
_wchdir
calloc
_errno
_close
_setmode
_strdup
mbtowc
strrchr
_umask
_mktime64
abort
realloc
wcsncpy
fprintf
__iob_func
_get_osfhandle
_wrmdir
_rmdir
_wunlink
_unlink
wcsncat
wcsrchr
isalpha
_wopen
_open
_open_osfhandle
toupper
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_crt_debugger_hook
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
_time64
_localtime64
_vswprintf
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
memmove
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
wcsstr
clock
wcstok_s
_wtoi
_wcsicmp
??_V@YAXPAX@Z
__CxxFrameHandler3
_CxxThrowException
free
wcschr
??3@YAXPAX@Z
memset
wcscpy_s
wcscat_s
memcpy
_recalloc

kernel32

IsProcessorFeaturePresent
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
GetFileInformationByHandle
GetNamedPipeHandleStateA
PeekNamedPipe
CreateDirectoryA
SetUnhandledExceptionFilter
SetFileAttributesW
SetFilePointerEx
SetEndOfFile
GetFileAttributesW
GetFileType
SetFileTime
LoadLibraryA
CreateFileA
GetFullPathNameW
lstrlenA
FindNextFileW
WideCharToMultiByte
GetPrivateProfileStringW
GetVersionExW
SetFileAttributesA
Sleep
CreateThread
WaitForSingleObject
LoadLibraryW
CreateToolhelp32Snapshot
GetCurrentProcessId
Process32FirstW
Process32NextW
FindFirstFileW
CreateProcessW
FindClose
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
InterlockedPushEntrySList
HeapFree
GetProcessHeap
HeapAlloc
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
GetFileAttributesA
MulDiv
lstrcmpW
GetCurrentProcess
FlushInstructionCache
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
lstrlenW
GetCurrentThreadId
GetProcAddress
InitializeCriticalSectionAndSpinCount
RaiseException
LocalFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLocaleInfoW
GlobalAlloc
GlobalLock
GlobalUnlock
CreateDirectoryW
FindResourceW
LoadResource
SizeofResource
LockResource
FreeResource
GetFileSize
ReadFile
MoveFileExW
MoveFileW
WriteFile
MultiByteToWideChar
DeleteFileW
GetDiskFreeSpaceExW
CreateFileW
GetModuleHandleW
OpenProcess
TerminateProcess
SetLastError
CreateMutexW
GetLastError
CloseHandle
GetCommandLineW

ole32

CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
OleUninitialize

shell32

ShellExecuteW
SHCreateDirectoryExW
ShellExecuteExW
SHGetFolderPathW

oleaut32

LoadTypeLi
LoadRegTypeLi
SysFreeString
VariantInit
VariantClear
SysAllocString
SysAllocStringLen
SysStringLen
VarUI4FromStr
OleCreateFontIndirect
VariantChangeType

shlwapi

PathFileExistsW
wnsprintfW

comctl32

InitCommonControlsEx

wintrust

WinVerifyTrust

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/OriginUninstall.exe
.exe windows:5 windows x86 arch:x86

bd0641e21b10edfc0a54866bde1ee66c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:ff:4c:1a:af:db:3b:a8:6c:db:cb:8b:36:ad:8e:2e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/05/2013, 00:00

Not After

20/07/2015, 23:59

Subject

CN=Electronic Arts\, Inc.,OU=EAC+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Electronic Arts\, Inc.,L=Burnaby,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:ff:1f:b8:15:d6:22:d7:ec:5e:36:b5:de:70:02:d7:9a:bc:fa:34
Signer

Actual PE Digest

4d:ff:1f:b8:15:d6:22:d7:ec:5e:36:b5:de:70:02:d7:9a:bc:fa:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
CreateFileW
lstrcatW
lstrcpyW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
GetVersionExW
GetEnvironmentVariableW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
MessageBoxExW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 224KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:5 windows x86 arch:x86

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/installerdll$_16_.dll
.dll windows:5 windows x86 arch:x86

fe88e6ef81ce0daaa7072aee91a875a7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:ff:4c:1a:af:db:3b:a8:6c:db:cb:8b:36:ad:8e:2e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/05/2013, 00:00

Not After

20/07/2015, 23:59

Subject

CN=Electronic Arts\, Inc.,OU=EAC+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Electronic Arts\, Inc.,L=Burnaby,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:bd:6a:10:e3:65:7a:24:a1:1b:96:ae:02:26:3d:07:e9:17:e4:c5
Signer

Actual PE Digest

26:bd:6a:10:e3:65:7a:24:a1:1b:96:ae:02:26:3d:07:e9:17:e4:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\ebisu\hudson\workspace\Origin-HL\origin\HL\InstallerDLL\dev\bin\InstallerDLL.pdb

Imports

user32

IntersectRect
IsIconic
InvalidateRect
SetCursor
ShowOwnedPopups
DeleteMenu
SetTimer
KillTimer
IsRectEmpty
OffsetRect
IsZoomed
SetWindowRgn
SetParent
DestroyAcceleratorTable
CreatePopupMenu
WindowFromPoint
NotifyWinEvent
MessageBoxA
GetAsyncKeyState
SetClassLongW
LoadMenuW
GetSystemMenu
SetCapture
ReleaseCapture
MessageBeep
DrawStateW
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
CopyAcceleratorTableW
ToUnicodeEx
MapVirtualKeyW
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
SetRect
SetCursorPos
BringWindowToTop
LockWindowUpdate
GetMenuDefaultItem
InvertRect
HideCaret
EnableScrollBar
GetNextDlgTabItem
GetIconInfo
LoadImageW
GetNextDlgGroupItem
EndDialog
CreateDialogIndirectParamW
TranslateAcceleratorW
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
MonitorFromPoint
UnionRect
UpdateLayeredWindow
IsMenu
CreateMenu
PostThreadMessageW
WaitMessage
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
DestroyWindow
TranslateMessage
PeekMessageW
GetDlgItem
ShowWindow
CreateDialogParamW
SetDlgItemTextW
SendMessageW
DispatchMessageW
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
GetSystemMetrics
CharUpperW
UnhookWindowsHookEx
ValidateRect
GetCursorPos
GetKeyState
IsWindowVisible
GetActiveWindow
GetMessageW
CallNextHookEx
SetWindowsHookExW
UnregisterClassW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetParent
GetWindowThreadProcessId
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
LoadCursorW
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindow
PtInRect
CopyRect
SetWindowPos
SetWindowLongW
GetMenu
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
GetWindowPlacement
SetWindowPlacement
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
GetWindowRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
PostMessageW
GetClientRect
UpdateWindow
RedrawWindow
ShowScrollBar
SetForegroundWindow
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
TrackPopupMenu
ScrollWindow
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetMessagePos
GetMessageTime
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
SetActiveWindow
GetForegroundWindow
SetFocus
IsWindow
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
LoadIconW
RegisterWindowMessageW
CheckDlgButton
IsDialogMessageW
SetWindowTextW
MoveWindow
ClientToScreen
RealChildWindowFromPoint
GetDesktopWindow
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetWindowDC
BeginPaint
EndPaint
DestroyIcon
InflateRect
GetMenuItemInfoW
DestroyMenu
SystemParametersInfoW
PostQuitMessage
CopyImage
SetRectEmpty
EnumDisplayMonitors
SetLayeredWindowAttributes

advapi32

SetSecurityInfo
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
OpenProcessToken
OpenThreadToken
IsTextUnicode
RegQueryValueExW
RegOpenKeyW
ConvertStringSidToSidW
LookupPrivilegeValueW
GetSecurityInfo
SetEntriesInAclW
AdjustTokenPrivileges
RegCloseKey

kernel32

HeapAlloc
GetProcessHeap
HeapFree
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
OutputDebugStringA
GetExitCodeThread
SetThreadIdealProcessor
GetSystemInfo
CreateSemaphoreA
ReleaseSemaphore
IsDebuggerPresent
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetNativeSystemInfo
EncodePointer
DecodePointer
GetCommandLineA
HeapReAlloc
RtlUnwind
ExitThread
HeapSize
HeapQueryInformation
ExitProcess
VirtualAlloc
VirtualQuery
SetStdHandle
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
HeapCreate
HeapDestroy
LCMapStringW
IsProcessorFeaturePresent
SetHandleCount
GetStdHandle
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleCP
GetConsoleMode
WriteConsoleW
FindResourceW
LoadResource
SizeofResource
GetEnvironmentVariableA
GetSystemTimeAsFileTime
RaiseException
LockResource
FindFirstFileW
FreeLibrary
MoveFileExW
GetCurrentProcess
WaitForSingleObject
GetCurrentThread
GetPrivateProfileStringW
OpenProcess
WideCharToMultiByte
LoadLibraryW
Sleep
TerminateProcess
CreateFileW
MultiByteToWideChar
WritePrivateProfileStringW
GetLastError
GetLongPathNameW
SetLastError
GetTimeZoneInformation
GetPriorityClass
QueryPerformanceCounter
RemoveDirectoryW
GetModuleHandleA
GetProcAddress
FindClose
Process32FirstW
Module32FirstW
Process32NextW
lstrcmpiW
FindNextFileW
CreateToolhelp32Snapshot
GetShortPathNameW
Module32NextW
CloseHandle
CreateEventA
GetUserDefaultLangID
GetUserGeoID
GetGeoInfoA
GetDriveTypeW
SetFilePointerEx
FindResourceExW
VirtualProtect
SearchPathW
GetProfileIntW
GetTickCount
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GetCurrentDirectoryW
GetSystemDirectoryW
GetUserDefaultUILanguage
GetLocaleInfoW
InterlockedExchange
GlobalFlags
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
InitializeCriticalSectionAndSpinCount
lstrcmpW
GetFileTime
GetFileSizeEx
GetFileAttributesW
GetFileAttributesExW
CompareStringW
InterlockedIncrement
lstrlenA
lstrcmpA
GlobalGetAtomNameW
SetErrorMode
GetCurrentThreadId
ResumeThread
SetThreadPriority
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
GetModuleFileNameW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcessId
SetPriorityClass
GetThreadPriority
QueryPerformanceFrequency
SleepEx
SetEnvironmentVariableA
LocalFree
lstrcpyW
CreateThread
lstrlenW
MulDiv
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
CopyFileW
GlobalFree
GetModuleHandleW
DeleteFileW
DeactivateActCtx
ActivateActCtx
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

shell32

SHCreateDirectoryExW
ShellExecuteExW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHFileOperationW
SHBrowseForFolderW
SHAppBarMessage
DragQueryFileW
DragFinish
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetFileInfoW

comctl32

ImageList_GetIconSize
InitCommonControlsEx

shlwapi

UrlEscapeW
UrlUnescapeW
PathFileExistsW
SHGetValueW
PathAppendW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW
PathStripToRootW

ole32

DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

SysAllocString
VariantInit
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
VariantClear
SysFreeString
VarBstrFromDate

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipDrawImageI
GdipGetImageWidth

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

iphlpapi

GetAdaptersAddresses

winmm

waveInGetNumDevs
PlaySoundW
timeGetTime

gdi32

GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
DeleteObject
GetObjectW
SetBkColor
SetTextColor
CreateBitmap
CreateDCW
CopyMetaFileW
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
GetStockObject
ExcludeClipRect
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateFontIndirectW
GetTextExtentPoint32W
CreateDIBitmap
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
SetRectRgn
CombineRgn
PatBlt
DPtoLP
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetBkColor
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
GetRgnBox
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
GetTextFaceW
SetPixelV
SelectPalette
CreateRectRgn

ws2_32

gethostname
WSAGetLastError
WSACreateEvent
setsockopt
ioctlsocket
socket
closesocket
shutdown
WSACloseEvent
WSASetEvent
WSARecv
WSARecvFrom
WSAResetEvent
WSAWaitForMultipleEvents
WSAGetOverlappedResult
bind
connect
accept
sendto
send
recv
getpeername
recvfrom
WSACleanup
WSAIoctl
getsockname
WSAStartup
gethostbyname
select
getsockopt

Exports

Exports

CaptureInstallerMetric
CaptureInstallerMetric_ITE_RUNNING
CaptureInstallerMetric_ITE_START
CleanUserConfigDir
DoPendingDownloadsExist
FindProcess
GetCurrentCachePath
GetCurrentLocale
GetLockingProcessList
GrabDBGPrivilege
GrantEveryoneAccessToFile
IsUpdate
KillProcess
MigrateCacheAndSettings
RelativizeManifestPaths
RunProcess
ShowProgressWindow

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/WindowsInstaller-KB893803-v2-x86.exe
.exe windows:6 windows x86 arch:x86

f676e16c67a815430fbcd6d520ece6e4

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

02:b7:21:1e:39:9a:28:2f:be:ca:b5:cc:b9:f9:79:df:cd:15:97:7f
Signer

Actual PE Digest

02:b7:21:1e:39:9a:28:2f:be:ca:b5:cc:b9:f9:79:df:cd:15:97:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb

Imports

msvcrt

strncpy
toupper
sprintf
strchr
_strnicmp
_stricmp
strrchr
_strcmpi
strstr
_strlwr
_snprintf

advapi32

InitiateSystemShutdownA
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid

kernel32

ExpandEnvironmentStringsA
CreateProcessA
GetExitCodeProcess
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
MoveFileA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
DosDateTimeToFileTime
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetCurrentDirectoryA
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime

user32

ShowWindow
SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
LoadStringA
EndDialog

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/installerdll$_16_.dll
.dll windows:5 windows x86 arch:x86

fe88e6ef81ce0daaa7072aee91a875a7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:ff:4c:1a:af:db:3b:a8:6c:db:cb:8b:36:ad:8e:2e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/05/2013, 00:00

Not After

20/07/2015, 23:59

Subject

CN=Electronic Arts\, Inc.,OU=EAC+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Electronic Arts\, Inc.,L=Burnaby,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:bd:6a:10:e3:65:7a:24:a1:1b:96:ae:02:26:3d:07:e9:17:e4:c5
Signer

Actual PE Digest

26:bd:6a:10:e3:65:7a:24:a1:1b:96:ae:02:26:3d:07:e9:17:e4:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\ebisu\hudson\workspace\Origin-HL\origin\HL\InstallerDLL\dev\bin\InstallerDLL.pdb

Imports

user32

IntersectRect
IsIconic
InvalidateRect
SetCursor
ShowOwnedPopups
DeleteMenu
SetTimer
KillTimer
IsRectEmpty
OffsetRect
IsZoomed
SetWindowRgn
SetParent
DestroyAcceleratorTable
CreatePopupMenu
WindowFromPoint
NotifyWinEvent
MessageBoxA
GetAsyncKeyState
SetClassLongW
LoadMenuW
GetSystemMenu
SetCapture
ReleaseCapture
MessageBeep
DrawStateW
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
CopyAcceleratorTableW
ToUnicodeEx
MapVirtualKeyW
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
SetRect
SetCursorPos
BringWindowToTop
LockWindowUpdate
GetMenuDefaultItem
InvertRect
HideCaret
EnableScrollBar
GetNextDlgTabItem
GetIconInfo
LoadImageW
GetNextDlgGroupItem
EndDialog
CreateDialogIndirectParamW
TranslateAcceleratorW
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
MonitorFromPoint
UnionRect
UpdateLayeredWindow
IsMenu
CreateMenu
PostThreadMessageW
WaitMessage
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
DestroyWindow
TranslateMessage
PeekMessageW
GetDlgItem
ShowWindow
CreateDialogParamW
SetDlgItemTextW
SendMessageW
DispatchMessageW
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
GetSystemMetrics
CharUpperW
UnhookWindowsHookEx
ValidateRect
GetCursorPos
GetKeyState
IsWindowVisible
GetActiveWindow
GetMessageW
CallNextHookEx
SetWindowsHookExW
UnregisterClassW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetParent
GetWindowThreadProcessId
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
LoadCursorW
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindow
PtInRect
CopyRect
SetWindowPos
SetWindowLongW
GetMenu
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
GetWindowPlacement
SetWindowPlacement
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
GetWindowRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
PostMessageW
GetClientRect
UpdateWindow
RedrawWindow
ShowScrollBar
SetForegroundWindow
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
TrackPopupMenu
ScrollWindow
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetMessagePos
GetMessageTime
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
SetActiveWindow
GetForegroundWindow
SetFocus
IsWindow
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
LoadIconW
RegisterWindowMessageW
CheckDlgButton
IsDialogMessageW
SetWindowTextW
MoveWindow
ClientToScreen
RealChildWindowFromPoint
GetDesktopWindow
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetWindowDC
BeginPaint
EndPaint
DestroyIcon
InflateRect
GetMenuItemInfoW
DestroyMenu
SystemParametersInfoW
PostQuitMessage
CopyImage
SetRectEmpty
EnumDisplayMonitors
SetLayeredWindowAttributes

advapi32

SetSecurityInfo
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
OpenProcessToken
OpenThreadToken
IsTextUnicode
RegQueryValueExW
RegOpenKeyW
ConvertStringSidToSidW
LookupPrivilegeValueW
GetSecurityInfo
SetEntriesInAclW
AdjustTokenPrivileges
RegCloseKey

kernel32

HeapAlloc
GetProcessHeap
HeapFree
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
OutputDebugStringA
GetExitCodeThread
SetThreadIdealProcessor
GetSystemInfo
CreateSemaphoreA
ReleaseSemaphore
IsDebuggerPresent
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetNativeSystemInfo
EncodePointer
DecodePointer
GetCommandLineA
HeapReAlloc
RtlUnwind
ExitThread
HeapSize
HeapQueryInformation
ExitProcess
VirtualAlloc
VirtualQuery
SetStdHandle
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
HeapCreate
HeapDestroy
LCMapStringW
IsProcessorFeaturePresent
SetHandleCount
GetStdHandle
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleCP
GetConsoleMode
WriteConsoleW
FindResourceW
LoadResource
SizeofResource
GetEnvironmentVariableA
GetSystemTimeAsFileTime
RaiseException
LockResource
FindFirstFileW
FreeLibrary
MoveFileExW
GetCurrentProcess
WaitForSingleObject
GetCurrentThread
GetPrivateProfileStringW
OpenProcess
WideCharToMultiByte
LoadLibraryW
Sleep
TerminateProcess
CreateFileW
MultiByteToWideChar
WritePrivateProfileStringW
GetLastError
GetLongPathNameW
SetLastError
GetTimeZoneInformation
GetPriorityClass
QueryPerformanceCounter
RemoveDirectoryW
GetModuleHandleA
GetProcAddress
FindClose
Process32FirstW
Module32FirstW
Process32NextW
lstrcmpiW
FindNextFileW
CreateToolhelp32Snapshot
GetShortPathNameW
Module32NextW
CloseHandle
CreateEventA
GetUserDefaultLangID
GetUserGeoID
GetGeoInfoA
GetDriveTypeW
SetFilePointerEx
FindResourceExW
VirtualProtect
SearchPathW
GetProfileIntW
GetTickCount
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GetCurrentDirectoryW
GetSystemDirectoryW
GetUserDefaultUILanguage
GetLocaleInfoW
InterlockedExchange
GlobalFlags
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
InitializeCriticalSectionAndSpinCount
lstrcmpW
GetFileTime
GetFileSizeEx
GetFileAttributesW
GetFileAttributesExW
CompareStringW
InterlockedIncrement
lstrlenA
lstrcmpA
GlobalGetAtomNameW
SetErrorMode
GetCurrentThreadId
ResumeThread
SetThreadPriority
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
GetModuleFileNameW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcessId
SetPriorityClass
GetThreadPriority
QueryPerformanceFrequency
SleepEx
SetEnvironmentVariableA
LocalFree
lstrcpyW
CreateThread
lstrlenW
MulDiv
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
CopyFileW
GlobalFree
GetModuleHandleW
DeleteFileW
DeactivateActCtx
ActivateActCtx
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

shell32

SHCreateDirectoryExW
ShellExecuteExW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHFileOperationW
SHBrowseForFolderW
SHAppBarMessage
DragQueryFileW
DragFinish
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetFileInfoW

comctl32

ImageList_GetIconSize
InitCommonControlsEx

shlwapi

UrlEscapeW
UrlUnescapeW
PathFileExistsW
SHGetValueW
PathAppendW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW
PathStripToRootW

ole32

DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

SysAllocString
VariantInit
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
VariantClear
SysFreeString
VarBstrFromDate

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipDrawImageI
GdipGetImageWidth

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

iphlpapi

GetAdaptersAddresses

winmm

waveInGetNumDevs
PlaySoundW
timeGetTime

gdi32

GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
DeleteObject
GetObjectW
SetBkColor
SetTextColor
CreateBitmap
CreateDCW
CopyMetaFileW
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
GetStockObject
ExcludeClipRect
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateFontIndirectW
GetTextExtentPoint32W
CreateDIBitmap
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
SetRectRgn
CombineRgn
PatBlt
DPtoLP
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetBkColor
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
GetRgnBox
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
GetTextFaceW
SetPixelV
SelectPalette
CreateRectRgn

ws2_32

gethostname
WSAGetLastError
WSACreateEvent
setsockopt
ioctlsocket
socket
closesocket
shutdown
WSACloseEvent
WSASetEvent
WSARecv
WSARecvFrom
WSAResetEvent
WSAWaitForMultipleEvents
WSAGetOverlappedResult
bind
connect
accept
sendto
send
recv
getpeername
recvfrom
WSACleanup
WSAIoctl
getsockname
WSAStartup
gethostbyname
select
getsockopt

Exports

Exports

CaptureInstallerMetric
CaptureInstallerMetric_ITE_RUNNING
CaptureInstallerMetric_ITE_START
CleanUserConfigDir
DoPendingDownloadsExist
FindProcess
GetCurrentCachePath
GetCurrentLocale
GetLockingProcessList
GrabDBGPrivilege
GrantEveryoneAccessToFile
IsUpdate
KillProcess
MigrateCacheAndSettings
RelativizeManifestPaths
RunProcess
ShowProgressWindow

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/rootsupd.exe
.exe windows:5 windows x86 arch:x86

1494de9b53e05fc1f40cb92afbdd6ce4

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8b:19:2e:a1:ae:af:97:83:51:ae:23:e4:88:59:dc:6d:f7:6a:30:70
Signer

Actual PE Digest

8b:19:2e:a1:ae:af:97:83:51:ae:23:e4:88:59:dc:6d:f7:6a:30:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
GetModuleFileNameA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
GetProcAddress
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
CloseHandle
LoadResource
SizeofResource
FindResourceA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LockResource
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
GlobalFree

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/vcredist_x64.exe
.exe windows:5 windows x86 arch:x86

a1f6f100bff4507a3332f3f0cdfc24f5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7e:e6:b3:26:a0:5b:83:d2:4a:74:47:94:80:1b:e6:8c:ef:59:05:96
Signer

Actual PE Digest

7e:e6:b3:26:a0:5b:83:d2:4a:74:47:94:80:1b:e6:8c:ef:59:05:96

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

sfxcab.pdb

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_adjust_fdiv
_exit
_c_exit
strncpy
strstr
_strlwr
strrchr
_stricmp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_snprintf
sprintf
strchr
_strnicmp
_vsnprintf

advapi32

InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
InitializeSecurityDescriptor

kernel32

CreateThread
GetFileSize
ExpandEnvironmentStringsA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
CreateEventA
QueryDosDeviceA
GetDiskFreeSpaceA
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
GetProcessHeap
CopyFileA
SetFileAttributesA
DosDateTimeToFileTime
SetEvent
GetVersionExA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
FindFirstFileA
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
SystemTimeToFileTime

user32

SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
EndDialog
LoadStringA
ShowWindow

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.4MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/vcredist_x86.exe
.exe windows:5 windows x86 arch:x86

a1f6f100bff4507a3332f3f0cdfc24f5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5f:c8:53:53:4b:f3:8d:17:29:22:b7:77:39:d5:7a:e2:70:d6:a5:b8
Signer

Actual PE Digest

5f:c8:53:53:4b:f3:8d:17:29:22:b7:77:39:d5:7a:e2:70:d6:a5:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

sfxcab.pdb

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_adjust_fdiv
_exit
_c_exit
strncpy
strstr
_strlwr
strrchr
_stricmp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_snprintf
sprintf
strchr
_strnicmp
_vsnprintf

advapi32

InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
InitializeSecurityDescriptor

kernel32

CreateThread
GetFileSize
ExpandEnvironmentStringsA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
CreateEventA
QueryDosDeviceA
GetDiskFreeSpaceA
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
GetProcessHeap
CopyFileA
SetFileAttributesA
DosDateTimeToFileTime
SetEvent
GetVersionExA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
FindFirstFileA
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
SystemTimeToFileTime

user32

SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
EndDialog
LoadStringA
ShowWindow

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.7MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/installerdll$_16_.dll
.dll windows:5 windows x86 arch:x86

fe88e6ef81ce0daaa7072aee91a875a7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:ff:4c:1a:af:db:3b:a8:6c:db:cb:8b:36:ad:8e:2e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/05/2013, 00:00

Not After

20/07/2015, 23:59

Subject

CN=Electronic Arts\, Inc.,OU=EAC+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Electronic Arts\, Inc.,L=Burnaby,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:bd:6a:10:e3:65:7a:24:a1:1b:96:ae:02:26:3d:07:e9:17:e4:c5
Signer

Actual PE Digest

26:bd:6a:10:e3:65:7a:24:a1:1b:96:ae:02:26:3d:07:e9:17:e4:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\ebisu\hudson\workspace\Origin-HL\origin\HL\InstallerDLL\dev\bin\InstallerDLL.pdb

Imports

user32

IntersectRect
IsIconic
InvalidateRect
SetCursor
ShowOwnedPopups
DeleteMenu
SetTimer
KillTimer
IsRectEmpty
OffsetRect
IsZoomed
SetWindowRgn
SetParent
DestroyAcceleratorTable
CreatePopupMenu
WindowFromPoint
NotifyWinEvent
MessageBoxA
GetAsyncKeyState
SetClassLongW
LoadMenuW
GetSystemMenu
SetCapture
ReleaseCapture
MessageBeep
DrawStateW
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
CopyAcceleratorTableW
ToUnicodeEx
MapVirtualKeyW
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
SetRect
SetCursorPos
BringWindowToTop
LockWindowUpdate
GetMenuDefaultItem
InvertRect
HideCaret
EnableScrollBar
GetNextDlgTabItem
GetIconInfo
LoadImageW
GetNextDlgGroupItem
EndDialog
CreateDialogIndirectParamW
TranslateAcceleratorW
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
MonitorFromPoint
UnionRect
UpdateLayeredWindow
IsMenu
CreateMenu
PostThreadMessageW
WaitMessage
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
DestroyWindow
TranslateMessage
PeekMessageW
GetDlgItem
ShowWindow
CreateDialogParamW
SetDlgItemTextW
SendMessageW
DispatchMessageW
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
GetSystemMetrics
CharUpperW
UnhookWindowsHookEx
ValidateRect
GetCursorPos
GetKeyState
IsWindowVisible
GetActiveWindow
GetMessageW
CallNextHookEx
SetWindowsHookExW
UnregisterClassW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetParent
GetWindowThreadProcessId
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
LoadCursorW
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindow
PtInRect
CopyRect
SetWindowPos
SetWindowLongW
GetMenu
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
GetWindowPlacement
SetWindowPlacement
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
GetWindowRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
PostMessageW
GetClientRect
UpdateWindow
RedrawWindow
ShowScrollBar
SetForegroundWindow
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
TrackPopupMenu
ScrollWindow
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetMessagePos
GetMessageTime
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
SetActiveWindow
GetForegroundWindow
SetFocus
IsWindow
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
LoadIconW
RegisterWindowMessageW
CheckDlgButton
IsDialogMessageW
SetWindowTextW
MoveWindow
ClientToScreen
RealChildWindowFromPoint
GetDesktopWindow
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetWindowDC
BeginPaint
EndPaint
DestroyIcon
InflateRect
GetMenuItemInfoW
DestroyMenu
SystemParametersInfoW
PostQuitMessage
CopyImage
SetRectEmpty
EnumDisplayMonitors
SetLayeredWindowAttributes

advapi32

SetSecurityInfo
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
OpenProcessToken
OpenThreadToken
IsTextUnicode
RegQueryValueExW
RegOpenKeyW
ConvertStringSidToSidW
LookupPrivilegeValueW
GetSecurityInfo
SetEntriesInAclW
AdjustTokenPrivileges
RegCloseKey

kernel32

HeapAlloc
GetProcessHeap
HeapFree
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
OutputDebugStringA
GetExitCodeThread
SetThreadIdealProcessor
GetSystemInfo
CreateSemaphoreA
ReleaseSemaphore
IsDebuggerPresent
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetNativeSystemInfo
EncodePointer
DecodePointer
GetCommandLineA
HeapReAlloc
RtlUnwind
ExitThread
HeapSize
HeapQueryInformation
ExitProcess
VirtualAlloc
VirtualQuery
SetStdHandle
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
HeapCreate
HeapDestroy
LCMapStringW
IsProcessorFeaturePresent
SetHandleCount
GetStdHandle
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleCP
GetConsoleMode
WriteConsoleW
FindResourceW
LoadResource
SizeofResource
GetEnvironmentVariableA
GetSystemTimeAsFileTime
RaiseException
LockResource
FindFirstFileW
FreeLibrary
MoveFileExW
GetCurrentProcess
WaitForSingleObject
GetCurrentThread
GetPrivateProfileStringW
OpenProcess
WideCharToMultiByte
LoadLibraryW
Sleep
TerminateProcess
CreateFileW
MultiByteToWideChar
WritePrivateProfileStringW
GetLastError
GetLongPathNameW
SetLastError
GetTimeZoneInformation
GetPriorityClass
QueryPerformanceCounter
RemoveDirectoryW
GetModuleHandleA
GetProcAddress
FindClose
Process32FirstW
Module32FirstW
Process32NextW
lstrcmpiW
FindNextFileW
CreateToolhelp32Snapshot
GetShortPathNameW
Module32NextW
CloseHandle
CreateEventA
GetUserDefaultLangID
GetUserGeoID
GetGeoInfoA
GetDriveTypeW
SetFilePointerEx
FindResourceExW
VirtualProtect
SearchPathW
GetProfileIntW
GetTickCount
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GetCurrentDirectoryW
GetSystemDirectoryW
GetUserDefaultUILanguage
GetLocaleInfoW
InterlockedExchange
GlobalFlags
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
InitializeCriticalSectionAndSpinCount
lstrcmpW
GetFileTime
GetFileSizeEx
GetFileAttributesW
GetFileAttributesExW
CompareStringW
InterlockedIncrement
lstrlenA
lstrcmpA
GlobalGetAtomNameW
SetErrorMode
GetCurrentThreadId
ResumeThread
SetThreadPriority
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
GetModuleFileNameW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcessId
SetPriorityClass
GetThreadPriority
QueryPerformanceFrequency
SleepEx
SetEnvironmentVariableA
LocalFree
lstrcpyW
CreateThread
lstrlenW
MulDiv
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
CopyFileW
GlobalFree
GetModuleHandleW
DeleteFileW
DeactivateActCtx
ActivateActCtx
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

shell32

SHCreateDirectoryExW
ShellExecuteExW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHFileOperationW
SHBrowseForFolderW
SHAppBarMessage
DragQueryFileW
DragFinish
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetFileInfoW

comctl32

ImageList_GetIconSize
InitCommonControlsEx

shlwapi

UrlEscapeW
UrlUnescapeW
PathFileExistsW
SHGetValueW
PathAppendW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW
PathStripToRootW

ole32

DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

SysAllocString
VariantInit
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
VariantClear
SysFreeString
VarBstrFromDate

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipDrawImageI
GdipGetImageWidth

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

iphlpapi

GetAdaptersAddresses

winmm

waveInGetNumDevs
PlaySoundW
timeGetTime

gdi32

GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
DeleteObject
GetObjectW
SetBkColor
SetTextColor
CreateBitmap
CreateDCW
CopyMetaFileW
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
GetStockObject
ExcludeClipRect
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateFontIndirectW
GetTextExtentPoint32W
CreateDIBitmap
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
SetRectRgn
CombineRgn
PatBlt
DPtoLP
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetBkColor
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
GetRgnBox
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
GetTextFaceW
SetPixelV
SelectPalette
CreateRectRgn

ws2_32

gethostname
WSAGetLastError
WSACreateEvent
setsockopt
ioctlsocket
socket
closesocket
shutdown
WSACloseEvent
WSASetEvent
WSARecv
WSARecvFrom
WSAResetEvent
WSAWaitForMultipleEvents
WSAGetOverlappedResult
bind
connect
accept
sendto
send
recv
getpeername
recvfrom
WSACleanup
WSAIoctl
getsockname
WSAStartup
gethostbyname
select
getsockopt

Exports

Exports

CaptureInstallerMetric
CaptureInstallerMetric_ITE_RUNNING
CaptureInstallerMetric_ITE_START
CleanUserConfigDir
DoPendingDownloadsExist
FindProcess
GetCurrentCachePath
GetCurrentLocale
GetLockingProcessList
GrabDBGPrivilege
GrantEveryoneAccessToFile
IsUpdate
KillProcess
MigrateCacheAndSettings
RelativizeManifestPaths
RunProcess
ShowProgressWindow

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

bd0641e21b10edfc0a54866bde1ee66c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

07:ff:4c:1a:af:db:3b:a8:6c:db:cb:8b:36:ad:8e:2eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4d:37:10:3e:ac:c1:d8:51:ca:4c:17:87:81:b5:12:0f:75:79:83:efSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 133KB

.ndata Size: - Virtual size: 108KB

.rsrc Size: 30KB - Virtual size: 30KB

.reloc Size: 3KB - Virtual size: 2KB

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

bd0641e21b10edfc0a54866bde1ee66c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

07:ff:4c:1a:af:db:3b:a8:6c:db:cb:8b:36:ad:8e:2eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

8d:9d:90:23:0e:86:8c:b4:3f:e2:6b:8a:43:af:b5:d8:a4:44:30:70Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

07:ff:4c:1a:af:db:3b:a8:6c:db:cb:8b:36:ad:8e:2e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4d:37:10:3e:ac:c1:d8:51:ca:4c:17:87:81:b5:12:0f:75:79:83:ef
Signer

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 133KB

.ndata
Size: - Virtual size: 108KB

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

07:ff:4c:1a:af:db:3b:a8:6c:db:cb:8b:36:ad:8e:2e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

8d:9d:90:23:0e:86:8c:b4:3f:e2:6b:8a:43:af:b5:d8:a4:44:30:70
Signer

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 133KB

.ndata
Size: - Virtual size: 204KB

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 1024B - Virtual size: 686B

.rdata
Size: 1024B - Virtual size: 753B

.data
Size: 512B - Virtual size: 48B

.reloc
Size: 512B - Virtual size: 240B

.text
Size: 311KB - Virtual size: 311KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 13KB - Virtual size: 13KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

07:ff:4c:1a:af:db:3b:a8:6c:db:cb:8b:36:ad:8e:2e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

c7:d5:ff:55:f6:83:e0:24:be:dc:10:f2:3e:9d:d5:ab:3f:2b:d8:2d
Signer