extech[.]zip | Triage

Resubmissions

07/05/2024, 17:26

240507-vz855aaf49 7

Sharing

Copy URL Twitter E-mail

General

Target

extech.zip
Size

110.6MB
MD5

402df63a9e0eedf46e749a0050ba23cf
SHA1

124eacfd4b8b0f259acacfdb3ff5fd99629542fc
SHA256

3c34ff1de90e7c640a6d946db6d6116517cff774fc84b5317b0a3a9f4a80df87
SHA512

e061fc952fedecda0d60257f45d00ea173483c48a8152b72b66258501301a78aa3d61b61febda05132109e00ea5f465713fb768d7f4a8497392366130a4bb077
SSDEEP

3145728:fpzlgmSbt8EA6WsCiwAizV+duYP8WpPGY1sHh1+xt:+8EAjiwAiRGuYvpPGY+HWt

Score

7^/10

pdf link upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/extech/setup.exe	upx

HTTP links in PDF interactive object 6 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
static1/unpack001/extech/TrLog-SW-Help-BPT_V4.0T.pdf	pdf_with_link_action
static1/unpack001/extech/TrLog-SW-Help-DE_V4.0.pdf	pdf_with_link_action
static1/unpack001/extech/TrLog-SW-Help-EN_V4.0.pdf	pdf_with_link_action
static1/unpack001/extech/TrLog-SW-Help-ES_V4.0.pdf	pdf_with_link_action
static1/unpack001/extech/TrLog-SW-Help-FR_V4.0.pdf	pdf_with_link_action
static1/unpack001/extech/TrLog-SW-Help-IT_V4.0.pdf	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/extech/PL23XX-M_LogoDriver_Setup_v206_20210513.exe
unpack001/extech/autorun.exe
unpack001/extech/setup.exe
unpack001/extech/supportfiles/customResource0009.dll

Files

extech.zip
.zip
extech/AutoPlay/Audio/Click1.ogg
extech/AutoPlay/Audio/Click2.ogg
extech/AutoPlay/Audio/High1.ogg
extech/AutoPlay/Audio/Mouth.ogg
extech/AutoPlay/Buttons/1.btn
.zip
1a.png
.png
1b.png
.png
1c.png
.png
1d.png
.png
_manifest.xml
extech/AutoPlay/Buttons/1043_0002.btn
.zip
2_1043_disabled.png
.png
2_1043_down.png
.png
2_1043_normal.png
.png
2_1043_over.png
.png
_manifest.xml
extech/AutoPlay/Buttons/1044_0002.btn
.zip
2_1044_disabled.png
.png
2_1044_down.png
.png
2_1044_normal.png
.png
2_1044_over.png
.png
_manifest.xml
extech/AutoPlay/Buttons/4.btn
.zip
4a.png
.png
4b.png
.png
4c.png
.png
4d.png
.png
_manifest.xml
extech/AutoPlay/Buttons/blue_oval.btn
.zip
_manifest.xml
disabled.png
.png
down.png
.png
over.png
.png
up.png
.png
extech/AutoPlay/Images/00-407752.png
.png
extech/AutoPlay/Images/DT500-splash.png
.png
extech/AutoPlay/Images/E_BACKDROP_007.JPG
.jpg
extech/AutoPlay/Images/cover3.jpg
.jpg
extech/AutoPlay/autorun.cdd
.zip
extech/PL23XX-M_LogoDriver_Setup_v206_20210513.exe
.exe windows:4 windows x86 arch:x86

8f244019e52c417786599750d44c515a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

LoadLibraryExA
QueryPerformanceFrequency
CreateEventA
ReadFile
CompareStringA
CompareStringW
GlobalSize
SizeofResource
FreeResource
SearchPathA
FindNextFileA
GetTempFileNameA
GetExitCodeProcess
TerminateProcess
OpenProcess
GetLocalTime
InitializeCriticalSection
GetCurrentProcessId
GetVersion
LeaveCriticalSection
EnterCriticalSection
GetCurrentThread
VirtualQuery
VirtualProtect
UnmapViewOfFile
GetShortPathNameA
MapViewOfFile
CreateFileMappingA
SetEvent
ResetEvent
QueryPerformanceCounter
SystemTimeToFileTime
lstrcmpA
MoveFileExA
GetDiskFreeSpaceA
GetSystemDirectoryA
GetSystemInfo
IsBadReadPtr
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
lstrcpyA
lstrlenA
Sleep
CloseHandle
CreateProcessA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
RemoveDirectoryA
DeleteFileA
ResumeThread
SetThreadContext
MulDiv
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
SetEndOfFile
FlushFileBuffers
SetStdHandle
IsBadCodePtr
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
HeapSize
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
TlsGetValue
TlsAlloc
CreateDirectoryA
FindFirstFileA
FindClose
lstrcmpiA
lstrcpynA
WriteFile
GetDriveTypeA
SetFilePointer
GetFileAttributesA
ReleaseMutex
GetPrivateProfileIntA
lstrcatA
LoadLibraryA
GetSystemDefaultLangID
CreateMutexA
FreeLibrary
SetErrorMode
GetTickCount
FindResourceExA
FindResourceA
LoadResource
LockResource
GetWindowsDirectoryA
InterlockedDecrement
LocalFree
InterlockedIncrement
FormatMessageA
GetTempPathA
GetVersionExA
CreateFileA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetLastError
SetLastError
WaitForSingleObject
ExitProcess
GetCurrentProcess
DuplicateHandle
GetThreadContext
VirtualProtectEx
WriteProcessMemory
FlushInstructionCache
TlsSetValue
GetCurrentThreadId
GetCommandLineA
GetStartupInfoA
RaiseException
HeapAlloc
HeapFree
RtlUnwind
DeleteCriticalSection
InterlockedExchange
GetFileSize

user32

SetWindowLongA
SetWindowTextA
SendMessageA
GetDlgItem
wsprintfA
WaitForInputIdle
CharUpperA
MessageBoxA
DialogBoxIndirectParamA
SetDlgItemTextA
MsgWaitForMultipleObjects
CharLowerBuffA
SetFocus
BeginPaint
EndPaint
LoadStringA
FillRect
ScreenToClient
GetWindowTextLengthA
GetWindowTextA
GetWindowPlacement
SendDlgItemMessageA
GetMessageA
DefWindowProcA
GetParent
GetWindow
SystemParametersInfoA
MapWindowPoints
SetWindowPos
GetPropA
EnableMenuItem
SetPropA
RemovePropA
ShowWindow
IsWindow
GetSysColor
LoadImageA
CreateDialogParamA
GetDC
ReleaseDC
SetActiveWindow
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
CreateDialogIndirectParamA
SetForegroundWindow
GetDesktopWindow
GetClientRect
EnableWindow
IsWindowEnabled
GetWindowDC
UpdateWindow
InvalidateRect
DrawIcon
MapDialogRect
GetClassNameA
CallWindowProcA
DrawFocusRect
InflateRect
DrawTextA
CopyRect
EnumChildWindows
CreateWindowExA
RegisterClassExA
IntersectRect
GetDlgItemTextA
GetWindowLongA
GetWindowRect
MoveWindow
EndDialog
LoadIconA

gdi32

CreateCompatibleBitmap
CreateDCA
GetStockObject
GetTextExtentPoint32A
CreatePatternBrush
DeleteMetaFile
SetMetaFileBitsEx
SetStretchBltMode
SelectClipRgn
SetPixel
PatBlt
PlayMetaFile
StretchBlt
CreateBitmap
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
CreateDIBitmap
SaveDC
SetBkMode
SetTextColor
TextOutA
RestoreDC
GetTextExtentPointA
CreateFontIndirectA
SetBkColor
CreateRectRgn
DeleteObject
CreateSolidBrush
GetDIBColorTable
GetSystemPaletteEntries
CreatePalette
CreateHalftonePalette
GetDeviceCaps
GetObjectA
CreateCompatibleDC
UnrealizeObject
SelectPalette
RealizePalette
SelectObject
BitBlt
DeleteDC
SetMapMode

advapi32

RegCloseKey
RegQueryValueA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegEnumKeyA
RegOpenKeyA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken

shell32

SHGetPathFromIDListA
SHGetMalloc
ShellExecuteExA
SHGetSpecialFolderLocation

ole32

CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SysReAllocStringLen
SysStringLen
GetErrorInfo
VariantClear
VariantChangeType

lz32

LZOpenFileA
LZCopy
LZClose

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

Sections

.text
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
extech/PL23XX_DriverInstallerv2.0.6_ReleaseNote.txt
extech/TrLog-SW-Help-BPT_V4.0T.pdf
.pdf
- http://Extech.com
- http://www.extech.com/
extech/TrLog-SW-Help-DE_V4.0.pdf
.pdf
- http://Extech.com
- http://www.extech.com/
extech/TrLog-SW-Help-EN_V4.0.pdf
.pdf
extech/TrLog-SW-Help-ES_V4.0.pdf
.pdf
extech/TrLog-SW-Help-FR_V4.0.pdf
.pdf
extech/TrLog-SW-Help-IT_V4.0.pdf
.pdf
extech/autorun.exe
.exe windows:5 windows x86 arch:x86

c121cabc15a5a16cb26463cec5174545

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lua5.1

lua_pushfstring
lua_getinfo
lua_getstack
lua_pushlstring
lua_gettop
lua_tointeger
lua_isnumber
lua_concat
lua_isstring
lua_tothread
lua_type
luaL_newstate
lua_close
lua_sethook
lua_settop
luaL_openlibs
luaL_loadbuffer
lua_pushcclosure
lua_insert
lua_pcall
lua_remove
lua_pushstring
lua_setfield
lua_pushnumber
lua_pushboolean
lua_pushnil
lua_getfield
lua_tonumber
lua_toboolean
lua_createtable
lua_settable
lua_gettable
lua_error
lua_next
luaL_openlib
lua_pushvalue
lua_tolstring

winmm

mixerOpen
mixerSetControlDetails
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetControlDetailsA
waveInReset
waveInClose
waveInOpen
waveInStart
waveInGetNumDevs
waveInGetDevCapsA
waveInUnprepareHeader
mixerGetNumDevs
waveInAddBuffer
waveOutGetPosition
waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutGetNumDevs
waveOutGetDevCapsA
mciGetErrorStringA
mciSendCommandA
timeGetTime
mixerClose
waveInPrepareHeader
PlaySoundA
timeGetDevCaps
sndPlaySoundA
timeBeginPeriod
timeSetEvent
timeKillEvent
timeEndPeriod

wsock32

socket
WSAAsyncGetHostByName
inet_addr
WSACancelAsyncRequest
connect
ioctlsocket
htons
WSACleanup
WSAStartup
select
WSAGetLastError
__WSAFDIsSet
inet_ntoa
send
closesocket
recv

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msacm32

acmStreamOpen
acmStreamConvert
acmStreamUnprepareHeader
acmStreamClose
acmStreamSize
acmStreamPrepareHeader
acmFormatSuggest

kernel32

LocalFileTimeToFileTime
DosDateTimeToFileTime
SetVolumeLabelA
GetLocalTime
FlushFileBuffers
MoveFileA
VirtualUnlock
FreeResource
VirtualFree
VirtualAlloc
GetModuleFileNameW
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetThreadLocale
ResumeThread
LocalReAlloc
EnumResourceLanguagesA
ConvertDefaultLocale
GetFileTime
GetStringTypeExA
LockFile
UnlockFile
DuplicateHandle
GetFileAttributesExA
GetFileSizeEx
GetProfileIntA
GlobalFlags
GetCPInfo
GetOEMCP
GetModuleHandleW
LoadLibraryW
GetSystemDirectoryW
SearchPathA
FindResourceExA
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
ExitProcess
GetTimeFormatA
GetDateFormatA
VirtualQuery
HeapReAlloc
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
ExitThread
SetStdHandle
GetFileType
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
GetStdHandle
CompareStringW
SetEnvironmentVariableW
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
SetHandleCount
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
LocalLock
LocalUnlock
IsDBCSLeadByte
lstrcmpA
TlsGetValue
IsBadReadPtr
TlsFree
TlsSetValue
GlobalHandle
TlsAlloc
GetProcessAffinityMask
VirtualProtect
VirtualLock
OpenFile
InterlockedDecrement
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
GetCurrentThreadId
GetSystemDefaultLangID
DeviceIoControl
SetErrorMode
IsBadStringPtrA
WriteFile
SetEndOfFile
GetFileSize
GetSystemInfo
GlobalMemoryStatus
GetDriveTypeA
GetComputerNameA
ExpandEnvironmentStringsA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCurrentProcessId
GetLocaleInfoA
GlobalSize
TerminateThread
CreateThread
WaitForSingleObject
CreateEventA
SetEvent
GetExitCodeThread
GetThreadPriority
SetThreadPriority
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
GetCurrentProcess
GetTickCount
LoadLibraryExA
TerminateProcess
OpenProcess
GetTempPathA
LocalFree
FormatMessageA
GetWindowsDirectoryA
GetShortPathNameA
MoveFileExA
CopyFileA
GetPrivateProfileSectionA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
lstrcpyA
MulDiv
GetTempFileNameA
GetExitCodeProcess
CreateProcessA
GetDiskFreeSpaceA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
SetFileTime
SystemTimeToFileTime
SetCurrentDirectoryA
GetCurrentDirectoryA
FindNextFileA
CloseHandle
ReadFile
SetFilePointer
CreateFileA
GetVolumeInformationA
GetFullPathNameA
FindClose
FindFirstFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrlenA
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
SetFileAttributesA
lstrcpynA
Sleep
GetEnvironmentVariableA
SetEnvironmentVariableA
GetSystemDirectoryA
FreeLibrary
lstrlenW
InterlockedIncrement
GetFileAttributesA
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetLastError
SetLastError
CompareStringA
GetVersionExA
MultiByteToWideChar
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
FileTimeToDosDateTime
lstrcmpiA
GetLogicalDriveStringsA
LocalAlloc
EnumResourceNamesA
LoadLibraryExW
LocalSize
EnumResourceTypesA
IsBadWritePtr
lstrcatA

user32

DefMDIChildProcA
TranslateMDISysAccel
PostThreadMessageA
SubtractRect
GetTabbedTextExtentA
DestroyCursor
DrawIcon
GetDCEx
IsCharLowerA
MapVirtualKeyExA
SetWindowContextHelpId
MapDialogRect
IsMenu
IsZoomed
GetSysColorBrush
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsA
InsertMenuItemA
BringWindowToTop
TranslateAcceleratorA
DestroyAcceleratorTable
NotifyWinEvent
GetMessageA
ValidateRect
DestroyMenu
MapVirtualKeyA
GetKeyNameTextA
EndPaint
BeginPaint
GetMenuStringA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
CheckMenuItem
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
ScrollWindow
TrackPopupMenuEx
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetClassInfoExA
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetMenu
IsIconic
GetWindowPlacement
GetWindowTextLengthA
GetDlgCtrlID
IsDialogMessageA
SendDlgItemMessageA
CheckRadioButton
CheckDlgButton
UnhookWindowsHookEx
CreateDialogIndirectParamA
GetDlgItem
IsWindowEnabled
CharToOemA
OemToCharBuffA
CharLowerA
WaitForInputIdle
SetDlgItemTextA
SetWindowTextA
EndDialog
DialogBoxParamA
GetActiveWindow
OemToCharA
CharNextA
CharPrevA
CharUpperBuffA
CharLowerBuffA
UnregisterClassA
ExitWindowsEx
RemoveMenu
DrawMenuBar
CreateWindowExA
RegisterClassA
DestroyWindow
GetAsyncKeyState
GetNextDlgTabItem
WindowFromPoint
GetDoubleClickTime
ClipCursor
InvertRect
IsClipboardFormatAvailable
GetClassInfoA
DrawEdge
FrameRect
FillRect
TrackMouseEvent
InsertMenuA
EnableScrollBar
MapWindowPoints
DrawFrameControl
CreatePopupMenu
GetMenuItemCount
DefFrameProcA
GetWindowRgn
EqualRect
GetForegroundWindow
GetWindowThreadProcessId
GetWindowTextA
GetWindow
EnumWindows
SetActiveWindow
DrawAnimatedRects
SetParent
EnumChildWindows
FindWindowA
GetClassNameA
GetMenuItemID
TrackPopupMenu
SetMenuDefaultItem
GetSubMenu
SendMessageTimeoutA
MsgWaitForMultipleObjects
wsprintfA
DrawIconEx
LoadBitmapA
CharUpperA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
MessageBeep
IsChild
RegisterWindowMessageA
ShowWindow
MoveWindow
UnionRect
SetWindowRgn
TranslateMessage
LoadCursorA
SetCursor
SetRectEmpty
DefWindowProcA
UpdateWindow
InvalidateRgn
IntersectRect
SetCapture
GetCapture
SetFocus
GetFocus
SetWindowPos
CallWindowProcA
GetWindowDC
EnableMenuItem
DeleteMenu
GetSystemMenu
PostQuitMessage
RegisterClassExA
GetMenuState
MessageBoxA
GetMessagePos
DestroyIcon
DrawFocusRect
SetRect
DrawStateA
InflateRect
GetIconInfo
GetMenuItemInfoA
CopyRect
GetSystemMetrics
AppendMenuA
SystemParametersInfoA
DispatchMessageA
PeekMessageA
CloseWindow
GetParent
PostMessageA
ReleaseCapture
GetKeyState
PtInRect
ScreenToClient
GetCursorPos
RedrawWindow
GetSysColor
InvalidateRect
IsWindowVisible
IsWindow
OffsetRect
LoadIconA
SendMessageA
SetTimer
KillTimer
EnableWindow
ReleaseDC
UpdateLayeredWindow
ClientToScreen
GetDesktopWindow
IsRectEmpty
GetClientRect
GetDC
GetWindowRect
LoadImageA
SetForegroundWindow
SetWindowLongA
GetWindowLongA
SetWindowLongW
GetWindowLongW
IsWindowUnicode
CreateIconIndirect
CreateIconFromResourceEx
CallWindowProcW
DefWindowProcW
DefFrameProcW
DefDlgProcA
CreateAcceleratorTableA
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
CopyIcon
SetCursorPos
GetMenuDefaultItem
EmptyClipboard
CloseClipboard
SetClipboardData
CopyImage
OpenClipboard
WaitMessage
DefDlgProcW
DefMDIChildProcW
RegisterClassW
LookupIconIdFromDirectoryEx
GetMenuStringW
HideCaret
ShowCaret
GetCursor
ShowOwnedPopups
SetClassLongA
LockWindowUpdate
GetUpdateRect
GetNextDlgGroupItem
RegisterClipboardFormatA
CreateMenu
CopyAcceleratorTableA
GetKeyboardLayoutList
LoadMenuA

gdi32

AddFontResourceA
RemoveFontResourceA
CreateHalftonePalette
CreateFontIndirectA
GetTextColor
Polygon
SelectPalette
RealizePalette
GetWindowOrgEx
GetWindowExtEx
IntersectClipRect
CreateRectRgnIndirect
CombineRgn
LPtoDP
GetMapMode
GetViewportExtEx
DPtoLP
GetDeviceCaps
CreateRectRgn
BitBlt
ExtCreateRegion
CreateRoundRectRgn
GetBkColor
GetPaletteEntries
GdiFlush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateFontA
EnumFontFamiliesExA
CreateScalableFontResourceA
CreatePalette
CreateBitmap
PatBlt
CreatePatternBrush
SetMapMode
ExcludeClipRect
LineTo
MoveToEx
SetTextAlign
AbortDoc
GetPixel
SetViewportExtEx
ScaleViewportExtEx
Rectangle
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
PolyBezierTo
ExtSelectClipRgn
GetObjectType
CreateHatchBrush
GetStockObject
CreateEllipticRgn
CreatePolygonRgn
Polyline
Ellipse
GetRgnBox
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
GetCharWidthA
StretchDIBits
OffsetRgn
SetDIBColorTable
GetDIBits
StartPage
SetPixel
RoundRect
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
ExtFloodFill
SetPaletteEntries
GetTextAlign
GetTextFaceA
GetNearestPaletteIndex
GetSystemPaletteEntries
DeleteMetaFile
SetPixelV
StartDocA
GetCurrentObject
SetViewportOrgEx
CreatePen
SetWindowOrgEx
GetTextExtentPoint32A
OffsetViewportOrgEx
SelectClipRgn
GetClipRgn
GetBkMode
GetTextMetricsA
CreateCompatibleBitmap
PtInRegion
EndDoc
SetStretchBltMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
SetTextColor
CreateSolidBrush
StretchBlt
SetBrushOrgEx
GetBitmapBits
GetTextExtentPoint32W
ExtTextOutW
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
BeginPath
SetWinMetaFileBits
DeleteEnhMetaFile
GetEnhMetaFileHeader
GetMetaFileBitsEx
GetMetaFileA
GetEnhMetaFileA
PlayEnhMetaFile
GetClipBox
GetDCOrgEx
SetBkColor
SetBkMode
GetStretchBltMode
SetRectRgn
DeleteDC
SelectObject
CreateDIBSection
EndPage
CreateCompatibleDC
GetObjectA
DeleteObject

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetSaveFileNameA
GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

AdjustTokenPrivileges
RegEnumKeyA
GetUserNameA
UnlockServiceDatabase
OpenSCManagerA
GetServiceDisplayNameA
QueryServiceStatus
ControlService
StartServiceA
DeleteService
CloseServiceHandle
CreateServiceA
OpenServiceA
RegConnectRegistryA
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
EnumServicesStatusA
EqualSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegOpenKeyA
LookupAccountSidA
SetNamedSecurityInfoA
SetEntriesInAclA
FreeSid
GetNamedSecurityInfoA
ConvertStringSidToSidA
AllocateAndInitializeSid
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegSetValueA
IsValidSid
LookupAccountNameA
ConvertSidToStringSidA
RegOpenKeyExA
LookupPrivilegeValueA

shell32

ShellExecuteExA
ExtractIconA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
DragQueryFileA
DragFinish
ExtractIconExA
SHGetFileInfoA
SHAppBarMessage
Shell_NotifyIconA
SHGetSpecialFolderLocation

comctl32

ImageList_GetImageInfo
ImageList_GetBkColor
FlatSB_GetScrollProp
_TrackMouseEvent
ImageList_DrawEx
ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_DrawIndirect

shlwapi

PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathRemoveFileSpecW

oledlg

ord1
ord8

ole32

CreateStreamOnHGlobal
CLSIDFromString
CoCreateInstance
CoInitialize
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CoRegisterMessageFilter
CoRevokeClassObject
OleLockRunning
CoUninitialize
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
DoDragDrop
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
CoInitializeEx
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VarUdateFromDate
LoadTypeLi
RegisterTypeLi
VariantClear
SysStringLen
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
SafeArrayDestroy
VariantChangeType
VariantCopy
SysAllocStringLen
VariantInit
SysAllocString
SysFreeString
OleLoadPicturePath

urlmon

URLDownloadToFileA

gdiplus

GdipCloneImage
GdiplusShutdown
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

netapi32

Netbios

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

imagehlp

ImageDirectoryEntryToData

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 854KB - Virtual size: 853KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 474KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
extech/autorun.inf
extech/bin/dp/DevPartDef.xml
extech/bin/dp/Distfile.cab
.cab
extech/bin/dp/TRLog.msi
.msi
extech/bin/p0/MU/MetaUninstaller.msi
.msi
extech/bin/p0/MU/MetaUninstaller_mft.cab
.cab
extech/bin/p0/MU/MetaUnst.cab
.cab
extech/bin/p1/EULADep2.cab
.cab
extech/bin/p1/EULADepot2.msi
.msi
extech/bin/p1/EULADepot2_mft.cab
.cab
extech/bin/p1/NIYouLas.bin
.zip
extech/bin/p2/VC2008RTEx64.msi
.msi
extech/bin/p2/VC2008RTEx86.msi
.msi
extech/bin/p2/VC2008RTEx86_mft.cab
.cab
extech/bin/p2/x64.cab
.cab
extech/bin/p2/x86.cab
.cab
extech/bin/p3/KillBit.msi
.msi
extech/bin/p3/KillBit64.msi
.msi
extech/bin/p3/KillBit_mft.cab
.cab
extech/bin/p3/Secur00.cab
.cab
extech/bin/p3/Secur01.cab
.cab
extech/bin/p4/ni_me00.cab
.cab
extech/bin/p4/ni_mesa.cab
.cab
extech/bin/p4/ni_mesa.msi
.msi
extech/bin/p4/ni_mesa64.msi
.msi
extech/bin/p4/ni_mesa_mft.cab
.cab
extech/bin/p5/MDF/MDFSuppo.cab
.cab
extech/bin/p5/MDF/MDFSupport.msi
.msi
extech/bin/p5/MDF/MDFSupport_mft.cab
.cab
extech/bin/p6/CVI_Analysis.msi
.msi
extech/bin/p6/CVI_Analysis64.msi
.msi
extech/bin/p6/CVI_Analysis_mft.cab
.cab
extech/bin/p6/analysis.cab
.cab
extech/bin/p7/MKL2000.cab
.cab
extech/bin/p7/MKL2000_chs.mst
extech/bin/p7/MKL2000_deu.mst
extech/bin/p7/MKL2000_fra.mst
extech/bin/p7/MKL2000_jpn.mst
extech/bin/p7/MKL2000_kor.mst
extech/bin/p7/MKL2015.cab
.cab
extech/bin/p7/MKL2015_chs.mst
extech/bin/p7/MKL2015_deu.mst
extech/bin/p7/MKL2015_fra.mst
extech/bin/p7/MKL2015_jpn.mst
extech/bin/p7/MKL2015_kor.mst
extech/bin/p7/mkl.msi
.msi
extech/bin/p7/mkl64.msi
.msi
extech/bin/p7/mkl_mft.cab
.cab
extech/bin/p8/CVI_RTE.msi
.msi
extech/bin/p8/CVI_RTE64.msi
.msi
extech/bin/p8/CVI_RTE_mft.cab
.cab
extech/bin/p8/rte.cab
.cab
extech/dp.pmf
extech/license/Apache 2.0 License - English.pdf
.pdf
extech/license/GNU Lesser General Public License 2.1 - English.rtf
.rtf
extech/license/Lib TIFF License.rtf
.rtf
extech/license/LibJPG License - English.rtf
.rtf
extech/license/LibPNG License - English.rtf
.rtf
extech/license/Mesa 1.0 License - English.pdf
.pdf
extech/license/NI Released License Agreement - English.rtf
.rtf
extech/license/NI Released License Agreement - French.rtf
.rtf
extech/license/NI Released License Agreement - German.rtf
.rtf
extech/license/NI Released License Agreement - Italian.rtf
.rtf
extech/license/NI Released License Agreement - Japanese.rtf
.rtf
extech/license/NI Released License Agreement - Korean.rtf
.rtf
extech/license/NI Released License Agreement - Simplified Chinese.rtf
.rtf
extech/license/NI Released License Agreement - Spanish.rtf
.rtf
extech/license/Strtod License.rtf
.rtf
extech/license/UPX 1.0 license - English.pdf
.pdf
extech/license/wxWindows 3.1 License - English.pdf
.pdf
extech/license/zlib License - English.pdf
.pdf
extech/lua5.1.dll
.dll windows:5 windows x86 arch:x86

15d95afb470c5f82193b2d9e98fc96d1

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

73:6f:48:4c:38:26:9b:f8:c4:42:73:1c:1f:ac:a3:ed
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/03/2011, 00:00

Not After

28/02/2014, 23:59

Subject

CN=Indigo Rose Software Design Corporation,O=Indigo Rose Software Design Corporation,POSTALCODE=R3B 0R3,STREET=123 Bannatyne Ave Suite 200,L=Winnipeg,ST=MB,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:cd:92:b0:62:42:24:2d:cf:b7:65:8e:50:2d:62:bb:e7:98:13:59
Signer

Actual PE Digest

25:cd:92:b0:62:42:24:2d:cf:b7:65:8e:50:2d:62:bb:e7:98:13:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
FormatMessageA
GetLastError
FreeLibrary
LoadLibraryA
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
HeapAlloc
HeapFree
GetModuleHandleW
Sleep
ExitProcess
RtlUnwind
CloseHandle
CreateProcessA
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
DeleteFileA
MoveFileA
GetTimeFormatA
GetDateFormatA
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetCommandLineA
GetModuleHandleA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
MultiByteToWideChar
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
InitializeCriticalSectionAndSpinCount
GetFileAttributesA
CreatePipe
GetExitCodeProcess
WaitForSingleObject
GetCurrentProcessId
CreateFileA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetFilePointer
FlushFileBuffers
RaiseException
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
SetStdHandle
HeapSize
GetLocaleInfoW
SetEndOfFile
GetProcessHeap
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA

Exports

Exports

luaD_growstack
luaF_newproto
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadfile
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_typerror
luaL_unref
luaL_where
luaM_realloc_
luaM_toobig
luaS_newlstr
luaU_dump
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_xmove
lua_yield
luaopen_base
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
extech/nidist.id
extech/setup.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Exports

Exports

NI_MetaToolbox_MetaOutput_GetSharedGlobalData

Sections

UPX0
Size: - Virtual size: 3.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
extech/setup.ini
extech/supportfiles/customResource0009.dll
.dll windows:5 windows x86 arch:x86

d0b0ab81bf0e4cd20070f6525db9fd67

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
extech/supportfiles/merged.cab
.cab
extech/supportfiles/niPie.exe
.exe windows:4 windows x86 arch:x86

8fcbb82d712dc622f705d3815ebb3266

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:c3:32:98:55:f6:47:6c:fc:b4:fc:f3:59:e5:59:09
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/04/2016, 00:00

Not After

12/07/2019, 23:59

Subject

CN=National Instruments Corporation,O=National Instruments Corporation,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:1f:25:8a:70:3c:04:e4:78:5d:ed:c1:af:ca:e3:97
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19/04/2016, 00:00

Not After

12/07/2019, 23:59

Subject

CN=National Instruments Corporation,O=National Instruments Corporation,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:f7:c7:fe:95:16:c1:b7:58:b6:63:04:7a:e9:5c:7b:f3:e4:c6:51:37:c2:46:7c:9d:83:50:8f:95:6a:54:95
Signer

Actual PE Digest

0e:f7:c7:fe:95:16:c1:b7:58:b6:63:04:7a:e9:5c:7b:f3:e4:c6:51:37:c2:46:7c:9d:83:50:8f:95:6a:54:95

Digest Algorithm

sha256

PE Digest Matches

true

cd:23:4c:88:87:65:36:be:ee:62:9c:1c:70:20:20:c5:df:fc:a9:2c
Signer

Actual PE Digest

cd:23:4c:88:87:65:36:be:ee:62:9c:1c:70:20:20:c5:df:fc:a9:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseMutex
WaitForSingleObjectEx
CreateThread
Sleep
lstrlenA
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
CreateMutexA
ExitProcess
GetCurrentProcess
UnhandledExceptionFilter
FlushFileBuffers
ReadFile
CloseHandle
LoadLibraryA
GetProcAddress
SetStdHandle
HeapReAlloc
VirtualAlloc
GetStringTypeW
GetStringTypeA
SetFilePointer
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
DeleteFileA
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapAlloc
HeapFree
TerminateProcess
GetLastError
GetFileType
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile

user32

SendMessageA
SetDlgItemTextA
MessageBoxA
EndDialog
LoadStringA
DialogBoxParamA

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegEnumValueA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

msi

ord95
ord141
ord93
ord144
ord33
ord8

Exports

Exports

RFL_RegSetBinary
_RFL_RegGetBinary@20

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
extech/supportfiles/nistdtrans0007.mst
extech/supportfiles/nistdtrans0012.mst
extech/supportfiles/nistdtrans0017.mst
extech/supportfiles/nistdtrans0018.mst
extech/supportfiles/nistdtrans2052.mst
extech/supportfiles/nistdtransbase.mst
extech/supportfiles/updateInfo.xml

Resubmissions

Sharing

General

Malware Config

Signatures

Files

8f244019e52c417786599750d44c515a

Headers

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

lz32

rpcrt4

Sections

.text Size: 288KB - Virtual size: 286KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 24KB - Virtual size: 29KB

.rsrc Size: 12KB - Virtual size: 8KB

c121cabc15a5a16cb26463cec5174545

Headers

DLL Characteristics

File Characteristics

Imports

lua5.1

winmm

wsock32

version

msacm32

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

gdiplus

netapi32

imm32

imagehlp

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 854KB - Virtual size: 853KB

.data Size: 145KB - Virtual size: 474KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

15d95afb470c5f82193b2d9e98fc96d1

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

73:6f:48:4c:38:26:9b:f8:c4:42:73:1c:1f:ac:a3:edCertificate

Extended Key Usages

Key Usages

25:cd:92:b0:62:42:24:2d:cf:b7:65:8e:50:2d:62:bb:e7:98:13:59Signer

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 223KB - Virtual size: 222KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 6KB - Virtual size: 13KB

.reloc Size: 10KB - Virtual size: 9KB

Headers

.text
Size: 288KB - Virtual size: 286KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 24KB - Virtual size: 29KB

.rsrc
Size: 12KB - Virtual size: 8KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 854KB - Virtual size: 853KB

.data
Size: 145KB - Virtual size: 474KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

73:6f:48:4c:38:26:9b:f8:c4:42:73:1c:1f:ac:a3:ed
Certificate

25:cd:92:b0:62:42:24:2d:cf:b7:65:8e:50:2d:62:bb:e7:98:13:59
Signer

.text
Size: 223KB - Virtual size: 222KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 6KB - Virtual size: 13KB

.reloc
Size: 10KB - Virtual size: 9KB

UPX0
Size: - Virtual size: 3.8MB

UPX1
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 134KB - Virtual size: 136KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 8KB - Virtual size: 7KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:c3:32:98:55:f6:47:6c:fc:b4:fc:f3:59:e5:59:09
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

35:1f:25:8a:70:3c:04:e4:78:5d:ed:c1:af:ca:e3:97
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

0e:f7:c7:fe:95:16:c1:b7:58:b6:63:04:7a:e9:5c:7b:f3:e4:c6:51:37:c2:46:7c:9d:83:50:8f:95:6a:54:95
Signer

cd:23:4c:88:87:65:36:be:ee:62:9c:1c:70:20:20:c5:df:fc:a9:2c
Signer

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 2KB