23c249af3d5d8c5e6c57e68e3a368dd8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

23c249af3d5d8c5e6c57e68e3a368dd8_JaffaCakes118
Size

30.0MB
MD5

23c249af3d5d8c5e6c57e68e3a368dd8
SHA1

66e5dda2d84cf48dd84efbe0e7bba1370e369954
SHA256

352864c8818e043b7ad7c4047020077a30650458d15aea0df87ced4b63656179
SHA512

3a5309754c4eaf97eb872dbb2d26ad51b50ed2eea11a5d2929b281f28e9a196016b579dc41d548a3e7cf73bf0932072e9db2a579fbf6414cba8a6c72dbb4ce9a
SSDEEP

786432:cvDPkSruLYACGH75aIjoHAJKRt0oXaKxz76p44JOyB:WgSSLYcjoHtjwKXc4XyB

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/  WARFACE/CCTools/CCTools 7.exe
unpack001/  WARFACE/⨁஢/CHERRY HVCKER ANTI LOCKER.exe
unpack001/  WARFACE/⨁஢/php5ts.dll

Files

23c249af3d5d8c5e6c57e68e3a368dd8_JaffaCakes118
.zip
  WARFACE/AntiOS-master/README.md
  WARFACE/AntiOS-master/__pycache__/hardware_fingerprint.cpython-37.pyc
  WARFACE/AntiOS-master/__pycache__/identity_data.cpython-37.pyc
  WARFACE/AntiOS-master/__pycache__/log_helper.cpython-37.pyc
  WARFACE/AntiOS-master/__pycache__/random_utils.cpython-37.pyc
  WARFACE/AntiOS-master/__pycache__/registry_helper.cpython-37.pyc
  WARFACE/AntiOS-master/__pycache__/system_fingerprint.cpython-37.pyc
  WARFACE/AntiOS-master/__pycache__/system_utils.cpython-37.pyc
  WARFACE/AntiOS-master/__pycache__/telemetry_fingerprint.cpython-37.pyc
  WARFACE/AntiOS-master/bin/Volumeid.exe
.exe windows:5 windows x86 arch:x86

196b8047c609ccadce7fd294c9a3e6a2

Code Sign

33:00:00:00:99:aa:c5:81:9f:8c:a2:7d:8a:00:00:00:00:00:99
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/03/2016, 19:21

Not After

30/06/2017, 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:98FD-C61E-E641,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:e8:46:24:b9:5c:81:15:5d:a7:f1:1a:ab:8f:86:bc:b4:c8:0e:61:43:9d:61:34:48:d8:23:fc:f3:c1:26:44
Signer

Actual PE Digest

31:e8:46:24:b9:5c:81:15:5d:a7:f1:1a:ab:8f:86:bc:b4:c8:0e:61:43:9d:61:34:48:d8:23:fc:f3:c1:26:44

Digest Algorithm

sha256

PE Digest Matches

true

0b:59:24:99:54:12:f4:c9:d5:03:9a:1b:01:0c:88:29:cd:1c:f0:10
Signer

Actual PE Digest

0b:59:24:99:54:12:f4:c9:d5:03:9a:1b:01:0c:88:29:cd:1c:f0:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Builds\13810\Tools\Volumeid_master\bin\Win32\Release\volumeid.pdb

Imports

kernel32

FormatMessageA
GetDriveTypeA
CreateFileA
GetVolumeInformationA
GetVersionExA
LCMapStringW
CloseHandle
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
OutputDebugStringW
SetFilePointer
DeviceIoControl
ReadFile
WriteFile
GetLastError
GetCommandLineW
GetVersion
LoadLibraryA
GetModuleHandleA
GetStdHandle
LocalFree
LocalAlloc
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
CompareStringW
GetFileType
ReadConsoleW
RtlUnwind
WriteConsoleW
SetFilePointerEx
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
HeapAlloc
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
HeapFree
GetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
GetCommandLineA
DeleteCriticalSection
FatalAppExitA
FlushFileBuffers
GetConsoleCP
IsDebuggerPresent
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
GetModuleHandleW
CreateSemaphoreW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThread
GetCurrentThreadId
GetProcessHeap
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryExW
CreateFileW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize

user32

SendMessageA
DialogBoxIndirectParamA
EndDialog
GetDlgItem
SetWindowTextA
SetCursor
LoadCursorA
InflateRect
GetSysColorBrush

gdi32

StartPage
EndDoc
StartDocA
SetMapMode
GetDeviceCaps
EndPage

comdlg32

PrintDlgA

advapi32

RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
RegSetValueExA

version

GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeA

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
  WARFACE/AntiOS-master/bin/Volumeid64.exe
.exe windows:5 windows x64 arch:x64

735aed1002ee8ff1be0e1dee668e8b0d

Code Sign

33:00:00:00:9b:e0:74:37:cb:3d:4d:8d:2e:00:00:00:00:00:9b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/03/2016, 19:21

Not After

30/06/2017, 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:728D-C45F-F9EB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:97:9c:4b:c0:56:29:3c:65:68:1d:c8:51:cc:90:6a:97:43:fe:d9:91:a6:db:5c:b9:5c:47:8e:bf:73:7b:f7
Signer

Actual PE Digest

65:97:9c:4b:c0:56:29:3c:65:68:1d:c8:51:cc:90:6a:97:43:fe:d9:91:a6:db:5c:b9:5c:47:8e:bf:73:7b:f7

Digest Algorithm

sha256

PE Digest Matches

true

25:f3:81:49:d7:50:ad:69:9f:da:99:18:45:e2:bd:84:7c:66:4c:a4
Signer

Actual PE Digest

25:f3:81:49:d7:50:ad:69:9f:da:99:18:45:e2:bd:84:7c:66:4c:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FormatMessageA
GetDriveTypeA
CreateFileA
GetVolumeInformationA
GetVersionExA
LCMapStringW
CloseHandle
GetStringTypeW
OutputDebugStringW
SetFilePointer
DeviceIoControl
ReadFile
WriteFile
GetLastError
GetCommandLineW
GetVersion
LoadLibraryA
GetModuleHandleA
GetStdHandle
LocalFree
LocalAlloc
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
GetFileType
ReadConsoleW
WriteConsoleW
SetFilePointerEx
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
HeapAlloc
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
GetCommandLineA
DeleteCriticalSection
FlushFileBuffers
GetConsoleCP
RtlUnwindEx
IsDebuggerPresent
IsProcessorFeaturePresent
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThreadId
GetProcessHeap
LoadLibraryExW
CreateFileW
QueryPerformanceCounter
GetCurrentProcessId
HeapSize

user32

SendMessageA
DialogBoxIndirectParamA
EndDialog
GetDlgItem
SetWindowTextA
SetCursor
LoadCursorA
InflateRect
GetSysColorBrush

gdi32

StartPage
EndDoc
StartDocA
SetMapMode
GetDeviceCaps
EndPage

comdlg32

PrintDlgA

advapi32

RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
RegSetValueExA

version

GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeA

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
  WARFACE/AntiOS-master/generate_fingerprint.py
  WARFACE/AntiOS-master/hardware_fingerprint.py
  WARFACE/AntiOS-master/identity_data.py
  WARFACE/AntiOS-master/log_helper.py
  WARFACE/AntiOS-master/random_utils.py
  WARFACE/AntiOS-master/registry_helper.py
  WARFACE/AntiOS-master/system_fingerprint.py
  WARFACE/AntiOS-master/system_utils.py
  WARFACE/AntiOS-master/telemetry_fingerprint.py
  WARFACE/CCTools/BINs/Database.txt
  WARFACE/CCTools/CCTools 7.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 561KB - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
  WARFACE/CCTools/Company.txt
  WARFACE/CCTools/Hosts.txt
  WARFACE/CCTools/Name.txt
  WARFACE/CCTools/Processors.txt
  WARFACE/CCTools/database.mdb
  WARFACE/python-3.7.4.exe
.exe windows:5 windows x86 arch:x86

d7e2fd259780271687ffca462b9e69b7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:3e:d5:ed:a0:65:d1:b8:c9:1d:fc:f9:2a:6c:9b:d8
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/12/2018, 00:00

Not After

22/12/2021, 12:00

Subject

CN=Python Software Foundation,O=Python Software Foundation,L=Wolfeboro,ST=New Hampshire,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a8:bd:5f:d3:c6:4f:ec:1c:8f:83:bd:f4:99:ca:36:22:ad:8f:16:8a:8b:1f:ca:69:da:eb:b6:82:8e:33:75:71
Signer

Actual PE Digest

a8:bd:5f:d3:c6:4f:ec:1c:8f:83:bd:f4:99:ca:36:22:ad:8f:16:8a:8b:1f:ca:69:da:eb:b6:82:8e:33:75:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\agent\_work\8\s\build\ship\x86\burn.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
CloseEventLog
OpenEventLogW
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW

user32

PeekMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
GetMessageW
TranslateMessage
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

gdi32

DeleteDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CLSIDFromProgID
CoInitializeSecurity

kernel32

GetCommandLineA
GetCPInfo
GetOEMCP
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
GetCommandLineW
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetEnvironmentStringsW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetUserDefaultUILanguage
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
LoadLibraryExW
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
IsValidCodePage
FindFirstFileExW
FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
GetComputerNameW
SetCurrentDirectoryW
GetFileType
GetACP
ExitProcess
GetStdHandle
InitializeCriticalSectionAndSpinCount
SetLastError
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
LoadLibraryExA

rpcrt4

UuidCreate

Sections

.text
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
  WARFACE/⨁஢/CHERRY HVCKER ANTI LOCKER.exe
.exe windows:4 windows x86 arch:x86

b0ee5f3ba44c825e73d37304e54fc889

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegUnLoadKeyA
RegSetValueExA
RegSaveKeyA
RegRestoreKeyA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegLoadKeyA
RegFlushKey
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
mouse_event
keybd_event
WindowFromPoint
WaitMessage
VkKeyScanA
ValidateRect
UpdateWindow
UnregisterHotKey
UnregisterClassA
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
TrackMouseEvent
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRectEmpty
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetClassLongA
SetCaretPos
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
SendDlgItemMessageA
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterHotKey
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LockWindowUpdate
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericA
IsCharAlphaA
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoA
GetCaretPos
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowA
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextExA
DrawTextW
DrawTextA
DrawStateA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DeferWindowPos
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CreateCaret
CopyImage
CloseClipboard
ClipCursor
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CallWindowProcA
CallNextHookEx
BringWindowToTop
BeginPaint
BeginDeferWindowPos
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
wvsprintfA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrlenA
lstrcpyA
lstrcmpA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualAlloc
TerminateProcess
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetSystemPowerState
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
SetCurrentDirectoryA
ResumeThread
ResetEvent
ReadFile
OpenProcess
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathA
GetSystemInfo
GetStdHandle
GetProfileStringA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetExitCodeThread
GetExitCodeProcess
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateProcessA
CreateFileA
CreateEventA
CreateDirectoryA
CompareStringW
CompareStringA
CloseHandle
Sleep
SystemTimeToTzSpecificLocalTime
MulDiv

msimg32

GradientFill

gdi32

UnrealizeObject
TextOutA
StretchDIBits
StretchBlt
StartPage
StartDocA
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextCharacterExtra
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetPaletteEntries
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SelectClipPath
SaveDC
RoundRect
RestoreDC
ResizePalette
RemoveFontResourceA
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyPolyline
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectType
GetObjectA
GetNearestPaletteIndex
GetFontLanguageInfo
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipRgn
GetClipBox
GetCharWidthA
GetCharABCWidthsA
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExtCreatePen
ExcludeClipRect
EnumFontFamiliesExA
EndPath
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePen
CreatePalette
CreateICA
CreateHalftonePalette
CreateFontIndirectA
CreateEllipticRgn
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
CloseEnhMetaFile
BitBlt
BeginPath
AddFontResourceA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitialize
CLSIDFromString

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

imm32

ImmSetCompositionWindow
ImmSetCompositionFontA
ImmGetCompositionStringA
ImmReleaseContext
ImmGetContext

shell32

Shell_NotifyIconA
ShellExecuteA
DragQueryPoint
DragQueryFileA
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderA

winspool.drv

OpenPrinterA
EnumPrintersA
DocumentPropertiesA
ClosePrinter

comdlg32

PageSetupDlgA
PrintDlgA
ChooseFontA
ReplaceTextA
FindTextA
ChooseColorA
GetSaveFileNameA
GetOpenFileNameA

wsock32

WSACleanup
WSAStartup
gethostname
gethostbyname
inet_ntoa

winmm

timeGetTime

Exports

Exports

get_module

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 35KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
  WARFACE/⨁஢/php5ts.dll
.dll windows:5 windows x86 arch:x86

aaf1492926158df000e59c70092d88e8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

GetActiveObject
SysFreeString
VariantClear
VariantInit
SysAllocString
SafeArrayGetDim
SafeArrayPutElement
VariantChangeType
SafeArrayGetVartype
LHashValOfNameSys
VarCmp
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopyInd
SafeArrayGetElement
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SysAllocStringByteLen
VarXor
VarPow
VarOr
VarMod
VarImp
VarIdiv
VarEqv
VarDiv
VarAnd
VarMul
VarSu
VarCat
VarAdd
VarNot
VarNeg
VarInt
VarFix
VarAbs
VarRound
VariantTimeToSystemTime
SystemTimeToVariantTime

user32

DefWindowProcA
SetTimer
PostQuitMessage
KillTimer
UnregisterClassA
DestroyWindow
SendMessageA
GetMessageA
CreateWindowExA
RegisterClassA
PostThreadMessageA
GetSystemMetrics
GetDesktopWindow
IsWindow
GetDC
GetClientRect
GetWindowRect
ReleaseDC
PeekMessageA
DispatchMessageA
TranslateMessage
MsgWaitForMultipleObjects
MessageBoxA

gdi32

CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
SelectObject
GetPixel
DeleteObject
DeleteDC

advapi32

RegCloseKey
RegOpenKeyExA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegEnumKeyA
RegQueryValueA
DuplicateTokenEx
CreateProcessAsUserA
OpenThreadToken
OpenProcessToken
EqualSid
DuplicateToken
GetFileSecurityA
MapGenericMask
AccessCheck
GetTokenInformation
CopySid
GetLengthSid
ConvertSidToStringSidA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueExA
RegNotifyChangeKeyValue
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
GetUserNameA

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
freeaddrinfo
getaddrinfo
closesocket
socket
htons
ntohs
inet_ntoa
getpeername
getsockname
htonl
ioctlsocket
__WSAFDIsSet
select
WSASetLastError
getsockopt
connect
bind
setsockopt
accept
WSAStringToAddressA
WSAAddressToStringA
inet_addr
listen
send
recv
shutdown
sendto
recvfrom
gethostbyname
gethostname
getprotobyname
ntohl
getservbyname
getservbyport
getprotobynumber
gethostbyaddr

kernel32

WideCharToMultiByte
GetProcessHeap
GetFileAttributesExA
GetCurrentDirectoryA
DeviceIoControl
CreateFileA
FileTimeToSystemTime
TlsFree
TlsAlloc
LeaveCriticalSection
CreateProcessA
SetFileTime
InitializeCriticalSection
TlsGetValue
TlsSetValue
CreateWaitableTimerA
SetWaitableTimer
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
FindClose
FindNextFileA
SystemTimeToFileTime
GetSystemTime
MoveFileExA
GetCurrentProcess
GetCurrentThread
DuplicateHandle
GetBinaryTypeA
DeleteCriticalSection
GetStdHandle
CreatePipe
GetExitCodeProcess
MapViewOfFileEx
OpenFileMappingA
GetFullPathNameA
MultiByteToWideChar
InterlockedDecrement
GetLocalTime
GetCurrentProcessId
SetEnvironmentVariableA
SleepEx
GetDiskFreeSpaceA
LockFileEx
UnlockFileEx
GetModuleHandleA
InterlockedExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetComputerNameA
GetFileAttributesA
CreateHardLinkA
TerminateProcess
SetErrorMode
SetFilePointer
GetACP
CreateMutexA
ReleaseMutex
InterlockedCompareExchange
Sleep
GetSystemDirectoryA
EnterCriticalSection
FindFirstFileA
CreateFileMappingA
GetFileSize
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
GetFileType
GetTempPathA
GetTempFileNameA
SetLastError
GetEnvironmentVariableA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemWindowsDirectoryA
LocalFree
GetVersion
GetVersionExA
GetLastError
OutputDebugStringA
FormatMessageA
LoadLibraryA
GetProcAddress
GetTimeZoneInformation
InterlockedIncrement
GetCurrentThreadId
CloseHandle
CreateEventA
WaitForSingleObject
SetEvent
IsDBCSLeadByte
HeapReAlloc
HeapFree
HeapAlloc
HeapCreate
HeapDestroy
FreeLibrary

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoCreateInstanceEx
MkParseDisplayName
CreateBindCtx
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoCreateGuid
CoDisconnectObject
CoTaskMemAlloc
OleLoadFromStream
CLSIDFromProgID

dnsapi

DnsQuery_A
DnsRecordListFree

msvcr90

sscanf
putchar
_open_osfhandle
_fdopen
_mktime32
fgets
floor
strftime
_CIatan2
_CIsqrt
_CIsin
_CIcos
_CIacos
_atoi64
strtod
isupper
abort
strtoul
putc
getc
_CItan
_access
atof
iscntrl
ispunct
isprint
isgraph
isxdigit
strcspn
mblen
_CIlog10
ceil
_CIlog
_CIexp
_CIasin
_CIatan
_CIsinh
_CIcosh
_CItanh
_hypot
_CIfmod
strcat_s
strncpy_s
_close
strspn
_setmode
_fileno
remove
_creat
_mktemp
ferror
strcmp
clearerr
ungetc
fgetc
memcmp
strlen
strcat
fabs
pow
_vsnprintf
_wfopen
_stat64i32
_wstat64i32
vfprintf
strcpy_s
sprintf_s
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_dup
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_stricmp
_strnicmp
_isatty
_write
_unlink
_lseek
_read
_chsize
_open
_chmod
_mkdir
_rmdir
_getcwd
_strdup
_set_errno
_memicmp
_stat32
_getpid
_tzset
__timezone
__daylight
strtok
setvbuf
fseek
feof
_get_osfhandle
rewind
strnlen
_putenv
_umask
strpbrk
atoi
_snprintf
fopen
memset
calloc
malloc
free
strncat
realloc
_setjmp3
sprintf
longjmp
exit
strtol
memcpy
fprintf
__iob_func
fflush
getenv
memchr
strchr
memmove
isalpha
strrchr
_beginthreadex
_controlfp_s
ftell
_errno
printf
toupper
_CIpow
strcoll
tolower
_finite
_fstat32
fread
fclose
_HUGE
isspace
_time32
_configthreadlocale
strstr
strncmp
strncpy
isalnum
strerror
_set_invalid_parameter_handler
setlocale
fwrite
qsort
vsprintf
_environ
_ctime32
_gmtime32
_localtime32
asctime
atol
localeconv
_fpclass
_isnan
isdigit
islower

Exports

Exports

GetSMErrorText
OnUpdateBaseDir
OnUpdateBool
OnUpdateLong
OnUpdateLongGEZero
OnUpdateReal
OnUpdateString
OnUpdateStringUnempty
PHP_3HAVAL128Init
PHP_3HAVAL160Init
PHP_3HAVAL192Init
PHP_3HAVAL224Init
PHP_3HAVAL256Init
PHP_3TIGERInit
PHP_4HAVAL128Init
PHP_4HAVAL160Init
PHP_4HAVAL192Init
PHP_4HAVAL224Init
PHP_4HAVAL256Init
PHP_4TIGERInit
PHP_5HAVAL128Init
PHP_5HAVAL160Init
PHP_5HAVAL192Init
PHP_5HAVAL224Init
PHP_5HAVAL256Init
PHP_ADLER32Copy
PHP_ADLER32Final
PHP_ADLER32Init
PHP_ADLER32Update
PHP_CRC32BFinal
PHP_CRC32BUpdate
PHP_CRC32Copy
PHP_CRC32Final
PHP_CRC32Init
PHP_CRC32Update
PHP_GOSTFinal
PHP_GOSTInit
PHP_GOSTUpdate
PHP_HAVAL128Final
PHP_HAVAL160Final
PHP_HAVAL192Final
PHP_HAVAL224Final
PHP_HAVAL256Final
PHP_HAVALUpdate
PHP_MD2Final
PHP_MD2Init
PHP_MD2Update
PHP_MD4Final
PHP_MD4Init
PHP_MD4Update
PHP_MD5Final
PHP_MD5Init
PHP_MD5Update
PHP_RIPEMD128Final
PHP_RIPEMD128Init
PHP_RIPEMD128Update
PHP_RIPEMD160Final
PHP_RIPEMD160Init
PHP_RIPEMD160Update
PHP_RIPEMD256Final
PHP_RIPEMD256Init
PHP_RIPEMD256Update
PHP_RIPEMD320Final
PHP_RIPEMD320Init
PHP_RIPEMD320Update
PHP_SALSA10Init
PHP_SALSA20Init
PHP_SALSAFinal
PHP_SALSAUpdate
PHP_SHA1Final
PHP_SHA1Init
PHP_SHA1Update
PHP_SHA224Final
PHP_SHA224Init
PHP_SHA224Update
PHP_SHA256Final
PHP_SHA256Init
PHP_SHA256Update
PHP_SHA384Final
PHP_SHA384Init
PHP_SHA384Update
PHP_SHA512Final
PHP_SHA512Init
PHP_SHA512Update
PHP_SNEFRUFinal
PHP_SNEFRUInit
PHP_SNEFRUUpdate
PHP_TIGER128Final
PHP_TIGER160Final
PHP_TIGER192Final
PHP_TIGERUpdate
PHP_WHIRLPOOLFinal
PHP_WHIRLPOOLInit
PHP_WHIRLPOOLUpdate
TSMClose
TSendMail
ValidateFormat
XML_GetUserData
_DllMain@12
_array_init
_convert_to_string
_ecalloc
_efree
_emalloc
_erealloc
_estrdup
_estrndup
_mysqlnd_calloc
_mysqlnd_debug
_mysqlnd_ecalloc
_mysqlnd_efree
_mysqlnd_emalloc
_mysqlnd_erealloc
_mysqlnd_fetch_lengths
_mysqlnd_free
_mysqlnd_get_client_stats
_mysqlnd_init
_mysqlnd_malloc
_mysqlnd_pecalloc
_mysqlnd_pefree
_mysqlnd_pemalloc
_mysqlnd_perealloc
_mysqlnd_pestrdup
_mysqlnd_pestrndup
_mysqlnd_plugin_get_plugin_connection_data
_mysqlnd_plugin_get_plugin_net_data
_mysqlnd_plugin_get_plugin_protocol_data
_mysqlnd_plugin_get_plugin_result_data
_mysqlnd_plugin_get_plugin_result_metadata_data
_mysqlnd_plugin_get_plugin_stmt_data
_mysqlnd_poll
_mysqlnd_realloc
_object_and_properties_init
_object_init
_object_init_ex
_php_emit_fd_setsize_warning
_php_error_log
_php_error_log_ex
_php_find_ps_module
_php_find_ps_serializer
_php_get_stream_filters_hash
_php_glob_stream_get_count
_php_glob_stream_get_path
_php_glob_stream_get_pattern
_php_math_basetolong
_php_math_basetozval
_php_math_longtobase
_php_math_number_format
_php_math_round
_php_math_zvaltobase
_php_regcomp@12
_php_regerror@16
_php_regexec@20
_php_regfree@4
_php_stream_alloc
_php_stream_cast
_php_stream_copy_to_mem
_php_stream_copy_to_stream
_php_stream_copy_to_stream_ex
_php_stream_eof
_php_stream_filter_alloc
_php_stream_filter_append
_php_stream_filter_flush
_php_stream_filter_prepend
_php_stream_flush
_php_stream_fopen
_php_stream_fopen_from_fd
_php_stream_fopen_from_file
_php_stream_fopen_from_pipe
_php_stream_fopen_temporary_file
_php_stream_fopen_tmpfile
_php_stream_fopen_with_path
_php_stream_free
_php_stream_get_line
_php_stream_get_url_stream_wrappers_hash
_php_stream_getc
_php_stream_make_seekable
_php_stream_memory_create
_php_stream_memory_get_buffer
_php_stream_memory_open
_php_stream_mkdir
_php_stream_mmap_range
_php_stream_mmap_unmap
_php_stream_mmap_unmap_ex
_php_stream_open_wrapper_as_file
_php_stream_open_wrapper_ex
_php_stream_opendir
_php_stream_passthru
_php_stream_printf
_php_stream_putc
_php_stream_puts
_php_stream_read
_php_stream_readdir
_php_stream_rmdir
_php_stream_scandir
_php_stream_seek
_php_stream_set_option
_php_stream_sock_open_from_socket
_php_stream_sock_open_host
_php_stream_stat
_php_stream_stat_path
_php_stream_tell
_php_stream_temp_create
_php_stream_temp_open
_php_stream_truncate_set_size
_php_stream_write
_php_stream_xport_create
_safe_emalloc
_safe_erealloc
_safe_malloc
_safe_realloc
_xml_zval_strdup
_zend_bailout
_zend_get_parameters_array
_zend_get_parameters_array_ex
_zend_hash_add_or_update
_zend_hash_index_update_or_next_insert
_zend_hash_init
_zend_hash_init_ex
_zend_hash_merge
_zend_hash_quick_add_or_update
_zend_list_addref
_zend_list_delete
_zend_list_find
_zend_mem_block_size
_zend_mm_alloc
_zend_mm_block_size
_zend_mm_free
_zend_mm_realloc
_zend_ts_hash_add_or_update
_zend_ts_hash_index_update_or_next_insert
_zend_ts_hash_init
_zend_ts_hash_init_ex
_zend_ts_hash_quick_add_or_update
_zval_copy_ctor_func
_zval_dtor_func
_zval_dtor_wrapper
_zval_internal_dtor
_zval_internal_ptr_dtor
_zval_ptr_dtor
add_assoc_bool_ex
add_assoc_double_ex
add_assoc_function
add_assoc_long_ex
add_assoc_null_ex
add_assoc_resource_ex
add_assoc_string_ex
add_assoc_stringl_ex
add_assoc_zval_ex
add_char_to_string
add_function
add_get_assoc_string_ex
add_get_assoc_stringl_ex
add_get_index_double
add_get_index_long
add_get_index_string
add_get_index_stringl
add_index_bool
add_index_double
add_index_long
add_index_null
add_index_resource
add_index_string
add_index_stringl
add_index_zval
add_next_index_bool
add_next_index_double
add_next_index_long
add_next_index_null
add_next_index_resource
add_next_index_string
add_next_index_stringl
add_next_index_zval
add_property_bool_ex
add_property_double_ex
add_property_long_ex
add_property_null_ex
add_property_resource_ex
add_property_string_ex
add_property_stringl_ex
add_property_zval_ex
add_string_to_string
ap_php_asprintf
ap_php_slprintf
ap_php_snprintf
ap_php_vasprintf
ap_php_vslprintf
ap_php_vsnprintf
arcfour_LTX__is_block_algorithm
arcfour_LTX__mcrypt_algorithm_version
arcfour_LTX__mcrypt_decrypt
arcfour_LTX__mcrypt_encrypt
arcfour_LTX__mcrypt_get_algo_iv_size
arcfour_LTX__mcrypt_get_algorithms_name
arcfour_LTX__mcrypt_get_block_size
arcfour_LTX__mcrypt_get_key_size
arcfour_LTX__mcrypt_get_size
arcfour_LTX__mcrypt_get_supported_key_sizes
arcfour_LTX__mcrypt_self_test
arcfour_LTX__mcrypt_set_key
basic_globals_id
bcompiler_zend_shutdown
bcompiler_zend_startup
bitwise_and_function
bitwise_not_function
bitwise_or_function
bitwise_xor_function
blowfish_LTX__is_block_algorithm
blowfish_LTX__mcrypt_algorithm_version
blowfish_LTX__mcrypt_decrypt
blowfish_LTX__mcrypt_encrypt
blowfish_LTX__mcrypt_get_algorithms_name
blowfish_LTX__mcrypt_get_block_size
blowfish_LTX__mcrypt_get_key_size
blowfish_LTX__mcrypt_get_size
blowfish_LTX__mcrypt_get_supported_key_sizes
blowfish_LTX__mcrypt_self_test
blowfish_LTX__mcrypt_set_key
blowfish_compat_LTX__is_block_algorithm
blowfish_compat_LTX__mcrypt_algorithm_version
blowfish_compat_LTX__mcrypt_decrypt
blowfish_compat_LTX__mcrypt_encrypt
blowfish_compat_LTX__mcrypt_get_algorithms_name
blowfish_compat_LTX__mcrypt_get_block_size
blowfish_compat_LTX__mcrypt_get_key_size
blowfish_compat_LTX__mcrypt_get_size
blowfish_compat_LTX__mcrypt_get_supported_key_sizes
blowfish_compat_LTX__mcrypt_self_test
blowfish_compat_LTX__mcrypt_set_key
boolean_not_function
boolean_xor_function
call_user_function
call_user_function_ex
cast_128_LTX__is_block_algorithm
cast_128_LTX__mcrypt_algorithm_version
cast_128_LTX__mcrypt_decrypt
cast_128_LTX__mcrypt_encrypt
cast_128_LTX__mcrypt_get_algorithms_name
cast_128_LTX__mcrypt_get_block_size
cast_128_LTX__mcrypt_get_key_size
cast_128_LTX__mcrypt_get_size
cast_128_LTX__mcrypt_get_supported_key_sizes
cast_128_LTX__mcrypt_self_test
cast_128_LTX__mcrypt_set_key
cast_256_LTX__is_block_algorithm
cast_256_LTX__mcrypt_algorithm_version
cast_256_LTX__mcrypt_decrypt
cast_256_LTX__mcrypt_encrypt
cast_256_LTX__mcrypt_get_algorithms_name
cast_256_LTX__mcrypt_get_block_size
cast_256_LTX__mcrypt_get_key_size
cast_256_LTX__mcrypt_get_size
cast_256_LTX__mcrypt_get_supported_key_sizes
cast_256_LTX__mcrypt_self_test
cast_256_LTX__mcrypt_set_key
cfg_get_double
cfg_get_entry
cfg_get_long
cfg_get_string
compare_function
compile_file
compile_filename
compile_string
compiler_globals_id
concat_function
config_zval_dtor
convert_scalar_to_number
convert_to_array
convert_to_boolean
convert_to_double
convert_to_long
convert_to_long_base
convert_to_null
convert_to_object
core_globals_id
decrement_function
des_LTX__is_block_algorithm
des_LTX__mcrypt_algorithm_version
des_LTX__mcrypt_decrypt
des_LTX__mcrypt_encrypt
des_LTX__mcrypt_get_algorithms_name
des_LTX__mcrypt_get_block_size
des_LTX__mcrypt_get_key_size
des_LTX__mcrypt_get_size
des_LTX__mcrypt_get_supported_key_sizes
des_LTX__mcrypt_self_test
des_LTX__mcrypt_set_key
destroy_op_array
destroy_zend_class
destroy_zend_function
display_ini_entries
display_link_numbers
div_function
do_bind_class
do_bind_function
do_bind_inherited_class
dom_node_class_entry
dom_object_get_node
dummy_indent
empty_fcall_info
empty_fcall_info_cache
end_mcrypt
enigma_LTX__is_block_algorithm
enigma_LTX__mcrypt_algorithm_version
enigma_LTX__mcrypt_decrypt
enigma_LTX__mcrypt_encrypt
enigma_LTX__mcrypt_get_algo_iv_size
enigma_LTX__mcrypt_get_algorithms_name
enigma_LTX__mcrypt_get_block_size
enigma_LTX__mcrypt_get_key_size
enigma_LTX__mcrypt_get_size
enigma_LTX__mcrypt_get_supported_key_sizes
enigma_LTX__mcrypt_self_test
enigma_LTX__mcrypt_set_key
execute
execute_internal
executor_globals_id
expand_filepath
expand_filepath_ex
extension_version_info
file_globals_id
file_handle_dtor
flock
fnmatch
free_estring
function_add_ref
gc_collect_cycles
gc_globals_ctor
gc_globals_dtor
gc_globals_id
gc_init
gc_remove_zval_from_buffer
gc_reset
gc_zobj_possible_root
gc_zval_possible_root
get_active_class_name
get_active_function_name
get_binary_op
get_timezone_info
get_unary_op
get_zend_version
gettimeofday
glob
globfree
gost_LTX__is_block_algorithm
gost_LTX__mcrypt_algorithm_version
gost_LTX__mcrypt_decrypt
gost_LTX__mcrypt_encrypt
gost_LTX__mcrypt_get_algorithms_name
gost_LTX__mcrypt_get_block_size
gost_LTX__mcrypt_get_key_size
gost_LTX__mcrypt_get_size
gost_LTX__mcrypt_get_supported_key_sizes
gost_LTX__mcrypt_self_test
gost_LTX__mcrypt_set_key
highlight_file
highlight_string
igbinary_serialize
igbinary_unserialize
increment_function
inet_aton
inet_ntop
inet_pton
ini_scanner_globals_id
init_mcrypt
init_op_array
instanceof_function
instanceof_function_ex
is_equal_function
is_identical_function
is_not_equal_function
is_not_identical_function
is_smaller_function
is_smaller_or_equal_function
is_zend_mm
language_scanner_globals_id
le_index_ptr
lex_scan
localeconv_r
loki97_LTX__is_block_algorithm
loki97_LTX__mcrypt_algorithm_version
loki97_LTX__mcrypt_decrypt
loki97_LTX__mcrypt_encrypt
loki97_LTX__mcrypt_get_algorithms_name
loki97_LTX__mcrypt_get_block_size
loki97_LTX__mcrypt_get_key_size
loki97_LTX__mcrypt_get_size
loki97_LTX__mcrypt_get_supported_key_sizes
loki97_LTX__mcrypt_self_test
loki97_LTX__mcrypt_set_key
make_digest
make_digest_ex
make_sha1_digest
mcrypt
mcrypt_algorithm_module_ok
mcrypt_dlopen
mcrypt_enc_get_algorithms_name
mcrypt_enc_get_block_size
mcrypt_enc_get_iv_size
mcrypt_enc_get_key_size

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

196b8047c609ccadce7fd294c9a3e6a2

Code Sign

33:00:00:00:99:aa:c5:81:9f:8c:a2:7d:8a:00:00:00:00:00:99Certificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

31:e8:46:24:b9:5c:81:15:5d:a7:f1:1a:ab:8f:86:bc:b4:c8:0e:61:43:9d:61:34:48:d8:23:fc:f3:c1:26:44Signer

0b:59:24:99:54:12:f4:c9:d5:03:9a:1b:01:0c:88:29:cd:1c:f0:10Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

version

Sections

.text Size: 147KB - Virtual size: 146KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

735aed1002ee8ff1be0e1dee668e8b0d

Code Sign

33:00:00:00:9b:e0:74:37:cb:3d:4d:8d:2e:00:00:00:00:00:9bCertificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

65:97:9c:4b:c0:56:29:3c:65:68:1d:c8:51:cc:90:6a:97:43:fe:d9:91:a6:db:5c:b9:5c:47:8e:bf:73:7b:f7Signer

25:f3:81:49:d7:50:ad:69:9f:da:99:18:45:e2:bd:84:7c:66:4c:a4Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

version

Sections

.text Size: 79KB - Virtual size: 79KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

Imports

mscoree

Sections

.text Size: 561KB - Virtual size: 561KB

33:00:00:00:99:aa:c5:81:9f:8c:a2:7d:8a:00:00:00:00:00:99
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

31:e8:46:24:b9:5c:81:15:5d:a7:f1:1a:ab:8f:86:bc:b4:c8:0e:61:43:9d:61:34:48:d8:23:fc:f3:c1:26:44
Signer

0b:59:24:99:54:12:f4:c9:d5:03:9a:1b:01:0c:88:29:cd:1c:f0:10
Signer

.text
Size: 147KB - Virtual size: 146KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB

33:00:00:00:9b:e0:74:37:cb:3d:4d:8d:2e:00:00:00:00:00:9b
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

65:97:9c:4b:c0:56:29:3c:65:68:1d:c8:51:cc:90:6a:97:43:fe:d9:91:a6:db:5c:b9:5c:47:8e:bf:73:7b:f7
Signer

25:f3:81:49:d7:50:ad:69:9f:da:99:18:45:e2:bd:84:7c:66:4c:a4
Signer

.text
Size: 79KB - Virtual size: 79KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 561KB - Virtual size: 561KB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 25KB - Virtual size: 25KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:3e:d5:ed:a0:65:d1:b8:c9:1d:fc:f9:2a:6c:9b:d8
Certificate

a8:bd:5f:d3:c6:4f:ec:1c:8f:83:bd:f4:99:ca:36:22:ad:8f:16:8a:8b:1f:ca:69:da:eb:b6:82:8e:33:75:71
Signer

.text
Size: 294KB - Virtual size: 294KB

.rdata
Size: 123KB - Virtual size: 123KB

.data
Size: 2KB - Virtual size: 5KB

.wixburn
Size: 512B - Virtual size: 56B

.rsrc
Size: 89KB - Virtual size: 89KB

.reloc
Size: 15KB - Virtual size: 15KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.itext
Size: 4KB - Virtual size: 4KB

.data
Size: 34KB - Virtual size: 33KB

.bss
Size: - Virtual size: 35KB

.idata
Size: 15KB - Virtual size: 15KB

.edata
Size: 512B - Virtual size: 76B

.tls
Size: - Virtual size: 64B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 124KB - Virtual size: 124KB

.rsrc
Size: 169KB - Virtual size: 168KB