603674d9927ac6d6a6c6dc5f923e9900_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

603674d9927ac6d6a6c6dc5f923e9900_NEIKI
Size

4.8MB
MD5

603674d9927ac6d6a6c6dc5f923e9900
SHA1

a0389e6c2ccb369b50a1a0b51c18374874535e4e
SHA256

05f7e7e64096f028e533aa10eab0d11943024272144a11e2405c13cffa37ff2a
SHA512

6410dc4b9976169b413ca0b8a6f72dadfc38114d91027a75643a310c848a63ef9baa42742d599116caa5f8a65af1599102faaf1359d6c548fc19243d1e3d39f4
SSDEEP

98304:b4KZLiLXoH9iKLr69NJik08izfZ4P7lw2TCmrF8K9B6wdXzeXtwYIkWgmel8:bykduTJikCZI18K9gwdDe9HIkWgPl8

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
603674d9927ac6d6a6c6dc5f923e9900_NEIKI
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/execDos.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/GoogleUpdateSetup_1.3.21.169.exe
unpack003/$PLUGINSDIR/System.dll
unpack003/$TEMP/GoogleUpdateSetup_1.3.21.169.exe
unpack001/$PLUGINSDIR/g/pfWWW.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack001/CCleaner64.exe

Files

603674d9927ac6d6a6c6dc5f923e9900_NEIKI
.exe windows:5 windows x86 arch:x86

377a97652fdf5740d8cc11d5ce124fed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
ExitProcess
CopyFileW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetFileTime
lstrcpynA
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
LoadLibraryW
GetSystemDirectoryW
GetProcAddress
OpenProcess
lstrcpyW
LoadLibraryA
GetVersionExW
lstrcpyA
RemoveDirectoryW
lstrcmpA
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
SetErrorMode

user32

IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
GetAsyncKeyState
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wvsprintfW
wsprintfA
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
GetClassInfoW
CharNextW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
SendMessageTimeoutW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegOpenKeyExW
RegEnumValueW
RegEnumKeyW
RegCloseKey
SetFileSecurityW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/execDos.dll
.dll windows:5 windows x86 arch:x86

a5d239ed12c9442d63c73cb9ff7cad0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
Sleep
lstrcatW
lstrcmpiW
TerminateProcess
ReadFile
GetExitCodeProcess
PeekNamedPipe
CreateFileW
FlushFileBuffers
WriteFile
lstrlenW
CloseHandle
CreateProcessW
DuplicateHandle
GetCurrentProcess
CreatePipe
GetProcAddress
GetModuleHandleW
GlobalAlloc
GetExitCodeThread
WaitForSingleObject
CreateThread
lstrcpyW
lstrcpynW

user32

wsprintfW
GetClassNameW
GetDlgItem
FindWindowExW
SendMessageW

Exports

Exports

exec
isdone
wait

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/g/PF-Chrome-2016.exe
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4c:40:db:a5:f9:88:fa:e5:7a:57:d6:45:74:95:f9:8b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/12/2015, 00:00

Not After

14/12/2016, 23:59

Subject

CN=Google Inc,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:9c:21:ac:aa:a6:3a:3c:58:a7:b9:32:2b:ee:94:8d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/12/2015, 00:00

Not After

16/12/2018, 23:59

Subject

CN=Google Inc,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:16:c0:09:98:dc:c6:8f:a2:7d:25:c3:86:36:a8:83:bb
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:a6:55:d1:79:22:ed:0f:ce:23:d7:63:b5:fc:89:c3:8a:6c:d8:ec:4b:88:39:07:a0:dd:4a:00:00:a3:ef:c1
Signer

Actual PE Digest

48:a6:55:d1:79:22:ed:0f:ce:23:d7:63:b5:fc:89:c3:8a:6c:d8:ec:4b:88:39:07:a0:dd:4a:00:00:a3:ef:c1

Digest Algorithm

sha256

PE Digest Matches

true

90:3f:4e:d3:4d:f6:c2:a8:ff:35:14:46:f3:bc:1c:59:ee:a3:84:75
Signer

Actual PE Digest

90:3f:4e:d3:4d:f6:c2:a8:ff:35:14:46:f3:bc:1c:59:ee:a3:84:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 692KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GoogleUpdateSetup_1.3.21.169.exe
.exe windows:4 windows x86 arch:x86

56336c8990f68261828388675572d990

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mi_exe_stub.pdb

Imports

kernel32

HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateProcessW
WaitForSingleObject
GetStartupInfoW
GetExitCodeProcess
SetFilePointer
ReadFile
RaiseException
GetTempPathW
GetModuleFileNameW
FormatMessageW
DeleteFileW
WideCharToMultiByte
FindResourceW
lstrcmpiW
FindResourceExW
SetFilePointerEx
CloseHandle
RemoveDirectoryW
lstrlenW
MultiByteToWideChar
SizeofResource
SetLastError
LockResource
GetLastError
CopyFileW
lstrlenA
LocalFree
CreateDirectoryW
CreateFileW
LoadResource
GetTempFileNameW
GetVersionExW
WriteFile
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
OutputDebugStringA

msvcrt

_lock
_unlock
??3@YAXPAX@Z
wcscmp
memcmp
??_V@YAXPAX@Z
wcslen
??_U@YAPAXI@Z
strtol
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_XcptFilter
_cexit
__getmainargs
free
memmove
memcpy
memset
_ismbblead
_vsnwprintf
_errno
__CxxFrameHandler
?terminate@@YAXXZ
_controlfp
__dllonexit
_onexit
realloc
_exit

shlwapi

PathQuoteSpacesW
PathAppendW

ole32

CoInitializeEx
CoUninitialize

shell32

SHGetFolderPathW
ord680

user32

CharNextA
CharLowerBuffW
MessageBoxW
wvsprintfW
UnregisterClassA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 761KB - Virtual size: 760KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/g/PF-Toolbar-2016.exe
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4c:40:db:a5:f9:88:fa:e5:7a:57:d6:45:74:95:f9:8b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/12/2015, 00:00

Not After

14/12/2016, 23:59

Subject

CN=Google Inc,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:9c:21:ac:aa:a6:3a:3c:58:a7:b9:32:2b:ee:94:8d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/12/2015, 00:00

Not After

16/12/2018, 23:59

Subject

CN=Google Inc,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:16:c0:09:98:dc:c6:8f:a2:7d:25:c3:86:36:a8:83:bb
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:c9:a3:85:44:06:65:18:b9:21:9f:b8:47:d5:12:85:86:96:1d:30:f8:f7:dd:4d:25:46:d2:d8:7f:eb:18:a4
Signer

Actual PE Digest

67:c9:a3:85:44:06:65:18:b9:21:9f:b8:47:d5:12:85:86:96:1d:30:f8:f7:dd:4d:25:46:d2:d8:7f:eb:18:a4

Digest Algorithm

sha256

PE Digest Matches

true

34:e4:8c:c2:3b:68:9e:6b:06:c3:a5:dd:2c:60:43:7f:01:d2:2d:50
Signer

Actual PE Digest

34:e4:8c:c2:3b:68:9e:6b:06:c3:a5:dd:2c:60:43:7f:01:d2:2d:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 708KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/GoogleUpdateSetup_1.3.21.169.exe
.exe windows:4 windows x86 arch:x86

56336c8990f68261828388675572d990

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mi_exe_stub.pdb

Imports

kernel32

HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateProcessW
WaitForSingleObject
GetStartupInfoW
GetExitCodeProcess
SetFilePointer
ReadFile
RaiseException
GetTempPathW
GetModuleFileNameW
FormatMessageW
DeleteFileW
WideCharToMultiByte
FindResourceW
lstrcmpiW
FindResourceExW
SetFilePointerEx
CloseHandle
RemoveDirectoryW
lstrlenW
MultiByteToWideChar
SizeofResource
SetLastError
LockResource
GetLastError
CopyFileW
lstrlenA
LocalFree
CreateDirectoryW
CreateFileW
LoadResource
GetTempFileNameW
GetVersionExW
WriteFile
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
OutputDebugStringA

msvcrt

_lock
_unlock
??3@YAXPAX@Z
wcscmp
memcmp
??_V@YAXPAX@Z
wcslen
??_U@YAPAXI@Z
strtol
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_XcptFilter
_cexit
__getmainargs
free
memmove
memcpy
memset
_ismbblead
_vsnwprintf
_errno
__CxxFrameHandler
?terminate@@YAXXZ
_controlfp
__dllonexit
_onexit
realloc
_exit

shlwapi

PathQuoteSpacesW
PathAppendW

ole32

CoInitializeEx
CoUninitialize

shell32

SHGetFolderPathW
ord680

user32

CharNextA
CharLowerBuffW
MessageBoxW
wvsprintfW
UnregisterClassA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 761KB - Virtual size: 760KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/g/gcombo/ComboOffer_1025.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1026.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1027.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1028.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1029.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1030.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1031.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1032.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1033.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1034.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1035.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1036.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1037.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1038.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1040.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1041.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1042.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1043.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1044.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1045.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1046.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1048.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1049.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1050.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1051.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1053.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1054.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1055.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1057.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1058.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1060.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1061.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1062.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1066.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_1102.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_2052.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_2070.html
.html
$PLUGINSDIR/g/gcombo/ComboOffer_3098.html
.html
$PLUGINSDIR/g/gcombo/combo-offer.png
.png
$PLUGINSDIR/g/gtb/toolbar-offer.png
.png
$PLUGINSDIR/g/gtb/toolbar_1025.html
$PLUGINSDIR/g/gtb/toolbar_1026.html
$PLUGINSDIR/g/gtb/toolbar_1027.html
$PLUGINSDIR/g/gtb/toolbar_1028.html
$PLUGINSDIR/g/gtb/toolbar_1029.html
$PLUGINSDIR/g/gtb/toolbar_1030.html
$PLUGINSDIR/g/gtb/toolbar_1031.html
$PLUGINSDIR/g/gtb/toolbar_1032.html
$PLUGINSDIR/g/gtb/toolbar_1033.html
$PLUGINSDIR/g/gtb/toolbar_1034.html
$PLUGINSDIR/g/gtb/toolbar_1035.html
$PLUGINSDIR/g/gtb/toolbar_1036.html
$PLUGINSDIR/g/gtb/toolbar_1037.html
.html
$PLUGINSDIR/g/gtb/toolbar_1038.html
$PLUGINSDIR/g/gtb/toolbar_1040.html
$PLUGINSDIR/g/gtb/toolbar_1041.html
$PLUGINSDIR/g/gtb/toolbar_1042.html
$PLUGINSDIR/g/gtb/toolbar_1043.html
$PLUGINSDIR/g/gtb/toolbar_1044.html
$PLUGINSDIR/g/gtb/toolbar_1045.html
$PLUGINSDIR/g/gtb/toolbar_1046.html
$PLUGINSDIR/g/gtb/toolbar_1048.html
$PLUGINSDIR/g/gtb/toolbar_1049.html
$PLUGINSDIR/g/gtb/toolbar_1050.html
$PLUGINSDIR/g/gtb/toolbar_1051.html
$PLUGINSDIR/g/gtb/toolbar_1053.html
$PLUGINSDIR/g/gtb/toolbar_1054.html
$PLUGINSDIR/g/gtb/toolbar_1055.html
$PLUGINSDIR/g/gtb/toolbar_1057.html
$PLUGINSDIR/g/gtb/toolbar_1058.html
$PLUGINSDIR/g/gtb/toolbar_1060.html
$PLUGINSDIR/g/gtb/toolbar_1061.html
$PLUGINSDIR/g/gtb/toolbar_1062.html
$PLUGINSDIR/g/gtb/toolbar_1066.html
$PLUGINSDIR/g/gtb/toolbar_1102.html
$PLUGINSDIR/g/gtb/toolbar_2052.html
$PLUGINSDIR/g/gtb/toolbar_2070.html
$PLUGINSDIR/g/gtb/toolbar_3098.html
$PLUGINSDIR/g/pfWWW.dll
.dll windows:4 windows x86 arch:x86

40adba3d6e85ca5b512bf20e031f22e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

h:\Piriform\Installers\trunk\src\Google\src\pfWWW\Release\pfWWW.pdb

Imports

kernel32

LoadLibraryExW
GlobalUnlock
GlobalLock
GetLastError
GlobalAlloc
EnterCriticalSection
GetCurrentThreadId
GetModuleFileNameW
lstrcmpiW
SetEvent
CloseHandle
CreateEventA
ResetEvent
OpenEventA
WaitForSingleObject
FlushFileBuffers
CreateFileA
FindResourceW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetLastError
GetModuleHandleW
LoadResource
InitializeCriticalSection
RaiseException
SizeofResource
lstrlenW
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
FindResourceExW
MulDiv
LockResource
FlushInstructionCache
GetCurrentProcess
DeleteCriticalSection
lstrcmpW
FreeLibrary
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
HeapCreate
ExitProcess
Sleep
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
WriteFile
RtlUnwind
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent

user32

SetWindowTextW
CreateWindowExW
GetWindowTextW
GetDesktopWindow
LoadCursorW
GetParent
InvalidateRgn
CreateAcceleratorTableW
GetClassNameW
GetWindowTextLengthW
UnregisterClassA
DefWindowProcW
DestroyWindow
InvalidateRect
GetClassInfoExW
ClientToScreen
GetSysColor
BeginPaint
GetFocus
MoveWindow
ScreenToClient
SendMessageW
SetFocus
RegisterClassExW
GetClientRect
GetWindow
CharNextW
FillRect
GetWindowLongW
DestroyAcceleratorTable
RedrawWindow
CallWindowProcW
IsWindow
SetWindowLongW
EndPaint
GetDlgItem
UnregisterClassW
SetCapture
ReleaseCapture
GetDC
ReleaseDC
IsChild
SetWindowPos
BringWindowToTop
RegisterWindowMessageW

gdi32

CreateCompatibleDC
CreateSolidBrush
BitBlt
SelectObject
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
GetObjectW
CreateCompatibleBitmap

advapi32

RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegSetValueExW

ole32

CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
OleInitialize
OleLockRunning
CoGetClassObject
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
CLSIDFromString
CoTaskMemRealloc
OleUninitialize
StringFromGUID2
CLSIDFromProgID

oleaut32

VariantInit
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SysFreeString
LoadTypeLi
VarUI4FromStr
LoadRegTypeLi
VariantClear
SysAllocString
DispCallFunc
OleCreateFontIndirect

Exports

Exports

CreateWebControl
DestroyWebControl
DestroyWebControls
EnableControl
GetCheckboxState
IsDocumentCompleted
SetCheckboxState
SetStyle
ShowControl

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

917ae9b9adb269abd5543f5bf5676bac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
wcsrchr
wcstoul
memset
wcsstr
wcstol

kernel32

DeleteFileW
WideCharToMultiByte
CreateFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleW
MulDiv
lstrcpyW
GlobalAlloc
LoadLibraryW
GetProcAddress
lstrcmpiW
lstrlenW
WriteFile
ReadFile
lstrcmpW
lstrcpynW
GetLastError
CreateFileW
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatW
GetFileSize

user32

MessageBoxW
GetParent
ShowWindow
SetWindowLongW
IsWindow
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
PostMessageW
GetWindowTextW
SendMessageW
SetDlgItemTextW
SetWindowPos
SystemParametersInfoW
GetClientRect
GetWindowRect
SetTimer
LoadIconW
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
IsWindowVisible
EnableWindow
CreateDialogParamW
FindWindowExW
wsprintfA
wsprintfW
GetWindowLongW

wininet

HttpSendRequestW
HttpSendRequestExW
HttpQueryInfoW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestW
HttpAddRequestHeadersW
HttpEndRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:5 windows x86 arch:x86

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrlenW
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
GetCommandLineW
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleW
GetTickCount
GetStartupInfoW
CreatePipe
GetVersionExW
GlobalLock
DeleteFileW
lstrcatW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

CharPrevW
CharNextW
SendMessageW
FindWindowExW
wsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:5 windows x86 arch:x86

439074d1c01f7b16781bdf060930814a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
OpenProcess
MultiByteToWideChar
lstrlenA
lstrlenW
LoadLibraryA
lstrcmpiW
lstrcpynW
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
GetVersionExW
GlobalFree
GlobalAlloc

user32

GetWindowThreadProcessId
EnumWindows
wsprintfW
PostMessageW

Exports

Exports

_CloseProcess
_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 927B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CCleaner.exe
.exe windows:5 windows x86 arch:x86

47667f05769dc9a716a6496d8e3e31ca

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:3c:45:5a:5c:7b:7b:26:66:91:5e:b2:18:57:d7:ea
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/09/2017, 00:00

Not After

11/10/2018, 23:59

Subject

CN=Piriform Ltd,O=Piriform Ltd,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:b6:a8:14:74:e8:04:89:20:f1:90:9e:45:4d:7f:c0
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20/09/2017, 00:00

Not After

11/10/2018, 23:59

Subject

CN=Piriform Ltd,O=Piriform Ltd,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:04:71:5a:8c:37:96:5d:7a:e3:e2:3b:6d:d3:d0:01:f3:57:09:f3:fe:dc:cc:2a:9c:4b:c6:68:fe:81:62:6b
Signer

Actual PE Digest

60:04:71:5a:8c:37:96:5d:7a:e3:e2:3b:6d:d3:d0:01:f3:57:09:f3:fe:dc:cc:2a:9c:4b:c6:68:fe:81:62:6b

Digest Algorithm

sha256

PE Digest Matches

true

7c:6e:64:44:fa:a7:fb:52:1a:e3:0a:28:42:16:43:14:99:72:4c:d7
Signer

Actual PE Digest

7c:6e:64:44:fa:a7:fb:52:1a:e3:0a:28:42:16:43:14:99:72:4c:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BUILD\work\01\aaa9c50647ab5d14\bin\CCleaner\Release\CCleaner.pdb

Imports

rpcrt4

UuidFromStringA

kernel32

GetLocaleInfoW
GetNumberFormatW
GetDateFormatW
GetTimeFormatW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFileInformationByHandle
GetModuleFileNameA
OutputDebugStringA
DeviceIoControl
FindFirstFileW
FindClose
MoveFileW
GetDiskFreeSpaceW
GetVolumeInformationW
SetFilePointerEx
SetEndOfFile
GetFileAttributesExW
SetFileTime
RemoveDirectoryW
CreateDirectoryW
GetDriveTypeW
GetCompressedFileSizeW
BackupRead
BackupSeek
lstrcmpA
GetFullPathNameW
FindNextFileW
WritePrivateProfileStringW
GetShortPathNameW
FileTimeToLocalFileTime
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetUserDefaultLangID
lstrcpyW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
SetFileAttributesW
GetTempPathW
GetTempFileNameW
CopyFileW
IsBadStringPtrW
GetTickCount
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
LoadLibraryA
MoveFileExW
SetProcessWorkingSetSize
GetFileSizeEx
GetModuleHandleA
QueueUserWorkItem
FlushViewOfFile
CreateFileMappingA
GetComputerNameW
LocalAlloc
LocalLock
LocalUnlock
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GlobalMemoryStatusEx
GetSystemTimes
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
VerifyVersionInfoW
CreateTimerQueueTimer
GetLogicalProcessorInformation
SwitchToThread
SignalObjectAndWait
VerSetConditionMask
GlobalMemoryStatus
GetVersionExA
WaitNamedPipeW
TransactNamedPipe
DuplicateHandle
WaitForMultipleObjects
SetNamedPipeHandleState
SetUnhandledExceptionFilter
VirtualQueryEx
CreateSemaphoreW
LockFileEx
UnlockFile
HeapCompact
DeleteFileA
CreateFileA
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
GetFullPathNameA
LockFile
InterlockedCompareExchange
HeapCreate
TryEnterCriticalSection
GetThreadTimes
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
ReadConsoleW
SetStdHandle
GetOEMCP
IsValidCodePage
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLogicalDrives
GetACP
WriteConsoleW
GetFileType
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
InterlockedFlushSList
UnhandledExceptionFilter
AreFileApisANSI
FormatMessageA
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjectsEx
WaitForSingleObjectEx
OpenEventA
GetCPInfo
GetStringTypeW
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
LoadLibraryExA
VirtualProtect
CreateThread
TerminateThread
ReleaseSemaphore
RtlCaptureContext
GetSystemTime
OpenThread
VirtualQuery
FlushInstructionCache
GetCurrentProcessId
GetThreadContext
VirtualProtectEx
GetSystemInfo
GetThreadPriority
GetCurrentThread
ResumeThread
SuspendThread
InitializeCriticalSection
SetThreadPriority
VirtualAlloc
VirtualFree
GlobalHandle
lstrcmpW
GetDiskFreeSpaceExW
GetWindowsDirectoryW
GetProcessTimes
GetCurrentProcess
FileTimeToSystemTime
GetLongPathNameW
SetFilePointer
ReadFile
GetFileSize
CompareFileTime
SystemTimeToFileTime
GetLocalTime
CompareStringW
GetVersion
GetPrivateProfileStringW
DeleteFileW
LocalFree
FormatMessageW
MulDiv
SetCurrentDirectoryW
GetCurrentDirectoryW
QueryPerformanceCounter
QueryPerformanceFrequency
GetCommandLineW
CreateProcessW
GetStartupInfoW
LoadLibraryW
GetSystemDirectoryW
SetErrorMode
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
lstrcmpiW
FreeLibrary
lstrlenW
GetVersionExW
WriteFile
FlushFileBuffers
GetFileAttributesW
WideCharToMultiByte
CreateMutexW
GetProcAddress
MultiByteToWideChar
GetModuleFileNameW
GetCurrentThreadId
SetLastError
GetModuleHandleW
CreateEventA
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
GetSystemTimeAsFileTime
GlobalAlloc
GlobalLock
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GlobalUnlock
GlobalFree
InterlockedExchange
CreateFileW
CreateEventW
ResetEvent
SetEvent
Sleep
GetLastError
OpenProcess
TerminateProcess
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
RaiseException
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
ChangeTimerQueueTimer

user32

SendDlgItemMessageW
SetWindowContextHelpId
DestroyAcceleratorTable
wsprintfW
GetForegroundWindow
GetDlgItemInt
GetNextDlgTabItem
SetDlgItemTextW
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
CreateDialogIndirectParamW
InvalidateRgn
CreateAcceleratorTableW
MapDialogRect
EnableScrollBar
SetScrollRange
GetScrollRange
RemovePropW
GetPropW
ShowScrollBar
DrawFrameControl
GetSystemMetrics
GetMonitorInfoW
MonitorFromWindow
LoadBitmapW
SetWindowPos
GetWindowLongW
GetParent
GetWindow
GetDesktopWindow
GetClientRect
MapWindowPoints
SetWindowLongW
SendMessageW
GetDlgItem
ScreenToClient
MoveWindow
GetDC
ReleaseDC
GetWindowTextW
SetWindowTextW
IsWindow
DrawTextW
DefWindowProcW
UnregisterClassW
InvalidateRect
BeginPaint
EndPaint
GetActiveWindow
PostMessageW
GetShellWindow
GetWindowInfo
SetMenuDefaultItem
LockWindowUpdate
PostQuitMessage
IsDialogMessageW
FindWindowExW
LoadIconW
GetComboBoxInfo
AdjustWindowRectEx
GetMenu
DrawEdge
DeleteMenu
SetLayeredWindowAttributes
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowPlacement
SystemParametersInfoA
DrawTextExW
GetMenuItemID
CharLowerW
CharLowerA
GetDlgItemTextW
EmptyClipboard
SetClipboardData
GetWindowThreadProcessId
WaitForInputIdle
EnumDisplaySettingsW
ExitWindowsEx
GetLastInputInfo
SendMessageTimeoutW
DestroyCursor
GetAsyncKeyState
GetLastActivePopup
MessageBeep
DrawIcon
GetDialogBaseUnits
LoadStringW
WinHelpW
WaitMessage
GetWindowRect
CallNextHookEx
SetPropW
GetWindowTextLengthW
SetScrollPos
GetScrollInfo
AppendMenuW
ScrollWindowEx
SetScrollInfo
GetScrollPos
GetClassLongW
DrawFocusRect
DestroyIcon
DrawStateW
GetKeyState
GetMessagePos
EndDialog
GetDlgCtrlID
IsZoomed
GetSystemMenu
TrackPopupMenu
SetForegroundWindow
RedrawWindow
PtInRect
TrackMouseEvent
SystemParametersInfoW
InflateRect
LoadImageW
FillRect
IsWindowEnabled
ShowWindow
ChildWindowFromPoint
IsChild
IsWindowVisible
UpdateWindow
GetSysColor
DestroyWindow
CreateDialogParamW
EnableWindow
FrameRect
CallWindowProcW
KillTimer
SetTimer
GetSysColorBrush
ClientToScreen
RegisterWindowMessageW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
DestroyMenu
CopyRect
CheckDlgButton
IsDlgButtonChecked
GetClassNameW
OpenIcon
FindWindowW
EnumWindows
IsIconic
SetFocus
SetRect
GetCapture
InsertMenuW
SetCursorPos
SetRectEmpty
DialogBoxParamW
GetCursorPos
CreatePopupMenu
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageA
DispatchMessageA
EnableMenuItem
BringWindowToTop
GetFocus
GetWindowDC
OffsetRect
MessageBoxW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
RegisterClassW
GetClassInfoW
CharNextW
SetCursor
ReleaseCapture
WindowFromPoint
SetCapture
GetNextDlgGroupItem

gdi32

GetObjectW
SetBkColor
ExtTextOutW
SetTextColor
EndPath
GetDIBColorTable
CreateDIBSection
SetDIBColorTable
BitBlt
SaveDC
RestoreDC
TextOutW
PatBlt
CreateBitmap
CreatePatternBrush
CreateSolidBrush
GetTextExtentPoint32W
GetTextMetricsW
ExcludeClipRect
CombineRgn
CreateRectRgnIndirect
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SetViewportOrgEx
SelectObject
DeleteDC
GetClipRgn
CreateRectRgn
CreateDCW
SetBkMode
GetClipBox
GetDeviceCaps
GetStockObject
StretchBlt
GetTextColor
GetBkColor
BeginPath
Rectangle
CreatePen
SelectClipRgn
MoveToEx
LineTo
Ellipse
PolylineTo
UnrealizeObject
StrokeAndFillPath
CreateFontIndirectW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetLengthSid
CryptReleaseContext
CryptGenRandom
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
ConvertSidToStringSidW
CloseEventLog
ClearEventLogW
OpenEventLogW
LookupPrivilegeNameW
RegUnLoadKeyW
RegLoadKeyW
RegNotifyChangeKeyValue
GetUserNameW
LookupAccountNameW
CopySid
CryptAcquireContextA
LookupAccountSidW
EqualSid
OpenThreadToken
RegCloseKey
RegOpenKeyExW
GetSidSubAuthority
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
FreeSid
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
GetFileSecurityW
DuplicateToken
MapGenericMask
AccessCheck
RegEnumValueW
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount

shell32

ShellExecuteW
SHBrowseForFolderW
DragQueryFileW
DragFinish
ShellExecuteExW
Shell_NotifyIconW
SHGetSpecialFolderLocation
ExtractIconExW
SHGetFileInfoW
SHEmptyRecycleBinW
SHAddToRecentDocs
SHGetPathFromIDListW

ole32

StgOpenStorageEx
StgIsStorageFile
CoInitializeEx
PropVariantClear
CoSetProxyBlanket
OleLockRunning
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoInitializeSecurity
DoDragDrop
RegisterDragDrop
RevokeDragDrop
OleDuplicateData
ReleaseStgMedium
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoUninitialize
CoInitialize

oleaut32

VariantTimeToSystemTime
SysFreeString
VarUI4FromStr
SysAllocString
VariantClear
VariantInit
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysAllocStringLen
DispCallFunc
OleCreateFontIndirect
VarBstrFromR8
VarBstrFromI4
VariantChangeType

shlwapi

PathIsDirectoryEmptyW
PathRemoveExtensionA
PathAddExtensionW
PathRemoveExtensionW
PathStripToRootW
PathSkipRootW
PathRemoveBackslashW
PathCombineW
PathCompactPathW
PathIsDirectoryW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW
PathMatchSpecW
StrRetToStrW
PathFindExtensionW
PathUnquoteSpacesW
PathRemoveArgsW
PathStripPathW
SHStrDupW
PathIsURLW
PathCreateFromUrlW
PathStripPathA
PathIsUNCW
PathIsRelativeW
PathFindFileNameW
ord487
PathGetDriveNumberW

comctl32

ImageList_Add
ImageList_Create
_TrackMouseEvent
ImageList_Remove
ImageList_GetImageCount
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_SetIconSize
ImageList_Duplicate
ImageList_GetIconSize
ImageList_Draw
ImageList_Destroy
InitCommonControlsEx
ImageList_LoadImageW

gdiplus

GdipCreateBitmapFromFile
GdipDrawLine
GdipFillRectangle
GdipCreateHatchBrush
GdipDrawRectangleI
GdipDeletePen
GdipCreatePen1
GdipSetSmoothingMode
GdipCreateFromHDC
GdipFillRectangleI
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdipBitmapLockBits

dbghelp

MakeSureDirectoryPathExists

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 361KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CCleaner64.exe
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 389KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

377a97652fdf5740d8cc11d5ce124fed

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 3.6MB

.rsrc Size: 35KB - Virtual size: 35KB

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

a5d239ed12c9442d63c73cb9ff7cad0e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: - Virtual size: 20B

.reloc Size: 512B - Virtual size: 334B

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03Certificate

Extended Key Usages

Key Usages

4c:40:db:a5:f9:88:fa:e5:7a:57:d6:45:74:95:f9:8bCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

2a:9c:21:ac:aa:a6:3a:3c:58:a7:b9:32:2b:ee:94:8dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

11:21:16:c0:09:98:dc:c6:8f:a2:7d:25:c3:86:36:a8:83:bbCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

48:a6:55:d1:79:22:ed:0f:ce:23:d7:63:b5:fc:89:c3:8a:6c:d8:ec:4b:88:39:07:a0:dd:4a:00:00:a3:ef:c1Signer

90:3f:4e:d3:4d:f6:c2:a8:ff:35:14:46:f3:bc:1c:59:ee:a3:84:75Signer

Headers

DLL Characteristics

File Characteristics

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 3.6MB

.rsrc
Size: 35KB - Virtual size: 35KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 20B

.reloc
Size: 512B - Virtual size: 334B

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

4c:40:db:a5:f9:88:fa:e5:7a:57:d6:45:74:95:f9:8b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2a:9c:21:ac:aa:a6:3a:3c:58:a7:b9:32:2b:ee:94:8d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

11:21:16:c0:09:98:dc:c6:8f:a2:7d:25:c3:86:36:a8:83:bb
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

48:a6:55:d1:79:22:ed:0f:ce:23:d7:63:b5:fc:89:c3:8a:6c:d8:ec:4b:88:39:07:a0:dd:4a:00:00:a3:ef:c1
Signer

90:3f:4e:d3:4d:f6:c2:a8:ff:35:14:46:f3:bc:1c:59:ee:a3:84:75
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 452KB

.ndata
Size: - Virtual size: 692KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 899B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 574B

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 761KB - Virtual size: 760KB

.reloc
Size: 2KB - Virtual size: 2KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

4c:40:db:a5:f9:88:fa:e5:7a:57:d6:45:74:95:f9:8b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2a:9c:21:ac:aa:a6:3a:3c:58:a7:b9:32:2b:ee:94:8d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

11:21:16:c0:09:98:dc:c6:8f:a2:7d:25:c3:86:36:a8:83:bb
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate