3114cc8a090b56d2a61ababc109030b4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3114cc8a090b56d2a61ababc109030b4_JaffaCakes118
Size

1.7MB
MD5

3114cc8a090b56d2a61ababc109030b4
SHA1

add1a235be3a7f3f331beb99e10b9e6498275713
SHA256

0cd0ee43981cc4ca10214ed8e4956d2771c61dba3e3f2d93bf523afb88cc01d0
SHA512

d4f05570347b47d003039abfbd3785956587bb06be33acee75405adf7f4ce4eb836bc21c8c32bc42d95bdf63678af1f53bc83a71f7ea86428130e9b4475907bd
SSDEEP

49152:Rv587fFNqt/wyPngkc4rgXSzR4182gpIZ7d6x0Gjw:b8ZNXyPgk3rO+aHgpIO8

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/PulupHodw.dll
unpack001/$PLUGINSDIR/StdUtils.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$TEMPfolder/FetfQynki/freebl3.dll
unpack001/$TEMPfolder/FetfQynki/libnspr4.dll
unpack001/$TEMPfolder/FetfQynki/libplc4.dll
unpack001/$TEMPfolder/FetfQynki/libplds4.dll
unpack001/$TEMPfolder/FetfQynki/nss3.dll
unpack001/$TEMPfolder/FetfQynki/nssckbi.dll
unpack001/$TEMPfolder/FetfQynki/nssdbm3.dll
unpack001/$TEMPfolder/FetfQynki/nssutil3.dll
unpack001/$TEMPfolder/FetfQynki/smime3.dll
unpack001/$TEMPfolder/FetfQynki/softokn3.dll
unpack001/$TEMPfolder/FetfQynki/sqlite3.dll
unpack001/$TEMPfolder/FetfQynki/ssl3.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

3114cc8a090b56d2a61ababc109030b4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Raeufigh Noimyj,O=Jumsydu Jufbeijkydau Daiq,L=Beerceieaak,ST=Tunkoatva,C=GB

Not Before

17/04/2016, 09:37

Not After

17/04/2017, 09:37

Subject

CN=Heubeshl Vurjio,O=Jumsydu Jufbeijkydau Daiq,L=Beerceieaak,ST=Tunkoatva,C=GB

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e0:cc:f6:b2:cd:fb:29:c1:9c:37:79:2e:65:02:75:4b:cb:d3:e8:cd
Signer

Actual PE Digest

e0:cc:f6:b2:cd:fb:29:c1:9c:37:79:2e:65:02:75:4b:cb:d3:e8:cd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/Byknog/$APPDATA/Byknog/Byknog.exe
.exe windows:5 windows x86 arch:x86

973cc502fad9ce6369193e95a6d84c49

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Raeufigh Noimyj,O=Jumsydu Jufbeijkydau Daiq,L=Beerceieaak,ST=Tunkoatva,C=GB

Not Before

17/04/2016, 09:37

Not After

17/04/2017, 09:37

Subject

CN=Heubeshl Vurjio,O=Jumsydu Jufbeijkydau Daiq,L=Beerceieaak,ST=Tunkoatva,C=GB

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

85:77:f3:a1:f6:e3:54:52:ad:5e:1a:5c:a5:69:bb:5f:db:8e:8e:1a
Signer

Actual PE Digest

85:77:f3:a1:f6:e3:54:52:ad:5e:1a:5c:a5:69:bb:5f:db:8e:8e:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
FreeLibrary
GetProcAddress
GetModuleHandleA
lstrcmpiA
IsDBCSLeadByte
FindResourceA
LoadLibraryExA
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
CreateMutexA
CloseHandle
FindResourceExW
CreateToolhelp32Snapshot
GetCurrentProcessId
Process32First
Process32Next
OpenProcess
LoadLibraryA
IsDebuggerPresent
OutputDebugStringW
CreateFileW
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
SetEvent
Sleep
GetLastError
CreateEventA
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
ResetEvent
SetStdHandle
FindNextFileA
InitializeCriticalSection
FindFirstFileExA
FindClose
GetCommandLineW
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleFileNameW
RtlUnwind
SetLastError
ExitProcess
GetModuleHandleExW
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
CreateThread
ExitThread
FreeLibraryAndExitThread
GetStdHandle
WriteFile
GetACP
LCMapStringW
GetStringTypeW
GetFileType
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineA

user32

CharNextA
GetMessageA
TranslateMessage
DispatchMessageA

advapi32

SystemFunction036
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyA
StartServiceCtrlDispatcherA
StartServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
ChangeServiceConfigA
DeleteService
ControlService
CloseServiceHandle
ChangeServiceConfig2A
QueryServiceStatus
OpenServiceA
CreateServiceA
OpenSCManagerA

ole32

CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Byknog/$APPDATA/Byknog/Ejihp.dll
.dll windows:5 windows x86 arch:x86

08f0e73ce2d729ef5ca630cbbd7cfcf8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Raeufigh Noimyj,O=Jumsydu Jufbeijkydau Daiq,L=Beerceieaak,ST=Tunkoatva,C=GB

Not Before

17/04/2016, 09:37

Not After

17/04/2017, 09:37

Subject

CN=Heubeshl Vurjio,O=Jumsydu Jufbeijkydau Daiq,L=Beerceieaak,ST=Tunkoatva,C=GB

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:04:dc:fd:30:de:d1:82:01:51:7c:b7:9a:93:ea:a0:b7:a9:eb:73
Signer

Actual PE Digest

47:04:dc:fd:30:de:d1:82:01:51:7c:b7:9a:93:ea:a0:b7:a9:eb:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
OpenProcess
RaiseException
GetCurrentThreadId
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
CloseHandle
MulDiv
lstrcmpA
GetModuleFileNameA
FindResourceA
GetVersionExA
lstrcmpiA
LoadLibraryExA
GetModuleHandleA
IsDBCSLeadByte
DecodePointer
CreateFileW
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
SetStdHandle
GetStringTypeW
GetCommandLineW
GetCommandLineA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetFileType
GetStdHandle
LCMapStringW
GetACP
VirtualQuery
GetSystemInfo
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
GetModuleFileNameW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadLibraryA
SizeofResource
LoadResource
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
FreeLibrary
LockResource
VirtualProtect
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
ResetEvent
SetEvent
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
InitializeCriticalSection

user32

SendMessageA
DefWindowProcA
CallWindowProcA
UnregisterClassA
RegisterClassExA
GetClassInfoExA
CreateWindowExA
IsWindow
IsChild
DestroyWindow
MoveWindow
SetWindowPos
RegisterWindowMessageA
MapDialogRect
LoadCursorA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetWindow
GetWindowThreadProcessId
GetClassNameA
GetParent
GetDesktopWindow
SetWindowLongA
GetWindowLongA
FillRect
ScreenToClient
ClientToScreen
SetWindowContextHelpId
GetClientRect
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableA
ReleaseCapture
SetCapture
GetFocus
GetActiveWindow
SetFocus
CharNextA
SendDlgItemMessageA
GetDlgItem
EndDialog
DialogBoxIndirectParamA
GetSysColor

gdi32

GetObjectA
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

advapi32

SystemFunction036
RegSetValueExA
RegQueryInfoKeyW
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

ole32

CoCreateInstance
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
OleUninitialize
OleLockRunning
CreateStreamOnHGlobal
CoTaskMemRealloc
CoGetClassObject

oleaut32

SysFreeString
SysStringLen
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VarUI4FromStr
SysAllocStringLen
SysAllocString

psapi

GetModuleFileNameExA
GetModuleBaseNameA

Exports

Exports

__StartDialog__

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Byknog/$APPDATA/Byknog/Ejihp.exe
.exe windows:5 windows x86 arch:x86

de17bf97d4b39a45fe8fe167ba635a10

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Raeufigh Noimyj,O=Jumsydu Jufbeijkydau Daiq,L=Beerceieaak,ST=Tunkoatva,C=GB

Not Before

17/04/2016, 09:37

Not After

17/04/2017, 09:37

Subject

CN=Heubeshl Vurjio,O=Jumsydu Jufbeijkydau Daiq,L=Beerceieaak,ST=Tunkoatva,C=GB

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c7:b0:92:73:63:c3:02:c8:8e:bc:a8:bb:c4:12:f8:d1:3d:f4:85:b1
Signer

Actual PE Digest

c7:b0:92:73:63:c3:02:c8:8e:bc:a8:bb:c4:12:f8:d1:3d:f4:85:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapSize
GetProcessHeap
GetLongPathNameW
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SizeofResource
CloseHandle
lstrcmpiA
CreateMutexA
CreateEventA
LoadLibraryA
HeapFree
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
FindResourceA
FindResourceW
FindResourceExW
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
FreeLibrary
LockResource
InterlockedDecrement
InterlockedIncrement
LoadLibraryExA
GetStringTypeW
SetStdHandle
FindNextFileA
FindFirstFileExA
FindClose
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetLastError
ExitProcess
GetModuleHandleExW
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
CreateThread
ExitThread
FreeLibraryAndExitThread
GetStdHandle
WriteFile
GetACP
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
GetCommandLineA
GetCommandLineW
DecodePointer

user32

CharNextA
TranslateMessage
DispatchMessageA
GetMessageA

advapi32

SystemFunction036
RegSetValueExA
RegQueryInfoKeyW
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Byknog/$APPDATA/Byknog/Lioega.dll
.dll windows:5 windows x64 arch:x64

c6af31ca9a44ffc09c4601f9469ea2c0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Raeufigh Noimyj,O=Jumsydu Jufbeijkydau Daiq,L=Beerceieaak,ST=Tunkoatva,C=GB

Not Before

17/04/2016, 09:37

Not After

17/04/2017, 09:37

Subject

CN=Heubeshl Vurjio,O=Jumsydu Jufbeijkydau Daiq,L=Beerceieaak,ST=Tunkoatva,C=GB

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ee:ba:c4:62:5e:8a:d0:6d:8e:76:51:7b:4f:9d:f1:17:4e:ed:58:90
Signer

Actual PE Digest

ee:ba:c4:62:5e:8a:d0:6d:8e:76:51:7b:4f:9d:f1:17:4e:ed:58:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\work\groover_csdi\BuildLsp\outputBIN\Release\InjectorDll64.pdb

Imports

kernel32

WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
OpenProcess
RaiseException
GetCurrentThreadId
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
CloseHandle
MulDiv
lstrcmpA
GetModuleFileNameA
FindResourceA
GetVersionExA
lstrcmpiA
LoadLibraryExA
GetModuleHandleA
IsDBCSLeadByte
DecodePointer
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
VirtualAlloc
VirtualFree
CreateFileW
CreateThread
OutputDebugStringA
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
SetStdHandle
GetStringTypeW
SetConsoleCtrlHandler
GetCommandLineW
GetCommandLineA
MultiByteToWideChar
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetACP
GetCurrentThread
VirtualQuery
GetSystemInfo
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
GetModuleFileNameW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlPcToFileHeader
RtlUnwindEx
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
InitializeCriticalSection
FindResourceExW
FindResourceW
LoadLibraryA
SizeofResource
LoadResource
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
HeapAlloc
HeapDestroy
GetProcAddress
FreeLibrary
LockResource
VirtualProtect
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEnvironmentVariableW

user32

UnregisterClassA
RegisterClassExA
CallWindowProcA
DefWindowProcA
SendMessageA
RegisterWindowMessageA
GetClassInfoExA
CreateWindowExA
IsWindow
IsChild
DestroyWindow
MoveWindow
SetWindowPos
MapDialogRect
LoadCursorA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetWindow
GetWindowThreadProcessId
GetClassNameA
GetParent
GetDesktopWindow
SetWindowLongPtrA
GetWindowLongPtrA
SetWindowLongA
GetWindowLongA
FillRect
GetSysColor
ScreenToClient
ClientToScreen
SetWindowContextHelpId
GetClientRect
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableA
ReleaseCapture
SetCapture
GetFocus
GetActiveWindow
SetFocus
CharNextA
SendDlgItemMessageA
GetDlgItem
EndDialog
DialogBoxIndirectParamA

advapi32

SystemFunction036
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegCloseKey

ole32

CoCreateInstance
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
OleUninitialize
OleLockRunning
CreateStreamOnHGlobal
CoTaskMemRealloc
CoGetClassObject

oleaut32

VariantClear
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VarUI4FromStr
VariantInit
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString

gdi32

GetObjectA
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

psapi

GetModuleFileNameExA
GetModuleBaseNameA

Exports

Exports

__StartDialog__

Sections

.text
Size: 487KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Byknog/$APPDATA/Byknog/Lioega.exe
.exe windows:5 windows x64 arch:x64

9541a60b3c633e9d0087c86b4a36201e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Raeufigh Noimyj,O=Jumsydu Jufbeijkydau Daiq,L=Beerceieaak,ST=Tunkoatva,C=GB

Not Before

17/04/2016, 09:37

Not After

17/04/2017, 09:37

Subject

CN=Heubeshl Vurjio,O=Jumsydu Jufbeijkydau Daiq,L=Beerceieaak,ST=Tunkoatva,C=GB

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

37:24:cf:11:a6:13:90:8b:af:6d:9f:33:f3:21:2d:87:26:17:5a:59
Signer

Actual PE Digest

37:24:cf:11:a6:13:90:8b:af:6d:9f:33:f3:21:2d:87:26:17:5a:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLongPathNameW
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SizeofResource
CloseHandle
lstrcmpiA
CreateMutexA
CreateEventA
LoadLibraryA
LoadLibraryExA
GetProcessHeap
GetModuleFileNameW
GetModuleHandleA
FindResourceA
FindResourceW
FindResourceExW
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
FreeLibrary
LockResource
GetModuleFileNameA
GetStringTypeW
SetStdHandle
FindNextFileA
FindFirstFileExA
FindClose
IsDebuggerPresent
OutputDebugStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
EncodePointer
RtlUnwindEx
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetLastError
ExitProcess
GetModuleHandleExW
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
CreateThread
ExitThread
FreeLibraryAndExitThread
GetStdHandle
WriteFile
GetACP
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
GetCommandLineA
GetCommandLineW

user32

CharNextA
TranslateMessage
DispatchMessageA
GetMessageA

advapi32

SystemFunction036
RegSetValueExA
RegQueryInfoKeyW
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/TafwecIimujek/$APPDATA/TafwecIimujek/Keckepua.exe
.exe windows:5 windows x86 arch:x86

650c3fc59c34f2c912bb3cfd5d7eb981

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Raeufigh Noimyj,O=Jumsydu Jufbeijkydau Daiq,L=Beerceieaak,ST=Tunkoatva,C=GB

Not Before

17/04/2016, 09:37

Not After

17/04/2017, 09:37

Subject

CN=Heubeshl Vurjio,O=Jumsydu Jufbeijkydau Daiq,L=Beerceieaak,ST=Tunkoatva,C=GB

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f3:51:bc:61:5b:93:a9:f4:39:72:6e:c0:b4:69:27:bb:f5:5b:bc:be
Signer

Actual PE Digest

f3:51:bc:61:5b:93:a9:f4:39:72:6e:c0:b4:69:27:bb:f5:5b:bc:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
FreeLibrary
GetProcAddress
GetModuleHandleA
lstrcmpiA
MultiByteToWideChar
IsDBCSLeadByte
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
SizeofResource
LoadResource
FindResourceA
DeleteCriticalSection
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
GetStartupInfoA
LoadLibraryW
GetCurrentProcess
LockResource
FindResourceW
FindResourceExW
SetEndOfFile
WriteConsoleW
CreateFileW
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
GetStringTypeW
SetStdHandle
FindNextFileA
FindFirstFileExA
FindClose
IsDebuggerPresent
OutputDebugStringW
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleFileNameW
RtlUnwind
SetLastError
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
ExitProcess
GetModuleHandleExW
ReadFile
GetStdHandle
WriteFile
GetACP
LCMapStringW
SetFilePointerEx
GetFileType
GetConsoleMode
ReadConsoleW
GetConsoleCP
FlushFileBuffers
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineA
GetCommandLineW
HeapFree

user32

CharNextA

advapi32

SystemFunction036
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

oleaut32

VarUI4FromStr

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/TafwecIimujek/$APPDATA/TafwecIimujek/Xartarih.din
$PLUGINSDIR/PulupHodw.dll
.dll windows:5 windows x86 arch:x86

0c9426194821fd372a632727a590c9f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
OpenProcess
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
CreateToolhelp32Snapshot
Process32First
Process32Next
GlobalFree
lstrcpynA
WriteConsoleW
CreateFileW
SetStdHandle
GetCommandLineW
GetCommandLineA
FreeEnvironmentStringsW
LocalAlloc
GetCPInfo
GetExitCodeProcess
WideCharToMultiByte
MultiByteToWideChar
FindResourceExW
FindResourceW
CreateEventA
SizeofResource
LoadResource
Sleep
WaitForSingleObject
SetEvent
LockResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetOEMCP
IsValidCodePage
CreateProcessA
CloseHandle
CreateThread
GetEnvironmentStringsW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
IsDebuggerPresent
OutputDebugStringW
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
InterlockedFlushSList
SetLastError
ExitProcess
GetModuleHandleExW
GetACP
LCMapStringW
GetStringTypeW
GetStdHandle
GetFileType
GetConsoleMode
DecodePointer

user32

SendMessageA
GetWindowThreadProcessId
PostMessageA
GetWindow
GetClassNameA
EnumWindows
GetDesktopWindow
GetWindowTextA
LockWindowUpdate

advapi32

RegOpenKeyExA
LookupPrivilegeValueA
GetSidSubAuthorityCount
GetSidSubAuthority
AdjustTokenPrivileges
SetTokenInformation
GetTokenInformation
OpenProcessToken
RegSetValueExA
SystemFunction036
RegEnumKeyExA
RegCreateKeyExA
RegCloseKey
StartServiceA
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
ChangeServiceConfig2A
ChangeServiceConfigA

crypt32

CertOpenSystemStoreA
CertAddEncodedCertificateToStore
CertCloseStore

winmm

waveOutSetVolume
waveOutGetVolume

Exports

Exports

DAF
KBs
RS
sDS

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StdUtils.dll
.dll windows:5 windows x86 arch:x86

6aa1fb50f909cdf4bea3d3523348e900

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

srand
sscanf
_snprintf
rand
time
memset
??2@YAPAXI@Z
strncpy
_stricmp
strchr
??3@YAXPAX@Z

shlwapi

ord176

kernel32

GlobalFree
MultiByteToWideChar
GetVersionExA
CreateThread
WaitForSingleObject
CloseHandle
TerminateThread
GetCommandLineA
GlobalAlloc
lstrcpynA

user32

wsprintfA
MessageBoxA
MessageBoxW

shell32

ShellExecuteExA
ShellExecuteA
SHFileOperationA

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysAllocString

Exports

Exports

DisableVerboseMode
Dummy
EnableVerboseMode
ExecShellAsUser
ExecShellWait
FormatStr
FormatStr2
FormatStr3
GetAllParameters
GetParameter
Rand
RandList
RandMax
RandMinMax
RevStr
SHFileCopy
SHFileMove
ScanStr
ScanStr2
ScanStr3
Time
TrimStr
TrimStrLeft
TrimStrRight
WaitForProc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMPfolder/FetfQynki/freebl3.dll
.dll windows:5 windows x86 arch:x86

f873bae979000fa955d161b528461da5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

nssutil3

NSS_SecureMemcmp
SECITEM_CompareItem_Util
PORT_GetError_Util
SECITEM_FreeItem_Util
SECITEM_ZfreeItem_Util
SECITEM_CopyItem_Util
PORT_NewArena_Util
PORT_ArenaZAlloc_Util
PORT_FreeArena_Util
SECITEM_AllocItem_Util
PORT_ZFree_Util
PORT_ZAlloc_Util
PORT_SetError_Util
PORT_Free_Util
PORT_Alloc_Util

libnspr4

PR_GetLibraryFilePathname
PR_Free
PR_Seek
PR_DestroyCondVar
PR_WaitCondVar
PR_NotifyCondVar
PR_NotifyAllCondVar
PR_NewCondVar
PR_Lock
PR_Unlock
PR_CallOnce
PR_NewLock
PR_DestroyLock
PR_Open
PR_Read
PR_Close

shell32

SHGetSpecialFolderPathW

kernel32

GetCurrentDirectoryA
SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetTimeZoneInformation
GetProcessHeap
SetEndOfFile
SetFilePointer
GetConsoleMode
GetConsoleCP
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
GetModuleHandleA
LCMapStringW
QueryPerformanceCounter
GetTickCount
FindClose
FindNextFileW
FindFirstFileW
GetTempPathW
WideCharToMultiByte
GetDiskFreeSpaceA
GetVolumeInformationA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetComputerNameA
GetLogicalDrives
GlobalMemoryStatus
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemTimeAsFileTime
GetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
HeapFree
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetFullPathNameA
CloseHandle
GetFileInformationByHandle
PeekNamedPipe
GetFileType
CreateFileA
TerminateProcess
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
ReadFile
RtlUnwind
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA

Exports

Exports

FREEBL_GetVector

Sections

.text
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMPfolder/FetfQynki/libnspr4.dll
.dll windows:5 windows x86 arch:x86

c3ea252fa1435d3841a3253d37e94812

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AllocateAndInitializeSid
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor

wsock32

WSACleanup
WSASetLastError
select
recvfrom
sendto
send
recv
__WSAFDIsSet
getpeername
shutdown
ord1140
ord1141
ord1142
setsockopt
inet_ntoa
WSAStartup
socket
bind
getsockname
listen
connect
accept
getsockopt
ntohl
ntohs
htons
getprotobynumber
getprotobyname
gethostbyaddr
gethostbyname
htonl
closesocket
WSAGetLastError
gethostname

winmm

timeGetTime

kernel32

GetProcessHeap
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
HeapSize
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentDirectoryA
PeekNamedPipe
GetFullPathNameA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
GetConsoleMode
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ReadFile
GetLastError
OutputDebugStringA
TlsSetValue
TlsGetValue
DebugBreak
WideCharToMultiByte
GetModuleHandleA
LoadLibraryExW
MultiByteToWideChar
FreeLibrary
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
GetSystemInfo
InterlockedExchange
GlobalMemoryStatus
CloseHandle
CreatePipe
GetStdHandle
Sleep
TryEnterCriticalSection
SystemTimeToFileTime
GetSystemTime
FreeEnvironmentStringsA
GetEnvironmentStrings
CreateProcessA
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
GetVersionExA
CreateFileMappingA
FormatMessageA
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
CreateSemaphoreA
ReleaseSemaphore
GetThreadContext
GetQueuedCompletionStatus
DeleteFiber
PostQueuedCompletionStatus
CreateIoCompletionPort
ResetEvent
GetOverlappedResult
WaitForMultipleObjects
WriteFile
SetFilePointer
CreateFileA
FlushFileBuffers
SetHandleInformation
GetHandleInformation
FindClose
FindFirstFileA
FindNextFileA
DeleteFileA
GetFileAttributesExA
GetFileInformationByHandle
MoveFileA
CreateDirectoryA
RemoveDirectoryA
LockFileEx
UnlockFileEx
lstrlenA
GetVolumeInformationA
GetDriveTypeA
SetErrorMode
GetLogicalDriveStringsA
CancelIo
TlsAlloc
TlsFree
CreateEventA
DuplicateHandle
GetCurrentThread
SetThreadPriority
RaiseException
IsDebuggerPresent
ConvertThreadToFiber
SetThreadAffinityMask
GetProcessAffinityMask
SuspendThread
ResumeThread
CreateFiber
SwitchToFiber
SetLastError
OpenSemaphoreA
QueryPerformanceCounter
GetTickCount
OpenFileMappingA
ExitProcess
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapAlloc
HeapReAlloc
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
ExitThread
GetCurrentThreadId
CreateThread
GetSystemTimeAsFileTime
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetConsoleCP
SetEnvironmentVariableW

Exports

Exports

GetExecutionEnvironment
LL_MaxInt
LL_MaxUint
LL_MinInt
LL_Zero
PRP_DestroyNakedCondVar
PRP_NakedBroadcast
PRP_NakedNotify
PRP_NakedWait
PRP_NewNakedCondVar
PRP_TryLock
PR_Abort
PR_Accept
PR_AcceptRead
PR_Access
PR_AddToCounter
PR_AddWaitFileDesc
PR_AllocFileDesc
PR_Assert
PR_AssertCurrentThreadInMonitor
PR_AssertCurrentThreadOwnsLock
PR_AtomicAdd
PR_AtomicDecrement
PR_AtomicIncrement
PR_AtomicSet
PR_AttachSharedMemory
PR_AttachThread
PR_AttachThreadGCAble
PR_Available
PR_Available64
PR_Bind
PR_BlockClockInterrupts
PR_BlockInterrupt
PR_CEnterMonitor
PR_CExitMonitor
PR_CNotify
PR_CNotifyAll
PR_CSetOnMonitorRecycle
PR_CWait
PR_CallOnce
PR_CallOnceWithArg
PR_Calloc
PR_CancelJob
PR_CancelWaitFileDesc
PR_CancelWaitGroup
PR_CeilingLog2
PR_ChangeFileDescNativeHandle
PR_Cleanup
PR_ClearInterrupt
PR_ClearThreadGCAble
PR_Close
PR_CloseDir
PR_CloseFileMap
PR_CloseSemaphore
PR_CloseSharedMemory
PR_Connect
PR_ConnectContinue
PR_ConvertIPv4AddrToIPv6
PR_CreateAlarm
PR_CreateCounter
PR_CreateFileMap
PR_CreateIOLayer
PR_CreateIOLayerStub
PR_CreateMWaitEnumerator
PR_CreateOrderedLock
PR_CreatePipe
PR_CreateProcess
PR_CreateProcessDetached
PR_CreateSocketPollFd
PR_CreateStack
PR_CreateThread
PR_CreateThreadGCAble
PR_CreateThreadPool
PR_CreateTrace
PR_CreateWaitGroup
PR_DecrementCounter
PR_Delete
PR_DeleteSemaphore
PR_DeleteSharedMemory
PR_DestroyAlarm
PR_DestroyCondVar
PR_DestroyCounter
PR_DestroyLock
PR_DestroyMWaitEnumerator
PR_DestroyMonitor
PR_DestroyOrderedLock
PR_DestroyPollableEvent
PR_DestroyProcessAttr
PR_DestroyRWLock
PR_DestroySem
PR_DestroySocketPollFd
PR_DestroyStack
PR_DestroyTrace
PR_DestroyWaitGroup
PR_DetachProcess
PR_DetachSharedMemory
PR_DetachThread
PR_DisableClockInterrupts
PR_EmulateAcceptRead
PR_EmulateSendFile
PR_EnableClockInterrupts
PR_EnterMonitor
PR_EnumerateAddrInfo
PR_EnumerateHostEnt
PR_EnumerateThreads
PR_EnumerateWaitGroup
PR_ErrorInstallCallback
PR_ErrorInstallTable
PR_ErrorLanguages
PR_ErrorToName
PR_ErrorToString
PR_ExitMonitor
PR_ExplodeTime
PR_ExportFileMapAsString
PR_FD_CLR
PR_FD_ISSET
PR_FD_NCLR
PR_FD_NISSET
PR_FD_NSET
PR_FD_SET
PR_FD_ZERO
PR_FileDesc2NativeHandle
PR_FindFunctionSymbol
PR_FindFunctionSymbolAndLibrary
PR_FindNextCounterQname
PR_FindNextCounterRname
PR_FindNextTraceQname
PR_FindNextTraceRname
PR_FindSymbol
PR_FindSymbolAndLibrary
PR_FloorLog2
PR_FormatTime
PR_FormatTimeUSEnglish
PR_Free
PR_FreeAddrInfo
PR_FreeFileDesc
PR_FreeLibraryName
PR_GMTParameters
PR_GetAddrInfoByName
PR_GetCanonNameFromAddrInfo
PR_GetConnectStatus
PR_GetCounter
PR_GetCounterHandleFromName
PR_GetCounterNameFromHandle
PR_GetCurrentThread
PR_GetDefaultIOMethods
PR_GetDescType
PR_GetDirectorySeparator
PR_GetDirectorySepartor
PR_GetEnv
PR_GetError
PR_GetErrorText
PR_GetErrorTextLength
PR_GetFileInfo
PR_GetFileInfo64
PR_GetFileMethods
PR_GetGCRegisters
PR_GetHostByAddr
PR_GetHostByName
PR_GetIPNodeByName
PR_GetIdentitiesLayer
PR_GetInheritedFD
PR_GetInheritedFileMap
PR_GetLayersIdentity
PR_GetLibraryFilePathname
PR_GetLibraryName
PR_GetLibraryPath
PR_GetMemMapAlignment
PR_GetMonitorEntryCount
PR_GetNameForIdentity
PR_GetNumberOfProcessors
PR_GetOSError
PR_GetOpenFileInfo
PR_GetOpenFileInfo64
PR_GetPageShift
PR_GetPageSize
PR_GetPathSeparator
PR_GetPeerName
PR_GetPhysicalMemorySize
PR_GetPipeMethods
PR_GetProtoByName
PR_GetProtoByNumber
PR_GetRandomNoise
PR_GetSP
PR_GetSockName
PR_GetSocketOption
PR_GetSpecialFD
PR_GetStackSpaceLeft
PR_GetSysfdTableMax
PR_GetSystemInfo
PR_GetTCPMethods
PR_GetThreadAffinityMask
PR_GetThreadID
PR_GetThreadName
PR_GetThreadPriority
PR_GetThreadPrivate
PR_GetThreadScope
PR_GetThreadState
PR_GetThreadType
PR_GetTraceEntries
PR_GetTraceHandleFromName
PR_GetTraceNameFromHandle
PR_GetTraceOption
PR_GetUDPMethods
PR_GetUniqueIdentity
PR_GetVersion
PR_ImplodeTime
PR_ImportFile
PR_ImportFileMapFromString
PR_ImportPipe
PR_ImportTCPSocket
PR_ImportUDPSocket
PR_IncrementCounter
PR_Init
PR_Initialize
PR_InitializeNetAddr
PR_Initialized
PR_Interrupt
PR_IntervalNow
PR_IntervalToMicroseconds
PR_IntervalToMilliseconds
PR_IntervalToSeconds
PR_IsNetAddrType
PR_JoinJob
PR_JoinThread
PR_JoinThreadPool
PR_KillProcess
PR_Listen
PR_LoadLibrary
PR_LoadLibraryWithFlags
PR_LoadStaticLibrary
PR_LocalTimeParameters
PR_Lock
PR_LockFile
PR_LockOrderedLock
PR_LogFlush
PR_LogPrint
PR_MakeDir
PR_Malloc
PR_MemMap
PR_MemUnmap
PR_MicrosecondsToInterval
PR_MillisecondsToInterval
PR_MkDir
PR_NTFast_Accept
PR_NTFast_AcceptRead
PR_NTFast_AcceptRead_WithTimeoutCallback
PR_NTFast_UpdateAcceptContext
PR_NT_CancelIo
PR_NetAddrToString
PR_NewCondVar
PR_NewLock
PR_NewLogModule
PR_NewMonitor
PR_NewNamedMonitor
PR_NewPollableEvent
PR_NewProcessAttr
PR_NewRWLock
PR_NewSem
PR_NewTCPSocket
PR_NewTCPSocketPair
PR_NewThreadPrivateIndex
PR_NewUDPSocket
PR_NormalizeTime
PR_Notify
PR_NotifyAll
PR_NotifyAllCondVar
PR_NotifyCondVar
PR_Now
PR_Open
PR_OpenAnonFileMap
PR_OpenDir
PR_OpenFile
PR_OpenSemaphore
PR_OpenSharedMemory
PR_OpenTCPSocket
PR_OpenUDPSocket
PR_ParseTimeString
PR_ParseTimeStringToExplodedTime
PR_Poll
PR_PopIOLayer
PR_PostSem
PR_PostSemaphore
PR_ProcessAttrSetCurrentDirectory
PR_ProcessAttrSetInheritableFD
PR_ProcessAttrSetInheritableFileMap
PR_ProcessAttrSetStdioRedirect
PR_ProcessExit
PR_PushIOLayer
PR_QueueJob
PR_QueueJob_Accept
PR_QueueJob_Connect
PR_QueueJob_Read
PR_QueueJob_Timer
PR_QueueJob_Write
PR_RWLock_Rlock
PR_RWLock_Unlock
PR_RWLock_Wlock
PR_Read
PR_ReadDir
PR_Realloc
PR_RecordTraceEntries
PR_Recv
PR_RecvFrom
PR_Rename
PR_ResetAlarm
PR_ResetProcessAttr
PR_ResumeAll
PR_RmDir
PR_ScanStackPointers
PR_SecondsToInterval
PR_Seek
PR_Seek64
PR_Select
PR_Send
PR_SendFile
PR_SendTo
PR_SetAlarm
PR_SetCPUAffinityMask
PR_SetConcurrency
PR_SetCounter
PR_SetCurrentThreadName
PR_SetEnv
PR_SetError
PR_SetErrorText
PR_SetFDCacheSize
PR_SetFDInheritable
PR_SetLibraryPath
PR_SetLogBuffering
PR_SetLogFile
PR_SetNetAddr
PR_SetPollableEvent
PR_SetSocketOption
PR_SetStdioRedirect
PR_SetSysfdTableSize
PR_SetThreadAffinityMask
PR_SetThreadDumpProc
PR_SetThreadGCAble
PR_SetThreadPriority
PR_SetThreadPrivate
PR_SetThreadRecycleMode
PR_SetTraceOption
PR_ShowStatus
PR_Shutdown
PR_ShutdownThreadPool
PR_Sleep
PR_Socket
PR_StackPop
PR_StackPush
PR_Stat
PR_StringToNetAddr
PR_SubtractFromCounter
PR_SuspendAll
PR_Sync
PR_TLockFile
PR_TestAndEnterMonitor
PR_TestAndLock
PR_ThreadScanStackPointers
PR_TicksPerSecond
PR_Trace
PR_TransmitFile
PR_USPacificTimeParameters
PR_UnblockClockInterrupts
PR_UnblockInterrupt
PR_UnloadLibrary
PR_Unlock
PR_UnlockFile
PR_UnlockOrderedLock
PR_VersionCheck
PR_Wait
PR_WaitCondVar
PR_WaitForPollableEvent
PR_WaitProcess
PR_WaitRecvReady
PR_WaitSem
PR_WaitSemaphore
PR_Write
PR_Writev
PR_Yield
PR_cnvtf
PR_dtoa
PR_fprintf
PR_htonl
PR_htonll
PR_htons
PR_ntohl
PR_ntohll
PR_ntohs
PR_smprintf
PR_smprintf_free
PR_snprintf
PR_sprintf_append
PR_sscanf
PR_strtod
PR_sxprintf
PR_vfprintf
PR_vsmprintf
PR_vsnprintf
PR_vsprintf_append
PR_vsxprintf
PT_FPrintStats
SetExecutionEnvironment
_PR_AddSleepQ
_PR_CreateThread
_PR_DelSleepQ
_PR_GetPrimordialCPU
_PR_NativeCreateThread
_pr_push_ipv6toipv4_layer
_pr_test_ipv6_socket
libVersionPoint

Sections

.text
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMPfolder/FetfQynki/libplc4.dll
.dll windows:5 windows x86 arch:x86

3891d3dc70cf5d7d26826daf36b8c086

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libnspr4

PR_SetError
PR_Calloc
PR_GetSpecialFD
PR_GetError
PR_GetOSError
PR_ErrorToName
PR_fprintf
PR_Free
PR_Malloc

kernel32

FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
HeapAlloc
GetLastError
HeapFree
GetCurrentThreadId
GetCommandLineA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA

Exports

Exports

PL_Base64Decode
PL_Base64Encode
PL_CreateLongOptState
PL_CreateOptState
PL_DestroyOptState
PL_FPrintError
PL_GetNextOpt
PL_PrintError
PL_strcasecmp
PL_strcaserstr
PL_strcasestr
PL_strcat
PL_strcatn
PL_strchr
PL_strcmp
PL_strcpy
PL_strdup
PL_strfree
PL_strlen
PL_strncasecmp
PL_strncaserstr
PL_strncasestr
PL_strncat
PL_strnchr
PL_strncmp
PL_strncpy
PL_strncpyz
PL_strndup
PL_strnlen
PL_strnpbrk
PL_strnprbrk
PL_strnrchr
PL_strnrstr
PL_strnstr
PL_strpbrk
PL_strprbrk
PL_strrchr
PL_strrstr
PL_strstr
PL_strtok_r
libVersionPoint

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMPfolder/FetfQynki/libplds4.dll
.dll windows:5 windows x86 arch:x86

94ac7479544062cc3d4fec633c5ef59a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libnspr4

PR_DestroyLock
PR_Free
PR_Malloc
PR_CeilingLog2
PR_Unlock
PR_CallOnce
PR_Lock
PR_NewLock

kernel32

GetCurrentProcessId
HeapSize
LCMapStringW
LCMapStringA
GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW

Exports

Exports

PL_ArenaAllocate
PL_ArenaFinish
PL_ArenaGrow
PL_ArenaRelease
PL_ClearArenaPool
PL_CompactArenaPool
PL_CompareStrings
PL_CompareValues
PL_FinishArenaPool
PL_FreeArenaPool
PL_HashString
PL_HashTableAdd
PL_HashTableDestroy
PL_HashTableDump
PL_HashTableEnumerateEntries
PL_HashTableLookup
PL_HashTableLookupConst
PL_HashTableRawAdd
PL_HashTableRawLookup
PL_HashTableRawLookupConst
PL_HashTableRawRemove
PL_HashTableRemove
PL_InitArenaPool
PL_NewHashTable
libVersionPoint

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMPfolder/FetfQynki/nss3.dll
.dll windows:5 windows x86 arch:x86

056c3dc8dc9919b781028066c7f9d51c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

nssutil3

NSS_Get_SEC_SetOfAnyTemplate_Util
NSS_Get_SEC_UniversalStringTemplate
NSS_Get_SEC_PrintableStringTemplate
NSS_Get_SEC_T61StringTemplate
NSS_Get_SEC_BMPStringTemplate_Util
NSS_Get_SEC_UTF8StringTemplate_Util
PORT_ISO88591_UTF8Conversion
PORT_UCS4_UTF8Conversion
DER_LengthLength
DER_StoreHeader
DER_GetUInteger
SECOID_KnownCertExtenOID
NSS_Get_SEC_IA5StringTemplate_Util
SECITEM_HashCompare
SECITEM_Hash
PORT_RegExpValid
PORT_RegExpCaseSearch
NSS_Get_SEC_SkipTemplate
SEC_StringToOID
SECOID_FindOIDByMechanism
PORT_LoadLibraryFromOrigin
NSS_Get_SEC_ObjectIDTemplate_Util
SGN_DecodeDigestInfo
NSS_Get_SEC_BitStringTemplate_Util
NSS_GetAlgorithmPolicy
NSS_Get_SEC_SequenceOfObjectIDTemplate
NSS_Get_SEC_NullTemplate_Util
NSS_Get_SEC_OctetStringTemplate_Util
NSS_Get_SEC_PointerToAnyTemplate_Util
NSS_Get_SECOID_AlgorithmIDTemplate_Util
NSS_Get_SEC_SequenceOfAnyTemplate
NSS_Get_SEC_PointerToGeneralizedTimeTemplate
NSS_Get_SEC_PointerToEnumeratedTemplate
NSS_Get_SEC_GeneralizedTimeTemplate_Util
NSS_Get_SEC_EnumeratedTemplate
NSS_Get_SEC_IntegerTemplate_Util
DER_SetUInteger
NSS_Get_SEC_AnyTemplate_Util
NSSRWLock_HaveWriteLock_Util
NSSRWLock_UnlockWrite_Util
NSSRWLock_UnlockRead_Util
NSSRWLock_LockWrite_Util
NSSRWLock_LockRead_Util
NSSRWLock_Destroy_Util
NSSRWLock_New_Util
NSSBase64_EncodeItem_Util
NSSBase64_DecodeBuffer_Util
NSSBase64Encoder_Destroy_Util
NSSBase64Decoder_Destroy_Util
NSSBase64Encoder_Update_Util
NSSBase64Decoder_Update_Util
NSSBase64Encoder_Create_Util
NSSBase64Decoder_Create_Util
BTOA_ConvertItemToAscii_Util
ATOB_ConvertAsciiToItem_Util
ATOB_AsciiToData_Util
BTOA_DataToAscii_Util
SEC_ASN1LengthLength_Util
SEC_ASN1DecodeInteger_Util
SEC_ASN1EncodeUnsignedInteger_Util
SEC_ASN1EncodeInteger_Util
SEC_ASN1EncodeItem_Util
SEC_ASN1Encode_Util
SEC_ASN1EncoderClearTakeFromBuf_Util
SEC_ASN1EncoderSetTakeFromBuf_Util
SEC_ASN1EncoderClearStreaming_Util
SEC_ASN1EncoderSetStreaming_Util
SEC_ASN1EncoderClearNotifyProc_Util
SEC_ASN1EncoderSetNotifyProc_Util
SEC_ASN1EncoderAbort_Util
SEC_ASN1EncoderFinish_Util
SEC_ASN1EncoderUpdate_Util
SEC_ASN1EncoderStart_Util
SEC_QuickDERDecodeItem_Util
SEC_ASN1DecodeItem_Util
SEC_ASN1Decode_Util
SEC_ASN1DecoderClearNotifyProc_Util
SEC_ASN1DecoderSetNotifyProc_Util
SEC_ASN1DecoderClearFilterProc_Util
SEC_ASN1DecoderSetFilterProc_Util
SEC_ASN1DecoderAbort_Util
SEC_ASN1DecoderFinish_Util
SEC_ASN1DecoderUpdate_Util
SEC_ASN1DecoderStart_Util
DER_EncodeTimeChoice_Util
DER_DecodeTimeChoice_Util
CERT_GenTime2FormattedAscii_Util
DER_GeneralizedTimeToTime_Util
DER_TimeToGeneralizedTimeArena_Util
DER_TimeToGeneralizedTime_Util
DER_TimeChoiceDayToAscii_Util
DER_GeneralizedDayToAscii_Util
DER_UTCDayToAscii_Util
DER_UTCTimeToAscii_Util
DER_UTCTimeToTime_Util
DER_AsciiToTime_Util
DER_TimeToUTCTime_Util
DER_GetInteger_Util
DER_Lengths_Util
DER_Encode_Util
SGN_CompareDigestInfo_Util
SGN_CopyDigestInfo_Util
SGN_DestroyDigestInfo_Util
SGN_CreateDigestInfo_Util
SECITEM_ZfreeItem_Util
SECITEM_FreeItem_Util
SECITEM_ArenaDupItem_Util
SECITEM_DupItem_Util
SECITEM_CopyItem_Util
SECITEM_ItemsAreEqual_Util
SECITEM_CompareItem_Util
SECITEM_AllocItem_Util
SECOID_AddEntry_Util
SECOID_FindOIDTagDescription_Util
SECOID_CompareAlgorithmID_Util
SECOID_DestroyAlgorithmID_Util
SECOID_GetAlgorithmTag_Util
SECOID_CopyAlgorithmID_Util
SECOID_SetAlgorithmID_Util
SECOID_FindOIDByTag_Util
SECOID_FindOIDTag_Util
SECOID_FindOID_Util
NSS_PutEnv_Util
PORT_UCS2_ASCIIConversion_Util
PORT_UCS2_UTF8Conversion_Util
PORT_SetUCS2_UTF8ConversionFunction_Util
PORT_SetUCS2_ASCIIConversionFunction_Util
PORT_SetUCS4_UTF8ConversionFunction_Util
PORT_ArenaStrdup_Util
PORT_ArenaUnmark_Util
PORT_ArenaRelease_Util
PORT_ArenaMark_Util
PORT_ArenaGrow_Util
PORT_FreeArena_Util
PORT_ArenaZAlloc_Util
PORT_ArenaAlloc_Util
PORT_NewArena_Util
PORT_GetError_Util
PORT_ZFree_Util
PORT_Realloc_Util
SECOID_Init
SECOID_Shutdown
PORT_ZAlloc_Util
NSS_InitializePRErrorTable
PORT_SetError_Util
PORT_Free_Util
PORT_Strdup_Util
PORT_Alloc_Util

libplc4

PL_strncasecmp
PL_strcasecmp
PL_strcatn
PL_strncpyz
PL_strlen
PL_strcat
PL_strstr
PL_strnstr
PL_strfree
PL_strdup

libplds4

PL_HashTableLookup
PL_HashTableRemove
PL_HashTableAdd
PL_CompareStrings
PL_HashString
PL_FinishArenaPool
PL_InitArenaPool
PL_ArenaAllocate
PL_ArenaRelease
PL_HashTableEnumerateEntries
PL_HashTableDestroy
PL_CompareValues
PL_NewHashTable

libnspr4

PR_htons
PR_Accept
PR_Send
PR_Shutdown
PR_Listen
PR_ConnectContinue
PR_Bind
PR_ErrorToString
PR_FindFunctionSymbol
PR_DestroyRWLock
PR_Realloc
PR_Malloc
PR_GetThreadPrivate
PR_SetThreadPrivate
PR_NewThreadPrivateIndex
PR_Free
PR_Calloc
PR_sprintf_append
PR_GetError
PR_NetAddrToString
PR_ConvertIPv4AddrToIPv6
PR_htonl
PR_SetErrorText
PR_Sleep
PR_FindSymbol
PR_LoadLibrary
PR_UnloadLibrary
PR_IntervalToSeconds
PR_IntervalToMilliseconds
PR_IntervalToMicroseconds
PR_NewLogModule
PR_LogPrint
PR_CallOnceWithArg
PR_IntervalNow
PR_GetEnv
PR_Poll
PR_TicksPerSecond
PR_Recv
PR_snprintf
PR_Write
PR_NewTCPSocket
PR_SecondsToInterval
PR_StringToNetAddr
PR_GetHostByName
PR_EnumerateHostEnt
PR_Connect
PR_InitializeNetAddr
PR_Close
PR_NewMonitor
PR_Now
PR_EnterMonitor
PR_ExitMonitor
PR_CallOnce
PR_NotifyCondVar
PR_NotifyAllCondVar
PR_VersionCheck
PR_Lock
PR_Unlock
PR_WaitCondVar
PR_DestroyLock
PR_NewLock
PR_NewCondVar
PR_smprintf
PR_smprintf_free
PR_DestroyMonitor

kernel32

ReadFile
GetProcessHeap
SetEndOfFile
HeapSize
CreateFileA
SetFilePointer
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapReAlloc
VirtualAlloc
HeapAlloc
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetModuleHandleA
RtlUnwind
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
CloseHandle
HeapFree
DeleteCriticalSection
ExitProcess
Sleep
WideCharToMultiByte
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleW
GetFileAttributesA
GetLastError
GetCommandLineA
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection

Exports

Exports

ATOB_AsciiToData
ATOB_ConvertAsciiToItem
BTOA_ConvertItemToAscii
BTOA_DataToAscii
CERT_AddCertToListSorted
CERT_AddCertToListTail
CERT_AddExtension
CERT_AddOCSPAcceptableResponses
CERT_AddOKDomainName
CERT_AddRDN
CERT_AllocCERTRevocationFlags
CERT_AsciiToName
CERT_CRLCacheRefreshIssuer
CERT_CacheCRL
CERT_CacheOCSPResponseFromSideChannel
CERT_CertChainFromCert
CERT_CertListFromCert
CERT_CertTimesValid
CERT_ChangeCertTrust
CERT_CheckCertUsage
CERT_CheckCertValidTimes
CERT_CheckNameSpace
CERT_ClearOCSPCache
CERT_CompareCerts
CERT_CompareName
CERT_CompareValidityTimes
CERT_CompleteCRLDecodeEntries
CERT_CopyName
CERT_CopyRDN
CERT_CreateAVA
CERT_CreateCertificate
CERT_CreateCertificateRequest
CERT_CreateName
CERT_CreateOCSPCertID
CERT_CreateOCSPRequest
CERT_CreateRDN
CERT_CreateSubjectCertList
CERT_CreateValidity
CERT_DecodeAVAValue
CERT_DecodeAltNameExtension
CERT_DecodeAuthInfoAccessExtension
CERT_DecodeAuthKeyID
CERT_DecodeBasicConstraintValue
CERT_DecodeCRLDistributionPoints
CERT_DecodeCertificatePoliciesExtension
CERT_DecodeDERCrl
CERT_DecodeDERCrlWithFlags
CERT_DecodeGeneralName
CERT_DecodeNameConstraintsExtension
CERT_DecodeOCSPResponse
CERT_DecodeOidSequence
CERT_DecodePrivKeyUsagePeriodExtension
CERT_DecodeTrustString
CERT_DecodeUserNotice
CERT_DerNameToAscii
CERT_DestroyCERTRevocationFlags
CERT_DestroyCertArray
CERT_DestroyCertList
CERT_DestroyCertificate
CERT_DestroyCertificateList
CERT_DestroyCertificatePoliciesExtension
CERT_DestroyCertificateRequest
CERT_DestroyName
CERT_DestroyOCSPCertID
CERT_DestroyOCSPRequest
CERT_DestroyOCSPResponse
CERT_DestroyOidSequence
CERT_DestroyUserNotice
CERT_DestroyValidity
CERT_DisableOCSPChecking
CERT_DisableOCSPDefaultResponder
CERT_DistNamesFromCertList
CERT_DupCertList
CERT_DupCertificate
CERT_DupDistNames
CERT_EnableOCSPChecking
CERT_EnableOCSPDefaultResponder
CERT_EncodeAltNameExtension
CERT_EncodeAndAddBitStrExtension
CERT_EncodeAuthKeyID
CERT_EncodeBasicConstraintValue
CERT_EncodeCRLDistributionPoints
CERT_EncodeCertPoliciesExtension
CERT_EncodeGeneralName
CERT_EncodeInfoAccessExtension
CERT_EncodeInhibitAnyExtension
CERT_EncodeNoticeReference
CERT_EncodeOCSPRequest
CERT_EncodePolicyConstraintsExtension
CERT_EncodePolicyMappingExtension
CERT_EncodeSubjectKeyID
CERT_EncodeUserNotice
CERT_ExtractPublicKey
CERT_FilterCertListByCANames
CERT_FilterCertListByUsage
CERT_FilterCertListForUserCerts
CERT_FindCRLEntryReasonExten
CERT_FindCRLNumberExten
CERT_FindCertByDERCert
CERT_FindCertByIssuerAndSN
CERT_FindCertByName
CERT_FindCertByNickname
CERT_FindCertByNicknameOrEmailAddr
CERT_FindCertByNicknameOrEmailAddrForUsage
CERT_FindCertBySubjectKeyID
CERT_FindCertExtension
CERT_FindCertIssuer
CERT_FindKeyUsageExtension
CERT_FindNameConstraintsExten
CERT_FindSMimeProfile
CERT_FindSubjectKeyIDExtension
CERT_FindUserCertByUsage
CERT_FindUserCertsByUsage
CERT_FinishCertificateRequestAttributes
CERT_FinishExtensions
CERT_FormatName
CERT_FreeDistNames
CERT_FreeNicknames
CERT_GenTime2FormattedAscii
CERT_GetAVATag
CERT_GetCertChainFromCert
CERT_GetCertEmailAddress
CERT_GetCertIssuerAndSN
CERT_GetCertNicknames
CERT_GetCertTimes
CERT_GetCertTrust
CERT_GetCertUid
CERT_GetCertificateNames
CERT_GetCertificateRequestExtensions
CERT_GetClassicOCSPDisabledPolicy
CERT_GetClassicOCSPEnabledHardFailurePolicy
CERT_GetClassicOCSPEnabledSoftFailurePolicy
CERT_GetCommonName
CERT_GetConstrainedCertificateNames
CERT_GetCountryName
CERT_GetDBContentVersion
CERT_GetDefaultCertDB
CERT_GetDomainComponentName
CERT_GetFirstEmailAddress
CERT_GetLocalityName
CERT_GetNextEmailAddress
CERT_GetNextGeneralName
CERT_GetNextNameConstraint
CERT_GetOCSPAuthorityInfoAccessLocation
CERT_GetOCSPResponseStatus
CERT_GetOCSPStatusForCertID
CERT_GetOidString
CERT_GetOrgName
CERT_GetOrgUnitName
CERT_GetPKIXVerifyNistRevocationPolicy
CERT_GetPrevGeneralName
CERT_GetPrevNameConstraint
CERT_GetSSLCACerts
CERT_GetSlopTime
CERT_GetStateName
CERT_GetUsePKIXForValidation
CERT_GetValidDNSPatternsFromCert
CERT_Hexify
CERT_ImportCAChain
CERT_ImportCAChainTrusted
CERT_ImportCRL
CERT_ImportCerts
CERT_IsCACert
CERT_IsCADERCert
CERT_IsRootDERCert
CERT_IsUserCert
CERT_KeyFromDERCrl
CERT_MakeCANickname
CERT_MergeExtensions
CERT_NameToAscii
CERT_NameToAsciiInvertible
CERT_NewCertList
CERT_NewTempCertificate
CERT_NicknameStringsFromCertList
CERT_OCSPCacheSettings
CERT_OpenCertDBFilename
CERT_PKIXVerifyCert
CERT_RFC1485_EscapeAndQuote
CERT_RegisterAlternateOCSPAIAInfoCallBack
CERT_RemoveCertListNode
CERT_SaveSMimeProfile
CERT_SetOCSPDefaultResponder
CERT_SetOCSPFailureMode
CERT_SetOCSPTimeout
CERT_SetSlopTime
CERT_SetUsePKIXForValidation
CERT_StartCRLEntryExtensions
CERT_StartCRLExtensions
CERT_StartCertExtensions
CERT_StartCertificateRequestAttributes
CERT_UncacheCRL
CERT_VerifyCACertForUsage
CERT_VerifyCert
CERT_VerifyCertName
CERT_VerifyCertNow
CERT_VerifyCertificate
CERT_VerifyCertificateNow
CERT_VerifyOCSPResponseSignature
CERT_VerifySignedData
CERT_VerifySignedDataWithPublicKey
CERT_VerifySignedDataWithPublicKeyInfo
DER_AsciiToTime
DER_DecodeTimeChoice
DER_Encode
DER_EncodeTimeChoice
DER_GeneralizedDayToAscii
DER_GeneralizedTimeToTime
DER_GetInteger
DER_Lengths
DER_TimeChoiceDayToAscii
DER_TimeToGeneralizedTime
DER_TimeToGeneralizedTimeArena
DER_TimeToUTCTime
DER_UTCDayToAscii
DER_UTCTimeToAscii
DER_UTCTimeToTime
DSAU_DecodeDerSig
DSAU_DecodeDerSigToLen
DSAU_EncodeDerSig
DSAU_EncodeDerSigWithLen
HASH_Begin
HASH_Clone
HASH_Create
HASH_Destroy
HASH_End
HASH_GetHashObject
HASH_GetHashObjectByOidTag
HASH_GetHashTypeByOidTag
HASH_GetType
HASH_HashBuf
HASH_ResultLen
HASH_ResultLenByOidTag
HASH_ResultLenContext
HASH_Update
NSSBase64Decoder_Create
NSSBase64Decoder_Destroy
NSSBase64Decoder_Update
NSSBase64Encoder_Create
NSSBase64Encoder_Destroy
NSSBase64Encoder_Update
NSSBase64_DecodeBuffer
NSSBase64_EncodeItem
NSSRWLock_Destroy
NSSRWLock_HaveWriteLock
NSSRWLock_LockRead
NSSRWLock_LockWrite
NSSRWLock_New
NSSRWLock_UnlockRead
NSSRWLock_UnlockWrite
NSS_GetVersion
NSS_Get_CERT_CertificateRequestTemplate
NSS_Get_CERT_CertificateTemplate
NSS_Get_CERT_CrlTemplate
NSS_Get_CERT_IssuerAndSNTemplate
NSS_Get_CERT_NameTemplate
NSS_Get_CERT_SequenceOfCertExtensionTemplate
NSS_Get_CERT_SetOfSignedCrlTemplate
NSS_Get_CERT_SignedCrlTemplate
NSS_Get_CERT_SignedDataTemplate
NSS_Get_CERT_SubjectPublicKeyInfoTemplate
NSS_Get_CERT_TimeChoiceTemplate
NSS_Get_SECKEY_DSAPublicKeyTemplate
NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate
NSS_Get_SECKEY_PointerToEncryptedPrivateKeyInfoTemplate
NSS_Get_SECKEY_PointerToPrivateKeyInfoTemplate
NSS_Get_SECKEY_PrivateKeyInfoTemplate
NSS_Get_SECKEY_RSAPSSParamsTemplate
NSS_Get_SECKEY_RSAPublicKeyTemplate
NSS_Get_SECOID_AlgorithmIDTemplate
NSS_Get_SEC_AnyTemplate
NSS_Get_SEC_BMPStringTemplate
NSS_Get_SEC_BitStringTemplate
NSS_Get_SEC_BooleanTemplate
NSS_Get_SEC_GeneralizedTimeTemplate
NSS_Get_SEC_IA5StringTemplate
NSS_Get_SEC_IntegerTemplate
NSS_Get_SEC_NullTemplate
NSS_Get_SEC_ObjectIDTemplate
NSS_Get_SEC_OctetStringTemplate
NSS_Get_SEC_PointerToAnyTemplate
NSS_Get_SEC_PointerToOctetStringTemplate
NSS_Get_SEC_SetOfAnyTemplate
NSS_Get_SEC_SignedCertificateTemplate
NSS_Get_SEC_UTCTimeTemplate
NSS_Get_SEC_UTF8StringTemplate
NSS_Get_sgn_DigestInfoTemplate
NSS_Init
NSS_InitContext
NSS_InitReadWrite
NSS_InitWithMerge
NSS_Initialize
NSS_IsInitialized
NSS_NoDB_Init
NSS_PutEnv
NSS_RegisterShutdown
NSS_Shutdown
NSS_ShutdownContext
NSS_UnregisterShutdown
NSS_VersionCheck
PBE_CreateContext
PBE_DestroyContext
PBE_GenerateBits
PK11SDR_Decrypt
PK11SDR_Encrypt
PK11_AlgtagToMechanism
PK11_Authenticate
PK11_BlockData
PK11_ChangePW
PK11_CheckSSOPassword
PK11_CheckUserPassword
PK11_CipherOp
PK11_CloneContext
PK11_ConfigurePKCS11
PK11_ConvertSessionPrivKeyToTokenPrivKey
PK11_ConvertSessionSymKeyToTokenSymKey
PK11_CopySymKeyForSigning
PK11_CopyTokenPrivKeyToSessionPrivKey
PK11_CreateContextBySymKey
PK11_CreateDigestContext
PK11_CreateGenericObject
PK11_CreateMergeLog
PK11_CreatePBEAlgorithmID
PK11_CreatePBEParams
PK11_CreatePBEV2AlgorithmID
PK11_DEREncodePublicKey
PK11_DeleteTokenCertAndKey
PK11_DeleteTokenPrivateKey
PK11_DeleteTokenPublicKey
PK11_DeleteTokenSymKey
PK11_Derive
PK11_DeriveWithFlags
PK11_DeriveWithFlagsPerm
PK11_DeriveWithTemplate
PK11_DestroyContext
PK11_DestroyGenericObject
PK11_DestroyGenericObjects
PK11_DestroyMergeLog
PK11_DestroyObject
PK11_DestroyPBEParams
PK11_DestroyTokenObject
PK11_DigestBegin
PK11_DigestFinal
PK11_DigestKey
PK11_DigestOp
PK11_DoesMechanism
PK11_ExportEncryptedPrivKeyInfo
PK11_ExportEncryptedPrivateKeyInfo
PK11_ExportPrivateKeyInfo
PK11_ExtractKeyValue
PK11_Finalize
PK11_FindBestKEAMatch
PK11_FindCertAndKeyByRecipientList
PK11_FindCertAndKeyByRecipientListNew
PK11_FindCertByIssuerAndSN
PK11_FindCertFromDERCert
PK11_FindCertFromDERCertItem
PK11_FindCertFromNickname
PK11_FindCertInSlot
PK11_FindCertsFromEmailAddress
PK11_FindCertsFromNickname
PK11_FindFixedKey
PK11_FindGenericObjects
PK11_FindKeyByAnyCert
PK11_FindKeyByDERCert
PK11_FindKeyByKeyID
PK11_FindPrivateKeyFromCert
PK11_FindSlotByName
PK11_FindSlotsByNames
PK11_FortezzaHasKEA
PK11_FortezzaMapSig
PK11_FreeSlot
PK11_FreeSlotList
PK11_FreeSlotListElement
PK11_FreeSymKey
PK11_GenerateFortezzaIV
PK11_GenerateKeyPair
PK11_GenerateKeyPairWithFlags
PK11_GenerateKeyPairWithOpFlags
PK11_GenerateNewParam
PK11_GenerateRandom
PK11_GenerateRandomOnSlot
PK11_GetAllSlotsForCert
PK11_GetAllTokens
PK11_GetBestKeyLength
PK11_GetBestSlot
PK11_GetBestSlotMultiple
PK11_GetBestWrapMechanism
PK11_GetBlockSize
PK11_GetCertFromPrivateKey
PK11_GetCurrentWrapIndex
PK11_GetDefaultArray
PK11_GetDefaultFlags
PK11_GetDisabledReason
PK11_GetFirstSafe
PK11_GetIVLength
PK11_GetInternalKeySlot
PK11_GetInternalSlot
PK11_GetKeyData
PK11_GetKeyGen
PK11_GetKeyLength
PK11_GetKeyStrength
PK11_GetKeyType
PK11_GetLowLevelKeyIDForCert
PK11_GetLowLevelKeyIDForPrivateKey
PK11_GetMechanism
PK11_GetMinimumPwdLength
PK11_GetModInfo
PK11_GetModule
PK11_GetModuleID
PK11_GetNextGenericObject
PK11_GetNextSafe
PK11_GetNextSymKey
PK11_GetPBECryptoMechanism
PK11_GetPBEIV
PK11_GetPQGParamsFromPrivateKey
PK11_GetPadMechanism
PK11_GetPrevGenericObject
PK11_GetPrivateKeyNickname
PK11_GetPrivateModulusLen
PK11_GetPublicKeyNickname
PK11_GetSlotFromKey
PK11_GetSlotFromPrivateKey
PK11_GetSlotID
PK11_GetSlotInfo
PK11_GetSlotName
PK11_GetSlotPWValues
PK11_GetSlotSeries
PK11_GetSymKeyHandle
PK11_GetSymKeyNickname
PK11_GetSymKeyType
PK11_GetSymKeyUserData
PK11_GetTokenInfo
PK11_GetTokenName
PK11_GetWindow
PK11_GetWrapKey
PK11_HasRootCerts
PK11_HashBuf
PK11_IVFromParam
PK11_ImportCRL
PK11_ImportCert
PK11_ImportCertForKey
PK11_ImportCertForKeyToSlot
PK11_ImportDERCert
PK11_ImportDERCertForKey
PK11_ImportDERPrivateKeyInfo
PK11_ImportDERPrivateKeyInfoAndReturnKey
PK11_ImportEncryptedPrivateKeyInfo
PK11_ImportEncryptedPrivateKeyInfoAndReturnKey
PK11_ImportPrivateKeyInfo
PK11_ImportPrivateKeyInfoAndReturnKey
PK11_ImportPublicKey
PK11_ImportSymKey
PK11_ImportSymKeyWithFlags
PK11_InitPin
PK11_IsDisabled
PK11_IsFIPS
PK11_IsFriendly
PK11_IsHW
PK11_IsInternal
PK11_IsInternalKeySlot
PK11_IsLoggedIn
PK11_IsPresent
PK11_IsReadOnly
PK11_IsRemovable
PK11_KeyForCertExists
PK11_KeyForDERCertExists
PK11_KeyGen
PK11_KeyGenWithTemplate
PK11_LinkGenericObject
PK11_ListCerts
PK11_ListCertsInSlot
PK11_ListFixedKeysInSlot
PK11_ListPrivKeysInSlot
PK11_ListPrivateKeysInSlot
PK11_ListPublicKeysInSlot
PK11_LoadPrivKey
PK11_Logout
PK11_LogoutAll
PK11_MakeIDFromPubKey
PK11_MakeKEAPubKey
PK11_MapPBEMechanismToCryptoMechanism
PK11_MapSignKeyType
PK11_MechanismToAlgtag
PK11_MergeTokens
PK11_MoveSymKey
PK11_NeedLogin
PK11_NeedPWInit
PK11_NeedUserInit
PK11_PBEKeyGen
PK11_PQG_DestroyParams
PK11_PQG_DestroyVerify
PK11_PQG_GetBaseFromParams
PK11_PQG_GetCounterFromVerify
PK11_PQG_GetHFromVerify
PK11_PQG_GetPrimeFromParams
PK11_PQG_GetSeedFromVerify
PK11_PQG_GetSubPrimeFromParams
PK11_PQG_NewParams
PK11_PQG_NewVerify
PK11_PQG_ParamGen

Sections

.text
Size: 693KB - Virtual size: 693KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMPfolder/FetfQynki/nssckbi.dll
.dll windows:5 windows x86 arch:x86

5e62360c3269a77afaa830fdada7767b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libplc4

PL_strlen

libplds4

PL_ArenaAllocate
PL_HashTableEnumerateEntries
PL_HashTableLookup
PL_HashTableRemove
PL_HashTableAdd
PL_HashTableDestroy
PL_CompareValues
PL_NewHashTable
PL_FinishArenaPool
PL_InitArenaPool

libnspr4

PR_CallOnce
PR_GetThreadPrivate
PR_SetThreadPrivate
PR_NewThreadPrivateIndex
PR_Free
PR_Calloc
PR_Unlock
PR_Lock
PR_DestroyLock
PR_NewLock

kernel32

FreeEnvironmentStringsW
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

Exports

Exports

C_GetFunctionList

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMPfolder/FetfQynki/nssdbm3.dll
.dll windows:5 windows x86 arch:x86

a5e363ad4a9f58bb0976e299ef467471

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libplc4

PL_strcasecmp
PL_strncasecmp

libplds4

PL_HashTableDestroy
PL_HashTableRemove
PL_HashTableLookup
PL_HashTableAdd
PL_HashTableEnumerateEntries
PL_NewHashTable

libnspr4

PR_GetLibraryFilePathname
PR_CallOnce
PR_FindFunctionSymbol
PR_SetError
PR_smprintf
PR_smprintf_free
PR_Delete
PR_Close
PR_Write
PR_GetError
PR_OpenFile
PR_MkDir
PR_Access
PR_CloseFileMap
PR_MemUnmap
PR_Read
PR_MemMap
PR_CreateFileMap
PR_NewLock
PR_Unlock
PR_Lock
PR_DestroyLock
PR_ntohl
PR_htonl
PR_Free
PR_UnloadLibrary
PR_GetEnv
PR_FindSymbol
PR_LoadLibrary
PR_Now
PR_EnterMonitor
PR_ExitMonitor
PR_DestroyMonitor
PR_NewMonitor
PR_LoadLibraryWithFlags
PR_GetDirectorySeparator

nssutil3

PORT_NewArena_Util
PORT_SetError_Util
SECOID_SetAlgorithmID_Util
SEC_ASN1EncodeItem_Util
SECITEM_DupItem_Util
SECITEM_CopyItem_Util
SECOID_GetAlgorithmTag_Util
SEC_QuickDERDecodeItem_Util
SEC_ASN1EncodeInteger_Util
SECITEM_ZfreeItem_Util
PORT_GetError_Util
PORT_ArenaAlloc_Util
SECOID_FindOIDByTag_Util
SECITEM_FreeItem_Util
PORT_ArenaZAlloc_Util
PORT_Strdup_Util
DER_SetUInteger
PORT_Realloc_Util
SECITEM_ItemsAreEqual_Util
SECOID_Shutdown
SECITEM_HashCompare
SECOID_Init
SECITEM_AllocItem_Util
DER_DecodeTimeChoice_Util
NSS_Get_SEC_ObjectIDTemplate_Util
NSS_Get_SEC_BitStringTemplate_Util
NSS_Get_SEC_AnyTemplate_Util
PORT_ArenaRelease_Util
PORT_ArenaUnmark_Util
PORT_ArenaMark_Util
PORT_FreeArena_Util
NSS_Get_SECOID_AlgorithmIDTemplate_Util
PORT_ZAlloc_Util
PORT_Alloc_Util
PORT_Free_Util
SECOID_FindOIDTag_Util
NSSBase64_EncodeItem_Util
PORT_ArenaStrdup_Util
SECITEM_CompareItem_Util

kernel32

FileTimeToSystemTime
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
ReadFile
GetProcessHeap
SetEndOfFile
SetFilePointer
GetConsoleMode
GetConsoleCP
RtlUnwind
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
WriteFile
HeapReAlloc
VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryA
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
CloseHandle
GetFullPathNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetStdHandle
SetHandleCount
ExitProcess
Sleep
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapAlloc
HeapFree
GetFileType
LeaveCriticalSection
FlushFileBuffers
GetCurrentThreadId
GetCommandLineA
GetLastError
FindClose
DeleteFileA
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
SetStdHandle
EnterCriticalSection

Exports

Exports

legacy_AddSecmodDB
legacy_DeleteSecmodDB
legacy_Open
legacy_ReadSecmodDB
legacy_ReleaseSecmodDBData
legacy_SetCryptFunctions
legacy_Shutdown

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMPfolder/FetfQynki/nssutil3.dll
.dll windows:5 windows x86 arch:x86

b3ea12d3f9eed13644f0fc4a733cdc54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libplc4

PL_strncasecmp
PL_strcasecmp
PL_strpbrk
PL_strlen

libplds4

PL_FreeArenaPool
PL_FinishArenaPool
PL_ArenaAllocate
PL_HashTableDestroy
PL_ClearArenaPool
PL_HashTableLookup
PL_CompareValues
PL_NewHashTable
PL_HashTableAdd
PL_ArenaGrow
PL_ArenaRelease
PL_InitArenaPool
PL_HashTableLookupConst

libnspr4

PR_GetError
PR_LocalTimeParameters
PR_FormatTime
PR_GetEnv
PR_GetLibraryFilePathname
PR_GetDirectorySeparator
PR_LoadLibraryWithFlags
PR_NewLock
PR_NewCondVar
PR_NotifyAllCondVar
PR_NotifyCondVar
PR_GetCurrentThread
PR_Lock
PR_WaitCondVar
PR_Unlock
PR_DestroyCondVar
PR_DestroyLock
PR_Free
PR_Realloc
PR_Malloc
PR_SetError
PR_Calloc
PR_CallOnce
PR_ErrorInstallTable
PR_ImplodeTime
PR_GMTParameters
PR_ExplodeTime

kernel32

GetModuleHandleW
CompareStringW
CompareStringA
HeapSize
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WriteFile
HeapReAlloc
VirtualAlloc
HeapAlloc
GetLocaleInfoA
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
Sleep
SetEnvironmentVariableA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
SetEnvironmentVariableW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetLastError
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
HeapFree

Exports

Exports

ATOB_AsciiToData_Util
ATOB_ConvertAsciiToItem_Util
BTOA_ConvertItemToAscii_Util
BTOA_DataToAscii_Util
CERT_GenTime2FormattedAscii_Util
DER_AsciiToTime_Util
DER_DecodeTimeChoice_Util
DER_EncodeTimeChoice_Util
DER_Encode_Util
DER_GeneralizedDayToAscii_Util
DER_GeneralizedTimeToTime_Util
DER_GetInteger_Util
DER_GetUInteger
DER_LengthLength
DER_Lengths_Util
DER_SetUInteger
DER_StoreHeader
DER_TimeChoiceDayToAscii_Util
DER_TimeToGeneralizedTimeArena_Util
DER_TimeToGeneralizedTime_Util
DER_TimeToUTCTime_Util
DER_UTCDayToAscii_Util
DER_UTCTimeToAscii_Util
DER_UTCTimeToTime_Util
NSSBase64Decoder_Create_Util
NSSBase64Decoder_Destroy_Util
NSSBase64Decoder_Update_Util
NSSBase64Encoder_Create_Util
NSSBase64Encoder_Destroy_Util
NSSBase64Encoder_Update_Util
NSSBase64_DecodeBuffer_Util
NSSBase64_EncodeItem_Util
NSSRWLock_Destroy_Util
NSSRWLock_HaveWriteLock_Util
NSSRWLock_LockRead_Util
NSSRWLock_LockWrite_Util
NSSRWLock_New_Util
NSSRWLock_UnlockRead_Util
NSSRWLock_UnlockWrite_Util
NSSUTIL_GetVersion
NSS_GetAlgorithmPolicy
NSS_Get_SECOID_AlgorithmIDTemplate_Util
NSS_Get_SEC_AnyTemplate_Util
NSS_Get_SEC_BMPStringTemplate_Util
NSS_Get_SEC_BitStringTemplate_Util
NSS_Get_SEC_BooleanTemplate_Util
NSS_Get_SEC_EnumeratedTemplate
NSS_Get_SEC_GeneralizedTimeTemplate_Util
NSS_Get_SEC_IA5StringTemplate_Util
NSS_Get_SEC_IntegerTemplate_Util
NSS_Get_SEC_NullTemplate_Util
NSS_Get_SEC_ObjectIDTemplate_Util
NSS_Get_SEC_OctetStringTemplate_Util
NSS_Get_SEC_PointerToAnyTemplate_Util
NSS_Get_SEC_PointerToEnumeratedTemplate
NSS_Get_SEC_PointerToGeneralizedTimeTemplate
NSS_Get_SEC_PointerToOctetStringTemplate_Util
NSS_Get_SEC_PrintableStringTemplate
NSS_Get_SEC_SequenceOfAnyTemplate
NSS_Get_SEC_SequenceOfObjectIDTemplate
NSS_Get_SEC_SetOfAnyTemplate_Util
NSS_Get_SEC_SkipTemplate
NSS_Get_SEC_T61StringTemplate
NSS_Get_SEC_UTF8StringTemplate_Util
NSS_Get_SEC_UniversalStringTemplate
NSS_Get_sgn_DigestInfoTemplate_Util
NSS_InitializePRErrorTable
NSS_PutEnv_Util
NSS_SecureMemcmp
NSS_SetAlgorithmPolicy
PORT_Alloc_Util
PORT_ArenaAlloc_Util
PORT_ArenaGrow_Util
PORT_ArenaMark_Util
PORT_ArenaRelease_Util
PORT_ArenaStrdup_Util
PORT_ArenaUnmark_Util
PORT_ArenaZAlloc_Util
PORT_FreeArena_Util
PORT_Free_Util
PORT_GetError_Util
PORT_ISO88591_UTF8Conversion
PORT_LoadLibraryFromOrigin
PORT_NewArena_Util
PORT_Realloc_Util
PORT_RegExpCaseSearch
PORT_RegExpSearch
PORT_RegExpValid
PORT_SetError_Util
PORT_SetUCS2_ASCIIConversionFunction_Util
PORT_SetUCS2_UTF8ConversionFunction_Util
PORT_SetUCS4_UTF8ConversionFunction_Util
PORT_Strdup_Util
PORT_UCS2_ASCIIConversion_Util
PORT_UCS2_UTF8Conversion_Util
PORT_UCS4_UTF8Conversion
PORT_ZAlloc_Util
PORT_ZFree_Util
SECITEM_AllocItem_Util
SECITEM_ArenaDupItem_Util
SECITEM_CompareItem_Util
SECITEM_CopyItem_Util
SECITEM_DupItem_Util
SECITEM_FreeItem_Util
SECITEM_Hash
SECITEM_HashCompare
SECITEM_ItemsAreEqual_Util
SECITEM_ReallocItem
SECITEM_ZfreeItem_Util
SECOID_AddEntry_Util
SECOID_CompareAlgorithmID_Util
SECOID_CopyAlgorithmID_Util
SECOID_DestroyAlgorithmID_Util
SECOID_FindOIDByMechanism
SECOID_FindOIDByTag_Util
SECOID_FindOIDTagDescription_Util
SECOID_FindOIDTag_Util
SECOID_FindOID_Util
SECOID_GetAlgorithmTag_Util
SECOID_Init
SECOID_KnownCertExtenOID
SECOID_SetAlgorithmID_Util
SECOID_Shutdown
SEC_ASN1DecodeInteger_Util
SEC_ASN1DecodeItem_Util
SEC_ASN1Decode_Util
SEC_ASN1DecoderAbort_Util
SEC_ASN1DecoderClearFilterProc_Util
SEC_ASN1DecoderClearNotifyProc_Util
SEC_ASN1DecoderFinish_Util
SEC_ASN1DecoderSetFilterProc_Util
SEC_ASN1DecoderSetNotifyProc_Util
SEC_ASN1DecoderStart_Util
SEC_ASN1DecoderUpdate_Util
SEC_ASN1EncodeInteger_Util
SEC_ASN1EncodeItem_Util
SEC_ASN1EncodeUnsignedInteger_Util
SEC_ASN1Encode_Util
SEC_ASN1EncoderAbort_Util
SEC_ASN1EncoderClearNotifyProc_Util
SEC_ASN1EncoderClearStreaming_Util
SEC_ASN1EncoderClearTakeFromBuf_Util
SEC_ASN1EncoderFinish_Util
SEC_ASN1EncoderSetNotifyProc_Util
SEC_ASN1EncoderSetStreaming_Util
SEC_ASN1EncoderSetTakeFromBuf_Util
SEC_ASN1EncoderStart_Util
SEC_ASN1EncoderUpdate_Util
SEC_ASN1LengthLength_Util
SEC_QuickDERDecodeItem_Util
SEC_StringToOID
SGN_CompareDigestInfo_Util
SGN_CopyDigestInfo_Util
SGN_CreateDigestInfo_Util
SGN_DecodeDigestInfo
SGN_DestroyDigestInfo_Util
UTIL_SetForkState

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMPfolder/FetfQynki/smime3.dll
.dll windows:5 windows x86 arch:x86

e9f12bd41b659b69cfb5facb9a09bb01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

nss3

PK11_ExportPrivateKeyInfo
PK11_DestroyPBEParams
PK11_CreatePBEParams
PK11_SetSymKeyUserData
PK11_GetTokenName
PK11_TraverseCertsForSubjectInSlot
__CERT_DecodeDERCertificate
PK11_TraverseCertsForNicknameInSlot
PK11_FindKeyByDERCert
PK11_ImportDERCert
PK11_ImportCertForKeyToSlot
SECKEY_CopyPrivateKeyInfo
CERT_IsRootDERCert
CERT_IsCADERCert
PK11_ImportPublicKey
PK11_ImportPrivateKeyInfo
PK11_ImportEncryptedPrivateKeyInfo
PK11_FindCertAndKeyByRecipientList
HASH_ResultLen
HASH_GetHashTypeByOidTag
SECKEY_DestroyPrivateKeyInfo
PK11_ExportEncryptedPrivateKeyInfo
SECKEY_CopyEncryptedPrivateKeyInfo
SECKEY_DestroyEncryptedPrivateKeyInfo
PK11_IsInternal
PK11_GetInternalKeySlot
PK11_PBEKeyGen
PK11_ReferenceSlot
PK11_GetInternalSlot
NSS_Get_SECKEY_PointerToPrivateKeyInfoTemplate
SEC_PKCS5GetCryptoAlgorithm
SEC_PKCS5GetKeyLength
PK11_DigestBegin
PK11_DigestOp
PK11_DigestFinal
PK11_HashBuf
PK11_GenerateRandom
NSS_Get_SECKEY_PointerToEncryptedPrivateKeyInfoTemplate
NSS_Get_SECKEY_PrivateKeyInfoTemplate
NSS_VersionCheck
CERT_FindSMimeProfile
HASH_GetHashObjectByOidTag
NSS_RegisterShutdown
VFY_VerifyDataDirect
VFY_VerifyDigestDirect
PK11_FindKeyByAnyCert
SEC_GetSignatureAlgorithmOidTag
SEC_SignData
NSS_Get_CERT_SetOfSignedCrlTemplate
SGN_Digest
CERT_CertListFromCert
CERT_GetDefaultCertDB
CERT_SaveSMimeProfile
CERT_GetCommonName
CERT_FindCertBySubjectKeyID
CERT_FindCertByIssuerAndSN
CERT_ImportCerts
CERT_NewCertList
CERT_AddCertToListTail
CERT_FilterCertListByUsage
CERT_DestroyCertArray
CERT_DestroyCertList
CERT_CertChainFromCert
CERT_FindCertByDERCert
CERT_VerifyCert
CERT_DestroyCertificateList
SECKEY_CopyPrivateKey
PK11_FindPrivateKeyFromCert
SECKEY_DestroyPrivateKey
CERT_FindSubjectKeyIDExtension
SECKEY_DestroySubjectPublicKeyInfo
SECKEY_CreateSubjectPublicKeyInfo
CERT_DupCertificate
CERT_GetCertIssuerAndSN
SECKEY_CopyPublicKey
CERT_DestroyCertificate
CERT_ExtractPublicKey
SECKEY_DestroyPublicKey
PK11_PubUnwrapSymKey
SECKEY_GetPublicKeyType
SECKEY_PublicKeyStrength
PK11_PubWrapSymKey
PK11_SetPasswordFunc
PK11_FindCertAndKeyByRecipientListNew
PK11_GetBestSlot
PK11_KeyGen
SEC_PKCS5IsAlgorithmPBEAlgTag
PK11_CreatePBEAlgorithmID
PK11_GenerateNewParam
PK11_ParamToAlgid
SEC_PKCS5IsAlgorithmPBEAlg
PK11_GetSymKeyUserData
PK11_GetPBECryptoMechanism
PK11_AlgtagToMechanism
PK11_ParamFromAlgid
PK11_GetBlockSize
PK11_GetSlotFromKey
PK11_IsHW
PK11_FreeSlot
PK11_CreateContextBySymKey
PK11_CipherOp
PK11_DestroyContext
PK11_FreeSymKey
PK11_ReferenceSymKey
PK11_GetKeyStrength
NSS_Get_CERT_TimeChoiceTemplate
NSS_Get_CERT_IssuerAndSNTemplate
CERT_NewTempCertificate

nssutil3

SEC_ASN1Encode_Util
SEC_ASN1EncoderAbort_Util
SEC_ASN1DecoderAbort_Util
ATOB_AsciiToData_Util
ATOB_ConvertAsciiToItem_Util
SECITEM_DupItem_Util
PORT_ZFree_Util
SEC_ASN1DecoderClearNotifyProc_Util
PORT_ArenaStrdup_Util
NSS_Get_SEC_BMPStringTemplate_Util
DER_GetInteger_Util
SEC_ASN1DecodeItem_Util
SGN_CopyDigestInfo_Util
PORT_UCS2_UTF8Conversion_Util
PORT_Realloc_Util
SECITEM_CompareItem_Util
SGN_DestroyDigestInfo_Util
PORT_UCS2_ASCIIConversion_Util
SGN_CreateDigestInfo_Util
SECITEM_ZfreeItem_Util
NSS_Get_SEC_PointerToAnyTemplate_Util
NSS_Get_sgn_DigestInfoTemplate_Util
SECITEM_ItemsAreEqual_Util
SECOID_CompareAlgorithmID_Util
DER_EncodeTimeChoice_Util
PORT_Strdup_Util
DER_DecodeTimeChoice_Util
SECOID_FindOIDTag_Util
SEC_ASN1DecodeInteger_Util
SEC_QuickDERDecodeItem_Util
SEC_ASN1EncoderClearNotifyProc_Util
SEC_ASN1EncoderSetTakeFromBuf_Util
SEC_ASN1EncoderStart_Util
SEC_ASN1EncoderSetStreaming_Util
SEC_ASN1EncoderSetNotifyProc_Util
SEC_ASN1EncoderClearTakeFromBuf_Util
SEC_ASN1EncoderClearStreaming_Util
SEC_ASN1EncoderFinish_Util
SEC_ASN1EncoderUpdate_Util
SECOID_DestroyAlgorithmID_Util
PORT_NewArena_Util
PORT_FreeArena_Util
SEC_ASN1EncodeInteger_Util
SEC_ASN1DecoderSetFilterProc_Util
SEC_ASN1DecoderClearFilterProc_Util
SEC_ASN1DecoderStart_Util
SEC_ASN1DecoderSetNotifyProc_Util
SEC_ASN1DecoderUpdate_Util
PORT_GetError_Util
PORT_Alloc_Util
SECITEM_FreeItem_Util
SECOID_CopyAlgorithmID_Util
SECOID_SetAlgorithmID_Util
SECOID_GetAlgorithmTag_Util
SECITEM_AllocItem_Util
PORT_Free_Util
PORT_ZAlloc_Util
SEC_ASN1EncodeItem_Util
NSS_Get_SEC_AnyTemplate_Util
NSS_Get_SEC_IA5StringTemplate_Util
NSS_Get_SEC_ObjectIDTemplate_Util
SECOID_FindOID_Util
PORT_SetError_Util
PORT_ArenaMark_Util
SECOID_FindOIDByTag_Util
SECITEM_CopyItem_Util
SECITEM_ArenaDupItem_Util
PORT_ArenaRelease_Util
PORT_ArenaUnmark_Util
NSS_Get_SECOID_AlgorithmIDTemplate_Util
NSS_Get_SEC_BitStringTemplate_Util
NSS_Get_SEC_OctetStringTemplate_Util
NSS_Get_SEC_PointerToOctetStringTemplate_Util
NSS_Get_SEC_SetOfAnyTemplate_Util
PORT_ArenaAlloc_Util
PORT_ArenaGrow_Util
PORT_ArenaZAlloc_Util
SEC_ASN1DecoderFinish_Util

libplc4

PL_strncasecmp

libplds4

PL_CompareValues
PL_HashTableLookupConst
PL_HashTableAdd
PL_NewHashTable
PL_HashTableDestroy

libnspr4

PR_CallOnce
PR_NewLock
PR_Lock
PR_DestroyLock
PR_Unlock
PR_Now

kernel32

HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind

Exports

Exports

CERT_ConvertAndDecodeCertificate
CERT_DecodeCertFromPackage
CERT_DecodeCertPackage
NSSSMIME_GetVersion
NSSSMIME_VersionCheck
NSS_CMSContentInfo_GetBulkKey
NSS_CMSContentInfo_GetBulkKeySize
NSS_CMSContentInfo_GetContent
NSS_CMSContentInfo_GetContentEncAlgTag
NSS_CMSContentInfo_GetContentTypeTag
NSS_CMSContentInfo_SetBulkKey
NSS_CMSContentInfo_SetContent
NSS_CMSContentInfo_SetContentEncAlg
NSS_CMSContentInfo_SetContent_Data
NSS_CMSContentInfo_SetContent_DigestedData
NSS_CMSContentInfo_SetContent_EncryptedData
NSS_CMSContentInfo_SetContent_EnvelopedData
NSS_CMSContentInfo_SetContent_SignedData
NSS_CMSContentInfo_SetDontStream
NSS_CMSDEREncode
NSS_CMSDecoder_Cancel
NSS_CMSDecoder_Finish
NSS_CMSDecoder_Start
NSS_CMSDecoder_Update
NSS_CMSDigestContext_Cancel
NSS_CMSDigestContext_FinishMultiple
NSS_CMSDigestContext_FinishSingle
NSS_CMSDigestContext_StartMultiple
NSS_CMSDigestContext_StartSingle
NSS_CMSDigestContext_Update
NSS_CMSDigestedData_Create
NSS_CMSDigestedData_Destroy
NSS_CMSDigestedData_GetContentInfo
NSS_CMSEncoder_Cancel
NSS_CMSEncoder_Finish
NSS_CMSEncoder_Start
NSS_CMSEncoder_Update
NSS_CMSEncryptedData_Create
NSS_CMSEncryptedData_Destroy
NSS_CMSEncryptedData_GetContentInfo
NSS_CMSEnvelopedData_AddRecipient
NSS_CMSEnvelopedData_Create
NSS_CMSEnvelopedData_Destroy
NSS_CMSEnvelopedData_GetContentInfo
NSS_CMSMessage_ContentLevel
NSS_CMSMessage_ContentLevelCount
NSS_CMSMessage_Copy
NSS_CMSMessage_Create
NSS_CMSMessage_CreateFromDER
NSS_CMSMessage_Destroy
NSS_CMSMessage_GetContent
NSS_CMSMessage_GetContentInfo
NSS_CMSMessage_IsEncrypted
NSS_CMSMessage_IsSigned
NSS_CMSRecipientInfo_Create
NSS_CMSRecipientInfo_CreateFromDER
NSS_CMSRecipientInfo_CreateNew
NSS_CMSRecipientInfo_CreateWithSubjKeyID
NSS_CMSRecipientInfo_CreateWithSubjKeyIDFromCert
NSS_CMSRecipientInfo_Destroy
NSS_CMSRecipientInfo_Encode
NSS_CMSRecipientInfo_GetCertAndKey
NSS_CMSRecipientInfo_UnwrapBulkKey
NSS_CMSRecipientInfo_WrapBulkKey
NSS_CMSSignedData_AddCertChain
NSS_CMSSignedData_AddCertList
NSS_CMSSignedData_AddCertificate
NSS_CMSSignedData_AddDigest
NSS_CMSSignedData_AddSignerInfo
NSS_CMSSignedData_Create
NSS_CMSSignedData_CreateCertsOnly
NSS_CMSSignedData_Destroy
NSS_CMSSignedData_GetContentInfo
NSS_CMSSignedData_GetDigestAlgs
NSS_CMSSignedData_GetSignerInfo
NSS_CMSSignedData_HasDigests
NSS_CMSSignedData_ImportCerts
NSS_CMSSignedData_SetDigestValue
NSS_CMSSignedData_SetDigests
NSS_CMSSignedData_SignerInfoCount
NSS_CMSSignedData_VerifyCertsOnly
NSS_CMSSignedData_VerifySignerInfo
NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs
NSS_CMSSignerInfo_AddSMIMECaps
NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs
NSS_CMSSignerInfo_AddSigningTime
NSS_CMSSignerInfo_Create
NSS_CMSSignerInfo_CreateWithSubjKeyID
NSS_CMSSignerInfo_Destroy
NSS_CMSSignerInfo_GetCertList
NSS_CMSSignerInfo_GetSignerCommonName
NSS_CMSSignerInfo_GetSignerEmailAddress
NSS_CMSSignerInfo_GetSigningCertificate
NSS_CMSSignerInfo_GetSigningTime
NSS_CMSSignerInfo_GetVerificationStatus
NSS_CMSSignerInfo_GetVersion
NSS_CMSSignerInfo_IncludeCerts
NSS_CMSType_RegisterContentType
NSS_CMSUtil_VerificationStatusToString
NSS_Get_NSSCMSGenericWrapperDataTemplate
NSS_Get_NSS_PointerToCMSGenericWrapperDataTemplate
NSS_SMIMESignerInfo_SaveSMIMEProfile
NSS_SMIMEUtil_CreateMSSMIMEEncKeyPrefs
NSS_SMIMEUtil_FindBulkAlgForRecipients
SECMIME_DecryptionAllowed
SEC_PKCS12AddCertAndKey
SEC_PKCS12AddCertOrChainAndKey
SEC_PKCS12AddPasswordIntegrity
SEC_PKCS12CreateExportContext
SEC_PKCS12CreatePasswordPrivSafe
SEC_PKCS12CreateUnencryptedSafe
SEC_PKCS12DecoderFinish
SEC_PKCS12DecoderGetCerts
SEC_PKCS12DecoderImportBags
SEC_PKCS12DecoderIterateInit
SEC_PKCS12DecoderIterateNext
SEC_PKCS12DecoderSetTargetTokenCAs
SEC_PKCS12DecoderStart
SEC_PKCS12DecoderUpdate
SEC_PKCS12DecoderValidateBags
SEC_PKCS12DecoderVerify
SEC_PKCS12DecryptionAllowed
SEC_PKCS12DestroyExportContext
SEC_PKCS12EnableCipher
SEC_PKCS12Encode
SEC_PKCS12IsEncryptionAllowed
SEC_PKCS12SetPreferredCipher
SEC_PKCS7AddCertificate
SEC_PKCS7AddRecipient
SEC_PKCS7AddSigningTime
SEC_PKCS7ContainsCertsOrCrls
SEC_PKCS7ContentIsEncrypted
SEC_PKCS7ContentIsSigned
SEC_PKCS7ContentType
SEC_PKCS7CopyContentInfo
SEC_PKCS7CreateCertsOnly
SEC_PKCS7CreateData
SEC_PKCS7CreateEncryptedData
SEC_PKCS7CreateEnvelopedData
SEC_PKCS7CreateSignedData
SEC_PKCS7DecodeItem
SEC_PKCS7DecoderAbort
SEC_PKCS7DecoderFinish
SEC_PKCS7DecoderStart
SEC_PKCS7DecoderUpdate
SEC_PKCS7DecryptContents
SEC_PKCS7DestroyContentInfo
SEC_PKCS7Encode
SEC_PKCS7EncodeItem
SEC_PKCS7EncoderAbort
SEC_PKCS7EncoderFinish
SEC_PKCS7EncoderStart
SEC_PKCS7EncoderUpdate
SEC_PKCS7GetCertificateList
SEC_PKCS7GetContent
SEC_PKCS7GetEncryptionAlgorithm
SEC_PKCS7GetSignerCommonName
SEC_PKCS7GetSignerEmailAddress
SEC_PKCS7GetSigningTime
SEC_PKCS7IncludeCertChain
SEC_PKCS7IsContentEmpty
SEC_PKCS7SetContent
SEC_PKCS7VerifyDetachedSignature
SEC_PKCS7VerifySignature

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMPfolder/FetfQynki/softokn3.dll
.dll .ps1 windows:5 windows x86 arch:x86 polyglot

44653ae2122bfb7a591e41b1eccba9c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

sqlite3

sqlite3_bind_text
sqlite3_bind_int
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_step
sqlite3_column_int
sqlite3_prepare_v2
sqlite3_bind_blob
sqlite3_reset
sqlite3_finalize
sqlite3_open
sqlite3_busy_timeout
sqlite3_close
sqlite3_free
sqlite3_mprintf
sqlite3_exec

nssutil3

SECITEM_CompareItem_Util
PORT_Strdup_Util
SECOID_FindOIDByMechanism
SEC_QuickDERDecodeItem_Util
SGN_DecodeDigestInfo
SGN_CreateDigestInfo_Util
DER_Encode_Util
SGN_DestroyDigestInfo_Util
PORT_GetError_Util
UTIL_SetForkState
SECOID_Shutdown
SECOID_Init
SECITEM_HashCompare
DER_SetUInteger
PORT_ArenaAlloc_Util
PORT_ArenaGrow_Util
PORT_Realloc_Util
SECOID_GetAlgorithmTag_Util
SEC_ASN1DecodeItem_Util
DER_GetInteger_Util
SEC_ASN1EncodeInteger_Util
SEC_ASN1EncodeItem_Util
SECOID_SetAlgorithmID_Util
SECOID_CopyAlgorithmID_Util
SECOID_DestroyAlgorithmID_Util
SECITEM_DupItem_Util
SECITEM_AllocItem_Util
PORT_ZFree_Util
SECITEM_ZfreeItem_Util
PORT_ZAlloc_Util
SECITEM_FreeItem_Util
PORT_NewArena_Util
PORT_ArenaZAlloc_Util
SECITEM_CopyItem_Util
NSS_Get_SEC_AnyTemplate_Util
NSS_Get_SEC_BitStringTemplate_Util
NSS_Get_SEC_ObjectIDTemplate_Util
NSS_Get_SECOID_AlgorithmIDTemplate_Util
PORT_SetError_Util
PORT_Alloc_Util
PORT_Free_Util
PORT_FreeArena_Util

libplc4

PL_strcasecmp
PL_strncasecmp

libplds4

PL_HashTableDestroy
PL_HashTableRemove
PL_NewHashTable
PL_HashTableAdd
PL_HashTableLookupConst
PL_HashTableEnumerateEntries
PL_CompareValues
PL_HashTableLookup

libnspr4

PR_ExitMonitor
PR_GetCurrentThread
PR_EnterMonitor
PR_Now
PR_DestroyMonitor
PR_NewMonitor
PR_smprintf
PR_Rename
PR_Delete
PR_Free
PR_SetError
PR_CallOnce
PR_IntervalNow
PR_Access
PR_SecondsToInterval
PR_NewLock
PR_Sleep
PR_smprintf_free
PR_DestroyLock
PR_FindFunctionSymbol
PR_UnloadLibrary
PR_Lock
PR_Unlock
PR_GetLibraryFilePathname
PR_GetDirectorySeparator
PR_LoadLibraryWithFlags
PR_GetEnv
PR_snprintf
PR_MillisecondsToInterval

kernel32

GetFileAttributesA
SetFileAttributesA
GetProcessHeap
SetEndOfFile
HeapSize
CreateFileA
ReadFile
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwind
CloseHandle
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
Sleep
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapDestroy
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCommandLineA
GetCurrentThreadId
HeapAlloc
HeapFree
GetLastError
GetModuleHandleW

Exports

Exports

C_GetFunctionList
FC_GetFunctionList
NSC_GetFunctionList
NSC_ModuleDBFunc

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMPfolder/FetfQynki/sqlite3.dll
.dll windows:5 windows x86 arch:x86

6f383944ad37c3b1c6ab47bdb43092ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
InitializeCriticalSection
InterlockedCompareExchange
DeleteCriticalSection
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
AreFileApisANSI
CloseHandle
ReadFile
GetLastError
SetFilePointer
WriteFile
SetEndOfFile
FlushFileBuffers
GetFileSize
UnlockFile
LockFile
GetFileAttributesA
DeleteFileA
GetFileAttributesW
DeleteFileW
LoadLibraryA
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
LockFileEx
GetTempPathA
GetTempPathW
LocalFree
FormatMessageA
FormatMessageW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
CreateFileA
CreateFileW
HeapAlloc
HeapFree
HeapReAlloc
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
GetModuleHandleA
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_data_count
sqlite3_db_handle
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_result_codes
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_load_extension
sqlite3_malloc
sqlite3_mprintf
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_realloc
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_sleep
sqlite3_snprintf
sqlite3_step
sqlite3_thread_cleanup
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vmprintf

Sections

.text
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMPfolder/FetfQynki/ssl3.dll
.dll windows:5 windows x86 arch:x86

669657e3b303bd7906e02a3d3b84c380

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

nss3

CERT_CertChainFromCert
PK11_GetSlotFromPrivateKey
PK11_GetInternalSlot
PK11_GetKeyData
CERT_DestroyCertificateList
SECKEY_CreateRSAPrivateKey
SECKEY_DestroyPrivateKey
CERT_DupCertificate
PK11_FreeSymKey
PK11_GetWrapKey
PK11_GetBestWrapMechanism
PK11_SetWrapKey
PK11_GetMechanism
PK11_WrapSymKey
CERT_DestroyCertificate
PK11_VerifyKeyOK
PK11_GetCurrentWrapIndex
PK11_PubDerive
SECKEY_CreateDHPrivateKey
SECKEY_PublicKeyStrengthInBits
PK11_ImportSymKey
PK11_UnwrapSymKeyWithFlags
SECKEY_UpdateCertPQG
CERT_NewTempCertificate
CERT_NameToAscii
CERT_VerifyCertName
CERT_VerifyCertNow
HASH_GetHashObject
__PK11_CreateContextByRawKey
PK11_GetBestSlot
PK11_PubDecryptRaw
PK11_PubEncryptRaw
CERT_FindCertByName
CERT_FindUserCertByUsage
PK11_FindKeyByAnyCert
CERT_GetCertNicknames
CERT_CheckCertValidTimes
CERT_FreeNicknames
CERT_GetDefaultCertDB
CERT_DupDistNames
CERT_DistNamesFromCertList
PK11_ReferenceSlot
PK11_CopyTokenPrivKeyToSessionPrivKey
PK11_MapSignKeyType
SECKEY_CopyPrivateKey
SECKEY_CacheStaticFlags
CERT_DupCertList
CERT_GetSSLCACerts
CERT_FreeDistNames
PK11_Finalize
NSS_RegisterShutdown
NSS_VersionCheck
VFY_CreateContext
VFY_Begin
VFY_Update
VFY_End
VFY_DestroyContext
SGN_NewContext
SGN_Begin
SGN_Update
SGN_End
PK11_ReferenceSymKey
PK11_GetBestKeyLength
PK11_SaveContextAlloc
PK11_DigestKey
PK11_RestoreContext
PK11_CreateDigestContext
PK11_Derive
PK11_GetSlotFromKey
PK11_SymKeyFromHandle
SECMOD_LookupSlot
PK11_IsPresent
PK11_GetSlotSeries
PK11_GetSlotID
PK11_GetModuleID
PK11_NeedLogin
PK11_IsLoggedIn
PK11_DigestBegin
PK11_DigestOp
PK11_DigestFinal
PK11_CreateContextBySymKey
PK11_IVFromParam
PK11_CipherOp
PK11_ParamFromIV
PK11_DestroyContext
PK11_HashBuf
DSAU_DecodeDerSig
PK11_Verify
PK11_SignatureLen
PK11_Sign
DSAU_EncodeDerSigWithLen
PK11_GenerateRandom
PK11_TokenExists
CERT_ExtractPublicKey
SECKEY_GetPrivateKeyType
PK11_GetPrivateModulusLen
PK11_GetBestSlotMultiple
PK11_KeyGen
PK11_FreeSlot
SECKEY_PublicKeyStrength
PK11_PubWrapSymKey
PK11_PrivDecryptPKCS1
PK11_PubUnwrapSymKey
SECKEY_DestroyPublicKey
PK11_DeriveWithFlags
PK11_ExtractKeyValue
SGN_DestroyContext

nssutil3

SECITEM_DupItem_Util
DER_Lengths_Util
NSSRWLock_New_Util
NSSRWLock_Destroy_Util
ATOB_AsciiToData_Util
BTOA_DataToAscii_Util
SECITEM_Hash
SECOID_GetAlgorithmTag_Util
PORT_Realloc_Util
SECITEM_AllocItem_Util
SECITEM_ZfreeItem_Util
NSS_SecureMemcmp
PORT_ArenaAlloc_Util
PORT_NewArena_Util
PORT_ArenaZAlloc_Util
PORT_GetError_Util
PORT_FreeArena_Util
PORT_ZAlloc_Util
SECITEM_CopyItem_Util
PORT_Strdup_Util
SECITEM_CompareItem_Util
NSSRWLock_LockRead_Util
NSSRWLock_UnlockRead_Util
PORT_ZFree_Util
NSSRWLock_LockWrite_Util
NSSRWLock_UnlockWrite_Util
PORT_Free_Util
PORT_Alloc_Util
SECITEM_FreeItem_Util
PORT_SetError_Util
NSS_PutEnv_Util

libplc4

PL_strdup

libnspr4

PR_GetEnv
PR_FindFunctionSymbol
PR_UnloadLibrary
PR_GetLibraryFilePathname
PR_Free
PR_GetDirectorySeparator
PR_LoadLibraryWithFlags
PR_Now
PR_Close
PR_NewMonitor
PR_CreateIOLayerStub
PR_PushIOLayer
PR_GetUniqueIdentity
PR_GetDefaultIOMethods
PR_GetSocketOption
PR_ConvertIPv4AddrToIPv6
PR_SetError
PR_DestroyMonitor
PR_GetIdentitiesLayer
PR_EmulateAcceptRead
PR_EmulateSendFile
PR_ImportFileMapFromString
PR_ExportFileMapAsString
PR_smprintf
PR_OpenAnonFileMap
PR_smprintf_free
PR_MemMap
PR_MemUnmap
PR_CloseFileMap
PR_StringToNetAddr
PR_CallOnceWithArg
PR_CallOnce
PR_ErrorInstallTable
PR_PopIOLayer
PR_GetCurrentThread
PR_ExitMonitor
PR_Sleep
PR_EnterMonitor
PR_GetError
PR_NewLock
PR_Lock
PR_Unlock
PR_DestroyLock

kernel32

VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetProcAddress
Sleep
GetModuleHandleW
WideCharToMultiByte
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
HeapAlloc
GetCommandLineA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
WaitForSingleObject
ReleaseMutex
CloseHandle
CreateMutexA
GetLastError
GetTickCount
VirtualAlloc
HeapReAlloc
WriteFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
MultiByteToWideChar
CompareStringW
SetEnvironmentVariableA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
QueryPerformanceCounter

Exports

Exports

NSSSSL_GetVersion
NSSSSL_VersionCheck
NSS_CmpCertChainWCANames
NSS_FindCertKEAType
NSS_GetClientAuthData
NSS_SetDomesticPolicy
NSS_SetExportPolicy
NSS_SetFrancePolicy
SSL_AuthCertificate
SSL_AuthCertificateComplete
SSL_AuthCertificateHook
SSL_BadCertHook
SSL_CanBypass
SSL_CertDBHandleSet
SSL_CipherPolicyGet
SSL_CipherPolicySet
SSL_CipherPrefGet
SSL_CipherPrefGetDefault
SSL_CipherPrefSet
SSL_CipherPrefSetDefault
SSL_ClearSessionCache
SSL_ConfigMPServerSIDCache
SSL_ConfigSecureServer
SSL_ConfigSecureServerWithCertChain
SSL_ConfigServerSessionIDCache
SSL_ConfigServerSessionIDCacheWithOpt
SSL_DataPending
SSL_ForceHandshake
SSL_ForceHandshakeWithTimeout
SSL_GetChannelInfo
SSL_GetCipherSuiteInfo
SSL_GetClientAuthDataHook
SSL_GetImplementedCiphers
SSL_GetMaxServerCacheLocks
SSL_GetNegotiatedHostInfo
SSL_GetNextProto
SSL_GetNumImplementedCiphers
SSL_GetSessionID
SSL_GetStatistics
SSL_HandshakeCallback
SSL_HandshakeNegotiatedExtension
SSL_ImplementedCiphers
SSL_ImportFD
SSL_InheritMPServerSIDCache
SSL_InvalidateSession
SSL_LocalCertificate
SSL_NumImplementedCiphers
SSL_OptionGet
SSL_OptionGetDefault
SSL_OptionSet
SSL_OptionSetDefault
SSL_PeerCertificate
SSL_PreencryptedFileToStream
SSL_PreencryptedStreamToFile
SSL_ReHandshake
SSL_ReHandshakeWithTimeout
SSL_ReconfigFD
SSL_ResetHandshake
SSL_RestartHandshakeAfterCertReq
SSL_RestartHandshakeAfterServerCert
SSL_RevealCert
SSL_RevealPinArg
SSL_RevealURL
SSL_SNISocketConfigHook
SSL_SecurityStatus
SSL_SetMaxServerCacheLocks
SSL_SetNextProtoCallback
SSL_SetNextProtoNego
SSL_SetPKCS11PinArg
SSL_SetSockPeerID
SSL_SetTrustAnchors
SSL_SetURL
SSL_ShutdownServerSessionIDCache

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

01Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

e0:cc:f6:b2:cd:fb:29:c1:9c:37:79:2e:65:02:75:4b:cb:d3:e8:cdSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 17KB - Virtual size: 16KB

973cc502fad9ce6369193e95a6d84c49

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

01Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

85:77:f3:a1:f6:e3:54:52:ad:5e:1a:5c:a5:69:bb:5f:db:8e:8e:1aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 116KB - Virtual size: 116KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 2KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 288B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1024B - Virtual size: 896B

.reloc Size: 8KB - Virtual size: 7KB

08f0e73ce2d729ef5ca630cbbd7cfcf8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

01Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

47:04:dc:fd:30:de:d1:82:01:51:7c:b7:9a:93:ea:a0:b7:a9:eb:73Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

01
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

e0:cc:f6:b2:cd:fb:29:c1:9c:37:79:2e:65:02:75:4b:cb:d3:e8:cd
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 17KB - Virtual size: 16KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

01
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

85:77:f3:a1:f6:e3:54:52:ad:5e:1a:5c:a5:69:bb:5f:db:8e:8e:1a
Signer

.text
Size: 116KB - Virtual size: 116KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 2KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 288B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024B - Virtual size: 896B

.reloc
Size: 8KB - Virtual size: 7KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

01
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

47:04:dc:fd:30:de:d1:82:01:51:7c:b7:9a:93:ea:a0:b7:a9:eb:73
Signer

.text
Size: 192KB - Virtual size: 191KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 2KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 240B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 9KB - Virtual size: 9KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

01
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

c7:b0:92:73:63:c3:02:c8:8e:bc:a8:bb:c4:12:f8:d1:3d:f4:85:b1
Signer

.text
Size: 70KB - Virtual size: 69KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 2KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 260B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 5KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

01
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

ee:ba:c4:62:5e:8a:d0:6d:8e:76:51:7b:4f:9d:f1:17:4e:ed:58:90
Signer

.text
Size: 487KB - Virtual size: 486KB

.rdata
Size: 122KB - Virtual size: 121KB

.data
Size: 4KB - Virtual size: 11KB

.pdata
Size: 30KB - Virtual size: 30KB

.gfids
Size: 512B - Virtual size: 460B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024B - Virtual size: 648B