36f54e5914b99cc37b47f69dc7ac9229_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

36f54e5914b99cc37b47f69dc7ac9229_JaffaCakes118
Size

2.4MB
MD5

36f54e5914b99cc37b47f69dc7ac9229
SHA1

c4914e8dad3d76095514733986e3223ce79474f3
SHA256

36faadfec58ce9fd3a09d97d8e795ce1a558586de3dd32629c6acbecc57c3c8a
SHA512

c22daee42b015d09adc4f216ecb77b386ee7743f613dadf26d25abeaf38ffa726c0476f2ad39ecfbb5c8c1816833bff37b4f44e64c68a6c686575a08e2d829c6
SSDEEP

49152:iVU7iCMhmjpEQ//esERx0IBKoWfqy3VUgu0eUNnAZhD+cFjVsaKvgJEP:iVUu4iQOzxDsqyTTNn0D/FBs8EP

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack002/$PLUGINSDIR/System.dll

Files

36f54e5914b99cc37b47f69dc7ac9229_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:1c:f9:11:f1:8d:80:b7:88:a2:66:11:05:47:d9:35:d9:42:7f:0d
Signer

Actual PE Digest

12:1c:f9:11:f1:8d:80:b7:88:a2:66:11:05:47:d9:35:d9:42:7f:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/PublisherLogoDefault.bmp
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/alerts_icon.bmp
$PLUGINSDIR/home_icon.bmp
$PLUGINSDIR/license.txt
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/revert_icon.bmp
$PLUGINSDIR/search_icon.bmp
$PLUGINSDIR/setup_top.bmp
$PLUGINSDIR/truste_setup.bmp
$TEMP/SPStub.exe
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:a7:77:03:db:64:4a:1b:cd:10:fb:d6:30:86:0d:66:df:d3:9f:10
Signer

Actual PE Digest

03:a7:77:03:db:64:4a:1b:cd:10:fb:d6:30:86:0d:66:df:d3:9f:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

917ae9b9adb269abd5543f5bf5676bac

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:cc:a5:24:8b:f6:3f:d7:e8:f0:66:8a:50:51:b3:bc:7c:15:da:0f
Signer

Actual PE Digest

25:cc:a5:24:8b:f6:3f:d7:e8:f0:66:8a:50:51:b3:bc:7c:15:da:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
wcsrchr
wcstoul
memset
wcsstr
wcstol

kernel32

DeleteFileW
WideCharToMultiByte
CreateFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleW
MulDiv
lstrcpyW
GlobalAlloc
LoadLibraryW
GetProcAddress
lstrcmpiW
lstrlenW
WriteFile
ReadFile
lstrcmpW
lstrcpynW
GetLastError
CreateFileW
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatW
GetFileSize

user32

MessageBoxW
GetParent
ShowWindow
SetWindowLongW
IsWindow
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
PostMessageW
GetWindowTextW
SendMessageW
SetDlgItemTextW
SetWindowPos
SystemParametersInfoW
GetClientRect
GetWindowRect
SetTimer
LoadIconW
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
IsWindowVisible
EnableWindow
CreateDialogParamW
FindWindowExW
wsprintfA
wsprintfW
GetWindowLongW

wininet

HttpSendRequestW
HttpSendRequestExW
HttpQueryInfoW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestW
HttpAddRequestHeadersW
HttpEndRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/ToolbarHelper.exe
.exe windows:5 windows x86 arch:x86

7b25d62fac6a93a74552bdc3dd699b98

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:f2:3d:cc:93:55:ab:6d:73:01:69:23:5b:cc:8c:e8:25:b7:8e:77
Signer

Actual PE Digest

77:f2:3d:cc:93:55:ab:6d:73:01:69:23:5b:cc:8c:e8:25:b7:8e:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.12\6.12.0\ToolbarHelper\Release\ToolbarHelper.pdb

Imports

kernel32

GetCommandLineW
LocalFree
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
WriteConsoleW
SetStdHandle
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetLastError
SetLastError
GetCurrentThreadId
MultiByteToWideChar
HeapFree
HeapAlloc
RaiseException
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
Sleep
RtlUnwind
GetStringTypeW
LCMapStringW
LoadLibraryExW
OutputDebugStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapReAlloc
SetFilePointerEx
HeapSize
CloseHandle
CreateFileW

shell32

CommandLineToArgvW

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/toolbar.cfg
$_212_/$_212_/$_217_
.dll regsvr32 windows:5 windows x86 arch:x86

90e03e8777b94714012c80a85d64013c

Code Sign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Conduit\RnD\Client\IE\Dev\5.4\SingleComponent\Alert\Release\Alert.pdb

Imports

winmm

timeGetTime

user32

GetCapture
ReleaseCapture
GetIconInfo
CopyRect
CharLowerBuffA
SetWindowTextW
SetWindowRgn
CreateDialogParamW
DialogBoxParamW
EnableWindow
EndDialog
SetLayeredWindowAttributes
GetSysColor
SystemParametersInfoW
EnumChildWindows
GetClassNameW
SetCapture
GetMonitorInfoA
RegisterWindowMessageW
DrawFocusRect
GetDC
ReleaseDC
SetDlgItemTextW
IsWindow
GetDlgItem
PostMessageA
SetTimer
KillTimer
PostThreadMessageA
DestroyWindow
DefWindowProcA
GetWindowLongA
SendMessageA
FindWindowW
MonitorFromRect
GetWindowTextW
InflateRect
GetAsyncKeyState
IsWindowUnicode
GetSystemMetrics
IsChild
SetWindowLongW
CreateWindowExA
DrawIconEx
DispatchMessageW
GetMessageA
MsgWaitForMultipleObjects
DispatchMessageA
TranslateMessage
GetLastInputInfo
SendMessageW
PeekMessageA
GetDesktopWindow
ShowWindow
FindWindowExW
PostMessageW
GetWindowRect
GetClientRect
SetForegroundWindow
SetFocus
TrackPopupMenu
GetMenuItemCount
InsertMenuItemW
CreatePopupMenu
DestroyMenu
FindWindowExA
LoadImageW
DestroyIcon
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
GetClassInfoW
RegisterClassW
GetWindowRgn
SetWindowLongA
CallWindowProcA
GetParent
BeginPaint
EndPaint
SetParent
MoveWindow
IsWindowVisible
CreateWindowExW
GetWindowLongW
DefWindowProcW
CallWindowProcW
FillRect
LoadCursorA
SetCursor
GetCursorPos
ClientToScreen
ScreenToClient
OffsetRect
PtInRect
DrawTextW
InvalidateRect
SetWindowPos
wsprintfW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

urlmon

URLDownloadToFileW
ObtainUserAgentString

kernel32

GetExitCodeThread
CreateThread
GetModuleFileNameW
GetModuleHandleW
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentThreadId
TerminateThread
CreateMutexW
GetLastError
ReleaseMutex
CloseHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
CreateFileA
ReadFile
FindClose
InterlockedExchange
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringA
CreateFileW
GetFileSize
VirtualAlloc
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FindFirstFileW
CopyFileW
RemoveDirectoryW
MoveFileExW
FindNextFileW
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
SetLastError
InterlockedIncrement
TlsFree
GetFileType
GetConsoleMode
GetConsoleCP
MoveFileW
HeapReAlloc
HeapAlloc
GetCommandLineA
ResumeThread
ExitThread
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetProcessHeap
HeapFree
GetLocalTime
WriteFile
CreateDirectoryW
SystemTimeToFileTime
SetFilePointer
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
GlobalAlloc
GlobalLock
LoadLibraryA
GlobalUnlock
GetSystemTimeAsFileTime
SizeofResource
SetThreadPriority
GetCurrentThread
GetLongPathNameW
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringW
LockResource
LoadResource
FindResourceW
LocalFree
LocalAlloc
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetVersionExA
DeleteFileW
SetFileAttributesW
GetFileAttributesW
TerminateProcess
MulDiv
lstrcpyW
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetComputerNameW
GlobalFree

gdi32

CreateRectRgn
GetBkMode
GetBkColor
GetPixel
SetPixel
PlgBlt
SelectPalette
RealizePalette
GdiFlush
OffsetRgn
GetObjectA
CombineRgn
SetLayout
GetDeviceCaps
CreateFontIndirectW
GetWindowOrgEx
SetWindowOrgEx
MoveToEx
LineTo
FrameRgn
GetTextColor
GetLayout
SetTextColor
SetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
ExcludeClipRect
Rectangle
BitBlt
DeleteDC
CreateSolidBrush
CreatePen
SelectObject
RoundRect
DeleteObject
SetBkMode
GetStockObject

shell32

SHGetFolderPathW
ShellExecuteW
SHCreateDirectoryExW
Shell_NotifyIconW

ole32

IIDFromString
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoCreateGuid
StringFromGUID2
CoInitialize
CoUninitialize
CLSIDFromString

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString
SysStringLen
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
OleLoadPicture

psapi

GetProcessMemoryInfo

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent
ord17

wininet

InternetCrackUrlW
InternetOpenW
InternetSetOptionW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetCanonicalizeUrlA

crypt32

CryptQueryObject
CertCloseStore
CryptMsgClose
CertFreeCertificateContext
CertGetNameStringW
CertGetNameStringA
CertFindCertificateInStore
CryptMsgGetParam

advapi32

RegDeleteValueW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyW
RegEnumValueW
RegEnumKeyExW
SetSecurityDescriptorSacl
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllOnUpdateFinish
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_47_
.dll regsvr32 windows:5 windows x86 arch:x86

e4f041db06ae34a0958bca416d89ae59

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:b5:01:8e:18:8e:4f:9b:e1:bd:b2:ad:b4:d2:fc:af:a8:12:f4:b2
Signer

Actual PE Digest

51:b5:01:8e:18:8e:4f:9b:e1:bd:b2:ad:b4:d2:fc:af:a8:12:f4:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.12\6.12.0\Release\tbedrs.pdb

Imports

comctl32

CreateToolbarEx
InitCommonControlsEx
CreatePropertySheetPageW
PropertySheetW
_TrackMouseEvent
ImageList_ReplaceIcon
ord17
ImageList_Create

wininet

InternetQueryOptionA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetGetCookieW
InternetSetOptionA
InternetCloseHandle
InternetConnectA
InternetGetLastResponseInfoA
HttpQueryInfoA
HttpSendRequestA
InternetSetOptionExA
HttpOpenRequestA
InternetOpenA
InternetCrackUrlA
InternetReadFile
InternetOpenUrlW
InternetSetCookieW
InternetCanonicalizeUrlA
GetUrlCacheEntryInfoW
InternetGetConnectedState
InternetSetOptionW
InternetOpenW

shlwapi

StrCpyW
PathFileExistsW
PathFindFileNameW
UrlEscapeW
SHDeleteKeyA

wsock32

WSAGetLastError
gethostbyname
closesocket
select
recv
send
connect
htons
WSACleanup
socket
setsockopt
WSASetLastError
ioctlsocket
WSAStartup

msimg32

GradientFill

urlmon

ObtainUserAgentString
URLDownloadToFileW

crypt32

CryptUnprotectData
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringA
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CryptProtectData

winmm

timeGetTime
PlaySoundW
PlaySoundA
sndPlaySoundW

kernel32

WriteProcessMemory
VirtualAllocEx
CopyFileW
WaitForSingleObject
lstrlenA
GetVersionExW
GetShortPathNameW
GetUserDefaultLCID
GetLongPathNameW
CreateDirectoryW
CreateEventA
Thread32Next
Thread32First
SetThreadPriority
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
FlushFileBuffers
SetFilePointerEx
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetOEMCP
GetACP
IsValidCodePage
HeapSize
ExitProcess
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
InitializeCriticalSectionAndSpinCount
WriteConsoleW
GetModuleHandleExW
GetStdHandle
GetFileType
GetConsoleCP
ReadConsoleW
GetConsoleMode
RtlUnwind
RaiseException
GetCommandLineA
IsProcessorFeaturePresent
LocalFree
LoadLibraryExW
HeapReAlloc
DecodePointer
EncodePointer
InterlockedExchange
GetCurrentThread
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
TlsSetValue
TlsFree
TlsGetValue
TlsAlloc
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
GetOverlappedResult
WriteFile
SetNamedPipeHandleState
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
MoveFileExW
FindClose
FindNextFileW
RemoveDirectoryW
FindFirstFileW
GetFileTime
GetSystemTimeAsFileTime
GetComputerNameW
IsWow64Process
ReadFile
GlobalLock
GlobalAlloc
GetFileSize
CreateFileW
GlobalFree
GlobalUnlock
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
HeapFree
GetProcessHeap
HeapAlloc
MulDiv
SetFileAttributesW
DeleteFileW
GetVersionExA
LoadLibraryA
LocalAlloc
SizeofResource
OutputDebugStringW
lstrcpyA
lstrcpyW
InterlockedIncrement
LoadLibraryW
GetModuleHandleW
Process32Next
Process32First
ReleaseMutex
CreateToolhelp32Snapshot
GetThreadPriority
ResumeThread
GetThreadContext
SuspendThread
OpenThread
VirtualFree
VirtualAlloc
VirtualQuery
GetSystemInfo
FlushInstructionCache
VirtualProtectEx
GetCurrentProcess
CreateProcessW
ExpandEnvironmentStringsW
GetLocaleInfoW
Beep
GetTimeFormatW
GetDateFormatW
GetLocalTime
SystemTimeToFileTime
GetTempPathW
FreeResource
LockResource
LoadResource
FindResourceW
GetFileAttributesW
GetModuleHandleA
lstrlenW
TerminateThread
TerminateProcess
MultiByteToWideChar
WideCharToMultiByte
SetLastError
GetSystemDirectoryW
CreateRemoteThread
GetProcAddress
GetStringTypeW
VirtualFreeEx
OpenProcess
IsDebuggerPresent
FreeLibrary
GetTickCount
OpenMutexW
OpenEventW
WaitForMultipleObjects
ExitThread
SetEvent
CreateThread
CreateEventW
GetLastError
CreateMutexW
GetCurrentThreadId
Sleep
InterlockedDecrement
GetCurrentProcessId
CloseHandle
GetModuleFileNameW
LoadLibraryExA

user32

GetDlgItem
IsWindow
SetWindowLongW
SendMessageA
MoveWindow
SetWindowTextW
SetWindowTextA
wsprintfW
SetDlgItemTextW
GetClientRect
GetWindowRect
GetDlgCtrlID
ShowWindow
GetWindowLongW
GetParent
LoadCursorW
GetMessageW
PeekMessageW
MessageBoxW
IsRectEmpty
RegisterClassExW
GetClassInfoExW
SetClassLongA
CopyRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CharUpperW
SendMessageTimeoutA
InflateRect
SetLayeredWindowAttributes
LoadImageW
GetWindowRgn
MessageBeep
GetActiveWindow
IsDialogMessageW
IsDialogMessageA
SetDlgItemInt
GetKeyState
SetForegroundWindow
GetDlgItemTextA
SetClassLongW
FrameRect
DrawFrameControl
AllowSetForegroundWindow
DeferWindowPos
DrawEdge
MsgWaitForMultipleObjects
PeekMessageA
PostThreadMessageA
SetParent
GetDlgItemTextW
GetScrollInfo
GetMenuItemRect
GetMenuState
SetMenuItemInfoW
EnableMenuItem
DeleteMenu
TrackPopupMenu
InsertMenuItemA
CreatePopupMenu
DestroyMenu
GetMenuItemID
SetMenuInfo
GetMenuInfo
IsMenu
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
CharLowerBuffA
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetUpdateRect
GetCapture
DispatchMessageA
DispatchMessageW
TranslateMessage
ReleaseCapture
GetMessageA
SetCapture
SetActiveWindow
EndPaint
BeginPaint
SetRect
OffsetRect
DrawIconEx
GetIconInfo
DestroyIcon
GetSystemMetrics
FillRect
UnregisterClassA
CheckMenuItem
GetMenuItemInfoW
GetMenuItemCount
GetForegroundWindow
GetWindowTextLengthW
SendMessageW
EndDialog
FindWindowW
GetAsyncKeyState
GetMenuItemInfoA
SetWindowRgn
RegisterWindowMessageA
GetClassNameW
DestroyWindow
CreateWindowExW
SetWindowLongA
GetWindowLongA
GetDesktopWindow
IsChild
GetFocus
KillTimer
GetSysColor
CallWindowProcW
IsWindowUnicode
DefWindowProcW
GetWindowThreadProcessId
PostMessageW
SetWindowPos
RegisterClassW
GetClassInfoW
SetTimer
SetFocus
PtInRect
ScreenToClient
GetCursorPos
IsWindowVisible
SetRectEmpty
GetWindowTextW
FindWindowExW
EnumWindows
LoadCursorA
SetCursor
ReleaseDC
DrawTextW
GetDC
PostMessageA
CallWindowProcA
InvalidateRect
ClientToScreen
SendInput
IsIconic
GetLastInputInfo
RegisterWindowMessageW
MonitorFromRect
GetMonitorInfoA
EnumChildWindows
SystemParametersInfoW
GetClassNameA
DrawFocusRect
DialogBoxParamW
CreateDialogParamW
DefWindowProcA

gdi32

StretchBlt
SetStretchBltMode
GetStretchBltMode
GetObjectW
FrameRgn
OffsetRgn
SetRectRgn
ExcludeClipRect
TextOutW
SetTextAlign
GetPixel
CombineRgn
BitBlt
CreateCompatibleBitmap
Polygon
GdiFlush
SetPixel
GetObjectA
GetTextAlign
GetLayout
GetTextExtentPoint32W
Rectangle
DeleteDC
CreateCompatibleDC
SetBkColor
CreateSolidBrush
CreateFontIndirectW
CreateRectRgn
DeleteObject
LineTo
MoveToEx
SelectObject
CreatePen
SetWindowOrgEx
GetWindowOrgEx
SetTextColor
SetBkMode
GetStockObject
RoundRect
SetLayout
GetDeviceCaps
PtInRegion
GetTextColor
SelectPalette
RealizePalette
PlgBlt
GetBkMode
GetBkColor
CreateDCW
GetDIBits

comdlg32

GetOpenFileNameW

advapi32

RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExA
RegDeleteKeyA
OpenProcessToken
DeleteAce
LookupAccountSidW
GetAce
GetNamedSecurityInfoW
SetEntriesInAclA
SetNamedSecurityInfoW
CryptAcquireContextA
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
ConvertSidToStringSidA
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
DuplicateTokenEx
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
RegSetValueExW

shell32

SHGetFolderPathW
ShellExecuteExW
ShellExecuteW
SHCreateDirectoryExW

ole32

CoCreateGuid
CoSetProxyBlanket
CoInitializeSecurity
IIDFromString
CLSIDFromString
OleUninitialize
OleInitialize
CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemFree
CoUninitialize
CoGetMalloc
StringFromIID
CoInitialize
StringFromGUID2
CoCreateInstance

oleaut32

SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetUBound
OleLoadPicture
SafeArrayCreateVector
SysStringByteLen
SysAllocString
SysFreeString
VariantInit
VariantClear
CreateDispTypeInfo
VariantCopy
VariantChangeType
SysAllocStringByteLen
SysStringLen
VarBstrCmp
SysAllocStringLen

psapi

GetProcessImageFileNameW
GetModuleBaseNameW
EnumProcesses
GetProcessMemoryInfo
EnumProcessModules
GetModuleFileNameExW

dnsapi

DnsQuery_A

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

DLLOnUninstallEraseAll
DllAddInstalltionGlobalKey
DllBrowserSearchProtectorRevert
DllCallInstallerService
DllCanUnloadNow
DllCleanEnableExtensionDoing
DllConnectToIE
DllDeleteOldName
DllEnableExtension
DllExpireSocialCookies
DllGetClassObject
DllGetInstallFileNameExt
DllGetInstallFileNameExtW
DllGetInstallationId
DllGetMachineID
DllHandleUserID
DllHomePageProtectorRevert
DllModifySearchEngine
DllModifySearchEngineNonSilent
DllModifySearchEngineSilent
DllOnUninstall
DllOnUpdateFinish
DllProxyRegisterEngineEmbeddedUpdate
DllProxyRegisterServer
DllProxyUnregisterServer
DllRegisterEngineEmbeddedUpdate
DllRegisterServer
DllRevertIENewTabBehaviour
DllRunIEMediumIntegrity
DllRunNonSilentInstall
DllSendAutoUpdateRevertLog
DllSendHomepageSetUsage
DllSendInstallationUsage
DllShowUninstallDialog
DllSingleComponentInstall
DllUnblockToolbarIfNeeded
DllUpdate
DllVerifyEnableExtension
DllWriteSocialCookies

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 806KB - Virtual size: 805KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 185KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 471KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_64_
.dll regsvr32 windows:5 windows x86 arch:x86

f1e0a2363864da6d1b4633ceee19f647

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:80:f9:6d:b3:17:dc:9d:db:35:e5:58:56:3f:2b:89:1a:da:17:e2
Signer

Actual PE Digest

6f:80:f9:6d:b3:17:dc:9d:db:35:e5:58:56:3f:2b:89:1a:da:17:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.12\6.12.0\ConduitProxy\Release\prxtbedrs.pdb

Imports

kernel32

GetCurrentProcess
GetTickCount
CreateMutexW
GetVersionExA
DeleteFileW
Process32First
Process32Next
GetModuleHandleW
Sleep
HeapAlloc
GetProcessHeap
HeapFree
GetEnvironmentVariableW
WaitForSingleObject
GetLongPathNameW
GetSystemTimeAsFileTime
GetFileSize
CreateFileW
CreateToolhelp32Snapshot
ReadFile
CopyFileW
GetCurrentThreadId
OutputDebugStringW
IsWow64Process
GetComputerNameW
InterlockedDecrement
TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
SetFilePointer
WriteFile
SetLastError
InterlockedIncrement
GetLocalTime
EncodePointer
DecodePointer
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetFileType
LoadLibraryExW
RaiseException
RtlUnwind
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeW
LCMapStringW
FlushFileBuffers
SetFilePointerEx
SetStdHandle
WriteConsoleW
SetEndOfFile
FreeLibrary
LoadLibraryW
TerminateProcess
GetLastError
OpenProcess
GetCurrentProcessId
LocalFree
LocalAlloc
CloseHandle
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
GetModuleFileNameW

shlwapi

PathFileExistsW
PathFindFileNameW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

IsWindow
SendMessageA
RegisterWindowMessageW
PostMessageA
IsWindowVisible

advapi32

GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
RegCreateKeyExW
RegCloseKey
GetSidSubAuthorityCount
GetSidSubAuthority

shell32

SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllDeleteOldName
DllGetClassObject
DllGetInstallFileNameExt
DllIsDowngradeVersion
DllIsDowngradeVersionW
DllOnUninstall
DllOnUninstallEraseAll
DllOnUpdateFinish
DllRegisterEngineEmbeddedUpdate
DllRegisterServer
DllShowToolbarUninstallDialog
DllShowUninstallDialog
DllSingleComponentInstall
DllUnregisterServer

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_68_
.exe windows:5 windows x86 arch:x86

7b25d62fac6a93a74552bdc3dd699b98

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:f2:3d:cc:93:55:ab:6d:73:01:69:23:5b:cc:8c:e8:25:b7:8e:77
Signer

Actual PE Digest

77:f2:3d:cc:93:55:ab:6d:73:01:69:23:5b:cc:8c:e8:25:b7:8e:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.12\6.12.0\ToolbarHelper\Release\ToolbarHelper.pdb

Imports

kernel32

GetCommandLineW
LocalFree
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
WriteConsoleW
SetStdHandle
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetLastError
SetLastError
GetCurrentThreadId
MultiByteToWideChar
HeapFree
HeapAlloc
RaiseException
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
Sleep
RtlUnwind
GetStringTypeW
LCMapStringW
LoadLibraryExW
OutputDebugStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapReAlloc
SetFilePointerEx
HeapSize
CloseHandle
CreateFileW

shell32

CommandLineToArgvW

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_72_
.dll windows:5 windows x86 arch:x86

c9a41ea64d36e02d0c9e1e4d4c7686e9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ec:6c:47:71:b3:99:ec:05:ee:d4:09:0a:76:d1:c7:29:38:c2:ea:1a
Signer

Actual PE Digest

ec:6c:47:71:b3:99:ec:05:ee:d4:09:0a:76:d1:c7:29:38:c2:ea:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.12\6.12.0\ConduitLoader\Release\ldrtbedrs.pdb

Imports

kernel32

GetLongPathNameW
LoadLibraryW
GetModuleHandleW
FreeLibrary
GetTickCount
lstrcpyW
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
GetCurrentProcessId
OutputDebugStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
CloseHandle
GetVersionExA
IsWow64Process
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
GetCurrentProcess
GetComputerNameW
LocalAlloc
LocalFree
GetModuleFileNameW
GetLastError
TerminateProcess
LoadLibraryA
CreateMutexW
DeleteFileW
Sleep
HeapAlloc
GetProcessHeap
HeapFree
GetEnvironmentVariableW
WaitForSingleObject
GetSystemTimeAsFileTime
CreateFileW
ReadFile
CopyFileW
InterlockedDecrement
TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
SetFilePointer
WriteFile
SetLastError
WaitForMultipleObjects
TerminateThread
GetCurrentThread
SetThreadPriority
CreateEventW
SetEvent
InterlockedIncrement
GetLocalTime
EncodePointer
DecodePointer
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetFileType
LoadLibraryExW
RaiseException
RtlUnwind
ExitProcess
GetModuleHandleExW
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeW
SetFilePointerEx
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleW
SetEndOfFile
GetProcAddress

user32

DefWindowProcA
IsWindowUnicode
CallWindowProcW
CallWindowProcA
SetCursor
GetAsyncKeyState
LoadCursorA
SetWindowLongW
ScreenToClient
SendMessageA
PostMessageA
GetSysColor
GetParent
RegisterWindowMessageW
IsWindowVisible
SetTimer
SetFocus
GetFocus
IsChild
ReleaseDC
DrawTextW
GetDC
CreateWindowExW
IsWindow
DestroyWindow
GetClassNameW
MoveWindow
KillTimer
DefWindowProcW
SendMessageW
GetClientRect
RegisterClassW
LoadCursorW
GetClassInfoW
InsertMenuW
ShowWindow
SetWindowPos
GetWindowRect

gdi32

GetStockObject
CreatePen
SetBkMode
SetTextColor
SetWindowOrgEx
GetWindowOrgEx
DeleteDC
BitBlt
SetLayout
CreateCompatibleBitmap
CreateCompatibleDC
GetLayout
Rectangle
CreateSolidBrush
DeleteObject
SelectObject

ole32

CoTaskMemFree
CLSIDFromString
StringFromGUID2

comctl32

ord17

shlwapi

PathFindFileNameW
PathFileExistsW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

advapi32

GetSidSubAuthorityCount
RegCloseKey
OpenProcessToken
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyW
RegQueryInfoKeyW
RegCreateKeyExW
GetUserNameW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
GetSidSubAuthority
GetTokenInformation

shell32

SHGetFolderPathW
SHCreateDirectoryExW

Exports

Exports

DllCanUnloadNow
DllDeleteOldName
DllGetClassObject
DllGetInstallFileNameExt
DllOnUninstall
DllOnUninstallEraseAll
DllOnUpdateFinish
DllProxyRegisterEngineEmbeddedUpdate
DllProxyRegisterServer
DllProxyUnregisterServer
DllShowToolbarUninstallDialog
DllShowUninstallDialog
DllSingleComponentInstall

Sections

.text
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_73_
.dll windows:5 windows x86 arch:x86

d1389c33a56006e735b802c35692e3dc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e9:2b:03:aa:e4:98:cc:da:43:d3:02:17:c1:42:35:11:2a:b0:5a:34
Signer

Actual PE Digest

e9:2b:03:aa:e4:98:cc:da:43:d3:02:17:c1:42:35:11:2a:b0:5a:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.12\6.12.0\Release\hktbedrs.pdb

Imports

wininet

InternetSetCookieW
InternetCanonicalizeUrlA
InternetGetCookieW

kernel32

LoadLibraryExW
GetCommandLineA
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
GetConsoleMode
ReadConsoleW
SetLastError
InterlockedDecrement
Thread32Next
EncodePointer
WriteFile
Thread32First
CreateToolhelp32Snapshot
SetThreadPriority
GetCurrentThread
GetThreadPriority
Sleep
ResumeThread
GetThreadContext
SuspendThread
OpenThread
VirtualFree
VirtualAlloc
VirtualQuery
GetSystemInfo
FlushInstructionCache
VirtualProtectEx
GetCurrentProcess
GetTickCount
GetShortPathNameW
GetLongPathNameW
GetModuleFileNameW
GetSystemDirectoryW
CreateRemoteThread
GetModuleHandleW
VirtualFreeEx
GetDateFormatW
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetCurrentProcessId
OutputDebugStringW
GetProcAddress
FreeLibrary
LoadLibraryW
WaitForSingleObject
OpenEventW
WaitForMultipleObjects
ExitThread
SetEvent
CreateThread
CreateEventW
GetLastError
CreateMutexW
CloseHandle
ReleaseMutex
GetCurrentThreadId
GetConsoleCP
DecodePointer
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
LCMapStringW
CompareStringW
GetTimeZoneInformation
SetFilePointerEx
GetStringTypeW
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
ExitProcess
RtlUnwind
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
GetVersionExA
IsWow64Process
Process32First
Process32Next
GetComputerNameW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
LocalAlloc
LocalFree
TerminateProcess
Module32First
Module32Next
LoadLibraryA
DeleteFileW
SetFileAttributesW
MulDiv
HeapAlloc
GetProcessHeap
HeapFree
GetEnvironmentVariableW
TerminateThread
GetLocalTime
SetFilePointer
GetTimeFormatW
GetSystemTimeAsFileTime
GetFileSize
CreateFileW
ReadFile
CopyFileW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
FindClose
MoveFileExW
InterlockedIncrement
lstrcpyW
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
RaiseException

user32

DispatchMessageW
GetDlgItem
PostMessageA
FindWindowW
GetClientRect
GetWindowRect
SetWindowPos
SetWindowTextW
GetMenuItemCount
GetMenuItemInfoW
CheckMenuItem
GetClassNameW
PostMessageW
SendMessageA
GetDC
DrawTextW
ReleaseDC
RegisterWindowMessageW
FillRect
OffsetRect
GetParent
GetSysColor
ScreenToClient
ClientToScreen
GetWindowLongW
EnumChildWindows
SystemParametersInfoW
GetWindowLongA
IsWindowVisible
SetForegroundWindow
GetClassNameA
wsprintfW
IsWindowUnicode
MoveWindow
TranslateMessage
SetLayeredWindowAttributes
DialogBoxParamW
SetWindowLongA
InflateRect
DrawFocusRect
InvalidateRect
GetAsyncKeyState
SetPropW
SetCursor
CharUpperW
DestroyIcon
LoadImageW
GetIconInfo
DrawIconEx
CharLowerBuffA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
RegisterWindowMessageA
SendMessageTimeoutA
CopyRect
SendMessageW
EnableWindow
GetWindowTextLengthW
CallWindowProcW
DefWindowProcA
ShowWindow
DispatchMessageA
CallWindowProcA
DestroyWindow
LoadCursorA
UnregisterClassW
SetTimer
KillTimer
GetMessageA
IsWindow
SetWindowLongW
RemovePropW
SetRect
CreateWindowExW
RegisterClassW
GetClassInfoW
DefWindowProcW
GetWindowTextW
FindWindowExW
EnumWindows
EndDialog
GetPropW
PtInRect

gdi32

SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
GetStockObject
DeleteDC
BitBlt
GetObjectA
GdiFlush
SetTextColor
GetTextColor
SetBkMode
CreateFontIndirectW
GetDeviceCaps
SetWindowOrgEx
GetWindowOrgEx
SetLayout
SetBkColor
GetLayout
Rectangle
CreateSolidBrush
LineTo
GetPixel
SetPixel
SelectPalette
RealizePalette
MoveToEx
PlgBlt
CreatePen

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CLSIDFromString
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoCreateGuid

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysStringLen
OleLoadPicture

psapi

GetModuleFileNameExW
GetProcessMemoryInfo
EnumProcesses
GetModuleBaseNameW
GetProcessImageFileNameW
EnumProcessModules

shlwapi

StrCpyW
PathFileExistsW
PathFindFileNameW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringA
CertCloseStore
CertFreeCertificateContext
CertGetNameStringW
CryptMsgClose

comctl32

ord17
_TrackMouseEvent

urlmon

ObtainUserAgentString

gdiplus

GdipCreateImageAttributes
GdipCreateBitmapFromStream
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectRect
GdipDisposeImage
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix

advapi32

RegEnumKeyW
GetSidSubAuthorityCount
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyW
RegDeleteKeyW
RegOpenKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
GetTokenInformation
OpenProcessToken
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetUserNameW
RegCloseKey
RegCreateKeyExW
GetSidSubAuthority

Exports

Exports

DllConnectToIE

Sections

.text
Size: 580KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 161KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_74_
.dll windows:5 windows x64 arch:x64

a04dd1cfa026bd770d1250259b4280bb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e3:aa:a1:b0:98:a0:3c:ce:1f:4c:e3:81:84:17:49:d6:8f:c8:f8:e0
Signer

Actual PE Digest

e3:aa:a1:b0:98:a0:3c:ce:1f:4c:e3:81:84:17:49:d6:8f:c8:f8:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.12\6.12.0\Release\hk64tbedrs.pdb

Imports

wininet

InternetSetCookieW
InternetCanonicalizeUrlA
InternetGetCookieW

kernel32

GetFileType
GetModuleHandleExW
WriteConsoleW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
GetConsoleMode
ReadConsoleW
GetConsoleCP
RtlPcToFileHeader
RaiseException
SetLastError
Thread32Next
GetCommandLineA
LoadLibraryExW
DecodePointer
EncodePointer
Thread32First
CreateToolhelp32Snapshot
SetThreadPriority
GetCurrentThread
GetThreadPriority
Sleep
ResumeThread
GetThreadContext
SuspendThread
OpenThread
VirtualFree
VirtualAlloc
VirtualQuery
GetSystemInfo
FlushInstructionCache
VirtualProtectEx
GetCurrentProcess
GetTickCount
GetShortPathNameW
GetLongPathNameW
GetModuleFileNameW
GetSystemDirectoryW
CreateRemoteThread
GetModuleHandleW
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetCurrentProcessId
OutputDebugStringW
GetProcAddress
FreeLibrary
LoadLibraryW
WaitForSingleObject
OpenEventW
WaitForMultipleObjects
ExitThread
SetEvent
CreateThread
CreateEventW
GetLastError
CreateMutexW
CloseHandle
ReleaseMutex
GetCurrentThreadId
RtlLookupFunctionEntry
GetStdHandle
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
LCMapStringW
CompareStringW
GetTimeZoneInformation
SetFilePointerEx
GetStringTypeW
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
HeapSize
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
GetVersionExA
IsWow64Process
Process32First
Process32Next
GetComputerNameW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
LocalAlloc
LocalFree
TerminateProcess
Module32First
Module32Next
LoadLibraryA
DeleteFileW
SetFileAttributesW
MulDiv
HeapAlloc
GetProcessHeap
HeapFree
GetEnvironmentVariableW
TerminateThread
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
GetFileSize
CreateFileW
ReadFile
CopyFileW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
FindClose
MoveFileExW
lstrcpyW
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
SetFilePointer
WriteFile
RtlUnwindEx

user32

DispatchMessageW
GetDlgItem
PostMessageA
FindWindowW
GetClientRect
GetWindowRect
SetWindowPos
SetWindowTextW
GetMenuItemCount
GetMenuItemInfoW
CheckMenuItem
GetClassNameW
PostMessageW
SendMessageA
GetDC
DrawTextW
ReleaseDC
RegisterWindowMessageW
FillRect
OffsetRect
GetParent
GetSysColor
ScreenToClient
ClientToScreen
GetWindowLongW
SetWindowLongW
EnumChildWindows
SystemParametersInfoW
GetWindowLongA
IsWindowVisible
SetForegroundWindow
GetClassNameA
wsprintfW
IsWindowUnicode
MoveWindow
TranslateMessage
SetLayeredWindowAttributes
DialogBoxParamW
SetWindowLongA
InflateRect
DrawFocusRect
InvalidateRect
GetAsyncKeyState
SetPropW
SetCursor
CharUpperW
DestroyIcon
LoadImageW
GetIconInfo
DrawIconEx
CharLowerBuffA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
RegisterWindowMessageA
SendMessageTimeoutA
CopyRect
SendMessageW
EnableWindow
GetWindowTextLengthW
CallWindowProcW
DefWindowProcA
ShowWindow
DispatchMessageA
CallWindowProcA
DestroyWindow
LoadCursorA
UnregisterClassW
SetTimer
KillTimer
GetMessageA
IsWindow
SetWindowLongPtrW
RemovePropW
SetRect
CreateWindowExW
RegisterClassW
GetClassInfoW
DefWindowProcW
GetWindowTextW
FindWindowExW
EnumWindows
EndDialog
GetPropW
PtInRect

gdi32

SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
GetStockObject
DeleteDC
BitBlt
GetObjectA
SetBkColor
GdiFlush
SetTextColor
GetTextColor
SetBkMode
CreateFontIndirectW
GetDeviceCaps
SetWindowOrgEx
GetWindowOrgEx
SetLayout
GetLayout
Rectangle
CreateSolidBrush
LineTo
GetPixel
SetPixel
SelectPalette
RealizePalette
MoveToEx
PlgBlt
CreatePen

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CLSIDFromString
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoCreateGuid

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysStringLen
OleLoadPicture

psapi

GetModuleFileNameExW
GetProcessMemoryInfo
EnumProcesses
GetModuleBaseNameW
GetProcessImageFileNameW
EnumProcessModules

shlwapi

StrCpyW
PathFileExistsW
PathFindFileNameW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringA
CertCloseStore
CertFreeCertificateContext
CertGetNameStringW
CryptMsgClose

comctl32

ord17
_TrackMouseEvent

urlmon

ObtainUserAgentString

gdiplus

GdipCreateImageAttributes
GdipCreateBitmapFromStream
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectRect
GdipDisposeImage
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix

advapi32

RegOpenKeyW
GetSidSubAuthority
GetSidSubAuthorityCount
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyW
RegDeleteKeyW
RegEnumKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
OpenProcessToken
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetUserNameW
RegCloseKey
RegCreateKeyExW
GetTokenInformation

Exports

Exports

DllConnectToIE

Sections

.text
Size: 643KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 345KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 187KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

SHARED
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_87_
.dll regsvr32 windows:5 windows x86 arch:x86

e4f041db06ae34a0958bca416d89ae59

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:b5:01:8e:18:8e:4f:9b:e1:bd:b2:ad:b4:d2:fc:af:a8:12:f4:b2
Signer

Actual PE Digest

51:b5:01:8e:18:8e:4f:9b:e1:bd:b2:ad:b4:d2:fc:af:a8:12:f4:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.12\6.12.0\Release\tbedrs.pdb

Imports

comctl32

CreateToolbarEx
InitCommonControlsEx
CreatePropertySheetPageW
PropertySheetW
_TrackMouseEvent
ImageList_ReplaceIcon
ord17
ImageList_Create

wininet

InternetQueryOptionA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetGetCookieW
InternetSetOptionA
InternetCloseHandle
InternetConnectA
InternetGetLastResponseInfoA
HttpQueryInfoA
HttpSendRequestA
InternetSetOptionExA
HttpOpenRequestA
InternetOpenA
InternetCrackUrlA
InternetReadFile
InternetOpenUrlW
InternetSetCookieW
InternetCanonicalizeUrlA
GetUrlCacheEntryInfoW
InternetGetConnectedState
InternetSetOptionW
InternetOpenW

shlwapi

StrCpyW
PathFileExistsW
PathFindFileNameW
UrlEscapeW
SHDeleteKeyA

wsock32

WSAGetLastError
gethostbyname
closesocket
select
recv
send
connect
htons
WSACleanup
socket
setsockopt
WSASetLastError
ioctlsocket
WSAStartup

msimg32

GradientFill

urlmon

ObtainUserAgentString
URLDownloadToFileW

crypt32

CryptUnprotectData
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringA
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CryptProtectData

winmm

timeGetTime
PlaySoundW
PlaySoundA
sndPlaySoundW

kernel32

WriteProcessMemory
VirtualAllocEx
CopyFileW
WaitForSingleObject
lstrlenA
GetVersionExW
GetShortPathNameW
GetUserDefaultLCID
GetLongPathNameW
CreateDirectoryW
CreateEventA
Thread32Next
Thread32First
SetThreadPriority
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
FlushFileBuffers
SetFilePointerEx
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetOEMCP
GetACP
IsValidCodePage
HeapSize
ExitProcess
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
InitializeCriticalSectionAndSpinCount
WriteConsoleW
GetModuleHandleExW
GetStdHandle
GetFileType
GetConsoleCP
ReadConsoleW
GetConsoleMode
RtlUnwind
RaiseException
GetCommandLineA
IsProcessorFeaturePresent
LocalFree
LoadLibraryExW
HeapReAlloc
DecodePointer
EncodePointer
InterlockedExchange
GetCurrentThread
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
TlsSetValue
TlsFree
TlsGetValue
TlsAlloc
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
GetOverlappedResult
WriteFile
SetNamedPipeHandleState
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
MoveFileExW
FindClose
FindNextFileW
RemoveDirectoryW
FindFirstFileW
GetFileTime
GetSystemTimeAsFileTime
GetComputerNameW
IsWow64Process
ReadFile
GlobalLock
GlobalAlloc
GetFileSize
CreateFileW
GlobalFree
GlobalUnlock
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
HeapFree
GetProcessHeap
HeapAlloc
MulDiv
SetFileAttributesW
DeleteFileW
GetVersionExA
LoadLibraryA
LocalAlloc
SizeofResource
OutputDebugStringW
lstrcpyA
lstrcpyW
InterlockedIncrement
LoadLibraryW
GetModuleHandleW
Process32Next
Process32First
ReleaseMutex
CreateToolhelp32Snapshot
GetThreadPriority
ResumeThread
GetThreadContext
SuspendThread
OpenThread
VirtualFree
VirtualAlloc
VirtualQuery
GetSystemInfo
FlushInstructionCache
VirtualProtectEx
GetCurrentProcess
CreateProcessW
ExpandEnvironmentStringsW
GetLocaleInfoW
Beep
GetTimeFormatW
GetDateFormatW
GetLocalTime
SystemTimeToFileTime
GetTempPathW
FreeResource
LockResource
LoadResource
FindResourceW
GetFileAttributesW
GetModuleHandleA
lstrlenW
TerminateThread
TerminateProcess
MultiByteToWideChar
WideCharToMultiByte
SetLastError
GetSystemDirectoryW
CreateRemoteThread
GetProcAddress
GetStringTypeW
VirtualFreeEx
OpenProcess
IsDebuggerPresent
FreeLibrary
GetTickCount
OpenMutexW
OpenEventW
WaitForMultipleObjects
ExitThread
SetEvent
CreateThread
CreateEventW
GetLastError
CreateMutexW
GetCurrentThreadId
Sleep
InterlockedDecrement
GetCurrentProcessId
CloseHandle
GetModuleFileNameW
LoadLibraryExA

user32

GetDlgItem
IsWindow
SetWindowLongW
SendMessageA
MoveWindow
SetWindowTextW
SetWindowTextA
wsprintfW
SetDlgItemTextW
GetClientRect
GetWindowRect
GetDlgCtrlID
ShowWindow
GetWindowLongW
GetParent
LoadCursorW
GetMessageW
PeekMessageW
MessageBoxW
IsRectEmpty
RegisterClassExW
GetClassInfoExW
SetClassLongA
CopyRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CharUpperW
SendMessageTimeoutA
InflateRect
SetLayeredWindowAttributes
LoadImageW
GetWindowRgn
MessageBeep
GetActiveWindow
IsDialogMessageW
IsDialogMessageA
SetDlgItemInt
GetKeyState
SetForegroundWindow
GetDlgItemTextA
SetClassLongW
FrameRect
DrawFrameControl
AllowSetForegroundWindow
DeferWindowPos
DrawEdge
MsgWaitForMultipleObjects
PeekMessageA
PostThreadMessageA
SetParent
GetDlgItemTextW
GetScrollInfo
GetMenuItemRect
GetMenuState
SetMenuItemInfoW
EnableMenuItem
DeleteMenu
TrackPopupMenu
InsertMenuItemA
CreatePopupMenu
DestroyMenu
GetMenuItemID
SetMenuInfo
GetMenuInfo
IsMenu
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
CharLowerBuffA
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetUpdateRect
GetCapture
DispatchMessageA
DispatchMessageW
TranslateMessage
ReleaseCapture
GetMessageA
SetCapture
SetActiveWindow
EndPaint
BeginPaint
SetRect
OffsetRect
DrawIconEx
GetIconInfo
DestroyIcon
GetSystemMetrics
FillRect
UnregisterClassA
CheckMenuItem
GetMenuItemInfoW
GetMenuItemCount
GetForegroundWindow
GetWindowTextLengthW
SendMessageW
EndDialog
FindWindowW
GetAsyncKeyState
GetMenuItemInfoA
SetWindowRgn
RegisterWindowMessageA
GetClassNameW
DestroyWindow
CreateWindowExW
SetWindowLongA
GetWindowLongA
GetDesktopWindow
IsChild
GetFocus
KillTimer
GetSysColor
CallWindowProcW
IsWindowUnicode
DefWindowProcW
GetWindowThreadProcessId
PostMessageW
SetWindowPos
RegisterClassW
GetClassInfoW
SetTimer
SetFocus
PtInRect
ScreenToClient
GetCursorPos
IsWindowVisible
SetRectEmpty
GetWindowTextW
FindWindowExW
EnumWindows
LoadCursorA
SetCursor
ReleaseDC
DrawTextW
GetDC
PostMessageA
CallWindowProcA
InvalidateRect
ClientToScreen
SendInput
IsIconic
GetLastInputInfo
RegisterWindowMessageW
MonitorFromRect
GetMonitorInfoA
EnumChildWindows
SystemParametersInfoW
GetClassNameA
DrawFocusRect
DialogBoxParamW
CreateDialogParamW
DefWindowProcA

gdi32

StretchBlt
SetStretchBltMode
GetStretchBltMode
GetObjectW
FrameRgn
OffsetRgn
SetRectRgn
ExcludeClipRect
TextOutW
SetTextAlign
GetPixel
CombineRgn
BitBlt
CreateCompatibleBitmap
Polygon
GdiFlush
SetPixel
GetObjectA
GetTextAlign
GetLayout
GetTextExtentPoint32W
Rectangle
DeleteDC
CreateCompatibleDC
SetBkColor
CreateSolidBrush
CreateFontIndirectW
CreateRectRgn
DeleteObject
LineTo
MoveToEx
SelectObject
CreatePen
SetWindowOrgEx
GetWindowOrgEx
SetTextColor
SetBkMode
GetStockObject
RoundRect
SetLayout
GetDeviceCaps
PtInRegion
GetTextColor
SelectPalette
RealizePalette
PlgBlt
GetBkMode
GetBkColor
CreateDCW
GetDIBits

comdlg32

GetOpenFileNameW

advapi32

RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExA
RegDeleteKeyA
OpenProcessToken
DeleteAce
LookupAccountSidW
GetAce
GetNamedSecurityInfoW
SetEntriesInAclA
SetNamedSecurityInfoW
CryptAcquireContextA
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
ConvertSidToStringSidA
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
DuplicateTokenEx
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
RegSetValueExW

shell32

SHGetFolderPathW
ShellExecuteExW
ShellExecuteW
SHCreateDirectoryExW

ole32

CoCreateGuid
CoSetProxyBlanket
CoInitializeSecurity
IIDFromString
CLSIDFromString
OleUninitialize
OleInitialize
CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemFree
CoUninitialize
CoGetMalloc
StringFromIID
CoInitialize
StringFromGUID2
CoCreateInstance

oleaut32

SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetUBound
OleLoadPicture
SafeArrayCreateVector
SysStringByteLen
SysAllocString
SysFreeString
VariantInit
VariantClear
CreateDispTypeInfo
VariantCopy
VariantChangeType
SysAllocStringByteLen
SysStringLen
VarBstrCmp
SysAllocStringLen

psapi

GetProcessImageFileNameW
GetModuleBaseNameW
EnumProcesses
GetProcessMemoryInfo
EnumProcessModules
GetModuleFileNameExW

dnsapi

DnsQuery_A

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

DLLOnUninstallEraseAll
DllAddInstalltionGlobalKey
DllBrowserSearchProtectorRevert
DllCallInstallerService
DllCanUnloadNow
DllCleanEnableExtensionDoing
DllConnectToIE
DllDeleteOldName
DllEnableExtension
DllExpireSocialCookies
DllGetClassObject
DllGetInstallFileNameExt
DllGetInstallFileNameExtW
DllGetInstallationId
DllGetMachineID
DllHandleUserID
DllHomePageProtectorRevert
DllModifySearchEngine
DllModifySearchEngineNonSilent
DllModifySearchEngineSilent
DllOnUninstall
DllOnUpdateFinish
DllProxyRegisterEngineEmbeddedUpdate
DllProxyRegisterServer
DllProxyUnregisterServer
DllRegisterEngineEmbeddedUpdate
DllRegisterServer
DllRevertIENewTabBehaviour
DllRunIEMediumIntegrity
DllRunNonSilentInstall
DllSendAutoUpdateRevertLog
DllSendHomepageSetUsage
DllSendInstallationUsage
DllShowUninstallDialog
DllSingleComponentInstall
DllUnblockToolbarIfNeeded
DllUpdate
DllVerifyEnableExtension
DllWriteSocialCookies

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 806KB - Virtual size: 805KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 185KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 471KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_88_
.exe windows:5 windows x86 arch:x86

7b25d62fac6a93a74552bdc3dd699b98

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:f2:3d:cc:93:55:ab:6d:73:01:69:23:5b:cc:8c:e8:25:b7:8e:77
Signer

Actual PE Digest

77:f2:3d:cc:93:55:ab:6d:73:01:69:23:5b:cc:8c:e8:25:b7:8e:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.12\6.12.0\ToolbarHelper\Release\ToolbarHelper.pdb

Imports

kernel32

GetCommandLineW
LocalFree
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
WriteConsoleW
SetStdHandle
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetLastError
SetLastError
GetCurrentThreadId
MultiByteToWideChar
HeapFree
HeapAlloc
RaiseException
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
Sleep
RtlUnwind
GetStringTypeW
LCMapStringW
LoadLibraryExW
OutputDebugStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapReAlloc
SetFilePointerEx
HeapSize
CloseHandle
CreateFileW

shell32

CommandLineToArgvW

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GottenAppsContextMenu.xml
OtherAppsContextMenu.xml
SharedAppsContextMenu.xml
ToolbarContextMenu.xml
toolbar.cfg
uninstall.exe
.exe windows:5 windows x86 arch:x86

90fd9913477b4e5a735366c9d47ba519

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f3:d2:88:de:59:c5:15:66:d9:13:57:20:42:48:36:20:a7:91:b7:0e
Signer

Actual PE Digest

f3:d2:88:de:59:c5:15:66:d9:13:57:20:42:48:36:20:a7:91:b7:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.11\6.11.0\Setup\NSIS-SetupSource\uninstall.pdb

Imports

kernel32

LeaveCriticalSection
MultiByteToWideChar
EnterCriticalSection
DeleteCriticalSection
GetFileSize
FindFirstFileW
GetSystemTimeAsFileTime
WideCharToMultiByte
CreateFileW
GetLastError
FindClose
WriteConsoleW
SetFilePointerEx
SetStdHandle
CloseHandle
GetShortPathNameW
GetProcAddress
GetLongPathNameW
GetModuleFileNameW
LoadLibraryW
WaitForSingleObject
CreateProcessW
FreeLibrary
ReadFile
HeapFree
OutputDebugStringW
LCMapStringW
EncodePointer
DecodePointer
HeapAlloc
HeapReAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
InterlockedDecrement
ExitProcess
GetModuleHandleExW
HeapSize
Sleep
InterlockedIncrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
GetStringTypeW
RaiseException
GetProcessHeap
GetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

12:1c:f9:11:f1:8d:80:b7:88:a2:66:11:05:47:d9:35:d9:42:7f:0dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 4.0MB

.rsrc Size: 4KB - Virtual size: 3KB

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 48B

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 590B

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

12:1c:f9:11:f1:8d:80:b7:88:a2:66:11:05:47:d9:35:d9:42:7f:0d
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 4.0MB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

03:a7:77:03:db:64:4a:1b:cd:10:fb:d6:30:86:0d:66:df:d3:9f:10
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 452KB

.ndata
Size: - Virtual size: 1.1MB

.rsrc
Size: 3KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

25:cc:a5:24:8b:f6:3f:d7:e8:f0:66:8a:50:51:b3:bc:7c:15:da:0f
Signer

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB