3f6403d6bc068e120ee07ecd21a18500_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f6403d6bc068e120ee07ecd21a18500_JaffaCakes118
Size

19.9MB
MD5

3f6403d6bc068e120ee07ecd21a18500
SHA1

6c22ebbae0c637728ae8542218656e2cd3126748
SHA256

aa6f30a44204803f5feea2a6248197de2c6b4a72028f7ffaf3e9383736cfe4f0
SHA512

8a0e0c0a781c928fe0c78289beee428013c2543666399d31f7e17965a35d726c96cf1633fdf37d7b239c08ee858a66590132042c06e661513facfb34b59ffc8b
SSDEEP

393216:osYUcVZZfyRNZ81VHdDt/ZyShgnTEOAMpmz3f9N5wz5JBqiXS:HEVfyDatYSy9cL9/wlJgiXS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WDSetup.EXE

Files

3f6403d6bc068e120ee07ecd21a18500_JaffaCakes118
.zip
INST.WXF
ServeursWeb.wdk
WDMetabase.dll
.dll windows:6 windows x86 arch:x86

f8d3143cec19bf7cb1d562e298b535b1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/10/2017, 00:00

Not After

04/12/2019, 23:59

Subject

CN=PC SOFT INFORMATIQUE,OU=Quality Assurance,O=PC SOFT INFORMATIQUE,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

58:a0:89:c2:71:43:7b:0d:36:ef:5a:6e:cd:14:fc:f0:92:21:7f:95
Signer

Actual PE Digest

58:a0:89:c2:71:43:7b:0d:36:ef:5a:6e:cd:14:fc:f0:92:21:7f:95

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\source\source.GP\98823\Release_WDMetabase_27\wx\Desktop_x86_32\Release\WDMetabase.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
LocalFree
InterlockedIncrement
FormatMessageW
GetProcAddress
FreeLibrary
CloseHandle
GetModuleHandleW
GetCurrentProcess
SetLastError
WideCharToMultiByte
CreateFileW
WriteConsoleW
DecodePointer
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
GetLastError
EncodePointer
RaiseException
InterlockedFlushSList
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
HeapFree
HeapAlloc
HeapReAlloc
GetACP
GetStringTypeW
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoInitializeEx

oleaut32

VariantInit
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString

Exports

Exports

?Meta_szGetLastError@@YAPB_WXZ
IISManager_Term
IISManager_bAccesCommitChanges
IISManager_bAccesLibere
IISManager_bElementCollectionAjoute
IISManager_bElementCollectionSupprime
IISManager_bElementLibere
IISManager_bInit
IISManager_bProprieteLibere
IISManager_bProprieteSetValeurChaine
IISManager_bSupprimeLocation
IISManager_nAccesOuvre
IISManager_nAccesOuvreAdminSection
IISManager_nElementCollection
IISManager_nElementCollectionCree
IISManager_nElementCollectionParCle
IISManager_nElementElementParNom
IISManager_nElementFils
IISManager_nElementProprieteParNom
IISManager_pszElementMetadata
IISManager_pszElementNom
IISManager_pszElementProprieteValeur
Meta_Term
Meta_bBackup
Meta_bCreeCle
Meta_bEcritValeur
Meta_bEnumSousCle
Meta_bExisteCle
Meta_bExisteValeur
Meta_bInit
Meta_bLitValeur
Meta_bSupprimeCle
Meta_bSupprimeValeur
Meta_hGetLastError

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WDSetup.EXE
.exe windows:5 windows x86 arch:x86

7de68a559169452a6729ae1b48c55644

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

B:\source\source.ACL\99255\Release_wdexe_144\WX\Desktop_x86_32\Release\WDExe.pdb

Imports

kernel32

GetModuleFileNameW
GetLastError
CreateFileMappingW
CloseHandle
MapViewOfFile
UnmapViewOfFile
GetVersionExA
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
CreateEventW
GetStartupInfoW
MulDiv
SetEvent
InterlockedIncrement
InterlockedDecrement
CreateMutexW
WaitForSingleObject
ReleaseMutex
OpenFileMappingW
FreeLibrary
FindResourceW
LoadResource
LockResource
FreeResource
GetTempPathW
GetTempFileNameW
GetCurrentProcessId
SizeofResource
FormatMessageW
LocalFree
GetCommandLineW
ExitProcess
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
InterlockedExchangeAdd
LocalAlloc
GetVersionExW
LoadLibraryW
GetFileInformationByHandle
GetLogicalDriveStringsW
GetVolumeInformationW
WriteFile
ReadFile
SetFilePointer
LockFile
LockFileEx
UnlockFile
UnlockFileEx
FlushFileBuffers
SetEndOfFile
SetFileValidData
SetErrorMode
SetLastError
SystemTimeToFileTime
FileTimeToSystemTime
CreateFileW
GetTickCount
Sleep
DeleteFileW
MoveFileW
CopyFileW
CreateDirectoryW
FindFirstFileW
FindClose
GetFileAttributesW
SetFileAttributesW
FindFirstFileExW
FindNextFileW
GetCurrentDirectoryW
GetFullPathNameW
GetDriveTypeW
FileTimeToLocalFileTime
HeapFree
GetProcessHeap
HeapAlloc
TlsSetValue
TlsGetValue
VirtualQuery
VirtualProtect
TlsAlloc
TlsFree
GetCurrentThreadId
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
WideCharToMultiByte
CompareStringW
GetTimeZoneInformation
CreateSemaphoreW
ReleaseSemaphore
GetCurrentProcess
InterlockedExchange
ResumeThread
TerminateThread
CreateThread
GetProfileStringW
GetExitCodeProcess
GetSystemDefaultLangID
GetMailslotInfo
GetComputerNameW
ExpandEnvironmentStringsW
CreateMailslotW
CreateProcessW
RaiseException
GetSystemInfo
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
EncodePointer
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetModuleHandleExW
GetStdHandle
GetACP
LCMapStringW
GetStringTypeW
HeapReAlloc
SetStdHandle
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer
WriteConsoleW

Exports

Exports

CommandeComposante
DeclareProxy
Execution
LibereMutex

Sections

.text
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WDSetupFont.ttf
WDSetupFontLicence.txt
WDUPDATE.NET
logo_corro5.gif
wd230com.dll
.dll windows:5 windows x86 arch:x86

085842618796e971fb8cab793d8e6583

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/10/2017, 00:00

Not After

04/12/2019, 23:59

Subject

CN=PC SOFT INFORMATIQUE,OU=Quality Assurance,O=PC SOFT INFORMATIQUE,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

14:20:79:a8:ba:df:96:79:e0:d4:8c:e7:38:36:1f:d7:2b:ac:90:d5
Signer

Actual PE Digest

14:20:79:a8:ba:df:96:79:e0:d4:8c:e7:38:36:1f:d7:2b:ac:90:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\source\source.AP\101301\Release_wdcom_58\WX\Desktop_x86_32\Release\wd230com.pdb

Imports

ws2_32

WSAGetLastError
bind
closesocket
listen
connect
getsockopt
setsockopt
getservbyname
WSAIoctl
ntohs
WSASend
WSAAddressToStringW
getaddrinfo
WSASetServiceW
getsockname
WSALookupServiceEnd
WSALookupServiceNextW
WSALookupServiceBeginW
getprotobyname
WSAAccept
WSAAsyncSelect
getnameinfo
__WSAFDIsSet
shutdown
WSACancelBlockingCall
WSACleanup
select
ioctlsocket
accept
WSASetLastError
htonl
getpeername
gethostname
gethostbyname
recv
WSAStartup
send
inet_ntoa
gethostbyaddr
inet_addr
freeaddrinfo
sendto
recvfrom
htons
socket

kernel32

SetUnhandledExceptionFilter
IsProcessorFeaturePresent
HeapSize
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExA
WriteConsoleW
SetFilePointerEx
MoveFileExW
DecodePointer
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetACP
GetModuleFileNameA
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
GetConsoleCP
ReadConsoleW
GetConsoleMode
SystemTimeToTzSpecificLocalTime
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
Sleep
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedExchangeAdd
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
GetProcAddress
FreeLibrary
InterlockedExchange
MultiByteToWideChar
GetTickCount
GetLastError
CloseHandle
SetEvent
CreateEventW
CreateThread
WaitForSingleObject
TerminateThread
WinExec
GetLogicalDrives
GetDriveTypeW
FindFirstFileW
FindNextFileW
MoveFileW
DeleteFileW
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetCurrentDirectoryW
GetPrivateProfileStringW
ExitThread
CreateMutexW
GetExitCodeThread
ReleaseMutex
_lopen
_lcreat
_lread
_lclose
_lwrite
FileTimeToSystemTime
OpenEventW
ResetEvent
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetCurrentProcessId
GetProfileIntW
GetVersionExW
SetLastError
GetModuleHandleW
FormatMessageW
OutputDebugStringW
CreateFileW
WriteFile
WaitForMultipleObjects
GetOverlappedResult
ClearCommError
SetCommMask
WaitCommEvent
SetupComm
PurgeComm
GetCommTimeouts
SetCommTimeouts
GetProfileStringW
GetCommState
SetCommState
EscapeCommFunction
ReadFile
IsBadStringPtrW
GetSystemTime
GetLocalTime
CancelIo
GetCurrentThreadId
FindNextFileA
FindClose
LocalFree
GetStdHandle
CreatePipe
SetStdHandle
DuplicateHandle
GetCurrentProcess
CreateProcessW
PeekNamedPipe
TerminateProcess
GetFileInformationByHandle
GetLogicalDriveStringsW
GetVolumeInformationW
SetFilePointer
LockFile
LockFileEx
UnlockFile
UnlockFileEx
FlushFileBuffers
SetEndOfFile
SetFileValidData
SetErrorMode
SystemTimeToFileTime
CreateDirectoryW
IsDebuggerPresent
GetFileAttributesExW
GetFileAttributesW
SetFileAttributesW
FindFirstFileExW
GetTempPathW
GetTempFileNameW
GetFullPathNameW
FileTimeToLocalFileTime
HeapFree
GetProcessHeap
HeapAlloc
GetModuleFileNameW
ProcessIdToSessionId
HeapCreate
HeapDestroy
HeapReAlloc
CompareStringW
GetTimeZoneInformation
CreateSemaphoreW
ReleaseSemaphore
OpenMutexW
SleepEx
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
FormatMessageA
GetFileType
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
CreateFileMappingA
GetSystemTimeAsFileTime
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
ResumeThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
InterlockedFlushSList
EncodePointer
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter

ole32

StringFromIID
CoTaskMemFree
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitialize

oleaut32

VariantInit
VariantCopy
VariantClear
VariantChangeType
SysFreeString
GetErrorInfo
SysAllocString

winmm

waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutReset
waveOutUnprepareHeader
waveOutClose
waveInStop
waveOutWrite
waveInUnprepareHeader
waveInClose
waveOutPrepareHeader
mmioRead
waveOutGetErrorTextW
mmioDescend
mmioClose
mmioOpenW
timeGetTime
waveOutOpen
mmioAscend
waveInReset

Exports

Exports

?bStopServeur@@YAHPAVclSERVER@@@Z
?pclStartServeur@@YAPAVclSERVER@@JJJ@Z
?pclStartServeurCtx@@YAPAVclSERVER@@JJJPAVCComposanteComm@@PB_W1@Z
CheckVersion
CommandeComposante
DeconnecteLibrairie
Dir
ExecFTP
ExecRPC
Execution
ExternalTermLibrary
InfoComposante
PostBuffer
REM_MessageBox
REM_PostMessage
REM_PostNamedMessage
REM_RegisterWindowMessage
REM_WinExec
RecupDisqueLogique
RenommeFichier
SupprimeFichier
Thread_create_mutex
Thread_getid
Thread_lock_mutex
Thread_start
Thread_unlock_mutex
WDDir
WDGetLogicalDrives
WDMessageBox
WDPostBuffer
WDPostMessage
WDPostNamedMessage
WDRecupDisqueLogique
WDRegisterWindowMessage
WDWinExec
bExternalInitLibrary
bInitWLConvFromVM
lAppelRPC
lContactMailServer
lWDRenommeFichier
lWDSupprimeFichier
nFTPGet
nFTPPut
pQueryProxy
pclConnecteLibrairie
pclConnecteLibrairieNumLib

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 793KB - Virtual size: 793KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 649KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 907KB - Virtual size: 906KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wd230hf.dll
.dll windows:5 windows x86 arch:x86

1c547e19a3495773433e63e0d74c445d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/10/2017, 00:00

Not After

04/12/2019, 23:59

Subject

CN=PC SOFT INFORMATIQUE,OU=Quality Assurance,O=PC SOFT INFORMATIQUE,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d6:1a:f5:4a:33:8c:63:4a:16:dd:60:53:50:d5:80:8d:b4:7d:47:76
Signer

Actual PE Digest

d6:1a:f5:4a:33:8c:63:4a:16:dd:60:53:50:d5:80:8d:b4:7d:47:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\source\source.RR\101248\Release_wdhf_73\WX\Desktop_x86_32\Release\wd230hf.pdb

Imports

ws2_32

WSACancelBlockingCall
WSACleanup
WSAStartup
htonl
htons
getpeername
getsockname
connect
socket
getaddrinfo
getnameinfo
setsockopt
getsockopt
WSAGetLastError
shutdown
ioctlsocket
recv
send
__WSAFDIsSet
select
closesocket
freeaddrinfo
inet_ntoa
gethostbyname
gethostname

secur32

DecryptMessage
FreeContextBuffer
InitializeSecurityContextW
AcquireCredentialsHandleW
FreeCredentialsHandle
DeleteSecurityContext

kernel32

WriteConsoleW
ReadConsoleW
SetFilePointerEx
HeapSize
GetConsoleMode
GetConsoleCP
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
DecodePointer
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
HeapReAlloc
GetStdHandle
GetStringTypeW
GetACP
ExitProcess
QueryPerformanceFrequency
InterlockedDecrement
InterlockedIncrement
InterlockedExchangeAdd
FormatMessageW
LocalFree
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
InterlockedExchange
LoadLibraryW
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
Sleep
GetLastError
GetCurrentProcess
GetCurrentThreadId
CloseHandle
SetThreadPriority
SetErrorMode
IsBadReadPtr
IsBadWritePtr
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetProfileStringW
GetTickCount
GetVersionExW
GlobalMemoryStatusEx
SearchPathW
LCMapStringW
GetModuleFileNameA
GetPrivateProfileStringW
WritePrivateProfileStringW
GetModuleHandleW
GetWindowsDirectoryW
TryEnterCriticalSection
ResumeThread
GetFileAttributesExW
GetModuleFileNameW
SetLastError
GetFileInformationByHandle
GetLogicalDriveStringsW
GetVolumeInformationW
WriteFile
ReadFile
SetFilePointer
LockFile
LockFileEx
UnlockFile
UnlockFileEx
FlushFileBuffers
SetEndOfFile
SetFileValidData
SetFileTime
SystemTimeToFileTime
FileTimeToSystemTime
CreateFileW
DeleteFileW
MoveFileW
CopyFileW
CreateDirectoryW
FindFirstFileW
FindClose
GetFileAttributesW
FindFirstFileExW
FindNextFileW
GetTempPathW
GetCurrentDirectoryW
GetTempFileNameW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetFullPathNameW
GetDriveTypeW
QueryDosDeviceW
FileTimeToLocalFileTime
HeapAlloc
GetProcessHeap
HeapFree
CompareStringW
GetTimeZoneInformation
GetUserDefaultLangID
CreateSemaphoreW
WaitForSingleObject
ReleaseSemaphore
GetSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
TerminateProcess
EncodePointer
InterlockedFlushSList
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW

Exports

Exports

CheckVersion
CloseAnalyse
CloseDataAccess
CommandeComposante
DeclareProxy
DestroyContext
Execution
ExternalTermLibrary
InfoComposante
bDLLCompatible
bExternalInitLibrary
bHAlias
bHAnnuleAlias
bHAnnuleDeclaration
bHChangeConnexion
bHChangeNom
bHChangeRep
bHChangeRepJournal
bHDeclare
bHDeclareExterne
bHDecritConnexion
bHDecritFichier
bHDecritLiaison
bHDetruitVue
bHFichierExiste
bHGereIntegrite
bHGereRep
bHMode
bHOptimise
bHOuvreAnalyse
bHOuvreConnexion
bHPoste
bHTransaction
bInitWLCalcFromVM
bInitWLConvFromVM
bSetConnectionProperty
bSetStatus
bSetVerrou
dwGetNewContext
nGetIndex
nGetNewDataAccess
nGetPageByIndex
nGetPageByRecNum
nGetProperty
nGetUserDataAccess
nGetVersionRPC
nHActiveFiltre
nHAjoute
nHAjouteSnapShot
nHAnnuleRecherche
nHBloqueFichier
nHBloqueNumEnr
nHChangeCle
nHCreation
nHCreationSiInexistant
nHCreeVue
nHDebloqueFichier
nHDebloqueNumEnr
nHDesactiveFiltre
nHEcrit
nHEtat
nHExecuteRequete
nHExecuteRequeteSQL
nHExecuteVue
nHFerme
nHFiltre
nHFiltreCAny
nHFiltreCondition
nHFusionneVue
nHImporteTexte
nHInfoMemo
nHLibere
nHLiberePosition
nHLit
nHLitxxx
nHModifie
nHModifieSnapShot
nHNbEnr
nHOuvre
nHPasse
nHPositionCourante
nHPositionne
nHRaye
nHRecherche
nHReindexe
nHRetourPosition
nHSauvePosition
nHStatCalcule
nHStatNbDoublon
nHStatNbEnr
nHStatNbEnrIntervalle
nHSupprime
nHSupprimeRayeSnapShot
nHTransactionLibere
nHTrieVue
nHVerifieIndex
nHVersion
nHVueVersFichier
nWLHOuvre
nWLHPasse
pQueryProxy
pclGetError

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 986KB - Virtual size: 986KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wd230mat.dll
.dll windows:5 windows x86 arch:x86

e70b6035032c702305351dad93f0e92d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/10/2017, 00:00

Not After

04/12/2019, 23:59

Subject

CN=PC SOFT INFORMATIQUE,OU=Quality Assurance,O=PC SOFT INFORMATIQUE,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:3d:19:a8:30:f7:13:49:7d:81:72:aa:24:f1:b7:9d:01:ba:ab:02
Signer

Actual PE Digest

30:3d:19:a8:30:f7:13:49:7d:81:72:aa:24:f1:b7:9d:01:ba:ab:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\source\source.YB\100468\Release_wdmat_542\wx\Desktop_x86_32\Release\wd230mat.pdb

Imports

kernel32

LocalFree
WideCharToMultiByte
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
GetProcAddress
InterlockedExchangeAdd
GetLastError
CloseHandle
WriteFile
FlushFileBuffers
SetLastError
CreateFileW
FindClose
HeapAlloc
GetProcessHeap
HeapFree
FreeLibrary
GetModuleHandleW
GetCurrentProcess
GetCurrentThreadId
DecodePointer
EncodePointer
FormatMessageW
SetFilePointerEx
GetConsoleMode
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
RaiseException
InterlockedFlushSList
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetFileType
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetACP
GetStdHandle
GetStringTypeW
LCMapStringW
SetStdHandle
HeapReAlloc
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetConsoleCP
WriteConsoleW

Exports

Exports

CheckVersion
CommandeComposante
Execution
ExternalTermLibrary
InfoComposante
bExternalInitLibrary
bInitWLCalcFromVM
bInitWLConvFromVM
pQueryProxy

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wd230mdl.dll
.dll windows:5 windows x86 arch:x86

cb183caedca45f62f6e7b0e0904f6290

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/10/2017, 00:00

Not After

04/12/2019, 23:59

Subject

CN=PC SOFT INFORMATIQUE,OU=Quality Assurance,O=PC SOFT INFORMATIQUE,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5b:f0:92:9c:2c:db:ae:03:0b:29:e3:21:74:f9:53:6f:18:49:b4:92
Signer

Actual PE Digest

5b:f0:92:9c:2c:db:ae:03:0b:29:e3:21:74:f9:53:6f:18:49:b4:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\source\source.VIB\101832\Release_wdmdl_76\WX\Desktop_x86_32\Release\wd230mdl.pdb

Imports

kernel32

SetFileValidData
SetErrorMode
SystemTimeToFileTime
FileTimeToSystemTime
CreateFileW
GetTickCount
Sleep
DeleteFileW
CreateDirectoryW
FindClose
GetFileAttributesW
GetFullPathNameW
GetDriveTypeW
FindResourceW
LoadResource
LockResource
HeapAlloc
GetProcessHeap
HeapFree
FreeLibrary
SetEndOfFile
WaitForMultipleObjects
WaitForSingleObject
CreateMutexW
CreateEventW
GetCurrentThreadId
ReleaseMutex
ResetEvent
SetEvent
CompareStringW
FormatMessageW
GetTimeZoneInformation
GetCurrentProcess
TlsAlloc
TlsFree
MulDiv
SizeofResource
TlsGetValue
InterlockedExchange
TlsSetValue
GetProfileStringW
CreateSemaphoreW
ReleaseSemaphore
SetFilePointerEx
GetConsoleMode
WriteConsoleW
GetConsoleCP
HeapSize
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
FlushFileBuffers
UnlockFileEx
UnlockFile
LockFileEx
LockFile
SetFilePointer
ReadFile
WriteFile
CloseHandle
GetVolumeInformationW
GetLogicalDriveStringsW
GetFileInformationByHandle
LoadLibraryW
GetLastError
GetModuleHandleW
LocalFree
GetSystemTime
GetLocalTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSection
GetProcAddress
InterlockedExchangeAdd
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
EncodePointer
RaiseException
InterlockedFlushSList
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetFileType
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetACP
GetStdHandle
GetStringTypeW
HeapReAlloc
DecodePointer
LCMapStringW
SetStdHandle
FindFirstFileExA

user32

GetDC
ReleaseDC
GetSysColor

gdi32

SelectObject
CreateFontIndirectW
DeleteObject
GetTextFaceW

Exports

Exports

CheckVersion
CommandeComposante
DeclareProxy
Execution
ExternalTermLibrary
InfoComposante
bExternalInitLibrary
bInitWLCalcFromVM
bInitWLConvFromVM
pQueryProxy

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 546KB - Virtual size: 545KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wd230obj.dll
.dll windows:5 windows x86 arch:x86

dce6f1b332ee053fe01f965b8b02517b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/10/2017, 00:00

Not After

04/12/2019, 23:59

Subject

CN=PC SOFT INFORMATIQUE,OU=Quality Assurance,O=PC SOFT INFORMATIQUE,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

db:b1:d6:3b:c2:99:70:92:0a:e0:2a:b5:b7:39:d6:32:12:74:dc:3f
Signer

Actual PE Digest

db:b1:d6:3b:c2:99:70:92:0a:e0:2a:b5:b7:39:d6:32:12:74:dc:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\source\source.PAD\101812\Release_wdobj_68\WX\Desktop_x86_32\Release\wd230obj.pdb

Imports

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

kernel32

SetErrorMode
CreateFileW
DeleteFileW
CopyFileW
CreateDirectoryW
GetFileAttributesW
GetTempPathW
GetTempFileNameW
GetFullPathNameW
GetDriveTypeW
CompareStringW
GetTimeZoneInformation
GetUserDefaultLangID
CreateSemaphoreW
ReleaseSemaphore
VirtualQuery
GetSystemInfo
DecodePointer
WriteConsoleW
ReadConsoleW
SetFileValidData
HeapSize
GetConsoleMode
GetConsoleCP
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
FindNextFileA
FindFirstFileExA
SetStdHandle
LCMapStringW
GetStdHandle
GetStringTypeW
GetACP
GetModuleFileNameA
ExitProcess
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
RtlUnwind
InterlockedFlushSList
RaiseException
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
SetEndOfFile
FlushFileBuffers
UnlockFileEx
UnlockFile
LockFileEx
LockFile
SetFilePointer
ReadFile
WriteFile
GetVolumeInformationW
GetLogicalDriveStringsW
GetFileInformationByHandle
LocalAlloc
LocalFree
SizeofResource
LockResource
LoadResource
FindResourceW
OutputDebugStringW
GlobalAddAtomW
GetSystemDirectoryW
FindClose
FindNextFileW
FindFirstFileW
WaitNamedPipeW
VirtualProtect
TerminateProcess
MultiByteToWideChar
ReleaseMutex
CreateEventW
CreateMutexW
WaitForSingleObject
WaitForMultipleObjects
SetEvent
ResetEvent
HeapReAlloc
GlobalReAlloc
CloseHandle
OpenThread
FormatMessageW
GetVersionExW
WideCharToMultiByte
GetDateFormatW
GetSystemTime
GetProfileStringW
GetModuleFileNameW
SetCurrentDirectoryW
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
GetStartupInfoW
GetCurrentDirectoryW
GetCurrentProcess
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
IsBadReadPtr
GetWindowsDirectoryW
Beep
GetProfileIntW
GlobalFree
GlobalSize
GlobalAlloc
GlobalUnlock
GlobalLock
GetCurrentProcessId
IsValidCodePage
GetCommandLineW
GetModuleHandleW
SetLastError
FreeLibrary
GetCurrentThreadId
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
GetLocalTime
GetProcAddress
LoadLibraryW
Sleep
MulDiv
InterlockedIncrement
InterlockedExchangeAdd
GetTickCount
InterlockedDecrement
SetFilePointerEx
LoadLibraryExA

user32

CreateMenu
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
keybd_event
CopyImage
SetMenuItemInfoW
IsClipboardFormatAvailable
GetMenuItemCount
GetMenuItemInfoW
GetMenuStringW
SendMessageA
GetDoubleClickTime
DeferWindowPos
GetForegroundWindow
SetScrollRange
CountClipboardFormats
SetCaretPos
GetClassInfoW
ChildWindowFromPointEx
UnionRect
GetScrollInfo
IsChild
CopyRect
CreateWindowExA
RegisterClassW
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
DestroyMenu
CheckMenuItem
AppendMenuW
CreatePopupMenu
EnableScrollBar
EnumThreadWindows
GetScrollRange
ScrollWindowEx
GetScrollPos
SetWindowPlacement
SetScrollInfo
CreateIconIndirect
TrackPopupMenu
EnableMenuItem
GetSystemMenu
DefMDIChildProcW
DefFrameProcW
CallWindowProcW
DrawFrameControl
DrawIconEx
InvalidateRgn
GetWindowRgn
LockWindowUpdate
TranslateMDISysAccel
RemoveMenu
ValidateRgn
ScrollDC
GetQueueStatus
GetMessageW
SetForegroundWindow
AllowSetForegroundWindow
SetCursorPos
LoadStringW
FindWindowW
DestroyIcon
MoveWindow
GetClassLongW
GetSubMenu
GetUpdateRgn
SystemParametersInfoW
GetGuiResources
SetClassLongW
MessageBoxW
GetMessagePos
AdjustWindowRectEx
SetRectEmpty
DrawFocusRect
BringWindowToTop
WinHelpW
PostQuitMessage
RegisterWindowMessageW
DrawTextW
GetSysColor
GetClipboardData
RegisterClipboardFormatW
SetFocus
GetWindowTextW
GetWindowTextLengthW
GetClassNameW
GetActiveWindow
SetRect
ReplyMessage
DispatchMessageW
TranslateMessage
UnregisterClassW
GetCursor
ShowScrollBar
SetScrollPos
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
DestroyCursor
SetWindowRgn
EndDeferWindowPos
BeginDeferWindowPos
MessageBeep
SetActiveWindow
EnableWindow
SendMessageTimeoutW
GetUpdateRect
SetCursor
LoadCursorW
PostThreadMessageW
GetWindowThreadProcessId
LoadImageW
LoadIconW
CreateIconFromResourceEx
LoadCursorFromFileW
IsIconic
GetWindowPlacement
InsertMenuItemW
DrawMenuBar
GetMenu
IsCharAlphaW
CharLowerW
CharUpperW
GetKeyboardLayout
SetMenu
InflateRect
ShowCaret
CreateCaret
HideCaret
SubtractRect
EqualRect
GetAsyncKeyState
WindowFromPoint
CreateWindowExW
DestroyWindow
GetCursorPos
IsRectEmpty
DefWindowProcW
IsZoomed
EndPaint
GetClientRect
BeginPaint
GetFocus
GetSystemMetrics
ReleaseCapture
GetCapture
SetCapture
SetWindowTextW
SetParent
InvertRect
OffsetRect
ScreenToClient
SetPropW
RemovePropW
GetPropW
InvalidateRect
PeekMessageW
ShowWindow
SetWindowLongW
GetWindowLongW
GetWindowDC
GetParent
RedrawWindow
ClientToScreen
IntersectRect
GetWindow
SendMessageW
GetWindowRect
IsWindowVisible
ReleaseDC
GetDC
GetDesktopWindow
ValidateRect
SetWindowPos
FillRect
PtInRect
UpdateWindow
IsWindowEnabled
GetKeyState
KillTimer
SetTimer
PostMessageW
IsWindow
InSendMessageEx

gdi32

DeleteObject
BitBlt
CreateCompatibleDC
SelectObject
SaveDC
IntersectClipRect
RestoreDC
GetWindowOrgEx
StretchBlt
GetStockObject
CreateDIBSection
SetLayout
GetLayout
GetCurrentObject
GetObjectW
GetTextExtentPoint32W
GetDeviceCaps
RoundRect
SetBkColor
ExtTextOutW
Rectangle
ExcludeClipRect
MoveToEx
LineTo
SetPixel
GetTextMetricsW
CreateSolidBrush
CreateRectRgnIndirect
CreateCompatibleBitmap
GetSystemPaletteEntries
CreatePalette
CreatePen
GetPixel
SetROP2
SetBkMode
DeleteDC
SetTextColor
CopyMetaFileW
SelectClipRgn
SetStretchBltMode
RectVisible
CreateRectRgn
CombineRgn
OffsetRgn
ExtSelectClipRgn
EqualRgn
GetDIBits
SetDIBits
GetClipBox
GetClipRgn
RectInRegion
GetRgnBox
SelectPalette
RealizePalette
CreateEllipticRgn
GetViewportOrgEx
SetGraphicsMode
GetPaletteEntries
GetBrushOrgEx
SetBrushOrgEx
CreateDIBitmap
CreateFontIndirectW
GetViewportExtEx
GetWindowExtEx
GetCharacterPlacementW
LPtoDP
CreateRoundRectRgn
StretchDIBits
SetDIBitsToDevice
CreatePatternBrush
ExtCreatePen
CreateEnhMetaFileW
CloseEnhMetaFile
SetMapMode
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
PlayEnhMetaFile
DeleteEnhMetaFile
CreatePolygonRgn
SetPixelV
CreateBitmap
UnrealizeObject
GetROP2
Polygon
Ellipse
OffsetClipRgn
SetWindowOrgEx

shell32

DragAcceptFiles
ShellExecuteW
DragQueryFileW
SHAppBarMessage
DragQueryPoint

Exports

Exports

?pclCreateFactory@@YGPAUIClassFactory@@XZ
CheckVersion
CommandeComposante
DeclareProxy
Execution
ExternalTermLibrary
InfoComposante
WDTrackPopupMenuLookXP
WLE_DoModal
WLE_bOuvre
WLE_bOuvre2
WLE_hHandle
bExternalInitLibrary
bInitWLCalcFromVM
bInitWLConvFromVM
onXAMLEvent
pQueryProxy

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 626KB - Virtual size: 625KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wd230ole.dll
.dll windows:5 windows x86 arch:x86

f564b9b9401f2fa0de12b9d5507ecf1a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/10/2017, 00:00

Not After

04/12/2019, 23:59

Subject

CN=PC SOFT INFORMATIQUE,OU=Quality Assurance,O=PC SOFT INFORMATIQUE,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8f:3b:3b:57:85:60:a5:b5:79:f8:0e:f8:aa:0f:c6:ff:22:da:b3:73
Signer

Actual PE Digest

8f:3b:3b:57:85:60:a5:b5:79:f8:0e:f8:aa:0f:c6:ff:22:da:b3:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\source\source.YB\97492\Release_wdole_131\WX\Desktop_x86_32\Release\wd230ole.pdb

Imports

kernel32

LocalFree
GetCurrentThreadId
GetLastError
FlushFileBuffers
SetLastError
FindClose
GetModuleHandleW
GetCurrentProcess
DecodePointer
SetFilePointerEx
FormatMessageW
GetConsoleCP
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
HeapReAlloc
SetStdHandle
LCMapStringW
GetStringTypeW
GetStdHandle
GetACP
HeapAlloc
HeapFree
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
GetFileType
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
InterlockedFlushSList
RaiseException
EncodePointer
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetTickCount
lstrcpynW
MulDiv
GlobalSize
GetThreadLocale
FreeLibrary
GlobalDeleteAtom
GlobalAddAtomW
WideCharToMultiByte
LoadLibraryW
SetErrorMode
GetProfileIntW
GlobalFree
GlobalAlloc
SetFilePointer
CloseHandle
GlobalUnlock
GlobalLock
CreateFileW
ReadFile
WriteFile
Sleep
GetProcAddress
InterlockedExchangeAdd
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetConsoleMode
GetCurrentProcessId
QueryPerformanceCounter
WriteConsoleW

user32

wsprintfW
PeekMessageW
TranslateMessage
DispatchMessageW
GetPropW
SetPropW
RemovePropW
MessageBoxW
SetWindowPos
IsWindowVisible
GetDC
ReleaseDC
IsWindow
CopyRect
RegisterWindowMessageW
CallWindowProcW
SendMessageW
GetWindowLongW
SetWindowLongW
RegisterClipboardFormatW
PtInRect
IsRectEmpty
InflateRect
OffsetRect
GetDlgItem
GetTopWindow
GetWindow
GetWindowDC
GetClientRect
InvalidateRect
ScreenToClient
ReleaseCapture
GetCapture
SetCapture
GetActiveWindow
GetCursorPos
IsClipboardFormatAvailable
GetKeyState

gdi32

SelectClipRgn
CreateRectRgnIndirect
SetROP2
GetStockObject
GetMapMode
CopyMetaFileW
GetTextColor
GetBkColor
GetDeviceCaps
GetObjectW
LPtoDP
SetMapMode
DeleteObject
PatBlt
SetBkColor
SetTextColor
SelectObject
CreatePatternBrush
CreateBitmap
DPtoLP

advapi32

RegQueryValueExW
RegCloseKey
RegQueryValueW
RegEnumKeyExW
RegOpenKeyExW

ole32

CoCreateInstance
OleRun
CLSIDFromString
OleSetContainedObject
OleSave
OleCreateFromData
OleCreateFromFile
OleCreate
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleDraw
CoTaskMemFree
ReleaseStgMedium
GetHGlobalFromILockBytes
OleConvertOLESTREAMToIStorage
OleLoad
StgOpenStorageOnILockBytes
CoGetClassObject
OleGetAutoConvert
RevokeDragDrop
CoLockObjectExternal
OleSetClipboard
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleGetClipboard
CoGetMalloc
ProgIDFromCLSID
CreateBindCtx
CoTaskMemAlloc
OleDuplicateData
CLSIDFromProgID
OleUninitialize
CoUninitialize
OleInitialize
CoInitializeEx

oleaut32

VariantInit
VariantClear
OleCreatePropertyFrame
SysFreeString
SafeArrayPtrOfIndex
SafeArrayCreate
SafeArrayUnlock
SafeArrayLock
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantCopy
VariantChangeType
SystemTimeToVariantTime
SysAllocString
SafeArrayDestroy
SysStringLen
SysAllocStringLen
GetActiveObject

Exports

Exports

?WndProcFrame@@YGJPAUHWND__@@IIJ@Z
CheckVersion
CommandeComposante
Execution
ExternalTermLibrary
InfoComposante
bExternalInitLibrary
bInitWLConvFromVM
pQueryProxy

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wd230pnt.dll
.dll windows:5 windows x86 arch:x86

df36d373809e3cf415d48bcf2f58dfda

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/10/2017, 00:00

Not After

04/12/2019, 23:59

Subject

CN=PC SOFT INFORMATIQUE,OU=Quality Assurance,O=PC SOFT INFORMATIQUE,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

aa:5a:5d:69:e8:06:fc:aa:f5:82:6f:72:e5:7e:70:88:cf:0b:2a:9e
Signer

Actual PE Digest

aa:5a:5d:69:e8:06:fc:aa:f5:82:6f:72:e5:7e:70:88:cf:0b:2a:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\source\source.AV\101294\Release_wdpnt_57\WX\Desktop_x86_32\Release\wd230pnt.pdb

Imports

kernel32

MultiByteToWideChar
GetProcAddress
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
CloseHandle
WaitForSingleObject
WaitForMultipleObjects
ResetEvent
SetEvent
GetModuleHandleW
MulDiv
LocalAlloc
GetVersionExW
GetLastError
LoadLibraryW
GetFileInformationByHandle
GetLogicalDriveStringsW
GetVolumeInformationW
WriteFile
ReadFile
SetFilePointer
LockFile
LockFileEx
UnlockFile
UnlockFileEx
FlushFileBuffers
SetEndOfFile
SetFileValidData
SetErrorMode
SetLastError
CreateFileW
GetTickCount
Sleep
DeleteFileW
CopyFileW
CreateDirectoryW
WideCharToMultiByte
FindClose
GetFileAttributesW
GetTempPathW
GetCurrentDirectoryW
GetTempFileNameW
GetFullPathNameW
GetDriveTypeW
HeapAlloc
GetProcessHeap
HeapFree
FreeLibrary
CompareStringW
CreateSemaphoreW
ReleaseSemaphore
GetCurrentThreadId
GetCurrentProcess
ProcessIdToSessionId
GetCurrentProcessId
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
GlobalReAlloc
IsProcessorFeaturePresent
GlobalSize
LocalFree
SizeofResource
LockResource
LoadResource
FindResourceW
FormatMessageW
VirtualQuery
VirtualProtect
GetSystemInfo
HeapSize
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
EncodePointer
RaiseException
InterlockedFlushSList
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetFileType
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetStringTypeW
GetACP
HeapReAlloc
DecodePointer
GetStdHandle
LCMapStringW
SetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleCP
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetFilePointerEx
WriteConsoleW
LoadLibraryExA

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

ole32

CoCreateInstance
CoInitialize

oleaut32

SysAllocString
VariantInit
SysFreeString

Exports

Exports

CheckVersion
CommandeComposante
Execution
ExternalTermLibrary
InfoComposante
bExternalInitLibrary
bInitWLConvFromVM
pQueryProxy
pQueryProxyEx
pclQueryIMGFactory

Sections

.text
Size: 926KB - Virtual size: 925KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

monseg
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wd230sql.dll
.dll windows:6 windows x86 arch:x86

36c154b6a9be2ead91c4b95a3cf6f470

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/10/2017, 00:00

Not After

04/12/2019, 23:59

Subject

CN=PC SOFT INFORMATIQUE,OU=Quality Assurance,O=PC SOFT INFORMATIQUE,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7d:41:10:59:ec:07:a9:d0:2e:83:53:43:00:ab:14:41:ed:15:ea:25
Signer

Actual PE Digest

7d:41:10:59:ec:07:a9:d0:2e:83:53:43:00:ab:14:41:ed:15:ea:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\source\source.RR\101035\Release_wdsql_115\wx\Desktop_x86_32\Release\wd230sql.pdb

Imports

kernel32

GetProcAddress
InterlockedDecrement
InterlockedExchangeAdd
WideCharToMultiByte
InterlockedIncrement
SetLastError
GetSystemTime
GetLocalTime
MultiByteToWideChar
GetLastError
FormatMessageW
LocalFree
LoadLibraryW
FreeLibrary
CloseHandle
GetFileInformationByHandle
GetLogicalDriveStringsW
GetVolumeInformationW
WriteFile
ReadFile
SetFilePointer
LockFile
LockFileEx
UnlockFile
UnlockFileEx
FlushFileBuffers
SetEndOfFile
SetFileValidData
SetErrorMode
CreateFileW
DeleteFileW
FindClose
GetFullPathNameW
GetDriveTypeW
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
GetModuleHandleW
GetCurrentProcess
GetProcessHeap
HeapFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
ReadConsoleW
DecodePointer
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
EncodePointer
InterlockedFlushSList
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetFileType
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
LCMapStringW
GetStringTypeW
GetACP
GetStdHandle
SetStdHandle
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
GetConsoleMode
HeapSize
SetFilePointerEx
WriteConsoleW

ole32

CoCreateGuid

Exports

Exports

CheckVersion
CommandeComposante
DeclareProxy
Execution
Export_IInfoFrom_piGetSource
Export_IInfoFrom_pszGetAlias
Export_IInfoFrom_pszGetNom
Export_IInfoFrom_stGetPosition
Export_IInfoFrom_stGetPositionAlias
ExternalTermLibrary
bDLLCompatible
bExternalInitLibrary
bInitWLCalcFromVM
bInitWLConvFromVM
pQueryProxy
pstGetSQLSymbolInfo

Sections

.text
Size: 761KB - Virtual size: 761KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wd230std.dll
.dll windows:5 windows x86 arch:x86

21292c8eb4776818467be4d4f985c11f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/10/2017, 00:00

Not After

04/12/2019, 23:59

Subject

CN=PC SOFT INFORMATIQUE,OU=Quality Assurance,O=PC SOFT INFORMATIQUE,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:86:5e:cf:57:7e:57:f8:18:bd:58:eb:8b:fa:95:cc:9e:3b:40:b1
Signer

Actual PE Digest

5e:86:5e:cf:57:7e:57:f8:18:bd:58:eb:8b:fa:95:cc:9e:3b:40:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\source\source.PAD\101154\Release_wdstd_410\WX\Desktop_x86_32\Release\wd230std.pdb

Imports

kernel32

InterlockedDecrement
GetModuleFileNameW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetTickCount
WritePrivateProfileStringW
GetLastError
InterlockedExchangeAdd
InterlockedIncrement
GetVersionExW
MulDiv
GetCurrentThreadId
CloseHandle
CreateEventW
SetEvent
ResetEvent
OpenThread
WaitForSingleObjectEx
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
GetModuleHandleW
GetCurrentProcessId
LocalFree
InterlockedExchange
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetLocalTime
SetLocalTime
FormatMessageW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
GlobalSize
GetComputerNameExW
LoadLibraryW
ReadProcessMemory
FreeLibrary
OpenProcess
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
TerminateProcess
GetPriorityClass
SetPriorityClass
GetComputerNameW
GetShortPathNameW
IsBadWritePtr
IsBadReadPtr
SetFileAttributesW
FindFirstFileW
FindClose
SetCurrentDirectoryW
SetErrorMode
GetCurrentDirectoryW
GetFileAttributesExA
GetFileAttributesExW
CreateFileA
DeviceIoControl
SetLastError
GetDiskFreeSpaceW
GetVolumeInformationW
GetFullPathNameW
CreateFileW
DeleteFileW
SetFileTime
GetLocaleInfoW
GetUserDefaultLangID
WriteProfileStringW
GetWindowsDirectoryW
GetProfileStringW
GetSystemDirectoryW
GlobalMemoryStatus
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentVariableW
LoadLibraryExW
SetEnvironmentVariableW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetSystemTime
OutputDebugStringW
InitializeCriticalSection
WriteFile
ReadFile
GetProfileIntW
FindResourceW
LoadResource
LockResource
SizeofResource
ExpandEnvironmentStringsW
ReadDirectoryChangesW
GetFileAttributesW
CreateDirectoryW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
VirtualQuery
UnmapViewOfFile
ReleaseMutex
CreateMutexW
_llseek
_lread
_lclose
_lcreat
_lwrite
FileTimeToSystemTime
lstrlenW
OpenFile
LocalAlloc
GetSystemWindowsDirectoryW
CreateSemaphoreW
ReleaseSemaphore
GetFileInformationByHandle
GetLogicalDriveStringsW
SetFilePointer
LockFile
LockFileEx
UnlockFile
UnlockFileEx
FlushFileBuffers
SetEndOfFile
SetFileValidData
GetFileTime
SystemTimeToFileTime
MoveFileW
CopyFileW
RemoveDirectoryW
FindFirstFileExW
FindNextFileW
GetTempPathW
GetTempFileNameW
GetDiskFreeSpaceExW
GetDriveTypeW
FileTimeToLocalFileTime
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetStdHandle
SetStdHandle
PeekNamedPipe
GetDateFormatW
HeapCreate
HeapDestroy
HeapReAlloc
CompareStringW
GetSystemDefaultLCID
GetTimeZoneInformation
OpenSemaphoreW
WaitForMultipleObjects
RaiseException
GetSystemInfo
VirtualProtect
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
InterlockedFlushSList
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetFileType
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetACP
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
SystemTimeToTzSpecificLocalTime
ExitProcess
GetModuleFileNameA
GetStringTypeW
GetConsoleCP
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCPInfo
IsValidCodePage
GetOEMCP
FindFirstFileExA
FindNextFileA
GetCommandLineA
GetCommandLineW
SetEnvironmentVariableA
WriteConsoleW
HeapSize
EncodePointer
DecodePointer

Exports

Exports

?lJournalPlaybackProc@@YGJHIJ@Z
?lWndProc@@YGJPAUHWND__@@IIJ@Z
?lfTailleCompacte@@YAJPB_W@Z
?lfTailleDecompacte@@YAJPB_W@Z
?nfCompacte@@YAFPB_W0@Z
CheckVersion
CommandeComposante
DeclareProxy
Execution
ExternalTermLibrary
InfoComposante
_nResHookCbtFilter_STD@12
bExternalInitLibrary
bInitWLConvFromVM
pQueryProxy

Sections

.text
Size: 877KB - Virtual size: 877KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 330KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 446KB - Virtual size: 445KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wd230trs.dll
.dll windows:6 windows x86 arch:x86

2747956f5ac39217b79b83de9df472b3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/10/2017, 00:00

Not After

04/12/2019, 23:59

Subject

CN=PC SOFT INFORMATIQUE,OU=Quality Assurance,O=PC SOFT INFORMATIQUE,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

72:c3:18:20:f9:91:b9:a2:cd:20:53:88:f4:59:c0:f9:bf:ec:4e:eb
Signer

Actual PE Digest

72:c3:18:20:f9:91:b9:a2:cd:20:53:88:f4:59:c0:f9:bf:ec:4e:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\source\source.RR\98815\Release_wdtrs_166\WX\Desktop_x86_32\Release\wd230trs.pdb

Imports

kernel32

Sleep
GetComputerNameW
GetModuleFileNameW
InterlockedExchangeAdd
WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
GetProcAddress
LoadLibraryW
GetFileInformationByHandle
GetLogicalDriveStringsW
GetVolumeInformationW
CloseHandle
WriteFile
ReadFile
SetFilePointer
LockFile
LockFileEx
UnlockFile
UnlockFileEx
FlushFileBuffers
SetEndOfFile
SetFileValidData
SetErrorMode
SetLastError
CreateFileW
DeleteFileW
FindClose
GetLastError
GetFullPathNameW
GetDriveTypeW
HeapAlloc
GetProcessHeap
HeapFree
FreeLibrary
FormatMessageW
LocalFree
GetModuleHandleW
GetCurrentProcess
DecodePointer
GetFileAttributesW
InterlockedDecrement
SetFilePointerEx
GetConsoleMode
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
EncodePointer
RaiseException
InterlockedFlushSList
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetFileType
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStringTypeW
GetACP
GetStdHandle
LCMapStringW
SetStdHandle
HeapReAlloc
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetConsoleCP
WriteConsoleW

Exports

Exports

CheckVersion
CommandeComposante
DeclareProxy
Execution
ExternalTermLibrary
bExternalInitLibrary
bInitWLConvFromVM
pQueryProxy

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wd230vm.dll
.dll windows:5 windows x86 arch:x86

20fd68f5b8917f7f67d470681cbe9623

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/10/2017, 00:00

Not After

04/12/2019, 23:59

Subject

CN=PC SOFT INFORMATIQUE,OU=Quality Assurance,O=PC SOFT INFORMATIQUE,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

97:e5:1a:d2:26:6b:41:e8:c5:97:64:51:82:1f:a8:36:13:c3:32:ad
Signer

Actual PE Digest

97:e5:1a:d2:26:6b:41:e8:c5:97:64:51:82:1f:a8:36:13:c3:32:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\source\source.YB\101503\Release_wdvm_131\wx\Desktop_x86_32\Release\wd230vm.PDB

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
InterlockedExchangeAdd
SetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
GetSystemTime
GetProcAddress
MulDiv
LocalAlloc
LocalFree
GetVersionExW
GetModuleHandleW
LoadLibraryW
GetFileInformationByHandle
GetLogicalDriveStringsW
GetVolumeInformationW
CloseHandle
WriteFile
GetLastError
ReadFile
SetFilePointer
LockFile
LockFileEx
UnlockFile
UnlockFileEx
FlushFileBuffers
SetEndOfFile
SetFileValidData
SetErrorMode
SystemTimeToFileTime
FileTimeToSystemTime
CreateFileW
GetTickCount
Sleep
DeleteFileW
CopyFileW
CreateDirectoryW
FindFirstFileW
FindClose
GetFileAttributesW
SetFileAttributesW
FindFirstFileExW
FindNextFileW
GetTempPathW
GetCurrentDirectoryW
GetTempFileNameW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetFullPathNameW
GetDriveTypeW
QueryDosDeviceW
FileTimeToLocalFileTime
HeapFree
GetProcessHeap
HeapAlloc
FindResourceW
LoadResource
LockResource
FreeLibrary
IsBadReadPtr
GetModuleFileNameW
VirtualQuery
GetModuleFileNameA
GetSystemInfo
GetCurrentProcess
GetCurrentProcessId
GetPrivateProfileStringW
GetCurrentThreadId
CreateThread
WaitForSingleObject
TerminateProcess
InterlockedExchange
GetProfileStringW
SetUnhandledExceptionFilter
RaiseException
GetProfileIntW
SearchPathW
HeapCreate
HeapDestroy
HeapReAlloc
CompareStringW
CompareStringA
GetSystemDefaultLCID
FormatMessageW
GetTimeZoneInformation
CreateEventW
SetEvent
ResetEvent
GetUserDefaultLangID
CreateMutexW
ReleaseMutex
OpenMutexW
CreateSemaphoreW
ReleaseSemaphore
WaitForMultipleObjects
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileIntW
IsDebuggerPresent
TlsGetValue
VirtualProtect
QueryPerformanceCounter
GetLocaleInfoW
IsBadWritePtr
TlsSetValue
OpenEventW
LCMapStringA
LCMapStringW
GlobalMemoryStatusEx
GetCommandLineW
TlsAlloc
TlsFree
CreateProcessW
GetComputerNameW
GlobalAlloc
GlobalLock
GlobalUnlock
LoadLibraryExW
WritePrivateProfileStringW
QueryPerformanceFrequency
ResumeThread
PulseEvent
SuspendThread
SetThreadPriority
VirtualAlloc
VirtualFree
OutputDebugStringW
TerminateThread
GetProcessAffinityMask
SizeofResource
WinExec
GetNumberFormatW
GetCurrencyFormatW
LoadLibraryExA
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetStringTypeW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetACP
GetStdHandle
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetConsoleCP
GetConsoleMode
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetFilePointerEx
WriteConsoleW
HeapSize
ReadConsoleW
EncodePointer
DecodePointer

Exports

Exports

CheckVersion
CommandeComposante
DeclareProxy
EXT_GetInfoInstance
EXT_LibereContexteExterne
EXT_SetInfoInstance
EXT_Term
EXT_bAppelDelegue
EXT_bAppelMethodeInstance
EXT_bAppelMethodeStatique
EXT_bAppelProcedure
EXT_bChargeWDL
EXT_bChargeWDLRes
EXT_bExecuteInitialisation
EXT_bExecuteTerminaison
EXT_bGetMembreInstance
EXT_bGetMembreStatique
EXT_bGetVariableCollection
EXT_bInit
EXT_bLibereInstance
EXT_bSetMembreInstance
EXT_bSetMembreStatique
EXT_bSetVariableCollection
EXT_pAlloueInstance
EXT_pCreeContexteExterne
EXT_pGetClasse
EXT_piGetVMExterne
EXT_pszGetMessageErreur
EXT_pszGetMessageErreurDelegue
Execution
FinConversion
InfoComposante
InfoVersionWeb
InitDLL
InitDLLEx
OBJ_pclGetTauxDeChange
TermDLL
TermLibrary
WLEFermeWDLNum
WLEFermeWDLRes
WLEFermeWDLResMyModule
WLEReprise
WLETerm
WL_CheminDLL
WL_CheminDLL_W
WL_DonneFinInit
WL_DonneGPU
WL_DonneGPU_W
WL_DonneREP
WL_DonneREP_W
WL_DonneWDL
WL_DonneWDL_W
WL_InitGoRequete
WL_ListeDLL
WL_ListeDLL_W
WL_ListeWDL
WL_ListeWDL_W
WL_Run_Res
WL_Run_Res_Cmd
WL_Run_Res_Cmd_W
WL_Run_Res_W
WL_Run_Service
WL_Run_Service_Cmd
WL_Run_Service_Cmd_W
WL_Run_Service_W
WL_SetParam
WL_Term_Service
WL_TestEx
WL_TestEx_W
bCanCompare
bCanCompareEx
bInitLibrary
bIsBoolean
bIsString
bIsStringAW
bNegatif
bWL_MultiRemoteControl_A
bWL_MultiRemoteControl_W
bWL_RemoteControl_A
bWL_RemoteControl_W
nAddition
nAdditionEx
nCommencePar
nCommenceParEx
nCommenceParSouple
nCommenceParSoupleEx
nCommenceParTresSouple
nCommenceParTresSoupleEx
nComparaison
nComparaisonEx
nContientEx
nContientSoupleEx
nContientTresSoupleEx
nConversion
nConversionDepassement
nConversionDepassementEx
nConversionDepassementExt
nDivision
nDivisionEx
nETLogique
nETLogiqueEx
nEgalite
nEgaliteEx
nInferieur
nInferieurEx
nModulo
nModuloEx
nMultiplication
nMultiplicationEx
nNONLogique
nNONLogiqueEx
nNegation
nNegationEx
nOULogique
nOULogiqueEx
nPresqueEgal
nPresqueEgalEx
nSoupleEgal
nSoupleEgalEx
nSoustraction
nSoustractionEx
nSuperieur
nSuperieurEx
nTermineParEx
nTermineParSoupleEx
nTermineParTresSoupleEx
nWLEAppelle
nWLEAppelleEx
nWLEChampExiste
nWLEChampExisteA
nWLECompile
nWLECompileA
nWLEEcritPropElem
nWLEEcritPropElemA
nWLEEcritPropElemCle
nWLEEcritPropElemCleA
nWLEEcritPropElemInd
nWLEEcritPropElemInd2
nWLEEcritPropElemInd2A
nWLEEcritPropElemIndA
nWLEEcritPropSousElem
nWLEEcritPropSousElemA
nWLEEcritPropSousElemInd
nWLEEcritPropSousElemIndA
nWLEEcritVariableWL
nWLEEmpile
nWLEEmpileEx
nWLEEvalue
nWLEEvalueA
nWLEExecute
nWLEExecuteA
nWLEExecuteProcedure
nWLEExecuteProcedureA
nWLEExecuteTraitement
nWLEExecuteTraitementA
nWLEGetHFContext
nWLEGetIEXE
nWLEGetLibShop
nWLEGetVM
nWLEGetVMData
nWLEInit
nWLEInitEx
nWLEInitProjet
nWLELitPropElem
nWLELitPropElemA
nWLELitPropElemAny
nWLELitPropElemAnyA
nWLELitPropElemAnyInd
nWLELitPropElemAnyInd2
nWLELitPropElemAnyInd2A
nWLELitPropElemAnyIndA
nWLELitPropElemCle
nWLELitPropElemCleA
nWLELitPropElemInd
nWLELitPropElemInd2
nWLELitPropElemInd2A
nWLELitPropElemIndA
nWLELitPropSousElem
nWLELitPropSousElemA
nWLELitPropSousElemInd
nWLELitPropSousElemIndA
nWLELitVariableWL
nWLEOPMT
nWLEOperation
nWLEOuvreWDL
nWLEOuvreWDLA
nWLEOuvreWDLEx
nWLEOuvreWDLExMyModule
nWLEOuvreWDLNum
nWLEOuvreWDLNumA
nWLEOuvreWDLRes
nWLEOuvreWDLResMyModule
nWLESetCallback
nWLESetCallbackA
nWLESetCallbackModule
nWLESetCallbackModuleA
nWLESetCompatible
nWLESetCompatibleA
nWLESetHFContext
nWLESetPECallback
nWLESetPECallbackA
nWLESetParent
nWLETermProjet
pQueryProxy
pWLEChercheContexteElement
pWLEChercheContexteElementA
pWLEGetContexteElement
pWLEModifieContexteElement
pWLERestaureContexteElement
pWLESetCallbackElement
pWLESetCallbackElementA
wAjoute
wAjouteEx
wDivise
wDiviseEx
wModulo
wModuloEx
wMultiplie
wMultiplieEx
wSoustrait
wSoustraitEx

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 625KB - Virtual size: 625KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wd230xml.dll
.dll windows:5 windows x86 arch:x86

3ff85b17c99206518177c97f5d8d88f0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/10/2017, 00:00

Not After

04/12/2019, 23:59

Subject

CN=PC SOFT INFORMATIQUE,OU=Quality Assurance,O=PC SOFT INFORMATIQUE,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8b:a0:9e:7e:2f:92:b0:4e:2e:4c:fc:ed:e2:08:24:91:10:56:1c:0d
Signer

Actual PE Digest

8b:a0:9e:7e:2f:92:b0:4e:2e:4c:fc:ed:e2:08:24:91:10:56:1c:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\source\source.AP\101384\Release_wdxml_56\WX\Desktop_x86_32\Release\wd230xml.pdb

Imports

ws2_32

ioctlsocket
__WSAFDIsSet
WSACancelBlockingCall
WSACleanup
WSAGetLastError
closesocket
gethostbyname
select
WSAStartup
send
socket
connect
recv
getsockopt
htons

kernel32

SetFilePointerEx
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
InterlockedDecrement
InterlockedIncrement
InterlockedExchangeAdd
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
InterlockedCompareExchange
CreateMutexW
WaitForSingleObject
ReleaseMutex
Sleep
CloseHandle
GetVersionExW
GetProcAddress
SetLastError
GetLocalTime
GetLastError
LoadLibraryW
GetFileInformationByHandle
GetLogicalDriveStringsW
GetVolumeInformationW
WriteFile
ReadFile
SetFilePointer
LockFile
LockFileEx
UnlockFile
UnlockFileEx
FlushFileBuffers
SetEndOfFile
SetFileValidData
SetErrorMode
WriteConsoleW
CreateFileW
DeleteFileW
CreateDirectoryW
FindClose
GetFileAttributesW
GetTempPathW
GetCurrentDirectoryW
GetTempFileNameW
GetFullPathNameW
GetDriveTypeW
HeapAlloc
GetProcessHeap
HeapFree
FreeLibrary
DecodePointer
CompareStringW
FormatMessageW
LocalFree
GetTimeZoneInformation
InterlockedExchange
GetModuleHandleW
GetCurrentProcess
HeapSize
FindFirstFileExA
SetStdHandle
RaiseException
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
EncodePointer
InterlockedFlushSList
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetFileType
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetFullPathNameA
GetACP
GetStringTypeW
HeapReAlloc
GetStdHandle
LCMapStringW

ole32

CoCreateGuid

Exports

Exports

CheckVersion
CommandeComposante
Execution
ExternalTermLibrary
InfoComposante
bExternalInitLibrary
bInitWLConvFromVM
pQueryProxy

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 525B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wd230zip.dll
.dll windows:6 windows x86 arch:x86

74b7a6028805e249a5b52ac865b766a3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

05/10/2017, 00:00

Not After

04/12/2019, 23:59

Subject

CN=PC SOFT INFORMATIQUE,OU=Quality Assurance,O=PC SOFT INFORMATIQUE,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:10:b5:fd:5c:7b:b1:8e:af:49:89:0e:48:d9:8a:d1:12:4e:dd:c7
Signer

Actual PE Digest

52:10:b5:fd:5c:7b:b1:8e:af:49:89:0e:48:d9:8a:d1:12:4e:dd:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

B:\source\source.AV\100455\Release_wdzip_113\WX\Desktop_x86_32\Release\wd230zip.pdb

Imports

mpr

WNetGetUniversalNameW
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

cabinet

ord11
ord20
ord21
ord22
ord13
ord14
ord23
ord12
ord10

kernel32

WideCharToMultiByte
GetTickCount
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileA
GetFileInformationByHandle
CloseHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA
CreateFileW
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesW
FileTimeToSystemTime
FormatMessageW
FindResourceW
LoadResource
LockResource
SizeofResource
LocalFree
LoadLibraryW
GetProcAddress
GetLogicalDriveStringsW
GetVolumeInformationW
WriteFile
ReadFile
SetFilePointer
LockFile
LockFileEx
UnlockFile
UnlockFileEx
FlushFileBuffers
SetEndOfFile
SetFileValidData
SetErrorMode
SetLastError
GetFileTime
SystemTimeToFileTime
Sleep
DeleteFileW
MoveFileW
CopyFileW
CreateDirectoryW
FindFirstFileW
FindClose
GetFileAttributesExW
GetFileAttributesW
FindFirstFileExW
FindNextFileW
GetTempPathW
GetCurrentDirectoryW
GetTempFileNameW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetFullPathNameW
GetDriveTypeW
QueryDosDeviceW
HeapAlloc
GetProcessHeap
HeapFree
MultiByteToWideChar
InterlockedExchangeAdd
FreeLibrary
CompareStringW
GetTimeZoneInformation
GetSystemTime
GetCurrentThreadId
GetVersionExW
GetModuleHandleW
GetCurrentProcess
GetLocalTime
GetProfileStringW
WritePrivateProfileStringW
SetCurrentDirectoryW
LoadLibraryExW
MoveFileA
GetStdHandle
GetFileType
FindFirstFileA
FindNextFileA
VirtualQuery
IsDBCSLeadByte
CompareFileTime
GetSystemInfo
WaitForMultipleObjects
VirtualFree
VirtualAlloc
ReleaseSemaphore
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
HeapSize
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
WriteConsoleW
SetStdHandle
HeapReAlloc
GetStringTypeW
GetLastError
InterlockedDecrement
InterlockedIncrement
DecodePointer
GetModuleFileNameW
GetCPInfo
LCMapStringW
GetACP
GetModuleFileNameA
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
EncodePointer
InterlockedFlushSList
RtlUnwind
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
ExitProcess

user32

CharUpperW
CharToOemA
MessageBoxW
GetActiveWindow
CharLowerW
OemToCharBuffA
CharToOemBuffA
SendMessageW
IsWindow
OemToCharA

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
SetFileSecurityW
OpenProcessToken
SetFileSecurityA

oleaut32

VariantClear
VariantCopy
SysFreeString
SysAllocString
SysAllocStringByteLen

Exports

Exports

CheckVersion
CommandeComposante
DeclareProxy
Execution
ExternalTermLibrary
InfoComposante
bExternalInitLibrary
bInitWLConvFromVM
pQueryProxy

Sections

.text
Size: 590KB - Virtual size: 589KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8d3143cec19bf7cb1d562e298b535b1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9bCertificate

Extended Key Usages

Key Usages

58:a0:89:c2:71:43:7b:0d:36:ef:5a:6e:cd:14:fc:f0:92:21:7f:95Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 58KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 244B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

7de68a559169452a6729ae1b48c55644

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 186KB - Virtual size: 186KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 5KB - Virtual size: 9KB

.gfids Size: 512B - Virtual size: 244B

.rsrc Size: 3.1MB - Virtual size: 3.1MB

.reloc Size: 13KB - Virtual size: 12KB

085842618796e971fb8cab793d8e6583

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9bCertificate

Extended Key Usages

Key Usages

14:20:79:a8:ba:df:96:79:e0:d4:8c:e7:38:36:1f:d7:2b:ac:90:d5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

ole32

oleaut32

winmm

Exports

Exports

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

58:a0:89:c2:71:43:7b:0d:36:ef:5a:6e:cd:14:fc:f0:92:21:7f:95
Signer

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 244B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 186KB - Virtual size: 186KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 5KB - Virtual size: 9KB

.gfids
Size: 512B - Virtual size: 244B

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

.reloc
Size: 13KB - Virtual size: 12KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

14:20:79:a8:ba:df:96:79:e0:d4:8c:e7:38:36:1f:d7:2b:ac:90:d5
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 793KB - Virtual size: 793KB

.data
Size: 71KB - Virtual size: 649KB

.gfids
Size: 512B - Virtual size: 320B

.rsrc
Size: 907KB - Virtual size: 906KB

.reloc
Size: 129KB - Virtual size: 128KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

d6:1a:f5:4a:33:8c:63:4a:16:dd:60:53:50:d5:80:8d:b4:7d:47:76
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 986KB - Virtual size: 986KB

.data
Size: 43KB - Virtual size: 46KB

.gfids
Size: 512B - Virtual size: 280B

.rsrc
Size: 366KB - Virtual size: 366KB

.reloc
Size: 176KB - Virtual size: 176KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7f:b2:86:d4:53:b5:c5:7e:8e:09:c9:c9:94:06:8b:9b
Certificate

30:3d:19:a8:30:f7:13:49:7d:81:72:aa:24:f1:b7:9d:01:ba:ab:02
Signer

.text
Size: 178KB - Virtual size: 177KB

.rdata
Size: 97KB - Virtual size: 96KB

.data
Size: 5KB - Virtual size: 8KB

.gfids
Size: 512B - Virtual size: 232B

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 12KB - Virtual size: 11KB