40f4993eeef5c31e0e44bf468e7f4d52_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

40f4993eeef5c31e0e44bf468e7f4d52_JaffaCakes118
Size

6.1MB
MD5

40f4993eeef5c31e0e44bf468e7f4d52
SHA1

5fdd72a1bc1798572419635105c788306f9d042b
SHA256

863a2cca914524e02e213dd258386b56880f84ac0e1e6b34c839bcd35958402b
SHA512

8fbbeed0095575c16629930ebd65786342ba90b5771fa1fe95285e04b1d7fd40bd5bb5d5a785d58b69a616fb252f18eb0fb53ef1cf6c5e5c3a10c88c3c981dde
SSDEEP

98304:pIyhkGP7LPVnx//CUzZ6Fh5R7ps85On01mC9BFW0UW2FCyRQXTSsTSdc0hgZFyq7:yyW8x9LzihL7m85Om9B00ACyRYTy2FyM

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/AdvSplash.dll
unpack002/$PLUGINSDIR/AlwaysOnTop.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/NSISAutoSetupPlugin.dll
unpack002/$PLUGINSDIR/NSISTrigger.dll
unpack002/$PLUGINSDIR/UserInfo.dll
unpack002/$PLUGINSDIR/nsisos.dll
unpack002/$TEMP/DaumIESetting.exe
unpack002/$TEMP/DaumIEStartPage.dll
unpack002/$TEMP/NSISPromotionEx.dll
unpack002/libavcodec.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/gomplayer setup.exe	nsis_installer_1
static1/unpack001/gomplayer setup.exe	nsis_installer_2

Files

40f4993eeef5c31e0e44bf468e7f4d52_JaffaCakes118
.zip
gomplayer setup.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

02/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:87:d8:bd:8a:13:11:cd:c7:9e:31:fb:1f:45:2e:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/03/2012, 00:00

Not After

06/05/2013, 23:59

Subject

CN=GRETECH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=GRETECH,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AdvSplash.dll
.dll windows:4 windows x86 arch:x86

d347bd7fee30a85a5438127ef69a20d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA
timeSetEvent
timeKillEvent

kernel32

GetVersion
lstrcpynA
GlobalAlloc
GetProcAddress
GetModuleHandleA
lstrcatA
GlobalFree
lstrcpyA

user32

GetClientRect
EndPaint
DefWindowProcA
DestroyWindow
SetWindowRgn
wsprintfA
SystemParametersInfoA
DispatchMessageA
GetMessageA
IsWindow
CreateWindowExA
LoadImageA
RegisterClassA
LoadCursorA
EnumDisplaySettingsA
SetWindowLongA
SetWindowPos
InvalidateRect
PostMessageA
UnregisterClassA
BeginPaint

gdi32

GetObjectA
GetDIBits
CreateRectRgn
DeleteObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CombineRgn

Exports

Exports

show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 442B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AlwaysOnTop.dll
.dll windows:4 windows x86 arch:x86

c56daabd0b59e7a0804d633593e01907

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetWindowPos

Exports

Exports

SetAlwaysOnTop
SetNoAlwaysOnTop

Sections

.text
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISAutoSetupPlugin.dll
.dll windows:4 windows x86 arch:x86

d0d278fb6cea268ff7b5e239775d5bc7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

RegisterClassExA
SetTimer
CreateWindowExA
PostQuitMessage
PostMessageA
IsWindowEnabled
GetDlgItem
DefWindowProcA

Exports

Exports

StartAutoSetup

Sections

.text
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 361B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISTrigger.dll
.dll windows:5 windows x86 arch:x86

aac204d3139a0d421457147fdec8fb19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\SVN\GOMDev\NSIS\NSISTrigger\Release\NSISTrigger.pdb

Imports

kernel32

InterlockedDecrement
lstrlenA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
IsBadStringPtrW
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
SetThreadPriority
GetCurrentThread
WriteFile
CloseHandle
FreeLibrary
LoadLibraryW
InterlockedExchange
lstrcpyA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
GlobalFree

user32

RegisterWindowMessageW
PostMessageW
FindWindowW
SendMessageW

msvcr90

memset
??3@YAXPAX@Z
strchr
memcpy
??_V@YAXPAX@Z
memmove
_wtoi
iswdigit
wcsncmp
swprintf_s
vswprintf_s
??2@YAPAXI@Z
free
wcscpy_s
_vsnwprintf
_stricmp
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
??_U@YAPAXI@Z
__CxxFrameHandler3

wininet

InternetCanonicalizeUrlW
InternetSetOptionW
InternetOpenUrlW
HttpQueryInfoW
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle
InternetOpenW

ws2_32

gethostbyname
WSACleanup
gethostname
WSAStartup

Exports

Exports

Trigger

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SkinKidslock.ini
$PLUGINSDIR/SkinYahooToolBar_kr.ini
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

afa8e526425f3585465337467d0b5909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
lstrcpynA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/YahooToolbar_kr.bmp
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/kidslock.bmp
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsisos.dll
.dll windows:1 windows x86 arch:x86

a70233c77fd258ec47709388c2338273

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetEnvironmentStringsA
GetVersionExA
RtlUnwind
RtlZeroMemory
lstrcpyA

crtdll

_fdopen
_open_osfhandle
_ultoa
fclose
_cexit
malloc
printf
raise
setbuf
strcpy

Exports

Exports

osplatform
osversion

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 80B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 588B - Virtual size: 588B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 156B - Virtual size: 156B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 96B - Virtual size: 96B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/welcome.bmp
$TEMP/DaumIESetting.exe
.exe windows:5 windows x86 arch:x86

6bba87a1266e0e846e3b9c929207aaeb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\배동욱\My Documents\Visual Studio 2008\Projects\DaumIESetting\Release\DaumIESetting.pdb

Imports

wininet

InternetCloseHandle
HttpOpenRequestW
HttpSendRequestW
InternetConnectW
InternetReadFile
InternetOpenW

kernel32

HeapAlloc
FlushFileBuffers
CloseHandle
CreateFileA
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/DaumIEStartPage.dll
.dll windows:5 windows x86 arch:x86

bd4a19466cbb084691af7e495fc741c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
LocalFree
CloseHandle
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GetCurrentProcess
lstrcpynA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetCurrentThreadId
GetCommandLineA
GetLastError
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringW
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RaiseException
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
RtlUnwind
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapSize

advapi32

OpenProcessToken
RegSetValueExW
RegCloseKey
GetLengthSid
DuplicateTokenEx
ConvertStringSidToSidW
SetTokenInformation
CreateProcessAsUserW
RegQueryValueExW
RegCreateKeyExW

wininet

HttpOpenRequestW
InternetReadFile
InternetOpenW
InternetCloseHandle
InternetConnectW
HttpSendRequestW

Exports

Exports

SendStartPage
SendStartPageWithLowProcess
SetStartPage

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/NSISPromotionEx.dll
.dll windows:5 windows x86 arch:x86

7128711d4282bd92b72b2955c09982c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\SVN\GOMDev\NSIS\NSISPromotionEx\Release\NSISPromotionEx.pdb

Imports

kernel32

FreeResource
SizeofResource
WriteFile
GetFileAttributesW
CreateDirectoryW
GetTickCount
GetFileSize
GetPrivateProfileStringA
WritePrivateProfileStringW
GetVersionExW
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetThreadPriority
GetCurrentThread
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
IsBadStringPtrW
IsBadReadPtr
IsBadWritePtr
GlobalUnlock
GlobalLock
CreateFileA
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
LoadLibraryA
LockResource
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
HeapDestroy
HeapCreate
HeapReAlloc
VirtualAlloc
VirtualFree
ExitProcess
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
RtlUnwind
LoadResource
FindResourceW
GetTempFileNameW
GetTempPathW
RaiseException
GetCommandLineA
GetCurrentThreadId
CreateThread
ResumeThread
ExitThread
HeapFree
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
lstrcatW
GetPrivateProfileIntW
GetExitCodeProcess
GetLastError
GetSystemDefaultUILanguage
MulDiv
Sleep
ReadFile
SetFilePointer
CreateFileW
FreeLibrary
GetProcAddress
LoadLibraryW
WideCharToMultiByte
lstrlenW
DeleteFileW
GetPrivateProfileStringW
GetModuleFileNameW
WaitForSingleObject
CloseHandle
CreateProcessW
GetACP
GetVersion
MultiByteToWideChar
lstrlenA
lstrcpyA
GlobalFree
GlobalAlloc
FlushFileBuffers
lstrcpynA

user32

SetWindowTextW
GetDlgItem
MoveWindow
ScreenToClient
EndDialog
ShowWindow
SendMessageW
GetDC
InvalidateRect
GetSysColor
GetSysColorBrush
SetTimer
GetParent
PostMessageW
GetWindowRect
DialogBoxParamW
SetWindowPos
GetClientRect
MessageBoxW
PeekMessageW
DispatchMessageW
SetWindowLongW
LoadBitmapW
PostQuitMessage
BeginPaint
ReleaseDC
CallWindowProcW
RemovePropW
GetPropW
SetPropW
EnableWindow
LoadStringW
RegisterWindowMessageW
ClientToScreen
GetWindowTextW
GetWindowTextLengthW
IsWindow
GetWindowLongW
OffsetRect
CopyRect
SystemParametersInfoW
GetMonitorInfoW
MonitorFromRect
FindWindowW
DefWindowProcW
KillTimer
EndPaint
PtInRect
GetCursorPos

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

ole32

CreateStreamOnHGlobal
OleSetContainedObject
OleCreate
CoUninitialize
CoInitialize

shell32

ShellExecuteExW
ShellExecuteW

oleaut32

VariantClear
OleLoadPicture
SysAllocString
SysFreeString
VariantInit

gdi32

LineTo
MoveToEx
TextOutW
CreatePen
SetBkMode
SelectObject
SetBkColor
GetBkColor
CreateSolidBrush
SetTextColor
CreateFontIndirectW
GetObjectW
CreateCompatibleDC
DeleteDC
CreateDIBSection
BitBlt
DeleteObject

wintrust

WinVerifyTrust

comctl32

ImageList_Destroy
ImageList_AddMasked
ImageList_Create
ord17
ImageList_Draw

wininet

InternetCloseHandle
InternetReadFile
InternetGetCookieW
InternetSetCookieW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetOpenW
InternetSetOptionW
InternetOpenUrlW
HttpQueryInfoW
InternetQueryDataAvailable

ws2_32

gethostname
gethostbyname
WSACleanup
WSAStartup

Exports

Exports

AucTrigger
Check11Uninstall
CheckAskToolBarCanInstall
CheckBaiDuIMEInstall
CheckGSearch
CheckGoogleChromeInstall
CheckGoogleToolbarInstall
CheckNetCodec_KOR
CheckPromotionInstall
CheckYahooToolbarInstall
CheckYandexToolBarCanInstall
DaumShowTrigger
DaumShowTriggerAudio
DaumShowTriggerRecorder
DaumTrigger
DaumTriggerAudio
DaumTriggerRecorder
Explorer11stTrigger
Favorite11stTrigger
Favorite11stTriggerSet
Favorite11stTriggerSetAudio
Favorite11stTriggerView
Favorite11stTriggerViewAudio
FavoriteEmartTriggerSet
FavoriteEmartTriggerSetAudio
FavoriteEmartTriggerView
FavoriteEmartTriggerViewAudio
GetBaiDuIME_Path
GetCountryCode
GetSectionPromotionPath
GomAYhoToolbarInstallTrigger
GomAYhoToolbarShowTrigger
HttpTrigger
InstBaiDuIME
InstGChrome
InstGSearch
InstGToolbar
InstYHToolbar
ReadCookie
RequestPromotionInstall
SetupNetCodec_KOR
ShopIcon11stTrigger
Shorcut11stTrigger
Shortcut11stTriggerSet
Shortcut11stTriggerSetAudio
Shortcut11stTriggerView
Shortcut11stTriggerViewAudio
ShortcutEmartTriggerSet
ShortcutEmartTriggerSetAudio
ShortcutEmartTriggerView
ShortcutEmartTriggerViewAudio
Verify
Verify2
WriteCookie
YhoShowTrigger
YhoToolbarAgreeTrigger
YhoToolbarInstallTrigger
YhoToolbarShowTrigger
YhoTrigger

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 339KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/NSISPromotionEx.ini
$TEMP/spltmp.bmp
GOM.EXE
.exe windows:4 windows x86 arch:x86

7b7f51334293d27d442bf2143983bf9a

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

02/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:87:d8:bd:8a:13:11:cd:c7:9e:31:fb:1f:45:2e:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/03/2012, 00:00

Not After

06/05/2013, 23:59

Subject

CN=GRETECH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=GRETECH,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mixerGetControlDetailsW
mixerSetControlDetails
mixerGetDevCapsW
mixerGetLineInfoW
mixerGetID
mixerOpen
mixerGetLineControlsW
mixerGetNumDevs
mixerClose
waveOutGetNumDevs

kernel32

GetEnvironmentStrings
GetCommandLineA
SetHandleCount
GetStdHandle
GetStartupInfoA
HeapCreate
VirtualFree
GetModuleFileNameA
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
CompareStringA
SetUnhandledExceptionFilter
GetCurrentDirectoryA
GetCPInfo
GetOEMCP
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA
GetEnvironmentStringsW
GetModuleHandleW
GetFileType
CloseHandle
ReadFile
CreateFileW
LockResource
LoadResource
FindResourceW
GetFullPathNameW
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringW
GetCurrentProcessId
lstrcpyW
GetProcAddress
CompareStringW
GetPrivateProfileIntW
WaitForSingleObject
SetEvent
ResetEvent
GetLastError
CreateThread
WaitForMultipleObjects
GlobalFree
DeleteFileW
SetFilePointer
GlobalAlloc
DeviceIoControl
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetDriveTypeA
HeapSize
CreateSemaphoreW
ReleaseSemaphore
GetProfileStringA
GlobalAddAtomA
FindResourceA
SetStdHandle
ExitThread
RaiseException
HeapReAlloc
GetLocalTime
GetSystemTime
GetTimeZoneInformation
IsBadReadPtr
HeapAlloc
RtlUnwind
ExitProcess
GetStartupInfoW
GlobalSize
SetErrorMode
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
TlsAlloc
GlobalFlags
lstrcmpiA
GetProfileIntW
GlobalGetAtomNameW
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
lstrcmpiW
GetThreadLocale
MoveFileW
SetEndOfFile
UnlockFile
LockFile
DuplicateHandle
SuspendThread
ResumeThread
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpA
GlobalAddAtomW
GlobalDeleteAtom
FlushFileBuffers
InterlockedExchange
CreateEventW
GetTempFileNameW
SetThreadPriority
CreateFileA
GetCurrentThread
IsDBCSLeadByteEx
GetFileInformationByHandle
GetDiskFreeSpaceW
GetCommandLineW
GetCurrentDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
FindFirstFileW
FindNextFileW
FindClose
GetFileTime
GetModuleHandleA
VirtualProtect
SetLastError
CreateDirectoryW
GetSystemDefaultLCID
GetSystemWindowsDirectoryW
GetVolumeInformationW
GetSystemDirectoryA
GetACP
GetShortPathNameW
HeapDestroy
InterlockedDecrement
InterlockedIncrement
GlobalFindAtomW
SetPriorityClass
CreateToolhelp32Snapshot
Process32FirstW
TerminateProcess
OpenProcess
Process32NextW
LoadLibraryA
SizeofResource
GetExitCodeProcess
GetSystemInfo
CreateProcessW
GetWindowsDirectoryW
GetLocaleInfoW
GetVersion
GetProcessHeap
HeapFree
TerminateThread
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
GetDriveTypeW
GetUserDefaultLangID
CopyFileW
lstrcpynW
GetFileAttributesW
GetLogicalDrives
WinExec
MulDiv
SetCurrentDirectoryW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FormatMessageW
GetUserDefaultLCID
GetVersionExW
GetTempPathW
lstrlenA
lstrcmpW
GetTickCount
Sleep
LoadLibraryW
GetModuleFileNameW
GlobalLock
GlobalHandle
GlobalUnlock
FreeLibrary
LocalAlloc
LocalFree
WriteFile
lstrlenW
lstrcatW
GetFileSize

user32

GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
SetMenuItemBitmaps
IsDialogMessageW
GetDlgItemTextW
SendDlgItemMessageA
MapWindowPoints
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
WinHelpW
GetClassInfoW
GetMenuItemID
GetDlgCtrlID
GetMessageTime
GetMessagePos
GetLastActivePopup
IsIconic
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExW
LoadCursorFromFileW
GetClassLongW
SetClassLongW
DestroyCursor
InvalidateRgn
CreateAcceleratorTableW
SendDlgItemMessageW
EndDialog
BeginPaint
EndPaint
DialogBoxIndirectParamW
GetPropW
SetPropW
SetDlgItemTextW
GetWindowTextLengthW
GetWindowPlacement
GrayStringW
TabbedTextOutW
LoadStringW
CharNextW
EnumWindows
SendMessageTimeoutW
SetWindowTextW
MapVirtualKeyW
GetKeyNameTextW
GetDesktopWindow
SubtractRect
SetParent
TrackPopupMenu
DestroyMenu
ExitWindowsEx
EqualRect
CreateDialogIndirectParamW
ShowCursor
GetActiveWindow
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
BringWindowToTop
IsChild
GetClassNameW
CreatePopupMenu
SetMenuItemInfoW
EnableMenuItem
GetMenuStringW
CheckMenuRadioItem
AppendMenuW
GetMenuItemCount
CopyAcceleratorTableW
DeleteMenu
RemoveMenu
InsertMenuW
GetDoubleClickTime
LoadAcceleratorsW
SetForegroundWindow
PostThreadMessageW
PostQuitMessage
GetClassInfoExW
SetActiveWindow
DefWindowProcA
CharNextA
CallWindowProcA
RemovePropA
SetWindowsHookExA
GetWindowLongA
SendMessageA
LockWindowUpdate
GetClassNameA
IsWindowVisible
DestroyIcon
AnimateWindow
SetLastErrorEx
MonitorFromRect
GetMonitorInfoW
RegisterClassExW
CreateWindowExW
DestroyWindow
DrawIcon
RemovePropW
CallWindowProcW
UnregisterHotKey
RegisterHotKey
EnumChildWindows
DrawTextW
GetCursorPos
ScreenToClient
IntersectRect
SetMenu
ModifyMenuW
FindWindowW
SetCursor
RedrawWindow
IsWindowEnabled
SetFocus
MessageBeep
OpenClipboard
GetClipboardData
CloseClipboard
GetFocus
GetWindow
GetCapture
UpdateWindow
GetKeyState
GetNextDlgTabItem
PtInRect
SetCapture
ValidateRect
GetMessageW
GetAsyncKeyState
MapDialogRect
wvsprintfW
WindowFromPoint
ReuseDDElParam
UnpackDDElParam
IsZoomed
RegisterClipboardFormatW
IsClipboardFormatAvailable
ShowOwnedPopups
SetWindowContextHelpId
GetSysColorBrush
ChangeDisplaySettingsW
ReleaseCapture
SetRectEmpty
DrawFrameControl
DrawEdge
DrawFocusRect
GetSysColor
GetWindowDC
ShowWindow
LoadMenuW
GetSubMenu
wsprintfA
MoveWindow
IsWindow
GetDlgItem
LoadIconW
PeekMessageW
SetWindowLongA
SetPropA
GetPropA
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
FindWindowExW
SetWindowRgn
RegisterWindowMessageA
PostMessageW
MessageBoxW
GetParent
SendMessageW
KillTimer
CheckMenuItem
CopyRect
FillRect
IsRectEmpty
SetTimer
EnumDisplaySettingsW
InvalidateRect
DefWindowProcW
LoadCursorW
RegisterClassW
EnableWindow
OffsetRect
InflateRect
UnionRect
RegisterWindowMessageW
CharUpperW
wsprintfW
GetClientRect
ClientToScreen
GetSystemMetrics
GetDC
ReleaseDC
LoadImageW
GetWindowLongW
SetWindowLongW
SetRect
GetMenu
AdjustWindowRectEx
SetWindowPos
SystemParametersInfoW
GetWindowRect
DefDlgProcA
GetClassInfoA
DrawTextA
GetWindowTextA
ExcludeUpdateRgn
ShowCaret
GetDCEx
IsWindowUnicode
GetNextDlgGroupItem
HideCaret
GetWindowTextLengthA
UnregisterClassW
GetWindowTextW

gdi32

PtVisible
RectVisible
Escape
GetTextMetricsW
CreateDIBSection
GetDIBColorTable
GetDIBits
CreateRoundRectRgn
CreateEllipticRgn
ExtCreateRegion
OffsetRgn
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
SetMapMode
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
CreateBitmap
GetMapMode
PatBlt
SetRectRgn
DPtoLP
GetTextColor
GetCharWidthW
LPtoDP
CopyMetaFileW
MoveToEx
LineTo
GetTextExtentPointW
CloseFigure
EndPath
GetPath
AbortPath
BeginPath
TextOutA
GetTextExtentPoint32A
CreateFontA
GetClipBox
SaveDC
CreatePen
RestoreDC
ExtTextOutW
GetCurrentObject
CreateFontIndirectW
PtInRegion
CreatePolygonRgn
FrameRgn
Polygon
EnumFontFamiliesExW
CreateSolidBrush
GetBkColor
StretchDIBits
CreateCompatibleBitmap
Rectangle
CreateRectRgn
BitBlt
GetStockObject
CreateRectRgnIndirect
CombineRgn
FillRgn
GetDeviceCaps
SetTextCharacterExtra
SetBkMode
CreateFontW
SetBkColor
SetTextColor
TextOutW
CreateCompatibleDC
StretchBlt
DeleteDC
SelectObject
GetTextExtentPoint32W
GetObjectW
ExtTextOutA
GetTextExtentPointA
CreateDIBitmap
DeleteObject

comdlg32

GetSaveFileNameW
ChooseColorW
GetFileTitleW
GetOpenFileNameW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegSetValueW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegOpenKeyW
RegEnumKeyExW
RegFlushKey
RegCreateKeyA
RegCreateKeyW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
GetFileSecurityW
SetFileSecurityW
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegSetValueExA
RegCloseKey
RegSetValueA
RegQueryValueExA
RegQueryValueW
RegQueryValueA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyA
RegEnumValueW
RegEnumValueA
RegEnumKeyExA

shell32

DragAcceptFiles
Shell_NotifyIconW
DragQueryPoint
SHChangeNotify
SHFileOperationW
DragQueryFileW
DragFinish
SHAppBarMessage
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW

comctl32

ImageList_Draw
ImageList_AddMasked
_TrackMouseEvent
ord17
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_Destroy
ImageList_Create
ImageList_LoadImageW

oledlg

OleUIBusyW

ole32

ReleaseStgMedium
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoFreeUnusedLibraries
OleLockRunning
CLSIDFromProgID
OleCreate
OleSetContainedObject
CreateStreamOnHGlobal
OleGetClipboard
StgCreateDocfile
OleUninitialize
OleInitialize
CoRegisterClassObject
OleSaveToStream
StringFromGUID2
CoCreateInstance
CLSIDFromString
CoGetObject
CoCreateGuid
CoRevokeClassObject
CoRegisterMessageFilter
StringFromCLSID
CoTaskMemFree
CoLoadLibrary
CoFreeLibrary
CreateBindCtx
MkParseDisplayName
CoUninitialize
CoInitialize
OleLoadFromStream
StgOpenStorage
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoTaskMemAlloc
CreateILockBytesOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
OleDuplicateData

olepro32

ord251
ord253

oleaut32

SysAllocStringLen
VariantTimeToSystemTime
VariantChangeType
LoadTypeLi
RegisterTypeLi
OleLoadPicturePath
VariantCopy
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
SysFreeString
VariantClear
SysAllocString
LoadRegTypeLi

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

HttpQueryInfoW
InternetReadFile
HttpSendRequestExA
InternetWriteFile
HttpEndRequestW
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetCloseHandle
InternetCanonicalizeUrlW
InternetOpenA
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
InternetConnectW
InternetQueryDataAvailable
InternetOpenUrlW
InternetCrackUrlW
InternetSetCookieW
InternetSetOptionW
InternetCrackUrlA
InternetCreateUrlW
InternetAttemptConnect
InternetConnectA
InternetOpenW

ws2_32

gethostbyaddr
getservbyport
ntohs
htons
getservbyname
inet_addr
WSAGetLastError
htonl
inet_ntoa
WSASetLastError
socket
WSAAsyncSelect
connect
send
recv
closesocket
WSAStartup
gethostname
gethostbyname
WSACleanup

imm32

ImmGetConversionStatus
ImmSetConversionStatus
ImmGetDefaultIMEWnd
ImmGetContext

wintrust

WinVerifyTrust

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 408KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GOMSH
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GomWeb3.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2d1d7e4db4332a03645bc7b7c3aec746

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

02/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:72:bf:53:17:e0:96:5c:87:9e:f9:89:eb:68:64:ad
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01/04/2011, 00:00

Not After

31/03/2012, 23:59

Subject

CN=GRETECH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=GRETECH,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
GlobalFree
GetTempPathA
GetTickCount
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
CreateProcessA
GetUserDefaultLangID
GetCurrentThread
WriteFile
SetThreadPriority
DeleteFileA
MoveFileA
FreeResource
LockResource
MulDiv
WaitForSingleObject
CreateFileA
CloseHandle
IsBadReadPtr
IsBadWritePtr
IsBadStringPtrA
LoadLibraryA
MapViewOfFile
GetProcAddress
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
HeapCreate
GetVersionExA
GetSystemInfo
HeapAlloc
DisableThreadLibraryCalls
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
lstrcmpA
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpyA
lstrcatA
Sleep
OpenFileMappingA
GlobalHandle

user32

DispatchMessageA
TranslateMessage
PeekMessageA
ClientToScreen
MoveWindow
CopyRect
SystemParametersInfoA
GetWindowRect
GetSystemMetrics
LoadStringA
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
UnionRect
PtInRect
GetNextDlgTabItem
IsDialogMessageA
GetKeyState
GetForegroundWindow
PostMessageA
SetDlgItemTextA
SetPropA
RemovePropA
GetPropA
DialogBoxIndirectParamA
LoadIconA
EnableWindow
DrawTextA
EndDialog
MapWindowPoints
ShowWindow
CharNextA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetDlgItem
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
CreateWindowExA
DestroyWindow
CreateAcceleratorTableA
GetDesktopWindow
GetParent
GetClassNameA
RedrawWindow
SetWindowPos
BeginPaint
GetClientRect
FillRect
EndPaint
GetDC
ReleaseDC
GetFocus
IsChild
GetWindow
SetFocus
GetSysColor
CallWindowProcA
GetWindowLongA
SetWindowLongA
DefWindowProcA
IsWindow
FindWindowA
SetTimer
KillTimer
SendMessageA
RegisterWindowMessageA
ScreenToClient

gdi32

SetTextColor
SetBkMode
GetDeviceCaps
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
GetObjectA
GetStockObject
RestoreDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
CreateMetaFileA
CreateDCA
GetTextExtentPoint32A
GetTextMetricsA
ExtTextOutA
SetBkColor

advapi32

RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

ole32

StringFromCLSID
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoTaskMemRealloc
OleRegEnumVerbs
OleRegGetUserType
CreateOleAdviseHolder
OleRegGetMiscStatus
WriteClassStm
CreateDataAdviseHolder
OleSaveToStream
OleLoadFromStream
CoCreateInstance

oleaut32

VarUI4FromStr
DispCallFunc
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
OleCreatePropertyFrame
RegisterTypeLi
LoadTypeLi
OleCreateFontIndirect
SysAllocStringLen
SysStringLen
LoadRegTypeLi
VariantClear
SysAllocString
SysFreeString

msvcrt

sscanf
__dllonexit
_onexit
_initterm
_adjust_fdiv
_strdup
_endthread
_beginthread
rand
_mbsncmp
_mbstok
_mkdir
_purecall
free
strcat
strcpy
malloc
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
memset
realloc
memcmp
wcslen
_mbschr
_mbscmp
_mbsicmp
_mbsinc
memmove
_mbsstr
_mbsrchr
vsprintf
_mbclen
sprintf
_mbsnbcmp
_ismbcdigit
atoi
time
_vsnprintf
strlen

wininet

InternetSetOptionA
InternetOpenUrlA
HttpQueryInfoA
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle
InternetCanonicalizeUrlA
InternetOpenA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GomWiz.exe
.exe windows:4 windows x86 arch:x86

4c0e3f5f735a6340332025f6b0b05d87

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

02/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:72:bf:53:17:e0:96:5c:87:9e:f9:89:eb:68:64:ad
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01/04/2011, 00:00

Not After

31/03/2012, 23:59

Subject

CN=GRETECH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=GRETECH,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
iswspace
iswdigit
vswprintf
wcsstr
_wcslwr
wcschr
memcpy
memmove
_wcsdup
_beginthread
calloc
_wcsicmp
wcsncmp
_except_handler3
wcstok
wcsrchr
malloc
swprintf
_wtoi
memcmp
free
wcscpy
wcsncpy
swscanf
strlen
_waccess
wcscmp
wcsncat
wcslen
strcmp
__CxxFrameHandler
_vsnwprintf
memset
??3@YAXPAX@Z
??2@YAPAXI@Z
_controlfp

kernel32

GetModuleHandleA
IsBadReadPtr
IsBadWritePtr
IsBadStringPtrW
GetModuleHandleW
lstrlenA
EnterCriticalSection
LeaveCriticalSection
SetThreadPriority
WriteFile
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
LoadLibraryW
GetProcAddress
FreeLibrary
GetFileInformationByHandle
SetLastError
GetVersionExW
GlobalAlloc
GlobalLock
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
WideCharToMultiByte
lstrlenW
MulDiv
GetSystemDirectoryW
GetTempPathW
Sleep
DeleteFileW
WaitForSingleObject
GetUserDefaultLangID
SetPriorityClass
GetCurrentProcess
lstrcpyW
CompareStringW
CloseHandle
CreateFileW
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
ReadFile
GetFileSize
GetFileAttributesW
GlobalFree
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetPrivateProfileStringW
GetPrivateProfileStringA
WritePrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
GetStartupInfoA

user32

ReleaseDC
SetWindowTextW
GetDC
DrawTextW
GetSysColor
EndPaint
BeginPaint
GetSystemMetrics
PeekMessageW
DispatchMessageW
MoveWindow
GetClientRect
SetPropW
GetWindowLongW
InvalidateRect
ClientToScreen
GetPropW
CreateWindowExW
EndDialog
SetDlgItemTextW
FillRect
DrawTextExW
GetCursorPos
PtInRect
LoadCursorW
SetCursor
CallWindowProcW
ScreenToClient
DialogBoxParamW
EnableWindow
GetDlgItem
SendMessageW
SetWindowLongW
GetParent
PostMessageW
KillTimer
GetWindowRect
SystemParametersInfoW
SetWindowPos
SendDlgItemMessageW
ShowWindow
SetTimer
FindWindowW
SetFocus
LoadIconW
DialogBoxIndirectParamW
RemovePropW
LoadStringW
RegisterWindowMessageW
IsWindow
OffsetRect
wsprintfW
CopyRect

gdi32

DeleteDC
GetStockObject
CreateCompatibleBitmap
CreateCompatibleDC
SetBkMode
SetBkColor
ExtTextOutW
GetTextMetricsW
GetTextExtentPoint32W
SelectObject
SetTextColor
CreateFontW
CreateSolidBrush
BitBlt
DeleteObject

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyW
RegSetValueExA
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW

shell32

ShellExecuteExW
SHChangeNotify
ShellExecuteW

ole32

CoGetObject
StringFromGUID2
CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromString
OleSetContainedObject
OleCreate

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
VariantClear
SysAllocString

comctl32

PropertySheetW

wininet

InternetOpenW
InternetOpenUrlW
HttpQueryInfoW
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle
InternetCanonicalizeUrlW

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GomX.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2d0adc3eb5a7049cf10f62d042bd6ed6

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

02/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:72:bf:53:17:e0:96:5c:87:9e:f9:89:eb:68:64:ad
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01/04/2011, 00:00

Not After

31/03/2012, 23:59

Subject

CN=GRETECH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=GRETECH,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
HeapSize
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
SetConsoleCtrlHandler
GetLocaleInfoW
SetEnvironmentVariableA
GetFileType
SetStdHandle
ExitProcess
ExitThread
RaiseException
HeapReAlloc
IsBadReadPtr
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapAlloc
HeapFree
ReadFile
RtlUnwind
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetProfileIntA
GlobalSize
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
IsBadWritePtr
TlsAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalAlloc
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
VirtualAlloc
VirtualFree
HeapCreate
DuplicateHandle
SuspendThread
ResumeThread
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FormatMessageA
GetCurrentThreadId
VirtualQuery
FlushInstructionCache
VirtualProtect
GlobalUnlock
CreateFileW
FormatMessageW
LocalFree
GlobalLock
GetTempFileNameA
GetCurrentThread
lstrcpynA
IsDBCSLeadByteEx
GetSystemDirectoryA
IsDBCSLeadByte
GetFileInformationByHandle
SetLastError
GetSystemInfo
GetDiskFreeSpaceA
GetCommandLineA
GetCurrentDirectoryA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetWindowsDirectoryA
GetDriveTypeA
FindFirstFileA
FindNextFileA
FindClose
GetVolumeInformationA
GetFileTime
CreateDirectoryA
GetFileAttributesA
GlobalHandle
FatalAppExitA
CreateSemaphoreA
GetThreadPriority
ReleaseSemaphore
DebugBreak
SetThreadPriority
InterlockedExchange
CreateEventA
InterlockedDecrement
InterlockedIncrement
GetUserDefaultLCID
MulDiv
lstrcmpA
WriteFile
GetTickCount
OutputDebugStringA
QueryPerformanceFrequency
QueryPerformanceCounter
GetFullPathNameA
GetVersion
DeviceIoControl
GlobalAlloc
GlobalFree
WaitForMultipleObjects
CreateThread
ResetEvent
SetEvent
Sleep
GetTempPathA
SetCurrentDirectoryA
GetModuleFileNameA
lstrcatA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
lstrlenW
GetACP
CompareStringA
lstrcpyA
GetCurrentProcess
SetPriorityClass
lstrlenA
GetUserDefaultLangID
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32First
TerminateProcess
OpenProcess
GetCurrentProcessId
Process32Next
GetVersionExA
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetProcAddress
WaitForSingleObject
GetExitCodeProcess
FindResourceA
LoadResource
LockResource
SizeofResource
CopyFileA
CreateProcessA
GetFileSize
GetLastError
DeleteFileA
CreateFileA
CloseHandle
WideCharToMultiByte
SetFilePointer
CompareStringW

user32

UnregisterClassA
wvsprintfA
MapDialogRect
GetAsyncKeyState
LockWindowUpdate
EnumChildWindows
GetWindowDC
RegisterClipboardFormatA
CreateMenu
DrawEdge
ShowOwnedPopups
PostQuitMessage
GetMessageA
ValidateRect
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
EnableMenuItem
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SendDlgItemMessageA
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
GetMenuItemID
SetWindowPlacement
GetDlgCtrlID
GetMessageTime
GetMessagePos
GetLastActivePopup
IsIconic
GetNextDlgTabItem
SetActiveWindow
CreateDialogIndirectParamA
IsWindowEnabled
OemToCharA
CharToOemA
InvalidateRgn
CreateAcceleratorTableA
GetDesktopWindow
RedrawWindow
GetClassNameA
GetDialogBaseUnits
CreatePopupMenu
TrackPopupMenu
DestroyMenu
GetKeyState
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
IsWindowVisible
UpdateWindow
GetClassInfoExA
RegisterClassExA
GetFocus
SetCursor
LoadCursorFromFileA
DestroyWindow
CallWindowProcA
ReleaseCapture
SetCapture
GetClassLongA
EnumWindows
GetQueueStatus
PostThreadMessageA
SetClassLongA
DestroyCursor
MessageBoxA
MsgWaitForMultipleObjects
GrayStringA
TabbedTextOutA
LoadStringW
EndDialog
BeginPaint
EndPaint
GetSysColor
DrawTextA
ShowWindow
CreateWindowExA
DialogBoxIndirectParamA
GetPropA
RemovePropA
SetPropA
SetDlgItemTextA
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
BringWindowToTop
GetWindowTextLengthA
GetWindowTextA
GetWindowPlacement
DestroyIcon
CharPrevA
EqualRect
SetRectEmpty
MapWindowPoints
IsWindow
LoadIconA
GetWindow
IntersectRect
FindWindowA
PeekMessageA
TranslateMessage
DispatchMessageA
FindWindowExA
GetSysColorBrush
InsertMenuA
DeleteMenu
GetMenuStringA
AppendMenuA
RemoveMenu
GetTabbedTextExtentA
GetDCEx
IsChild
SetWindowRgn
CharUpperA
wsprintfA
ClientToScreen
LoadImageA
GetWindowLongA
SetWindowLongA
SetRect
GetMenu
AdjustWindowRectEx
SetWindowPos
CopyRect
FillRect
IsRectEmpty
EnumDisplaySettingsA
GetClientRect
DefWindowProcA
LoadCursorA
RegisterClassA
GetDC
ReleaseDC
OffsetRect
InflateRect
UnionRect
LoadStringA
GetParent
SetParent
GetWindowRect
SetFocus
ShowCursor
InvalidateRect
GetCursorPos
ScreenToClient
PtInRect
TranslateAcceleratorA
GetActiveWindow
SystemParametersInfoA
LoadMenuA
GetSubMenu
CheckMenuItem
MoveWindow
KillTimer
LoadAcceleratorsA
SetTimer
CharNextA
GetSystemMetrics
SendMessageA
GetDlgItem
SetWindowTextA
EnableWindow
PostMessageA
RegisterWindowMessageA
GetMenuItemCount

gdi32

PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
Escape
EnumMetaFile
PlayMetaFile
GetViewportExtEx
GetWindowExtEx
PolyDraw
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
GetMapMode
PatBlt
SetRectRgn
CreateFontIndirectA
DPtoLP
CopyMetaFileA
GetTextAlign
UnrealizeObject
Rectangle
GetCurrentPositionEx
SetMapperFlags
SetTextJustification
SetTextAlign
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
SelectPalette
RestoreDC
SaveDC
StartDocA
GetViewportOrgEx
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
LPtoDP
CreateBitmap
GetClipBox
GetDCOrgEx
GetDIBits
CreateDCA
SetStretchBltMode
ExtCreateRegion
CreateEllipticRgn
CreateRoundRectRgn
OffsetRgn
GetDIBColorTable
SetDIBColorTable
ExtCreatePen
GetPixel
RectVisible
PtVisible
CreateCompatibleBitmap
SetArcDirection
MoveToEx
ArcTo
LineTo
CreateSolidBrush
CreatePen
RoundRect
ExtTextOutA
GetTextMetricsA
CloseFigure
EndPath
GetPath
AbortPath
BeginPath
TextOutW
GetTextExtentPoint32W
CreateFontW
GetRegionData
CreateRectRgn
SetPixel
DeleteObject
CreateFontA
SetBkMode
SetTextCharacterExtra
GetTextExtentPoint32A
SelectObject
SetTextColor
TextOutA
GetDeviceCaps
FillRgn
CombineRgn
CreateRectRgnIndirect
GetStockObject
BitBlt
GetObjectA
DeleteDC
StretchBlt
CreateCompatibleDC
SetBkColor
CreateDIBSection

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegOpenKeyExW
RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyA
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegSetValueExW
RegSetValueW
RegSetValueA
RegQueryValueExW
RegQueryValueW
RegQueryValueA
RegQueryInfoKeyW
RegQueryValueExA
RegOpenKeyW
RegOpenKeyA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA
RegFlushKey
RegSetValueExA

shell32

SHGetFileInfoA
DragAcceptFiles
SHGetMalloc
Shell_NotifyIconA
ShellExecuteA
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHGetPathFromIDListA
ExtractIconA

comctl32

ord17
PropertySheetA
DestroyPropertySheetPage
_TrackMouseEvent
CreatePropertySheetPageA

ole32

StringFromGUID2
CreateILockBytesOnHGlobal
CoGetObject
CLSIDFromString
CoCreateInstance
CoInitialize
CoTaskMemAlloc
MkParseDisplayName
CreateBindCtx
CreateItemMoniker
GetRunningObjectTable
CoFreeLibrary
CoLoadLibrary
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
OleSetContainedObject
OleCreate
CLSIDFromProgID
StringFromCLSID
OleLockRunning
OleInitialize
OleUninitialize
CoRegisterClassObject
CoRevokeClassObject
CreateDataCache
CoDisconnectObject
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CreateDataAdviseHolder
ReleaseStgMedium
OleSaveToStream
CreateOleAdviseHolder
ReadClassStm
ReadFmtUserTypeStg
OleRun
OleDuplicateData
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadClassStg
CoTreatAsClass
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
StgCreateDocfileOnILockBytes
OleLoadFromStream
CoCreateGuid
CoFreeUnusedLibraries

olepro32

ord252
ord254
ord250
ord253
ord251

oleaut32

SafeArrayGetUBound
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromDate
VarDateFromStr
VarBstrFromCy
VarCyFromStr
SysAllocStringByteLen
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
VariantClear
SysReAllocStringLen
VariantCopy
VariantChangeType
SysStringByteLen
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString

urlmon

CreateAsyncBindCtx
CreateURLMoniker
IsAsyncMoniker
RegisterBindStatusCallback

imm32

ImmGetConversionStatus
ImmSetConversionStatus
ImmGetDefaultIMEWnd
ImmGetContext

wininet

InternetCrackUrlA
InternetSetOptionA
InternetCreateUrlA
InternetCanonicalizeUrlA
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetConnectA
HttpSendRequestA
HttpAddRequestHeadersA
InternetGetLastResponseInfoA
GopherFindFirstFileA
InternetFindNextFileA
FtpFindFirstFileA
HttpSendRequestExA
HttpEndRequestA
InternetErrorDlg
GopherOpenFileA
GopherGetAttributeA
GopherCreateLocatorA
FtpGetFileA
FtpPutFileA
FtpOpenFileA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetWriteFile
InternetSetFilePointer
InternetGetCookieA
InternetSetStatusCallback
InternetSetOptionExA
InternetQueryOptionA
HttpOpenRequestA
InternetSetCookieA

winmm

mixerGetNumDevs
mixerGetLineControlsA
mixerOpen
mixerGetID
mixerGetLineInfoA
mixerGetDevCapsA
mixerSetControlDetails
mixerGetControlDetailsA
timeGetTime
timeSetEvent
mixerClose

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GomX2.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2d0adc3eb5a7049cf10f62d042bd6ed6

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

02/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:72:bf:53:17:e0:96:5c:87:9e:f9:89:eb:68:64:ad
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01/04/2011, 00:00

Not After

31/03/2012, 23:59

Subject

CN=GRETECH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=GRETECH,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
HeapSize
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
SetConsoleCtrlHandler
GetLocaleInfoW
SetEnvironmentVariableA
GetFileType
SetStdHandle
ExitProcess
ExitThread
RaiseException
HeapReAlloc
IsBadReadPtr
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapAlloc
HeapFree
ReadFile
RtlUnwind
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetProfileIntA
GlobalSize
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
IsBadWritePtr
TlsAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalAlloc
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
VirtualAlloc
VirtualFree
HeapCreate
DuplicateHandle
SuspendThread
ResumeThread
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FormatMessageA
GetCurrentThreadId
VirtualQuery
FlushInstructionCache
VirtualProtect
GlobalUnlock
CreateFileW
FormatMessageW
LocalFree
GlobalLock
GetTempFileNameA
GetCurrentThread
lstrcpynA
IsDBCSLeadByteEx
GetSystemDirectoryA
IsDBCSLeadByte
GetFileInformationByHandle
SetLastError
GetSystemInfo
GetDiskFreeSpaceA
GetCommandLineA
GetCurrentDirectoryA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetWindowsDirectoryA
GetDriveTypeA
FindFirstFileA
FindNextFileA
FindClose
GetVolumeInformationA
GetFileTime
CreateDirectoryA
GetFileAttributesA
GlobalHandle
FatalAppExitA
CreateSemaphoreA
GetThreadPriority
ReleaseSemaphore
DebugBreak
SetThreadPriority
InterlockedExchange
CreateEventA
InterlockedDecrement
InterlockedIncrement
GetUserDefaultLCID
MulDiv
lstrcmpA
WriteFile
GetTickCount
OutputDebugStringA
QueryPerformanceFrequency
QueryPerformanceCounter
GetFullPathNameA
GetVersion
DeviceIoControl
GlobalAlloc
GlobalFree
WaitForMultipleObjects
CreateThread
ResetEvent
SetEvent
Sleep
GetTempPathA
SetCurrentDirectoryA
GetModuleFileNameA
lstrcatA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
lstrlenW
GetACP
CompareStringA
lstrcpyA
GetCurrentProcess
SetPriorityClass
lstrlenA
GetUserDefaultLangID
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32First
TerminateProcess
OpenProcess
GetCurrentProcessId
Process32Next
GetVersionExA
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetProcAddress
WaitForSingleObject
GetExitCodeProcess
FindResourceA
LoadResource
LockResource
SizeofResource
CopyFileA
CreateProcessA
GetFileSize
GetLastError
DeleteFileA
CreateFileA
CloseHandle
WideCharToMultiByte
SetFilePointer
CompareStringW

user32

UnregisterClassA
wvsprintfA
MapDialogRect
GetAsyncKeyState
LockWindowUpdate
EnumChildWindows
GetWindowDC
RegisterClipboardFormatA
CreateMenu
DrawEdge
ShowOwnedPopups
PostQuitMessage
GetMessageA
ValidateRect
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
EnableMenuItem
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SendDlgItemMessageA
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
GetMenuItemID
SetWindowPlacement
GetDlgCtrlID
GetMessageTime
GetMessagePos
GetLastActivePopup
IsIconic
GetNextDlgTabItem
SetActiveWindow
CreateDialogIndirectParamA
IsWindowEnabled
OemToCharA
CharToOemA
InvalidateRgn
CreateAcceleratorTableA
GetDesktopWindow
RedrawWindow
GetClassNameA
GetDialogBaseUnits
CreatePopupMenu
TrackPopupMenu
DestroyMenu
GetKeyState
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
IsWindowVisible
UpdateWindow
GetClassInfoExA
RegisterClassExA
GetFocus
SetCursor
LoadCursorFromFileA
DestroyWindow
CallWindowProcA
ReleaseCapture
SetCapture
GetClassLongA
EnumWindows
GetQueueStatus
PostThreadMessageA
SetClassLongA
DestroyCursor
MessageBoxA
MsgWaitForMultipleObjects
GrayStringA
TabbedTextOutA
LoadStringW
EndDialog
BeginPaint
EndPaint
GetSysColor
DrawTextA
ShowWindow
CreateWindowExA
DialogBoxIndirectParamA
GetPropA
RemovePropA
SetPropA
SetDlgItemTextA
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
BringWindowToTop
GetWindowTextLengthA
GetWindowTextA
GetWindowPlacement
DestroyIcon
CharPrevA
EqualRect
SetRectEmpty
MapWindowPoints
IsWindow
LoadIconA
GetWindow
IntersectRect
FindWindowA
PeekMessageA
TranslateMessage
DispatchMessageA
FindWindowExA
GetSysColorBrush
InsertMenuA
DeleteMenu
GetMenuStringA
AppendMenuA
RemoveMenu
GetTabbedTextExtentA
GetDCEx
IsChild
SetWindowRgn
CharUpperA
wsprintfA
ClientToScreen
LoadImageA
GetWindowLongA
SetWindowLongA
SetRect
GetMenu
AdjustWindowRectEx
SetWindowPos
CopyRect
FillRect
IsRectEmpty
EnumDisplaySettingsA
GetClientRect
DefWindowProcA
LoadCursorA
RegisterClassA
GetDC
ReleaseDC
OffsetRect
InflateRect
UnionRect
LoadStringA
GetParent
SetParent
GetWindowRect
SetFocus
ShowCursor
InvalidateRect
GetCursorPos
ScreenToClient
PtInRect
TranslateAcceleratorA
GetActiveWindow
SystemParametersInfoA
LoadMenuA
GetSubMenu
CheckMenuItem
MoveWindow
KillTimer
LoadAcceleratorsA
SetTimer
CharNextA
GetSystemMetrics
SendMessageA
GetDlgItem
SetWindowTextA
EnableWindow
PostMessageA
RegisterWindowMessageA
GetMenuItemCount

gdi32

PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
Escape
EnumMetaFile
PlayMetaFile
GetViewportExtEx
GetWindowExtEx
PolyDraw
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
GetMapMode
PatBlt
SetRectRgn
CreateFontIndirectA
DPtoLP
CopyMetaFileA
GetTextAlign
UnrealizeObject
Rectangle
GetCurrentPositionEx
SetMapperFlags
SetTextJustification
SetTextAlign
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
SelectPalette
RestoreDC
SaveDC
StartDocA
GetViewportOrgEx
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
LPtoDP
CreateBitmap
GetClipBox
GetDCOrgEx
GetDIBits
CreateDCA
SetStretchBltMode
ExtCreateRegion
CreateEllipticRgn
CreateRoundRectRgn
OffsetRgn
GetDIBColorTable
SetDIBColorTable
ExtCreatePen
GetPixel
RectVisible
PtVisible
CreateCompatibleBitmap
SetArcDirection
MoveToEx
ArcTo
LineTo
CreateSolidBrush
CreatePen
RoundRect
ExtTextOutA
GetTextMetricsA
CloseFigure
EndPath
GetPath
AbortPath
BeginPath
TextOutW
GetTextExtentPoint32W
CreateFontW
GetRegionData
CreateRectRgn
SetPixel
DeleteObject
CreateFontA
SetBkMode
SetTextCharacterExtra
GetTextExtentPoint32A
SelectObject
SetTextColor
TextOutA
GetDeviceCaps
FillRgn
CombineRgn
CreateRectRgnIndirect
GetStockObject
BitBlt
GetObjectA
DeleteDC
StretchBlt
CreateCompatibleDC
SetBkColor
CreateDIBSection

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegOpenKeyExW
RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyA
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegSetValueExW
RegSetValueW
RegSetValueA
RegQueryValueExW
RegQueryValueW
RegQueryValueA
RegQueryInfoKeyW
RegQueryValueExA
RegOpenKeyW
RegOpenKeyA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA
RegFlushKey
RegSetValueExA

shell32

SHGetFileInfoA
DragAcceptFiles
SHGetMalloc
Shell_NotifyIconA
ShellExecuteA
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHGetPathFromIDListA
ExtractIconA

comctl32

ord17
PropertySheetA
DestroyPropertySheetPage
_TrackMouseEvent
CreatePropertySheetPageA

ole32

StringFromGUID2
CreateILockBytesOnHGlobal
CoGetObject
CLSIDFromString
CoCreateInstance
CoInitialize
CoTaskMemAlloc
MkParseDisplayName
CreateBindCtx
CreateItemMoniker
GetRunningObjectTable
CoFreeLibrary
CoLoadLibrary
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
OleSetContainedObject
OleCreate
CLSIDFromProgID
StringFromCLSID
OleLockRunning
OleInitialize
OleUninitialize
CoRegisterClassObject
CoRevokeClassObject
CreateDataCache
CoDisconnectObject
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CreateDataAdviseHolder
ReleaseStgMedium
OleSaveToStream
CreateOleAdviseHolder
ReadClassStm
ReadFmtUserTypeStg
OleRun
OleDuplicateData
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadClassStg
CoTreatAsClass
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
StgCreateDocfileOnILockBytes
OleLoadFromStream
CoCreateGuid
CoFreeUnusedLibraries

olepro32

ord252
ord254
ord250
ord253
ord251

oleaut32

SafeArrayGetUBound
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromDate
VarDateFromStr
VarBstrFromCy
VarCyFromStr
SysAllocStringByteLen
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
VariantClear
SysReAllocStringLen
VariantCopy
VariantChangeType
SysStringByteLen
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString

urlmon

CreateAsyncBindCtx
CreateURLMoniker
IsAsyncMoniker
RegisterBindStatusCallback

imm32

ImmGetConversionStatus
ImmSetConversionStatus
ImmGetDefaultIMEWnd
ImmGetContext

wininet

InternetCrackUrlA
InternetSetOptionA
InternetCreateUrlA
InternetCanonicalizeUrlA
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetConnectA
HttpSendRequestA
HttpAddRequestHeadersA
InternetGetLastResponseInfoA
GopherFindFirstFileA
InternetFindNextFileA
FtpFindFirstFileA
HttpSendRequestExA
HttpEndRequestA
InternetErrorDlg
GopherOpenFileA
GopherGetAttributeA
GopherCreateLocatorA
FtpGetFileA
FtpPutFileA
FtpOpenFileA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetWriteFile
InternetSetFilePointer
InternetGetCookieA
InternetSetStatusCallback
InternetSetOptionExA
InternetQueryOptionA
HttpOpenRequestA
InternetSetCookieA

winmm

mixerGetNumDevs
mixerGetLineControlsA
mixerOpen
mixerGetID
mixerGetLineInfoA
mixerGetDevCapsA
mixerSetControlDetails
mixerGetControlDetailsA
timeGetTime
timeSetEvent
mixerClose

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GomX3.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2d0adc3eb5a7049cf10f62d042bd6ed6

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

02/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:72:bf:53:17:e0:96:5c:87:9e:f9:89:eb:68:64:ad
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01/04/2011, 00:00

Not After

31/03/2012, 23:59

Subject

CN=GRETECH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=GRETECH,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
HeapSize
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
SetConsoleCtrlHandler
GetLocaleInfoW
SetEnvironmentVariableA
GetFileType
SetStdHandle
ExitProcess
ExitThread
RaiseException
HeapReAlloc
IsBadReadPtr
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapAlloc
HeapFree
ReadFile
RtlUnwind
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetProfileIntA
GlobalSize
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
IsBadWritePtr
TlsAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalAlloc
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
VirtualAlloc
VirtualFree
HeapCreate
DuplicateHandle
SuspendThread
ResumeThread
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FormatMessageA
GetCurrentThreadId
VirtualQuery
FlushInstructionCache
VirtualProtect
GlobalUnlock
CreateFileW
FormatMessageW
LocalFree
GlobalLock
GetTempFileNameA
GetCurrentThread
lstrcpynA
IsDBCSLeadByteEx
GetSystemDirectoryA
IsDBCSLeadByte
GetFileInformationByHandle
SetLastError
GetSystemInfo
GetDiskFreeSpaceA
GetCommandLineA
GetCurrentDirectoryA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetWindowsDirectoryA
GetDriveTypeA
FindFirstFileA
FindNextFileA
FindClose
GetVolumeInformationA
GetFileTime
CreateDirectoryA
GetFileAttributesA
GlobalHandle
FatalAppExitA
CreateSemaphoreA
GetThreadPriority
ReleaseSemaphore
DebugBreak
SetThreadPriority
InterlockedExchange
CreateEventA
InterlockedDecrement
InterlockedIncrement
GetUserDefaultLCID
MulDiv
lstrcmpA
WriteFile
GetTickCount
OutputDebugStringA
QueryPerformanceFrequency
QueryPerformanceCounter
GetFullPathNameA
GetVersion
DeviceIoControl
GlobalAlloc
GlobalFree
WaitForMultipleObjects
CreateThread
ResetEvent
SetEvent
Sleep
GetTempPathA
SetCurrentDirectoryA
GetModuleFileNameA
lstrcatA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
lstrlenW
GetACP
CompareStringA
lstrcpyA
GetCurrentProcess
SetPriorityClass
lstrlenA
GetUserDefaultLangID
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32First
TerminateProcess
OpenProcess
GetCurrentProcessId
Process32Next
GetVersionExA
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetProcAddress
WaitForSingleObject
GetExitCodeProcess
FindResourceA
LoadResource
LockResource
SizeofResource
CopyFileA
CreateProcessA
GetFileSize
GetLastError
DeleteFileA
CreateFileA
CloseHandle
WideCharToMultiByte
SetFilePointer
CompareStringW

user32

UnregisterClassA
wvsprintfA
MapDialogRect
GetAsyncKeyState
LockWindowUpdate
EnumChildWindows
GetWindowDC
RegisterClipboardFormatA
CreateMenu
DrawEdge
ShowOwnedPopups
PostQuitMessage
GetMessageA
ValidateRect
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
EnableMenuItem
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SendDlgItemMessageA
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
GetMenuItemID
SetWindowPlacement
GetDlgCtrlID
GetMessageTime
GetMessagePos
GetLastActivePopup
IsIconic
GetNextDlgTabItem
SetActiveWindow
CreateDialogIndirectParamA
IsWindowEnabled
OemToCharA
CharToOemA
InvalidateRgn
CreateAcceleratorTableA
GetDesktopWindow
RedrawWindow
GetClassNameA
GetDialogBaseUnits
CreatePopupMenu
TrackPopupMenu
DestroyMenu
GetKeyState
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
IsWindowVisible
UpdateWindow
GetClassInfoExA
RegisterClassExA
GetFocus
SetCursor
LoadCursorFromFileA
DestroyWindow
CallWindowProcA
ReleaseCapture
SetCapture
GetClassLongA
EnumWindows
GetQueueStatus
PostThreadMessageA
SetClassLongA
DestroyCursor
MessageBoxA
MsgWaitForMultipleObjects
GrayStringA
TabbedTextOutA
LoadStringW
EndDialog
BeginPaint
EndPaint
GetSysColor
DrawTextA
ShowWindow
CreateWindowExA
DialogBoxIndirectParamA
GetPropA
RemovePropA
SetPropA
SetDlgItemTextA
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
BringWindowToTop
GetWindowTextLengthA
GetWindowTextA
GetWindowPlacement
DestroyIcon
CharPrevA
EqualRect
SetRectEmpty
MapWindowPoints
IsWindow
LoadIconA
GetWindow
IntersectRect
FindWindowA
PeekMessageA
TranslateMessage
DispatchMessageA
FindWindowExA
GetSysColorBrush
InsertMenuA
DeleteMenu
GetMenuStringA
AppendMenuA
RemoveMenu
GetTabbedTextExtentA
GetDCEx
IsChild
SetWindowRgn
CharUpperA
wsprintfA
ClientToScreen
LoadImageA
GetWindowLongA
SetWindowLongA
SetRect
GetMenu
AdjustWindowRectEx
SetWindowPos
CopyRect
FillRect
IsRectEmpty
EnumDisplaySettingsA
GetClientRect
DefWindowProcA
LoadCursorA
RegisterClassA
GetDC
ReleaseDC
OffsetRect
InflateRect
UnionRect
LoadStringA
GetParent
SetParent
GetWindowRect
SetFocus
ShowCursor
InvalidateRect
GetCursorPos
ScreenToClient
PtInRect
TranslateAcceleratorA
GetActiveWindow
SystemParametersInfoA
LoadMenuA
GetSubMenu
CheckMenuItem
MoveWindow
KillTimer
LoadAcceleratorsA
SetTimer
CharNextA
GetSystemMetrics
SendMessageA
GetDlgItem
SetWindowTextA
EnableWindow
PostMessageA
RegisterWindowMessageA
GetMenuItemCount

gdi32

PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
Escape
EnumMetaFile
PlayMetaFile
GetViewportExtEx
GetWindowExtEx
PolyDraw
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
GetMapMode
PatBlt
SetRectRgn
CreateFontIndirectA
DPtoLP
CopyMetaFileA
GetTextAlign
UnrealizeObject
Rectangle
GetCurrentPositionEx
SetMapperFlags
SetTextJustification
SetTextAlign
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
SelectPalette
RestoreDC
SaveDC
StartDocA
GetViewportOrgEx
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
LPtoDP
CreateBitmap
GetClipBox
GetDCOrgEx
GetDIBits
CreateDCA
SetStretchBltMode
ExtCreateRegion
CreateEllipticRgn
CreateRoundRectRgn
OffsetRgn
GetDIBColorTable
SetDIBColorTable
ExtCreatePen
GetPixel
RectVisible
PtVisible
CreateCompatibleBitmap
SetArcDirection
MoveToEx
ArcTo
LineTo
CreateSolidBrush
CreatePen
RoundRect
ExtTextOutA
GetTextMetricsA
CloseFigure
EndPath
GetPath
AbortPath
BeginPath
TextOutW
GetTextExtentPoint32W
CreateFontW
GetRegionData
CreateRectRgn
SetPixel
DeleteObject
CreateFontA
SetBkMode
SetTextCharacterExtra
GetTextExtentPoint32A
SelectObject
SetTextColor
TextOutA
GetDeviceCaps
FillRgn
CombineRgn
CreateRectRgnIndirect
GetStockObject
BitBlt
GetObjectA
DeleteDC
StretchBlt
CreateCompatibleDC
SetBkColor
CreateDIBSection

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegOpenKeyExW
RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyA
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegSetValueExW
RegSetValueW
RegSetValueA
RegQueryValueExW
RegQueryValueW
RegQueryValueA
RegQueryInfoKeyW
RegQueryValueExA
RegOpenKeyW
RegOpenKeyA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA
RegFlushKey
RegSetValueExA

shell32

SHGetFileInfoA
DragAcceptFiles
SHGetMalloc
Shell_NotifyIconA
ShellExecuteA
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHGetPathFromIDListA
ExtractIconA

comctl32

ord17
PropertySheetA
DestroyPropertySheetPage
_TrackMouseEvent
CreatePropertySheetPageA

ole32

StringFromGUID2
CreateILockBytesOnHGlobal
CoGetObject
CLSIDFromString
CoCreateInstance
CoInitialize
CoTaskMemAlloc
MkParseDisplayName
CreateBindCtx
CreateItemMoniker
GetRunningObjectTable
CoFreeLibrary
CoLoadLibrary
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
OleSetContainedObject
OleCreate
CLSIDFromProgID
StringFromCLSID
OleLockRunning
OleInitialize
OleUninitialize
CoRegisterClassObject
CoRevokeClassObject
CreateDataCache
CoDisconnectObject
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CreateDataAdviseHolder
ReleaseStgMedium
OleSaveToStream
CreateOleAdviseHolder
ReadClassStm
ReadFmtUserTypeStg
OleRun
OleDuplicateData
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadClassStg
CoTreatAsClass
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
StgCreateDocfileOnILockBytes
OleLoadFromStream
CoCreateGuid
CoFreeUnusedLibraries

olepro32

ord252
ord254
ord250
ord253
ord251

oleaut32

SafeArrayGetUBound
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromDate
VarDateFromStr
VarBstrFromCy
VarCyFromStr
SysAllocStringByteLen
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
VariantClear
SysReAllocStringLen
VariantCopy
VariantChangeType
SysStringByteLen
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString

urlmon

CreateAsyncBindCtx
CreateURLMoniker
IsAsyncMoniker
RegisterBindStatusCallback

imm32

ImmGetConversionStatus
ImmSetConversionStatus
ImmGetDefaultIMEWnd
ImmGetContext

wininet

InternetCrackUrlA
InternetSetOptionA
InternetCreateUrlA
InternetCanonicalizeUrlA
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetConnectA
HttpSendRequestA
HttpAddRequestHeadersA
InternetGetLastResponseInfoA
GopherFindFirstFileA
InternetFindNextFileA
FtpFindFirstFileA
HttpSendRequestExA
HttpEndRequestA
InternetErrorDlg
GopherOpenFileA
GopherGetAttributeA
GopherCreateLocatorA
FtpGetFileA
FtpPutFileA
FtpOpenFileA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetWriteFile
InternetSetFilePointer
InternetGetCookieA
InternetSetStatusCallback
InternetSetOptionExA
InternetQueryOptionA
HttpOpenRequestA
InternetSetCookieA

winmm

mixerGetNumDevs
mixerGetLineControlsA
mixerOpen
mixerGetID
mixerGetLineInfoA
mixerGetDevCapsA
mixerSetControlDetails
mixerGetControlDetailsA
timeGetTime
timeSetEvent
mixerClose

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GrLauncher.exe
.exe windows:4 windows x86 arch:x86

db68e5de251f227686353a456e6023c2

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

02/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:72:bf:53:17:e0:96:5c:87:9e:f9:89:eb:68:64:ad
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01/04/2011, 00:00

Not After

31/03/2012, 23:59

Subject

CN=GRETECH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=GRETECH,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
GetCurrentDirectoryW
GetProcAddress
GetModuleHandleW
FreeLibrary
MultiByteToWideChar
lstrlenA
lstrcpynW
GetUserDefaultLangID
GetCurrentThread
SetThreadPriority
lstrcpyW
IsBadStringPtrW
IsBadWritePtr
IsBadReadPtr
GetTempPathW
GetFileAttributesW
GetFileSize
WideCharToMultiByte
WaitForSingleObject
Sleep
MulDiv
GetTickCount
HeapDestroy
SetCurrentDirectoryW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpW
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalUnlock
lstrlenW
GlobalAlloc
FindResourceW
LoadResource
LockResource
GlobalHandle
GlobalFree
FreeResource
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
CreateProcessW
DeleteFileW
WritePrivateProfileStringW
MoveFileW
CreateFileW
GetFileSizeEx
CloseHandle
ReadFile
WriteFile
GetStartupInfoW

user32

SetWindowLongW
IsWindow
PostMessageW
DialogBoxIndirectParamW
DispatchMessageW
RegisterClassExW
LoadCursorW
GetClassInfoExW
DefWindowProcW
GetWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetWindowLongW
CallWindowProcW
GetSysColor
SetFocus
IsChild
GetFocus
ReleaseDC
GetDC
EndPaint
FillRect
GetClientRect
BeginPaint
SetWindowPos
RedrawWindow
GetClassNameW
GetParent
GetDesktopWindow
RegisterWindowMessageW
DestroyWindow
CreateWindowExW
wsprintfW
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
SendMessageW
GetDlgItem
SetTimer
EndDialog
EnableWindow
KillTimer
SetDlgItemTextW
GetSystemMetrics
PtInRect
DrawTextW
ShowWindow
LoadIconW
GetPropW
RemovePropW
SetPropW
GetForegroundWindow
ClientToScreen
ScreenToClient
TranslateMessage
MoveWindow
OffsetRect
CopyRect
FindWindowW
LoadStringW
GetWindowRect
SystemParametersInfoW
MapWindowPoints
PeekMessageW
CreateAcceleratorTableW

gdi32

SetTextColor
SetBkMode
SetBkColor
ExtTextOutW
GetTextMetricsW
GetTextExtentPoint32W
GetStockObject
GetObjectW
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
CreateCompatibleDC
GetDeviceCaps

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

ole32

CoTaskMemFree
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
StringFromCLSID
CoTaskMemAlloc
OleLockRunning
OleUninitialize
OleInitialize
CreateStreamOnHGlobal

oleaut32

SysAllocString
OleCreateFontIndirect
VariantClear
SysAllocStringLen
SysFreeString
LoadRegTypeLi
SysStringLen

wininet

InternetOpenW
InternetSetOptionW
InternetOpenUrlW
HttpQueryInfoW
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle
InternetCanonicalizeUrlW

msvcrt

iswdigit
swprintf
vswprintf
wcsstr
wcschr
memmove
swscanf
_wtoi
wcscpy
_wcsdup
_endthread
_beginthread
calloc
_wcsicmp
wcsncmp
_except_handler3
wcstok
wcsrchr
malloc
wcscmp
_wmkdir
rand
_vsnwprintf
strlen
memset
strstr
free
memcmp
_wstat
wcslen
time
_EH_prolog
__CxxFrameHandler
sprintf
memcpy
??2@YAPAXI@Z
??3@YAXPAX@Z
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
__dllonexit
_onexit
_controlfp
iswspace

shlwapi

PathFileExistsW

wintrust

WinVerifyTrust

comctl32

InitCommonControlsEx
ord17

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KillGom.exe
.exe windows:4 windows x86 arch:x86

022335ba51d5d3c088f1c0ea43d44ea3

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

02/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:72:bf:53:17:e0:96:5c:87:9e:f9:89:eb:68:64:ad
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01/04/2011, 00:00

Not After

31/03/2012, 23:59

Subject

CN=GRETECH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=GRETECH,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32Next
GetCurrentProcessId
OpenProcess
TerminateProcess
CloseHandle
Process32First
CreateToolhelp32Snapshot
GetModuleHandleA
GetStartupInfoA

user32

MessageBoxA

msvcrt

_mbsicmp
_exit
_XcptFilter
exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_acmdln

Sections

.text
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Popup.exe
.exe windows:5 windows x86 arch:x86

d172ee3f4bb60d038c7518e38454c517

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

02/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:87:d8:bd:8a:13:11:cd:c7:9e:31:fb:1f:45:2e:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/03/2012, 00:00

Not After

06/05/2013, 23:59

Subject

CN=GRETECH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=GRETECH,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Work_SVN\Popup\Release\Popup.pdb

Imports

kernel32

GetFileSizeEx
SetErrorMode
GetStartupInfoW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
ExitProcess
HeapSize
SetStdHandle
GetFileType
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetFullPathNameW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GlobalFlags
GetThreadLocale
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalReAlloc
TlsGetValue
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFindAtomW
LoadLibraryA
GetVersionExA
GlobalAddAtomW
WaitForSingleObject
GetModuleHandleA
GetCurrentProcessId
FreeResource
GlobalDeleteAtom
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
lstrcmpW
FormatMessageW
LocalFree
MulDiv
InterlockedDecrement
InterlockedIncrement
WriteFile
SetThreadPriority
Sleep
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
GetCurrentThread
CreateProcessW
CompareStringW
lstrlenA
FreeLibrary
LoadLibraryW
SetLastError
GetSystemInfo
GetModuleHandleW
GetProcAddress
GetVersionExW
GlobalHandle
GlobalUnlock
GlobalAlloc
GlobalLock
GetCommandLineW
GetModuleFileNameW
WritePrivateProfileStringW
MultiByteToWideChar
FindClose
FindFirstFileW
GetVolumeInformationW
GetTickCount
GetTempPathW
GetFileTime
CreateDirectoryW
GlobalFree
GetFileAttributesW
GetLastError
GetFileSize
CloseHandle
ReadFile
SetFilePointer
CreateFileW
WideCharToMultiByte
lstrlenW
GetSystemDefaultUILanguage
DeleteFileW
FindResourceW
LoadResource
LockResource
VirtualFree
SizeofResource

user32

UnregisterClassW
CharUpperW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
ReleaseCapture
SetCapture
LoadCursorW
GetSysColorBrush
ShowWindow
IsDialogMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
GetMenu
SystemParametersInfoA
DestroyMenu
SetFocus
UnhookWindowsHookEx
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
IsWindowVisible
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetSysColor
EndPaint
BeginPaint
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetLastActivePopup
MessageBoxW
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetWindow
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CallWindowProcW
RemovePropW
GetPropW
SetPropW
GetParent
PostMessageW
SetForegroundWindow
GetWindowThreadProcessId
GetForegroundWindow
SetWindowLongW
PostThreadMessageW
RegisterClipboardFormatW
GetWindowTextW
ClientToScreen
ScreenToClient
GetWindowPlacement
DispatchMessageW
TranslateMessage
PeekMessageW
SetWindowPos
GetWindowLongW
MoveWindow
EqualRect
OffsetRect
IntersectRect
CopyRect
RegisterWindowMessageW
CharNextW
GetWindowRect
GetCursorPos
GetDC
EnableWindow
LoadBitmapW
KillTimer
SetDlgItemTextW
SetTimer
PtInRect
InvalidateRect
ReleaseDC
GetWindowDC
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SetWindowRgn
SetWindowTextW
SendMessageW
LoadIconW
GetKeyState

gdi32

GetBkColor
GetTextColor
CreateRectRgnIndirect
GetMapMode
GetRgnBox
CreateBitmap
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutW
RectVisible
PtVisible
GetWindowExtEx
CreateRoundRectRgn
GetClipBox
SetMapMode
SetTextColor
RestoreDC
SaveDC
GetDeviceCaps
SetBkMode
DeleteObject
ExtTextOutW
SetBkColor
GetObjectW
CreateFontW
GetStockObject
StretchBlt
BitBlt
SelectObject
CreateCompatibleDC
GetViewportExtEx

msimg32

TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
OleInitialize
OleUninitialize
CoTaskMemFree
OleCreate
OleSetContainedObject
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocStringLen
SysStringLen
SafeArrayDestroy
VariantClear
VariantInit
SysFreeString
SysAllocString

uxtheme

SetWindowTheme

wininet

InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoW
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW

Sections

.text
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libavcodec.dll
.dll windows:4 windows x86 arch:x86

52d2d4d39ca9fa7c3dcbc069ea591199

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DisableThreadLibraryCalls
DuplicateHandle
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetSystemInfo
GetThreadContext
GetThreadPriority
GetVersionExA
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
OpenProcess
ReleaseSemaphore
ResetEvent
ResumeThread
SetEvent
SetLastError
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

_close
_lseek
_open
_read
_write
__dllonexit
__lc_codepage
__mb_cur_max
_assert
_beginthreadex
_endthreadex
_errno
_ftime
_iob
_isctype
_pctype
_setjmp
_snprintf
_vsnprintf
_winmajor
abort
acos
asin
atan
calloc
ceil
cos
cosh
exit
exp
fflush
floor
fputc
fputs
free
frexp
fwrite
getenv
ldexp
localeconv
log
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
pow
qsort
realloc
sin
sinh
sqrt
sscanf
strcat
strchr
strcmp
strcpy
strerror
strlen
strncmp
strtol
tan
tanh
toupper
vfprintf
wcslen

ws2_32

WSAGetLastError
WSASetLastError

Exports

Exports

av_dxva
av_free
av_h264_decode_frame
av_init_packet
av_log_get_callback
av_log_get_level
av_log_set_callback
av_log_set_level
av_mallocz
avcodec_alloc_context
avcodec_alloc_frame
avcodec_close
avcodec_decode_video2
avcodec_encode_video
avcodec_find_decoder
avcodec_find_encoder
avcodec_flush_buffers
avcodec_init
avcodec_open
avcodec_register_all
avcodec_thread_free
avcodec_thread_init
avpicture_deinterlace
dsputil_init
img_resample
img_resample_close
img_resample_init
palette8tobgr15
palette8tobgr16
palette8tobgr24
palette8tobgr32
palette8torgb15
palette8torgb16
palette8torgb24
palette8torgb32
sws_convertPalette8ToPacked24
sws_convertPalette8ToPacked32
sws_freeContext
sws_freeFilter
sws_freeVec
sws_getConstVec
sws_getContext
sws_getDefaultFilter
sws_getGaussianVec
sws_normalizeVec
sws_scale

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:beCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

5a:87:d8:bd:8a:13:11:cd:c7:9e:31:fb:1f:45:2e:d1Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 88KB

.rsrc Size: 71KB - Virtual size: 70KB

d347bd7fee30a85a5438127ef69a20d9

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: - Virtual size: 132B

.reloc Size: 512B - Virtual size: 442B

c56daabd0b59e7a0804d633593e01907

Headers

File Characteristics

Imports

user32

Exports

Exports

Sections

.text Size: 512B - Virtual size: 102B

.rdata Size: 512B - Virtual size: 204B

.data Size: - Virtual size: 12B

.reloc Size: 512B - Virtual size: 48B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

5a:87:d8:bd:8a:13:11:cd:c7:9e:31:fb:1f:45:2e:d1
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 88KB

.rsrc
Size: 71KB - Virtual size: 70KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 132B

.reloc
Size: 512B - Virtual size: 442B

.text
Size: 512B - Virtual size: 102B

.rdata
Size: 512B - Virtual size: 204B

.data
Size: - Virtual size: 12B

.reloc
Size: 512B - Virtual size: 48B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 512B - Virtual size: 368B

.rdata
Size: 512B - Virtual size: 361B

.data
Size: 512B - Virtual size: 53B

.reloc
Size: 512B - Virtual size: 88B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1024B - Virtual size: 741B

.rdata
Size: 1024B - Virtual size: 673B

.data
Size: 512B - Virtual size: 88B

.reloc
Size: 512B - Virtual size: 190B

.text
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 16B

.data
Size: 80B - Virtual size: 80B

.idata
Size: 588B - Virtual size: 588B

.reloc
Size: 156B - Virtual size: 156B

.edata
Size: 96B - Virtual size: 96B