exec
isdone
wait
Overview
overview
3Static
static
361a38c1073...18.exe
windows7-x64
361a38c1073...18.exe
windows10-2004-x64
3$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/time.dll
windows7-x64
3$PLUGINSDIR/time.dll
windows10-2004-x64
3AllRoundPad.exe
windows7-x64
3AllRoundPad.exe
windows10-2004-x64
3AllRoundPadTool32.dll
windows7-x64
1AllRoundPadTool32.dll
windows10-2004-x64
1AllRoundPadTool64.dll
windows7-x64
1AllRoundPadTool64.dll
windows10-2004-x64
1Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
61a38c1073b52838cfb7956adb2b65e2_JaffaCakes118.exe
Resource
win7-20240419-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
61a38c1073b52838cfb7956adb2b65e2_JaffaCakes118.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win7-20240215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral7
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral8
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral11
Sample
$PLUGINSDIR/time.dll
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral12
Sample
$PLUGINSDIR/time.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral13
Sample
AllRoundPad.exe
Resource
win7-20240220-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral14
Sample
AllRoundPad.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
5 signatures
150 seconds
Behavioral task
behavioral15
Sample
AllRoundPadTool32.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral16
Sample
AllRoundPadTool32.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral17
Sample
AllRoundPadTool64.dll
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral18
Sample
AllRoundPadTool64.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
61a38c1073b52838cfb7956adb2b65e2_JaffaCakes118
-
Size
1.5MB
-
MD5
61a38c1073b52838cfb7956adb2b65e2
-
SHA1
d4118ac229f6d679a4227383058af0aaf67aa056
-
SHA256
5988af9f2e923022cb044137e0b9a7e52ecff8a9b3106e36cb057f605fcddba5
-
SHA512
ac0b3203589931ca1830b70b4dd3f636fac350590b3e1fb29a1236a50ec3207bdf50e9bd4cd762db002e590a32c22721112e2fed1ad9cba51e7378cbb6dc2f2f
-
SSDEEP
49152:gZkoCzsU4mF5tfJeT9Mm6GWy31LaHpo7GP4:gZrIXrDtMRtWwIu7Y4
Score
3/10
Malware Config
Signatures
-
Unsigned PE 7 IoCs
Checks for missing Authenticode signature.
resource 61a38c1073b52838cfb7956adb2b65e2_JaffaCakes118 unpack001/$PLUGINSDIR/ExecDos.dll unpack001/$PLUGINSDIR/InstallOptions.dll unpack001/$PLUGINSDIR/KillProcDLL.dll unpack001/$PLUGINSDIR/System.dll unpack001/$PLUGINSDIR/time.dll unpack001/AllRoundPadTool64.dll -
NSIS installer 2 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2
Files
-
61a38c1073b52838cfb7956adb2b65e2_JaffaCakes118.exe windows:4 windows x86 arch:x86
57e98d9a5a72c8d7ad8fb7a6a58b3daf
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetEnvironmentVariableA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
Sleep
GetTickCount
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
SetCurrentDirectoryA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
GlobalUnlock
GetDiskFreeSpaceA
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
user32
ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA
gdi32
SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor
shell32
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA
advapi32
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA
comctl32
ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17
ole32
OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance
Sections
.text Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 44KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 57KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/ExecDos.dll.dll windows:6 windows x86 arch:x86
7dc70b16176744e9eb1a6b125a945c2f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CreateFileA
FlushFileBuffers
ReadFile
WriteFile
CloseHandle
DuplicateHandle
CreatePipe
PeekNamedPipe
WaitForSingleObject
Sleep
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateThread
GetExitCodeThread
CreateProcessA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
lstrcmpiA
lstrcatA
lstrlenA
lstrcpynA
lstrcpyA
user32
SendMessageA
GetDlgItem
FindWindowExA
GetClassNameA
wsprintfA
Exports
Exports
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 20B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 816B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 338B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/InstallOptions.dll.dll windows:4 windows x86 arch:x86
610235b90207a63ccf481f0d4375d329
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetPrivateProfileIntA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileStringA
SetCurrentDirectoryA
GetModuleHandleA
lstrcmpiA
WritePrivateProfileStringA
lstrcatA
lstrcpynA
GlobalFree
lstrlenA
lstrcpyA
GlobalUnlock
GlobalAlloc
GlobalLock
user32
MapWindowPoints
PtInRect
CloseClipboard
LoadCursorA
GetDlgCtrlID
OpenClipboard
GetClientRect
SetWindowRgn
DrawFocusRect
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
DrawTextA
SetCursor
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
CallWindowProcA
PostMessageA
MessageBoxA
GetSysColor
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetWindowLongA
EnableMenuItem
GetSystemMenu
GetClipboardData
LoadIconA
gdi32
DeleteObject
CombineRgn
SetTextColor
GetDIBits
SelectObject
CreateRectRgn
GetObjectA
CreateCompatibleDC
shell32
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetDesktopFolder
comdlg32
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
ole32
CoTaskMemFree
Exports
Exports
dialog
initDialog
show
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/KillProcDLL.dll.dll windows:4 windows x86 arch:x86
153027ec3b10bcea606b777657dd3402
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls
msvcrt
strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa
Exports
Exports
KillProc
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 172B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
8c8a576201f68de1a3f26fc723b9f30f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Sections
.text Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 867B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 636B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/ioSpecial.ini
-
$PLUGINSDIR/modern-wizard.bmp
-
$PLUGINSDIR/time.dll.dll windows:4 windows x86 arch:x86
2e3a4d1f132aea64d421c1e936bcc407
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
lstrcmpiA
lstrcpynA
GlobalFree
lstrcpyA
GlobalAlloc
GetSystemTime
GetLocalTime
SetSystemTime
SetLocalTime
FindClose
FindFirstFileA
CloseHandle
SetFileTime
CreateFileA
lstrcatA
user32
SendMessageA
wsprintfA
Exports
Exports
_GetFileTime
_GetFileTimeUTC
_GetLocalTime
_GetLocalTimeUTC
_MathTime
_SetFileTime
_SetFileTimeUTC
_SetLocalTime
_SetLocalTimeUTC
_TimeString
_Unload
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 300B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
AllRoundPad.exe.exe windows:6 windows x86 arch:x86
41cfbe27bbe9275108718d64e992f138
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before17/11/2006, 00:00Not After30/12/2020, 23:59SubjectCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0b:2d:50:0c:99:a3:ed:9e:fa:2c:c0:98:f4:44:04:d0Certificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before08/08/2018, 00:00Not After08/08/2019, 23:59SubjectCN=重庆福晟达科技有限公司,OU=技术部,O=重庆福晟达科技有限公司,L=重庆,ST=重庆,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before17/11/2006, 00:00Not After30/12/2020, 23:59SubjectCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before10/12/2013, 00:00Not After09/12/2023, 23:59SubjectCN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
02:de:2c:55:46:cc:9b:e8:78:34:17:7e:4a:6c:de:1bCertificate
IssuerCN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=USNot Before10/08/2018, 00:00Not After10/08/2019, 23:59SubjectCN=重庆福晟达科技有限公司,OU=技术部,O=重庆福晟达科技有限公司,L=重庆,ST=重庆,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate
IssuerCN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before12/01/2016, 00:00Not After11/01/2031, 23:59SubjectCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate
IssuerCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before23/12/2017, 00:00Not After22/03/2029, 23:59SubjectCN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
fb:0e:5f:28:39:bb:aa:a2:d7:a7:aa:b4:85:46:ad:9d:0d:72:2b:11:b3:c6:b2:0f:7d:bd:56:14:a7:86:71:beSigner
Actual PE Digestfb:0e:5f:28:39:bb:aa:a2:d7:a7:aa:b4:85:46:ad:9d:0d:72:2b:11:b3:c6:b2:0f:7d:bd:56:14:a7:86:71:beDigest Algorithmsha256PE Digest Matchestrue0a:10:5c:d3:5f:17:92:ac:ed:35:cb:b2:26:9b:b8:a8:ed:3e:27:beSigner
Actual PE Digest0a:10:5c:d3:5f:17:92:ac:ed:35:cb:b2:26:9b:b8:a8:ed:3e:27:beDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
E:\CPlusProject\trunk\全能记事本\BowPad\bin\Release\bin\AllRoundPad.pdb
Imports
propsys
PropVariantToUInt32
PropVariantToStringAlloc
kernel32
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
WinExec
lstrcmpiA
LoadLibraryExA
IsDBCSLeadByte
GetCurrentProcess
GetWindowsDirectoryW
GlobalUnlock
FindResourceA
CreateProcessA
GetModuleFileNameA
lstrlenA
lstrcatA
lstrcpyA
lstrcmpA
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentThreadId
FreeResource
CreateMutexA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
Process32FirstW
SetEndOfFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
HeapSize
GetTimeZoneInformation
SetStdHandle
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
FlushFileBuffers
ReadConsoleW
GetConsoleMode
GlobalLock
ExitThread
VirtualQuery
WriteConsoleW
GetStdHandle
GetModuleHandleExW
ExitProcess
GetCommandLineA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileAttributesExW
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
Process32NextW
VirtualProtect
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
ResetEvent
SetEvent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CompareStringW
GetCPInfo
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
EncodePointer
TryEnterCriticalSection
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
GetStringTypeW
GetTickCount
LCMapStringW
GlobalSize
GetLocaleInfoA
GetProcessHeap
HeapAlloc
GetVersion
HeapFree
ReleaseMutex
CreateThread
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetDriveTypeW
GetPrivateProfileIntA
GlobalAlloc
SetCurrentDirectoryW
Sleep
GetCurrentDirectoryW
TerminateProcess
GetSystemInfo
GetModuleHandleA
FindNextFileA
FindFirstFileA
GetTempFileNameA
CreateDirectoryW
GetTempFileNameW
GetTempPathW
GetShortPathNameW
GetLongPathNameW
GetFullPathNameW
LoadLibraryExW
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
DeleteAtom
GlobalAddAtomW
IsProcessorFeaturePresent
CloseHandle
WriteFile
CreateFileW
GetTickCount64
FormatMessageW
OutputDebugStringW
FindNextFileW
FindClose
FindFirstFileW
FindFirstFileExW
lstrcpynW
VerSetConditionMask
VerifyVersionInfoW
GetLastError
GetProcAddress
FreeLibrary
LoadLibraryW
SetLastError
GetLocalTime
Process32Next
DeleteFileA
GetTempPathA
CreateToolhelp32Snapshot
Process32First
MoveFileW
DebugBreak
CompareFileTime
SetFileAttributesW
GetFileAttributesW
CompareStringEx
ReadFile
GetFileInformationByHandle
GlobalFree
MulDiv
GetLocaleInfoW
EnumSystemCodePagesW
GetCPInfoExW
GetLocaleInfoEx
QueryPerformanceFrequency
QueryPerformanceCounter
lstrcmpW
OutputDebugStringA
GetACP
CreateMutexW
SetDllDirectoryW
GetCommandLineW
GetModuleHandleW
SizeofResource
LockResource
LoadResource
FindResourceW
DeleteFileW
LocalFree
LocalAlloc
SetFilePointerEx
user32
MapWindowPoints
GetCapture
MonitorFromPoint
PostMessageA
LoadImageA
GetWindow
GetClassNameA
SetWindowLongA
GetWindowLongA
GetWindowTextLengthA
DestroyAcceleratorTable
CreateAcceleratorTableA
CharNextA
IsChild
CreateWindowExA
GetClassInfoExA
RegisterClassExA
CallWindowProcA
DefWindowProcA
RegisterWindowMessageA
SendMessageA
GetShellWindow
GetWindowTextA
SetWindowTextA
SystemParametersInfoA
GetWindowThreadProcessId
SetActiveWindow
AttachThreadInput
DispatchMessageA
GetMessageA
UnregisterClassA
UnregisterHotKey
RegisterHotKey
GetSystemMetrics
GetFocus
PtInRect
GetCursorPos
GetWindowRect
InflateRect
DrawTextW
EndPaint
GetWindowTextW
GetWindowTextLengthW
SendMessageW
GetWindowLongW
GetClientRect
BeginPaint
InvalidateRgn
GetClassNameW
LoadCursorA
MonitorFromRect
GetIconInfo
DestroyCursor
DrawTextA
GetMonitorInfoW
CreateIconIndirect
GetUpdateRgn
HideCaret
UnregisterClassW
NotifyWinEvent
MsgWaitForMultipleObjects
SetCaretPos
GetDlgCtrlID
CreateCaret
GetKeyboardLayout
GetMessageTime
DestroyCaret
AppendMenuA
GetCaretBlinkTime
ShowCaret
WindowFromDC
SetRect
DrawEdge
DrawFrameControl
SetScrollInfo
ShowScrollBar
GetScrollInfo
EnableScrollBar
ReleaseDC
ScreenToClient
SystemParametersInfoW
DialogBoxParamW
CreateDialogParamW
EnableWindow
ShowWindow
SetForegroundWindow
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
DestroyWindow
EndDialog
SetFocus
GetWindowPlacement
GetDesktopWindow
CopyRect
OffsetRect
SetWindowPos
LoadImageW
GetDlgItem
DragDetect
UnionRect
SetRectEmpty
GetDoubleClickTime
IsWindow
SetClassLongW
RedrawWindow
FrameRect
GetParent
SetWindowLongW
CreateWindowExW
DefDlgProcW
GetMessagePos
GetDlgItemTextW
MessageBoxW
SetLayeredWindowAttributes
GetWindowDC
IsWindowEnabled
RealChildWindowFromPoint
MoveWindow
GetDC
IsRectEmpty
AddClipboardFormatListener
ChangeWindowMessageFilter
WindowFromPoint
LoadIconW
DestroyIcon
GetKeyNameTextW
GetForegroundWindow
MapVirtualKeyW
TrackPopupMenuEx
GetClassInfoExW
SetTimer
FillRect
GetSysColorBrush
PostMessageW
GetComboBoxInfo
KillTimer
TrackPopupMenu
AppendMenuW
CreatePopupMenu
ClientToScreen
DestroyMenu
FlashWindowEx
IsDlgButtonChecked
CheckDlgButton
CheckRadioButton
IsCharLowerW
IsCharAlphaW
CharLowerW
CharUpperW
IsClipboardFormatAvailable
GetKeyState
GetClipboardData
RegisterClipboardFormatW
GetAncestor
SendDlgItemMessageW
FindWindowW
IsWindowVisible
IsIconic
SetDlgItemTextW
LoadStringW
SetClipboardData
EmptyClipboard
OpenClipboard
CloseClipboard
TrackMouseEvent
DrawIconEx
GetSysColor
UpdateWindow
SetWindowTextW
EnumChildWindows
LoadCursorW
SetCursor
SetCapture
ReleaseCapture
RemovePropW
GetPropW
SetPropW
IsZoomed
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
InvalidateRect
SetWindowRgn
CallWindowProcW
FindWindowExW
DefWindowProcW
SetWindowPlacement
RegisterClassExW
AdjustWindowRectEx
gdi32
StartDocW
DPtoLP
GetTextExtentPoint32W
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
LineTo
MoveToEx
CreatePen
SetTextColor
DeleteObject
StartPage
SetRectRgn
CreateRectRgnIndirect
CreateRectRgn
SetBkMode
CreateFontIndirectW
GetObjectW
ExtTextOutW
SetBkColor
GetStockObject
GetDeviceCaps
SelectObject
PatBlt
EndPage
EndDoc
EnumFontFamiliesExW
CreateFontW
Rectangle
CreateSolidBrush
CombineRgn
GetObjectA
ExtTextOutA
UnrealizeObject
IntersectClipRect
CreateBitmap
SelectClipRgn
CreatePatternBrush
SetWindowOrgEx
PlayEnhMetaFile
SetBrushOrgEx
RoundRect
SetTextAlign
Ellipse
Polygon
GetTextMetricsW
GetTextExtentExPointA
StretchBlt
GetTextExtentExPointW
GetTextExtentPoint32A
CreateDIBSection
GetNearestColor
comdlg32
PrintDlgExW
PageSetupDlgW
ChooseColorW
advapi32
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
OpenProcessToken
GetTokenInformation
RegOpenKeyW
RegCreateKeyW
RegSetValueW
RegQueryValueExA
RegOpenKeyA
RegEnumKeyExA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
shell32
SHGetFileInfoW
ShellExecuteW
ord190
SHOpenFolderAndSelectItems
SHChangeNotify
CommandLineToArgvW
SHCreateItemFromParsingName
SHGetFolderPathW
SHParseDisplayName
SHBindToParent
DragFinish
SHAddToRecentDocs
DragQueryFileW
ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetSpecialFolderPathA
ShellExecuteExW
SHGetKnownFolderPath
SHGetPropertyStoreForWindow
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
ole32
CoInitialize
CoTaskMemRealloc
OleCreate
StgCreateDocfile
CreateStreamOnHGlobal
OleLockRunning
OleUninitialize
OleInitialize
StringFromGUID2
CLSIDFromString
CoGetClassObject
CoCreateInstance
CLSIDFromProgID
CoUninitialize
CoInitializeEx
PropVariantClear
CoTaskMemAlloc
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CoTaskMemFree
OleRun
oleaut32
VarDecFromI4
SafeArrayPutElement
SafeArrayCreateVector
SafeArrayRedim
SafeArrayDestroy
SafeArrayCopy
VariantInit
VariantChangeType
SafeArrayCreate
SysAllocStringLen
SysStringLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VarUI4FromStr
SysFreeString
VarDecFromR8
SafeArrayUnaccessData
VariantClear
SafeArrayAccessData
SafeArrayGetUBound
VarR8FromDec
SafeArrayGetLBound
SysAllocString
comctl32
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
ord17
InitCommonControlsEx
ImageList_Draw
ord413
ord410
ord412
ord345
shlwapi
PathMatchSpecW
SHAutoComplete
SHDeleteKeyW
PathCanonicalizeW
PathIsRelativeW
PathIsURLW
PathIsDirectoryW
PathFileExistsW
SHSetValueW
SHGetValueW
StrCmpLogicalW
SHCreateStreamOnFileEx
PathFileExistsA
PathIsRelativeA
StrStrIA
gdiplus
GdipFillPath
GdipFillPolygonI
GdipSetSmoothingMode
GdipSetPenWidth
GdiplusShutdown
GdiplusStartup
GdipFillRectangleI
GdipDrawPath
GdipDeleteGraphics
GdipCreateFromHDC
GdipAddPathArcI
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipAlloc
GdipFree
wininet
InternetConnectA
HttpSendRequestA
InternetOpenA
InternetReadFileExA
InternetCrackUrlA
HttpOpenRequestA
HttpQueryInfoA
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoW
InternetErrorDlg
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
DeleteUrlCacheEntryW
InternetCrackUrlW
InternetCloseHandle
InternetOpenW
version
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
urlmon
URLDownloadToFileW
uxtheme
SetWindowTheme
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
CloseThemeData
GetThemeMetric
OpenThemeData
IsAppThemed
netapi32
Netbios
imagehlp
MakeSureDirectoryPathExists
msimg32
AlphaBlend
imm32
ImmNotifyIME
ImmSetCompositionStringW
ImmEscapeW
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmSetCompositionFontW
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow
Sections
.text Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 376KB - Virtual size: 376KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 64KB - Virtual size: 71KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 101KB - Virtual size: 101KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
AllRoundPadTool32.dll.dll regsvr32 windows:5 windows x86 arch:x86
817b55487178c76bd016ea79409daaed
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before17/11/2006, 00:00Not After30/12/2020, 23:59SubjectCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0b:2d:50:0c:99:a3:ed:9e:fa:2c:c0:98:f4:44:04:d0Certificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before08/08/2018, 00:00Not After08/08/2019, 23:59SubjectCN=重庆福晟达科技有限公司,OU=技术部,O=重庆福晟达科技有限公司,L=重庆,ST=重庆,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before17/11/2006, 00:00Not After30/12/2020, 23:59SubjectCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before10/12/2013, 00:00Not After09/12/2023, 23:59SubjectCN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
02:de:2c:55:46:cc:9b:e8:78:34:17:7e:4a:6c:de:1bCertificate
IssuerCN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=USNot Before10/08/2018, 00:00Not After10/08/2019, 23:59SubjectCN=重庆福晟达科技有限公司,OU=技术部,O=重庆福晟达科技有限公司,L=重庆,ST=重庆,C=CNExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate
IssuerCN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before12/01/2016, 00:00Not After11/01/2031, 23:59SubjectCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate
IssuerCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before23/12/2017, 00:00Not After22/03/2029, 23:59SubjectCN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
95:53:96:8b:68:35:fe:26:ac:ec:fb:19:9d:39:ff:f9:aa:13:a7:35:54:16:79:43:25:4e:f5:65:7b:8d:10:78Signer
Actual PE Digest95:53:96:8b:68:35:fe:26:ac:ec:fb:19:9d:39:ff:f9:aa:13:a7:35:54:16:79:43:25:4e:f5:65:7b:8d:10:78Digest Algorithmsha256PE Digest Matchestrueb8:22:05:6e:75:de:f0:7e:57:f0:3d:c8:3c:05:30:f1:73:3d:61:01Signer
Actual PE Digestb8:22:05:6e:75:de:f0:7e:57:f0:3d:c8:3c:05:30:f1:73:3d:61:01Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
uxtheme
CloseThemeData
DrawThemeParentBackground
GetThemeColor
OpenThemeData
IsAppThemed
GetThemeFont
gdi32
DeleteObject
CreateFontIndirectW
advapi32
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegEnumKeyW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
kernel32
CreateProcessA
TerminateProcess
GetLastError
Process32FirstW
GlobalFindAtomW
GetModuleFileNameA
Process32NextW
CreateToolhelp32Snapshot
CloseHandle
CreateThread
SetEvent
GetModuleFileNameW
lstrlenW
DisableThreadLibraryCalls
CreateEventW
OpenEventW
GlobalAddAtomW
GetVersion
Process32First
GetTempFileNameA
GetLocalTime
Process32Next
GetTempPathA
WideCharToMultiByte
MultiByteToWideChar
FindClose
GetProcAddress
GetSystemInfo
GetModuleHandleA
FindFirstFileW
FindNextFileW
GetConsoleMode
GetConsoleCP
SetFilePointer
ReadFile
GlobalDeleteAtom
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
Sleep
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
HeapSize
GetStdHandle
WriteFile
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RtlUnwind
RaiseException
LoadLibraryW
CreateFileW
GetProcessHeap
SetEndOfFile
WriteConsoleW
SetStdHandle
HeapReAlloc
ExitProcess
GetModuleHandleW
GetSystemTimeAsFileTime
TerminateThread
WaitForSingleObject
GetCommandLineA
GetCurrentThreadId
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreateFileA
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
SetHandleCount
CreateMutexW
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
GetCurrentProcessId
EncodePointer
DecodePointer
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
user32
FillRect
SystemParametersInfoW
GetSysColor
GetSysColorBrush
GetWindowTextLengthW
PostMessageW
CallNextHookEx
FindWindowW
GetWindowTextW
FindWindowExW
SetWindowsHookExW
UnhookWindowsHookEx
DestroyWindow
KillTimer
UnregisterClassW
SetFocus
InvalidateRect
GetWindowLongW
ShowWindow
IsWindow
SendMessageW
UpdateWindow
shell32
SHLoadInProc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ole32
CoInitialize
StringFromGUID2
CoUninitialize
CoCreateInstance
gdiplus
GdiplusShutdown
GdiplusStartup
shlwapi
PathFileExistsA
netapi32
Netbios
wininet
HttpQueryInfoA
InternetReadFileExA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetConnectA
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InstallDeskEx
UnInstallDeskEx
Sections
.text Size: 200KB - Virtual size: 199KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
AllRoundPadTool64.dll.dll windows:5 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Sections
.text Size: 219KB - Virtual size: 219KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 76KB - Virtual size: 75KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ