61ff70f618d260220ee014df18586b16_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

61ff70f618d260220ee014df18586b16_JaffaCakes118
Size

3.1MB
MD5

61ff70f618d260220ee014df18586b16
SHA1

25299b56feea30728dcf80c4796164b27e54eb71
SHA256

5b565f58f156fad99170e6fa66a93fab6531124da494b5e060dc831ba1b74687
SHA512

2f29bb15c30835e791aaab571f8f31bba74393032e5f4b5774dc8ac2dcb51857a98dc3c7c25906ad87a261a7e1d9b10612fc374c8c1cb819bd6d047e7462719e
SSDEEP

49152:16sDbzi2hQySZzjZL9jlnkSNfSZARcLkWT/7yCHiPOgP06Dur7zSCYKitqEI:Ao7mNZv59jlnkSN7yTHiFDur7PYlTI

Score

1^/10

Malware Config

Signatures

Files

61ff70f618d260220ee014df18586b16_JaffaCakes118
.zip
634968087898924591.png
634968087899860591.png
APISupport/APISupport.dll
.dll windows:5 windows x86 arch:x86

961ae8d7343843bf12ee1daf3105c47f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:e7:73:8e:28:2f:77:36:9a:5a:4c:0e:d3:1a:3c:9f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/02/2014, 00:00

Not After

04/02/2016, 23:59

Subject

CN=ClientConnect LTD,OU=Trovi TB+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ClientConnect LTD,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

90:cd:22:cf:79:2b:18:7a:60:87:dc:95:69:e7:ab:f7:88:99:6d:19
Signer

Actual PE Digest

90:cd:22:cf:79:2b:18:7a:60:87:dc:95:69:e7:ab:f7:88:99:6d:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Builds\92\SmartBar\SmartBar_10_31_0\Binaries\APISupport.pdb

Imports

psapi

GetModuleFileNameExW
EnumProcessModules

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

urlmon

URLDownloadToFileW

crypt32

CertCloseStore
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CryptMsgClose

wininet

InternetCanonicalizeUrlA

user32

RemovePropW
SetPropW
wsprintfW

ole32

CoSetProxyBlanket
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx
StringFromGUID2
CoCreateGuid
CoInitializeSecurity

oleaut32

VariantChangeType
SysAllocString
SysFreeString
VariantClear
VariantCopy
VariantInit

kernel32

HeapDestroy
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
OutputDebugStringW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
GetVolumeInformationW
GetLastError
LocalFree
GetComputerNameW
OpenProcess
CloseHandle
GetProcAddress
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
WaitForSingleObject
GetCurrentProcessId
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
CopyFileW
CreateFileW
GetFileSize
GetDiskFreeSpaceExW
MoveFileExW
GetModuleFileNameW
LoadLibraryW
CreateDirectoryW
GetModuleHandleExW
LocalAlloc
InterlockedIncrement
InterlockedDecrement
SetEvent
FormatMessageW
lstrlenW
Sleep
CreateThread
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetLastError
CreateEventW
WaitForMultipleObjects
TerminateProcess
CreateProcessW
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
CreateMutexW
OpenMutexW
GetCommandLineW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
GetTickCount
VerSetConditionMask
VerifyVersionInfoW
GetNativeSystemInfo
GetSystemInfo
GetCurrentProcess
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
lstrlenA
GetFullPathNameW
GetFullPathNameA
CreateFileA
SetFilePointer
TlsGetValue
SetEndOfFile
UnlockFile
LockFile
GetSystemTimeAsFileTime
WriteFile
TlsSetValue
GetFileAttributesA
ReadFile
FlushFileBuffers
GetTempPathW
LockFileEx
LoadLibraryA
TlsAlloc
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
GetStringTypeW
EncodePointer
DecodePointer
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
HeapReAlloc
RtlUnwind
RaiseException
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsFree
GetStartupInfoW
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
ExitProcess
HeapSize
GetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
GetFileType
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
QueryPerformanceCounter
GetTimeZoneInformation
GetVersionExW

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
ConvertSidToStringSidW
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
LookupAccountNameW
CryptDestroyHash
LookupAccountSidW
GetTokenInformation
OpenProcessToken
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetFolderPathW
CommandLineToArgvW
SHCreateDirectoryExW

shlwapi

PathRemoveFileSpecW
PathStripPathW
PathFileExistsW

Exports

Exports

DLLRunAPISupport
DllRTA
DllRevertSettings

Sections

.text
Size: 768KB - Virtual size: 767KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AbstractionLayerBack.js
.js
AbstractionLayerFront.js
.js
CT3317495.txt
CT3317495_public.txt
Search/NewTabPages/API/Applications.js
.js
Search/NewTabPages/API/Bookmarks.js
.js
Search/NewTabPages/API/CntRedirect.js
.js
Search/NewTabPages/API/DeveloperMode.js
.js
Search/NewTabPages/API/EmbeddedConfig.js
.js
Search/NewTabPages/API/EventHandler.js
.js
Search/NewTabPages/API/Global.js
.js
Search/NewTabPages/API/LocationService.js
.js
Search/NewTabPages/API/LogMsg.js
.js
Search/NewTabPages/API/MostVisited.js
.js
Search/NewTabPages/API/NewTabAPI.js
.js
Search/NewTabPages/API/RecentlyClosed.js
.js
Search/NewTabPages/API/SearchBox.js
.js
Search/NewTabPages/API/SearchBoxIframe.js
.js
Search/NewTabPages/API/ServiceMap.js
.js
Search/NewTabPages/API/Settings.js
.js
Search/NewTabPages/API/Thumbnails.js
.js
Search/NewTabPages/API/Toolbar.js
.js
Search/NewTabPages/API/Translation.js
.js
Search/NewTabPages/API/Usage.js
.js
Search/NewTabPages/API/enable_disable.js
Search/NewTabPages/API/startupSequence.js
.js
Search/NewTabPages/css/about_memory.css
Search/NewTabPages/css/alert_overlay.css
Search/NewTabPages/css/apps_page.css
Search/NewTabPages/css/bubble.css
Search/NewTabPages/css/chrome_shared.css
Search/NewTabPages/css/chrome_shared2.css
Search/NewTabPages/css/chrome_shared2_touch.css
Search/NewTabPages/css/dialogs.css
Search/NewTabPages/css/expandable_bubble.css
Search/NewTabPages/css/footer_menu.css
Search/NewTabPages/css/list.css
Search/NewTabPages/css/menu.css
Search/NewTabPages/css/most_visited_page.css
Search/NewTabPages/css/nav_dot.css
Search/NewTabPages/css/new_tab.css
Search/NewTabPages/css/new_tab_theme.css
Search/NewTabPages/css/overlay.css
Search/NewTabPages/css/spinner.css
Search/NewTabPages/css/suggestions_page.css
Search/NewTabPages/css/table.css
Search/NewTabPages/css/tabs.css
Search/NewTabPages/css/throbber.css
Search/NewTabPages/css/tile_page.css
Search/NewTabPages/css/trash.css
Search/NewTabPages/css/tree.css
Search/NewTabPages/css/ui_account_tweaks.css
Search/NewTabPages/css/widgets.css
Search/NewTabPages/html/NewTabBackground.html
.html
Search/NewTabPages/html/Options.html
Search/NewTabPages/html/alert_overlay.html
Search/NewTabPages/html/appLauncher.html
.html
Search/NewTabPages/html/loadfile.html
.html
Search/NewTabPages/html/new_tab.html
.html
Search/NewTabPages/html/redirect.html
.html .js polyglot
Search/NewTabPages/html/trash.html
Search/NewTabPages/img/IDR_PRODUCT_LOGO.png
.png
Search/NewTabPages/img/ImagesRepository.json
Search/NewTabPages/img/WebStore128.png
.png
Search/NewTabPages/img/__IDR_PRODUCT_LOGO.png
.png
Search/NewTabPages/img/app_promo_button.png
.png
Search/NewTabPages/img/check.png
.png
Search/NewTabPages/img/checkbox_black.png
.png
Search/NewTabPages/img/checkbox_white.png
.png
Search/NewTabPages/img/close_bar.png
.png
Search/NewTabPages/img/close_bar_2x.png
.png
Search/NewTabPages/img/close_bar_h.png
.png
Search/NewTabPages/img/close_bar_h_2x.png
.png
Search/NewTabPages/img/close_bar_mask.png
.png
Search/NewTabPages/img/close_bar_mask_2x.png
.png
Search/NewTabPages/img/close_bar_p.png
.png
Search/NewTabPages/img/close_bar_p_2x.png
.png
Search/NewTabPages/img/closed_window.png
.png
Search/NewTabPages/img/detected_sd.png
.png
Search/NewTabPages/img/detected_usb.png
.png
Search/NewTabPages/img/disabled_select.png
.png
Search/NewTabPages/img/disclosure_triangle_mask.png
.png
Search/NewTabPages/img/downloads_section.png
.png
Search/NewTabPages/img/exclamationIcon.png
.png
Search/NewTabPages/img/favicon.ico
Search/NewTabPages/img/favicon.png
.png
Search/NewTabPages/img/folder_closed.png
.png
Search/NewTabPages/img/folder_closed_rtl.png
.png
Search/NewTabPages/img/folder_open.png
.png
Search/NewTabPages/img/folder_open_rtl.png
.png
Search/NewTabPages/img/gear.png
.png
Search/NewTabPages/img/google-transparent.png
.png
Search/NewTabPages/img/guest_icon_standalone.png
.png
Search/NewTabPages/img/help.gif
.gif
Search/NewTabPages/img/history_section.png
.png
Search/NewTabPages/img/icon128.png
.png
Search/NewTabPages/img/icon16.png
.png
Search/NewTabPages/img/icon48.png
.png
Search/NewTabPages/img/icon_checkmark.png
.png
Search/NewTabPages/img/icon_file.png
.png
Search/NewTabPages/img/icon_folder.png
.png
Search/NewTabPages/img/icon_warning.png
.png
Search/NewTabPages/img/icon_warning2.png
.png
Search/NewTabPages/img/insert.png
.png
Search/NewTabPages/img/minus.png
.png
Search/NewTabPages/img/nub.png
.png
Search/NewTabPages/img/nub_mask.png
.png
Search/NewTabPages/img/otr_icon_standalone.png
.png
Search/NewTabPages/img/phishing_icon.png
.png
Search/NewTabPages/img/plus.png
.png
Search/NewTabPages/img/select.png
.png
Search/NewTabPages/img/small_bubble.png
.png
Search/NewTabPages/img/spinner.svg
.xml
Search/NewTabPages/img/star_small.png
.png
Search/NewTabPages/img/success.png
.png
Search/NewTabPages/img/throbber.svg
Search/NewTabPages/img/thumbnailPlaceHolder.png
.png
Search/NewTabPages/img/trash.png
.png
Search/NewTabPages/img/trashBinN.png
.png
Search/NewTabPages/img/x-hover.png
.png
Search/NewTabPages/img/x.png
.png
Search/NewTabPages/js/Base64.js
.js
Search/NewTabPages/js/NewTabBackground.js
.js
Search/NewTabPages/js/SearchBoxPage.js
.js
Search/NewTabPages/js/ZipFile.js
.js
Search/NewTabPages/js/alert_overlay.js
.js
Search/NewTabPages/js/appLauncher.js
.js
Search/NewTabPages/js/apps_page.js
.js
Search/NewTabPages/js/autocomplete_list.js
.js
Search/NewTabPages/js/bubble.js
.js
Search/NewTabPages/js/card_slider.js
.js
Search/NewTabPages/js/color-thief.js
.js
Search/NewTabPages/js/command.js
.js
Search/NewTabPages/js/command_line.js
.js
Search/NewTabPages/js/context_menu_button.js
.js
Search/NewTabPages/js/context_menu_handler.js
.js
Search/NewTabPages/js/cr.js
.js
Search/NewTabPages/js/database.js
Search/NewTabPages/js/dialogs.js
.js
Search/NewTabPages/js/dot_list.js
.js
Search/NewTabPages/js/drag_wrapper.js
.js
Search/NewTabPages/js/event_target.js
.js
Search/NewTabPages/js/event_tracker.js
.js
Search/NewTabPages/js/expandable_bubble.js
.js
Search/NewTabPages/js/focus_outline_manager.js
.js
Search/NewTabPages/js/i18n_process.js
Search/NewTabPages/js/i18n_template.js
.js
Search/NewTabPages/js/i18n_template2.js
.js
Search/NewTabPages/js/jquery.js
.js
Search/NewTabPages/js/link_controller.js
.js
Search/NewTabPages/js/loadFile.js
.js
Search/NewTabPages/js/load_time_data.js
.js
Search/NewTabPages/js/local_strings.js
.js
Search/NewTabPages/js/logerror.js
.js
Search/NewTabPages/js/logging.js
.js
Search/NewTabPages/js/md5.js
.js
Search/NewTabPages/js/media_common.js
Search/NewTabPages/js/menu.js
.js
Search/NewTabPages/js/menu_button.js
.js
Search/NewTabPages/js/menu_item.js
.js
Search/NewTabPages/js/most_visited_page.js
.js
Search/NewTabPages/js/nav_dot.js
.js
Search/NewTabPages/js/newTabBeforeStart.js
.js
Search/NewTabPages/js/newTabLoadTimeData.js
Search/NewTabPages/js/new_tab.js
.js
Search/NewTabPages/js/options.js
.js
Search/NewTabPages/js/other_sessions.js
.js
Search/NewTabPages/js/overlay.js
.js
Search/NewTabPages/js/page_list_view.js
.js
Search/NewTabPages/js/page_switcher.js
.js
Search/NewTabPages/js/parse_html_subset.js
.js
Search/NewTabPages/js/position_util.js
.js
Search/NewTabPages/js/promise.js
.js
Search/NewTabPages/js/quantize.js
.js
Search/NewTabPages/js/recently_closed.js
.js
Search/NewTabPages/js/repeating_button.js
.js
Search/NewTabPages/js/search_history.js
.js
Search/NewTabPages/js/splitter.js
.js
Search/NewTabPages/js/suggestions_page.js
.js
Search/NewTabPages/js/tile_page.js
.js
Search/NewTabPages/js/touch_handler.js
.js
Search/NewTabPages/js/trash.js
.js
Search/NewTabPages/js/tree.css.js
.js
Search/NewTabPages/js/tree.js
.js
Search/NewTabPages/js/ui.js
.js
Search/NewTabPages/js/ui_account_tweaks.js
.js
Search/NewTabPages/js/util.js
.js
Search/html/SearchBackground.html
Search/html/searchInNewTabAPI.js
.js
Search/initData.json
_locales/en/messages.json
blank.png
.png
icon.png
.png
initdata.json
js/JSONStringify.js
.js
js/bcview.js
.js
js/chromeBackstage.html
.html
js/chromeBackstage.js
.js
js/chromeBackstageLoader.js
.js
js/communicator.back.js
.js
js/compatibility.end.js
.js
js/compatibility.service.js
.js
js/compatibility.start.js
.js
js/contentScript.js
.js
js/framework.js
.js
js/iframeHost.html
.html
js/iframeHost.js
.js
js/lib/jquery-1.5.min.js
.js
js/logger.js
.js
js/match.js
.js
js/nativeMsgCom.js
.js
js/navigationHandler.js
.js
js/options/Options.html
.html
js/pluginLoader.js
.js
js/pricegongMigration.js
.js
js/tabs/back/postNavigation.htm
.html .js polyglot
js/toolbarAPI/toolbarAPI.js
.js
js/toolbarEnv.js
.js
js/updatesManager.js
.js
js/verlyEarly.js
.js
mam/background.html
mam/scripts/background.js
.js
mam/scripts/contentScripts/contentScript.js
.js
mam/scripts/iframeHost.html
.html
mam/scripts/iframeHost.js
.js
mam/scripts/popup.js
.js
mam/settings.json
manifest.json
nativeMessaging/TBMessagingHost.exe
.exe windows:5 windows x86 arch:x86

02b082f469142972a9e535349e66fa52

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:e7:73:8e:28:2f:77:36:9a:5a:4c:0e:d3:1a:3c:9f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/02/2014, 00:00

Not After

04/02/2016, 23:59

Subject

CN=ClientConnect LTD,OU=Trovi TB+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ClientConnect LTD,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cc:d7:44:78:60:b0:9a:dc:72:d6:f9:2d:42:55:c3:87:41:29:f3:07
Signer

Actual PE Digest

cc:d7:44:78:60:b0:9a:dc:72:d6:f9:2d:42:55:c3:87:41:29:f3:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Builds\92\SmartBar\SmartBar_10_31_0\Binaries\TBMessagingHost.pdb

Imports

netapi32

NetWkstaGetInfo
NetApiBufferFree

psapi

GetModuleFileNameExW
GetProcessMemoryInfo
EnumProcessModules

kernel32

InterlockedDecrement
lstrlenA
lstrlenW
InterlockedIncrement
LocalAlloc
QueueUserWorkItem
FindFirstFileW
MoveFileExW
WriteFile
CopyFileW
GetFileAttributesW
GetModuleFileNameW
CreateFileW
FindClose
RemoveDirectoryW
FindNextFileW
GetDiskFreeSpaceExW
DeleteFileW
SetFileAttributesW
GetEnvironmentVariableW
CreateProcessW
GetProcessId
CreateMutexW
SetFilePointer
TlsGetValue
GetSystemTimeAsFileTime
InitializeCriticalSection
TlsSetValue
LeaveCriticalSection
EnterCriticalSection
GetFileAttributesExW
DeleteCriticalSection
ReleaseMutex
TlsAlloc
GetTickCount
CreateFileA
GetCurrentProcess
HeapAlloc
HeapFree
GetProcessHeap
ResumeThread
WaitForMultipleObjects
GetSystemTime
GetStringTypeW
EncodePointer
DecodePointer
HeapDestroy
HeapReAlloc
HeapSize
ReadConsoleW
QueryPerformanceCounter
GetModuleFileNameA
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetFileType
LoadLibraryExW
GetOEMCP
GetACP
CreateEventW
GetLocalTime
Sleep
IsValidCodePage
GetCurrentProcessId
GetProcAddress
GetStdHandle
ReadFile
GetVersionExW
LoadLibraryW
OutputDebugStringW
FreeLibrary
GetCommandLineW
GetCurrentThreadId
RaiseException
GetLocaleInfoW
GetUserDefaultLCID
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
TerminateThread
Process32FirstW
SetLastError
GetLastError
TerminateProcess
OpenProcess
SetEvent
WaitForSingleObject
LocalFree
MultiByteToWideChar
FormatMessageW
WideCharToMultiByte
LockResource
SizeofResource
FreeEnvironmentStringsW
GetEnvironmentStringsW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetModuleHandleW
GetStartupInfoW
TlsFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleExW
ExitProcess
InitializeCriticalSectionAndSpinCount
LoadResource
FindResourceW
FindResourceExW
SetStdHandle
WriteConsoleW
SetEndOfFile
CreateThread

user32

GetWindowThreadProcessId
OpenIcon
FindWindowExW
wsprintfW
IsIconic
SetWindowPos
GetClassNameA
AttachThreadInput
SetFocus
GetForegroundWindow
EnumChildWindows
SendMessageW

advapi32

SetSecurityDescriptorDacl
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
CryptDestroyHash
CryptDestroyKey
CryptGenKey
GetSecurityDescriptorDacl
SetSecurityDescriptorSacl
GetLengthSid
GetSecurityDescriptorSacl
FreeSid
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
InitializeSecurityDescriptor
CopySid
GetTokenInformation
OpenProcessToken
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
RegCreateKeyExW

ole32

CoInitializeEx
CoCreateGuid
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitialize
CoInitializeSecurity
CoSetProxyBlanket
StringFromGUID2

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHGetFolderPathW
CommandLineToArgvW

oleaut32

VariantChangeType
SysAllocString
SysFreeString
VariantInit
VariantClear

shlwapi

UrlUnescapeW
PathFileExistsW
PathRemoveFileSpecW

oleacc

AccessibleObjectFromWindow

wininet

InternetCanonicalizeUrlA
InternetGetConnectedState
InternetCrackUrlW

ws2_32

WSACleanup
gethostbyname
closesocket
socket
recv
send
WSAStartup
htons
WSAGetLastError
connect

secur32

InitializeSecurityContextW
AcquireCredentialsHandleW
FreeContextBuffer
EncryptMessage
ApplyControlToken
DecryptMessage
FreeCredentialsHandle
DeleteSecurityContext
QueryContextAttributesW

crypt32

CertStrToNameW
CertCreateSelfSignCertificate
CryptFindCertificateKeyProvInfo
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CryptMsgClose

dbghelp

MiniDumpWriteDump

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 739KB - Virtual size: 739KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nativeMessaging/nmHostConfig.json
nativeMessaging/nmHostManifest.json
plugins/ChromeApiPlugin.dll
.dll windows:5 windows x86 arch:x86

ea23e467beb2442f70c3a0bc630b1b3c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:e7:73:8e:28:2f:77:36:9a:5a:4c:0e:d3:1a:3c:9f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/02/2014, 00:00

Not After

04/02/2016, 23:59

Subject

CN=ClientConnect LTD,OU=Trovi TB+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ClientConnect LTD,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:71:78:bf:1e:9b:bb:15:0d:28:cd:ee:95:b3:3c:81:7a:92:4f:b8
Signer

Actual PE Digest

04:71:78:bf:1e:9b:bb:15:0d:28:cd:ee:95:b3:3c:81:7a:92:4f:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Builds\92\SmartBar\SmartBar_10_31_0\Binaries\ConduitChromeApiPlugin.pdb

Imports

gdiplus

GdiplusShutdown
GdiplusStartup

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
GetLastError
MultiByteToWideChar
SetLastError
Process32NextW
CloseHandle
Process32FirstW
CreateToolhelp32Snapshot
WaitForSingleObject
TerminateProcess
OpenProcess
CreateProcessW
GetLocaleInfoW
GetUserDefaultLCID
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
HeapAlloc
LCMapStringW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
HeapCreate
HeapDestroy
TlsAlloc
LockResource
TlsSetValue
TlsFree
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
SizeofResource
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
GetModuleFileNameW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
FreeLibrary
LoadLibraryW
WriteConsoleW
SetStdHandle
CreateFileW
SetEndOfFile
GetProcessHeap
GetVersionExW
FormatMessageW
lstrlenW
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
GetFileSize
QueueUserWorkItem
CopyFileW
OutputDebugStringW
CreateEventW
SetEvent
lstrlenA
GetModuleFileNameA
TlsGetValue
LocalFree

user32

DestroyWindow
CreateWindowExW
IsWindow
PostMessageW
wsprintfW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegOpenKeyW
RegEnumKeyW
RegDeleteValueW
RegEnumKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptDestroyHash

shell32

SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathRemoveExtensionW
PathIsDirectoryW
PathFindFileNameW

psapi

EnumProcessModules
GetModuleFileNameExW

comctl32

ord413
ord411
ord410
ord412

Exports

Exports

NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Shutdown

Sections

.text
Size: 386KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shouldShowTB.txt
tb/al/aboutBox/aboutBox.html
tb/al/aboutBox/images/OK-Button-Default.png
.png
tb/al/aboutBox/images/OK-Button-MouseOver.png
.png
tb/al/aboutBox/images/OK-Button-OnClick.png
.png
tb/al/aboutBox/images/logo.png
.png
tb/al/aboutBox/images/truste.gif
.gif
tb/al/aboutBox/images/x.png
.png
tb/al/aboutBox/js/aboutBox.js
.js
tb/al/ac/appManager.controller.js
.js
tb/al/ac/appManager.model.js
.js
tb/al/ac/appManager.view.js
.js
tb/al/ac/css/toolbar.css
tb/al/ac/img/ajax-loader.gif
.gif
tb/al/ac/img/buttonSprites.png
.png
tb/al/ac/img/chevron_sprites.png
.png
tb/al/ac/img/fallback24.png
.png
tb/al/ac/img/ie8_mouseover_button.png
.png
tb/al/ac/img/ie8_onclick_button.png
.png
tb/al/ac/img/loader-icon.png
.png
tb/al/ac/img/menu_arrow.png
.png
tb/al/ac/img/minibrowser.png
.png
tb/al/ac/img/minibrowser24.png
.png
tb/al/ac/img/mp_sprites.png
.png
tb/al/ac/img/new_chevron_sprites.png
.png
tb/al/ac/img/rounded_corners_left_transparent.png
.png
tb/al/ac/img/rounded_corners_left_white.png
.png
tb/al/ac/img/rounded_corners_left_white_34.png
.png
tb/al/ac/img/rounded_corners_right_transparent.png
.png
tb/al/ac/img/rounded_corners_right_white.png
.png
tb/al/ac/img/rounded_corners_right_white_34.png
.png
tb/al/ac/img/separator.png
.png
tb/al/ac/img/separator_hover.png
.png
tb/al/ac/img/uus.png
.png
tb/al/ac/res/yoxscroll.js
.js
tb/al/al.view.html
tb/al/api/toolbarapi.js
.js
tb/al/api/webAppApi.js
.js
tb/al/api/webAppApiFront.js
.js
tb/al/msd/excanvas.js
.js
tb/al/msd/trusted.html
tb/al/msd/trusted.js
.js
tb/al/msd/untrusted.css
tb/al/msd/untrusted.html
tb/al/msd/untrusted.js
.js
tb/al/options/css/jquery.jscrollpane.css
tb/al/options/css/options.css
tb/al/options/css/reset.css
tb/al/options/images/bg-hide-click.png
.png
tb/al/options/images/bg-hide.png
.png
tb/al/options/images/checkbox-check-off.png
.png
tb/al/options/images/checkbox-check-on.png
.png
tb/al/options/images/ic_Closer.png
.png
tb/al/options/images/ic_Closer_hover.png
.png
tb/al/options/images/logo.png
.png
tb/al/options/images/minibrowser.png
.png
tb/al/options/images/scroller.png
.png
tb/al/options/images/sprite-ok-button.png
.png
tb/al/options/images/truste.gif
.gif
tb/al/options/images/x.png
.png
tb/al/options/js/html5SupportIe.js
.js
tb/al/options/js/options.js
.js
tb/al/options/js/resources/html5shiv.js
.js
tb/al/options/js/resources/jquery.jscrollpane.min.js
.js
tb/al/options/js/resources/jquery.mousewheel.js
.js
tb/al/options/options.html
tb/al/sp/js/searchProtectorManager.js
.js
tb/al/sp/spbd/bubble.css
tb/al/sp/spbd/bubble.js
.js
tb/al/sp/spbd/images/information.png
.png
tb/al/sp/spbd/images/x-default-LTR.png
.png
tb/al/sp/spbd/images/x-default-RTL.png
.png
tb/al/sp/spbd/images/x-mouseover-LTR.png
.png
tb/al/sp/spbd/images/x-mouseover-RTL.png
.png
tb/al/sp/spbd/main.html
tb/al/sp/spsd/SearchProtector.css
tb/al/sp/spsd/images/ok-button.png
.png
tb/al/sp/spsd/images/separation-line.png
.png
tb/al/sp/spsd/images/warning.png
.png
tb/al/sp/spsd/main.html
tb/al/sp/spsd/settings.js
.js
tb/al/ui/dlg/DialogsAPI.js
.js
tb/al/ui/dlg/PIE.htc
.js
tb/al/ui/dlg/excanvas.js
.js
tb/al/ui/dlg/ftd/ToolbarFirstTimeDialog.css
tb/al/ui/dlg/ftd/ToolbarFirstTimeDialog.js
.js
tb/al/ui/dlg/ftd/images/Thumbs.db
tb/al/ui/dlg/ftd/images/app-store-icon.png
.png
tb/al/ui/dlg/ftd/images/arrow.png
.png
tb/al/ui/dlg/ftd/images/dialog_tip_left.png
.png
tb/al/ui/dlg/ftd/images/dialog_tip_right.png
.png
tb/al/ui/dlg/ftd/images/divider.png
.png
tb/al/ui/dlg/ftd/images/emailNotifier.gif
.gif
tb/al/ui/dlg/ftd/images/facebook.png
.png
tb/al/ui/dlg/ftd/images/radio.GIF
.gif
tb/al/ui/dlg/ftd/images/truste_welcome.GIF
.gif
tb/al/ui/dlg/ftd/images/weather.GIF
.gif
tb/al/ui/dlg/ftd/main.html
tb/al/ui/dlg/generalDialogStyle.css
tb/al/ui/dlg/restart/images/2.0--spec--kicker.png
.png
tb/al/ui/dlg/restart/images/OK-Button-Default.png
.png
tb/al/ui/dlg/restart/images/OK-Button-MouseOver.png
.png
tb/al/ui/dlg/restart/images/OK-Button-OnClick.png
.png
tb/al/ui/dlg/restart/images/content-pattern.png
.png
tb/al/ui/dlg/restart/images/content-sep.png
.png
tb/al/ui/dlg/restart/images/x.png
.png
tb/al/ui/dlg/restart/main.html
tb/al/ui/dlg/restart/restartDialog.css
tb/al/ui/dlg/restart/restartDialog.js
.js
tb/al/ui/dlg/settings.js
.js
tb/al/ui/gadgetFrame/gf.html
tb/al/ui/gadgetFrame/lgf.html
.html
tb/al/ui/gf/css/gf.css
tb/al/ui/gf/css/gf_ie.css
tb/al/ui/gf/gf.html
tb/al/ui/gf/img/ie_back.gif
.gif
tb/al/ui/gf/img/loader.gif
.gif
tb/al/ui/gf/img/resize.gif
.gif
tb/al/ui/gf/img/sprites.png
.png
tb/al/ui/gf/js/gf.view.js
.js
tb/al/ui/gf/js/lgf.view.js
.js
tb/al/ui/gf/lgf.html
.html
tb/al/ui/menu/css/menu.css
tb/al/ui/menu/img/arrow-down-strong.png
.png
tb/al/ui/menu/img/arrow-down.png
.png
tb/al/ui/menu/img/arrow-left-strong.png
.png
tb/al/ui/menu/img/arrow-left.png
.png
tb/al/ui/menu/img/arrow-right-strong.png
.png
tb/al/ui/menu/img/arrow-right.png
.png
tb/al/ui/menu/img/arrows.png
.png
tb/al/ui/menu/js/jquery.ellipsis.js
.js
tb/al/ui/menu/js/jquery.scrollTo-1.4.2-min.js
.js
tb/al/ui/menu/js/menu.js
.js
tb/al/ui/menu/js/renderHandler.js
.js
tb/al/ui/menu/js/scrollers.js
.js
tb/al/ui/menu/js/showHandler.js
.js
tb/al/ui/menu/popup.html
.html
tb/al/ui/menus.js
.js
tb/al/ui/popups.js
.js
tb/al/wa/APPLICATION_BUTTON/Js/bgpage.js
.js
tb/al/wa/APPLICATION_BUTTON/bgpage.html
.html
tb/al/wa/APPLICATION_BUTTON/resources/defaultEngineImage.gif
.gif
tb/al/wa/EMAIL_NOTIFIER/bgPage.html
tb/al/wa/EMAIL_NOTIFIER/css/en.css
tb/al/wa/EMAIL_NOTIFIER/css/en_rtl.css
tb/al/wa/EMAIL_NOTIFIER/css/jquery.jscrollpane.css
tb/al/wa/EMAIL_NOTIFIER/js/AccountManager.js
.js
tb/al/wa/EMAIL_NOTIFIER/js/EN.model.js
.js
tb/al/wa/EMAIL_NOTIFIER/js/IMAPExecuter.js
.js
tb/al/wa/EMAIL_NOTIFIER/js/Inboxer.js
.js
tb/al/wa/EMAIL_NOTIFIER/js/Invoker.js
.js
tb/al/wa/EMAIL_NOTIFIER/js/MailDecoder.js
.js
tb/al/wa/EMAIL_NOTIFIER/js/MailMerger.js
.js
tb/al/wa/EMAIL_NOTIFIER/js/POP3Executer.js
.js
tb/al/wa/EMAIL_NOTIFIER/js/Popup.js
.js
tb/al/wa/EMAIL_NOTIFIER/js/Providers.js
.js
tb/al/wa/EMAIL_NOTIFIER/js/SettingsManager.js
.js
tb/al/wa/EMAIL_NOTIFIER/js/Timer.js
.js
tb/al/wa/EMAIL_NOTIFIER/js/Translation.js
.js
tb/al/wa/EMAIL_NOTIFIER/js/Utils.js
.js
tb/al/wa/EMAIL_NOTIFIER/js/bgPage.js
.js
tb/al/wa/EMAIL_NOTIFIER/js/providerHelper.js
.js
tb/al/wa/EMAIL_NOTIFIER/popup.html
tb/al/wa/HIGHLIGHTER/bgpage.html
.html
tb/al/wa/HIGHLIGHTER/css/embedded.css
tb/al/wa/HIGHLIGHTER/css/popup.css
tb/al/wa/HIGHLIGHTER/css/reset.css
tb/al/wa/HIGHLIGHTER/embedded.html
.html
tb/al/wa/HIGHLIGHTER/js/bgpage.js
.js
tb/al/wa/HIGHLIGHTER/js/embedded.js
.js
tb/al/wa/HIGHLIGHTER/js/higlighter_script.js
.js
tb/al/wa/HIGHLIGHTER/js/popup.js
.js
tb/al/wa/HIGHLIGHTER/popup.html
tb/al/wa/MULTI_RSS/bgpage.html
tb/al/wa/MULTI_RSS/css/popup.css
tb/al/wa/MULTI_RSS/img/arrows.png
.png
tb/al/wa/MULTI_RSS/img/badges.png
.png
tb/al/wa/MULTI_RSS/img/icons.png
.png
tb/al/wa/MULTI_RSS/js/bgpage.js
.js
tb/al/wa/MULTI_RSS/js/popup.js
.js
tb/al/wa/MULTI_RSS/js/resources/webAppUtils.js
.js
tb/al/wa/MULTI_RSS/popup.html
tb/al/wa/NOTIFICATION/NotificationPopup.html
tb/al/wa/NOTIFICATION/Settings.html
tb/al/wa/NOTIFICATION/bgpage.html
.html
tb/al/wa/NOTIFICATION/css/Main.css
tb/al/wa/NOTIFICATION/css/gadget.css
tb/al/wa/NOTIFICATION/css/general.css
tb/al/wa/NOTIFICATION/css/newMain.css
tb/al/wa/NOTIFICATION/css/settings.css
tb/al/wa/NOTIFICATION/css/ui.stepper.css
tb/al/wa/NOTIFICATION/embedded.html
tb/al/wa/NOTIFICATION/images/closeIcon.png
.png
tb/al/wa/NOTIFICATION/images/dark/Next.png
.png
tb/al/wa/NOTIFICATION/images/dark/Next_hover.png
.png
tb/al/wa/NOTIFICATION/images/dark/Prev.png
.png
tb/al/wa/NOTIFICATION/images/dark/Prev_hover.png
.png
tb/al/wa/NOTIFICATION/images/dark/close.png
.png
tb/al/wa/NOTIFICATION/images/dark/powered-by.png
.png
tb/al/wa/NOTIFICATION/images/dark/settings.png
.png
tb/al/wa/NOTIFICATION/images/downArrow.png
.png
tb/al/wa/NOTIFICATION/images/light/Next.png
.png
tb/al/wa/NOTIFICATION/images/light/Next_hover.png
.png
tb/al/wa/NOTIFICATION/images/light/Prev.png
.png
tb/al/wa/NOTIFICATION/images/light/Prev_hover.png
.png
tb/al/wa/NOTIFICATION/images/light/close.png
.png
tb/al/wa/NOTIFICATION/images/light/powered-by.png
.png
tb/al/wa/NOTIFICATION/images/light/settings.png
.png
tb/al/wa/NOTIFICATION/images/settingsIcon.png
.png
tb/al/wa/NOTIFICATION/images/upArrow.png
.png
tb/al/wa/NOTIFICATION/js/AppName.js
.js
tb/al/wa/NOTIFICATION/js/NotificationSettings.js
.js
tb/al/wa/NOTIFICATION/js/Settings.js
.js
tb/al/wa/NOTIFICATION/js/ToolbarAndAppsSettings.js
.js
tb/al/wa/NOTIFICATION/js/bgpage.js
.js
tb/al/wa/NOTIFICATION/js/bgpageEarly.js
.js
tb/al/wa/NOTIFICATION/js/commons.js
.js
tb/al/wa/NOTIFICATION/js/jquery.ezmark.min.js
.js
tb/al/wa/NOTIFICATION/js/notification.js
.js
tb/al/wa/NOTIFICATION/js/notificationUIManger.js
.js
tb/al/wa/NOTIFICATION/js/stepper.js
.js
tb/al/wa/Optimizer/bgpage.html
tb/al/wa/Optimizer/js/bgpage.js
.js
tb/al/wa/PRICE_GONG/agreement/Close.png
.png
tb/al/wa/PRICE_GONG/agreement/Image.png
.png
tb/al/wa/PRICE_GONG/agreement/Logo.png
.png
tb/al/wa/PRICE_GONG/agreement/OK_Btn.png
.png
tb/al/wa/PRICE_GONG/agreement/Topbg.png
.png
tb/al/wa/PRICE_GONG/agreement/agree.html
tb/al/wa/PRICE_GONG/agreement/agree.js
.js
tb/al/wa/PRICE_GONG/bgpage.html
.html
tb/al/wa/PRICE_GONG/bgpage.js
.js
tb/al/wa/PRICE_GONG/css/custom-theme/jquery-ui-1.8.10.custom.css
tb/al/wa/PRICE_GONG/css/gadget.css
tb/al/wa/PRICE_GONG/css/ie7styles.css
tb/al/wa/PRICE_GONG/css/iestyle.css
tb/al/wa/PRICE_GONG/images/icon.png
.png
tb/al/wa/PRICE_GONG/pg_offers.html
.html
tb/al/wa/PRICE_GONG/pg_offers.js
.js
tb/al/wa/RADIO_PLAYER/bgpage.html
.html
tb/al/wa/RADIO_PLAYER/css/custom-theme/jquery-ui-1.8.10.custom.css
tb/al/wa/RADIO_PLAYER/css/gadget.css
tb/al/wa/RADIO_PLAYER/css/jquery.jscrollpane.css
tb/al/wa/RADIO_PLAYER/css/reset.css
tb/al/wa/RADIO_PLAYER/css/stations.css
tb/al/wa/RADIO_PLAYER/embedded.html
.html
tb/al/wa/RADIO_PLAYER/js/bgpage.js
.js
tb/al/wa/RADIO_PLAYER/js/bgpageEarly.js
.js
tb/al/wa/RADIO_PLAYER/js/embedded.js
.js
tb/al/wa/RADIO_PLAYER/js/embeddedEarly.js
tb/al/wa/RADIO_PLAYER/js/localization.js
.js
tb/al/wa/RADIO_PLAYER/js/player.js
.js
tb/al/wa/RADIO_PLAYER/js/popup.js
.js
tb/al/wa/RADIO_PLAYER/js/resources/BrowserDetect.js
.js
tb/al/wa/RADIO_PLAYER/js/resources/jquery-ui-1.8.10.custom.min.js
.js
tb/al/wa/RADIO_PLAYER/js/resources/jquery.jscrollpane.min.js
.js
tb/al/wa/RADIO_PLAYER/js/resources/jquery.scrollTo-1.4.2-min.js
.js
tb/al/wa/RADIO_PLAYER/js/resources/radioCommon.js
.js
tb/al/wa/RADIO_PLAYER/js/resources/system.js
.js
tb/al/wa/RADIO_PLAYER/js/resources/utils.js
.js
tb/al/wa/RADIO_PLAYER/popup2.html
.html
tb/al/wa/SEARCH/Css/information.popup.css
tb/al/wa/SEARCH/bgpage.html
tb/al/wa/SEARCH/buildSettings/SearchApp_Ant.xml
.xml
tb/al/wa/SEARCH/embedded.html
.html
tb/al/wa/SEARCH/information.popup.html
.html
tb/al/wa/SEARCH/js/bgpage.js
.js
tb/al/wa/SEARCH/js/common.js
.js
tb/al/wa/SEARCH/js/contentManager.js
.js
tb/al/wa/SEARCH/js/historyProvider.js
.js
tb/al/wa/SEARCH/js/information.popup.js
.js
tb/al/wa/SEARCH/js/layoutManager.js
.js
tb/al/wa/SEARCH/js/searchListener.js
.js
tb/al/wa/SEARCH/js/selectionListener.js
.js
tb/al/wa/SEARCH/js/suggestProvider.js
.js
tb/al/wa/SEARCH/resources/history--x-default.png
.png
tb/al/wa/SEARCH/resources/history--x-mouseover.png
.png
tb/al/wa/SEARCH/resources/menu.icon.apps.png
.png
tb/al/wa/SEARCH/view/script/view.js
.js
tb/al/wa/SEARCH/view/style/default.css
tb/al/wa/SEARCH/view/style/rsx/dd-arrow.png
.png
tb/al/wa/SEARCH/view/style/rsx/ie8.png
.png
tb/al/wa/TWITTER/bgpage.html
.html
tb/al/wa/TWITTER/img/icons.png
.png
tb/al/wa/TWITTER/img/inbox.png
.png
tb/al/wa/TWITTER/img/scroll_down.png
.png
tb/al/wa/TWITTER/img/scroll_up.png
.png
tb/al/wa/TWITTER/js/bgpage.js
.js
tb/al/wa/TWITTER/js/localization.js
.js
tb/al/wa/TWITTER/js/popup.js
.js
tb/al/wa/TWITTER/popup.css
tb/al/wa/TWITTER/popup.html
.html
tb/al/wa/WEATHER/bgpage.html
.html
tb/al/wa/WEATHER/css/gadget.css
tb/al/wa/WEATHER/css/ie7styles.css
tb/al/wa/WEATHER/css/iestyle.css
tb/al/wa/WEATHER/js/bgpage.js
.js
tb/al/wa/WEATHER/js/common.js
.js
tb/al/wa/WEATHER/js/date-functions.js
.js
tb/al/wa/WEATHER/js/gadget.js
.js
tb/al/wa/WEATHER/js/jquery.autocomplete.js
.js
tb/al/wa/WEATHER/js/jquery.textshadow.js
.js
tb/al/wa/WEATHER/js/logic.js
.js
tb/al/wa/WEATHER/js/main.js
.js
tb/al/wa/WEATHER/js/xPath.js
.js
tb/al/wa/WEATHER/popup.html
tb/al/wa/browserAppApi.js
.js
tb/backstage.html
.html
tb/core/corelibs.js
.js
tb/core/framework.js
.js
tb/core/utils.js
.js
tb/lib/al.view.js
.js
tb/lib/al.viewPerformanceLog.js
tb/lib/background.js
.js
tb/lib/ie_fix.js
.js
tb/lib/jquery.alerts/images/help.gif
.gif
tb/lib/jquery.alerts/images/important.gif
.gif
tb/lib/jquery.alerts/images/info.gif
.gif
tb/lib/jquery.alerts/images/title.gif
.gif
tb/lib/jquery.alerts/jquery.alerts.css
tb/lib/jquery.alerts/jquery.alerts.js
.js
tb/lib/jquery.jscrollpane/jquery.jscrollpane.css
tb/lib/jquery.jscrollpane/jquery.jscrollpane.min.js
.js
tb/lib/jquery.min.js
.js
tb/lib/jquery.mousewheel.js
.js
tb/lib/jquery.text-overflow.js
.js
tb/lib/jquery.tmpl.min.js
.js
tb/lib/jquery.xml2json.custom.min.js
.js
tb/lib/jquery.xml2json.js
.js
tb/lib/json2.js
.js
tb/lib/json2.min.js
.js
tb/lib/script2injectEmbedded.js
.js
tb/lib/script2injectPopup.js
.js
tb/lib/sdk.js
.js
tb/sl/serviceLayer.js
.js
tb/version.txt

Sharing

General

Malware Config

Signatures

Files

961ae8d7343843bf12ee1daf3105c47f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

43:e7:73:8e:28:2f:77:36:9a:5a:4c:0e:d3:1a:3c:9fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

90:cd:22:cf:79:2b:18:7a:60:87:dc:95:69:e7:ab:f7:88:99:6d:19Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

version

urlmon

crypt32

wininet

user32

ole32

oleaut32

kernel32

advapi32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 768KB - Virtual size: 767KB

.rdata Size: 126KB - Virtual size: 125KB

.data Size: 13KB - Virtual size: 22KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 65KB - Virtual size: 64KB

02b082f469142972a9e535349e66fa52

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

43:e7:73:8e:28:2f:77:36:9a:5a:4c:0e:d3:1a:3c:9fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

cc:d7:44:78:60:b0:9a:dc:72:d6:f9:2d:42:55:c3:87:41:29:f3:07Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

psapi

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

oleacc

wininet

ws2_32

secur32

crypt32

dbghelp

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

43:e7:73:8e:28:2f:77:36:9a:5a:4c:0e:d3:1a:3c:9f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

90:cd:22:cf:79:2b:18:7a:60:87:dc:95:69:e7:ab:f7:88:99:6d:19
Signer

.text
Size: 768KB - Virtual size: 767KB

.rdata
Size: 126KB - Virtual size: 125KB

.data
Size: 13KB - Virtual size: 22KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 65KB - Virtual size: 64KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

43:e7:73:8e:28:2f:77:36:9a:5a:4c:0e:d3:1a:3c:9f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

cc:d7:44:78:60:b0:9a:dc:72:d6:f9:2d:42:55:c3:87:41:29:f3:07
Signer

.text
Size: 739KB - Virtual size: 739KB

.rdata
Size: 160KB - Virtual size: 160KB

.data
Size: 50KB - Virtual size: 59KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 103KB - Virtual size: 102KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

43:e7:73:8e:28:2f:77:36:9a:5a:4c:0e:d3:1a:3c:9f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

04:71:78:bf:1e:9b:bb:15:0d:28:cd:ee:95:b3:3c:81:7a:92:4f:b8
Signer

.text
Size: 386KB - Virtual size: 385KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 10KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 40KB - Virtual size: 40KB