65975f0ec8f73437db3a5374b09a441b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

65975f0ec8f73437db3a5374b09a441b_JaffaCakes118
Size

6.5MB
MD5

65975f0ec8f73437db3a5374b09a441b
SHA1

e5d72c831e501e7a049bf743ddb335c67028d8b8
SHA256

7a2e6f998920931de03d76bc1fc5087a22becd02301713342a78957afa80b652
SHA512

f01e46387933feef3013c1e6b8b7575f699b9cfc5f0c7e444ee4934c1ba16086685cc706ead2ec7939c893e0ddb1a6e3de88c57a37f564fa3326ad9077809bbf
SSDEEP

196608:XfHYzcMRkypFxLyhiEK6iJ+NXeleJZclLsH5me:PocMR3oFKJJ+NXuwch

Score

3^/10

qr link

Malware Config

Signatures

One or more HTTP URLs in qr code identified
Detects presence of HTTP links in QR codes.
qr link
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/$PLUGINSDIR/System.dll
NSIS installer 1 IoCs
installer

Processes:

resource yara_rule

sample nsis_installer_2

resource
unpack001/$PLUGINSDIR/System.dll

resource	yara_rule
sample	nsis_installer_2

Files

65975f0ec8f73437db3a5374b09a441b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

187b3ae62ff818788b8c779ef7bc3d1c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1f:28:98:08:7c:f9:36:4d:a9:b4:f2:33:2f:11:c7:40
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-08-2019 00:00

Not After

08-08-2020 23:59

Subject

CN=Kuzyakov Artur Vyacheslavovich IP,O=Kuzyakov Artur Vyacheslavovich IP,STREET=kv.29\, 24K1 Tashkentskaya ul.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:28:98:08:7c:f9:36:4d:a9:b4:f2:33:2f:11:c7:40
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-08-2019 00:00

Not After

08-08-2020 23:59

Subject

CN=Kuzyakov Artur Vyacheslavovich IP,O=Kuzyakov Artur Vyacheslavovich IP,STREET=kv.29\, 24K1 Tashkentskaya ul.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:c0:bf:19:8c:50:b3:40:3b:7a:bf:3e:8e:97:b7:7e:77:c9:de:2e:8e:6f:09:f0:2f:21:35:ab:b3:77:d8:6a
Signer

Actual PE Digest

ca:c0:bf:19:8c:50:b3:40:3b:7a:bf:3e:8e:97:b7:7e:77:c9:de:2e:8e:6f:09:f0:2f:21:35:ab:b3:77:d8:6a

Digest Algorithm

sha256

PE Digest Matches

true

d2:42:9f:09:52:89:17:9d:13:25:94:43:df:ef:a0:f8:e2:d3:54:a3
Signer

Actual PE Digest

d2:42:9f:09:52:89:17:9d:13:25:94:43:df:ef:a0:f8:e2:d3:54:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 107KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

5ef604bbc89e9c69ab661261c1f1e93e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalFree
GlobalSize
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcatA
lstrcpyA
lstrcpynA
lstrlenA

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
calloc
free
fwrite
malloc
strlen
strncmp
_unlock
abort
vfprintf

ole32

CLSIDFromString
StringFromGUID2

user32

wsprintfA

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1012B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
DriverPackSolution.html
.hta .js polyglot
Tools/Icon.ico
Tools/load8.gif
.gif
Tools/modules/bugreport.hta
.hta .js polyglot
Tools/patch.reg
Tools/run.hta
.hta .js polyglot
config.js
.js
css/blank.gif
.gif
css/custom-control.css
css/fonts/DRPcheckbox/DRPcheckbox.eot
css/fonts/DRPcheckbox/DRPcheckbox.svg
.xml
css/fonts/DRPcheckbox/DRPcheckbox.ttf
css/fonts/DRPcheckbox/DRPcheckbox.woff
css/fonts/DRPicons/DRPicons-webfont.eot
css/fonts/DRPicons/DRPicons-webfont.svg
.xml
css/fonts/DRPicons/DRPicons-webfont.ttf
css/fonts/DRPicons/DRPicons-webfont.woff
css/fonts/Open-Sans/generator_config.txt
css/fonts/Open-Sans/opensans-bold-webfont.eot
css/fonts/Open-Sans/opensans-bold-webfont.ttf
css/fonts/Open-Sans/opensans-italic-webfont.eot
css/fonts/Open-Sans/opensans-italic-webfont.ttf
css/fonts/Open-Sans/opensans-regular-webfont.eot
css/fonts/Open-Sans/opensans-regular-webfont.ttf
css/fonts/Open-Sans/opensans-semibold-webfont.eot
css/fonts/Open-Sans/opensans-semibold-webfont.ttf
css/fonts/ProximaNova/proxima_nova_light-webfont.eot
css/fonts/ProximaNova/proxima_nova_light-webfont.svg
.xml
css/fonts/ProximaNova/proxima_nova_light-webfont.ttf
css/fonts/ProximaNova/proxima_nova_light-webfont.woff
css/fonts/ProximaNova/proxima_nova_regular-webfont.eot
css/fonts/ProximaNova/proxima_nova_regular-webfont.svg
.xml
css/fonts/ProximaNova/proxima_nova_regular-webfont.ttf
css/fonts/ProximaNova/proxima_nova_regular-webfont.woff
css/fonts/ProximaNova/proxima_nova_semibold-webfont.eot
css/fonts/ProximaNova/proxima_nova_semibold-webfont.svg
.xml
css/fonts/ProximaNova/proxima_nova_semibold-webfont.ttf
css/fonts/ProximaNova/proxima_nova_semibold-webfont.woff
css/fonts/Roboto/roboto-light-webfont.eot
css/fonts/Roboto/roboto-light-webfont.ttf
css/fonts/Roboto/roboto-regular-webfont.eot
css/fonts/Roboto/roboto-regular-webfont.ttf
css/fonts/Roboto/roboto-thin-webfont.eot
css/fonts/Roboto/roboto-thin-webfont.ttf
css/icons-checkbox.css
css/icons.css
css/ie6.css
css/ie7.css
css/lte-ie8.css
css/lte-ie9.css
css/normalize.min.css
css/open-sans.css
css/proximanova.css
css/roboto.css
css/style.css
drp.css
drp.js
.js
img/assistant-chat/chat-icon.png
.png
img/assistant-chat/directx.png
.png
img/assistant-chat/netframework.png
.png
img/assistant-chat/no-sound-hover.png
.png
img/assistant-chat/no-sound.png
.png
img/assistant-chat/sound.png
.png
img/assistant-chat/systemlib.png
.png
img/assistant-chat/visualc.png
.png
img/blank.gif
.gif
img/btn-icon-admin-mode.png
.png
img/bugreport/BugReport_icon_alert.png
.png
img/bugreport/BugReport_icon_ie.png
.png
img/bugreport/BugReport_icon_previous.png
.png
img/bugreport/BugReport_icon_skip.png
.png
img/bugreport/BugReport_loader.gif
.gif
img/burger/auto_installation.png
.png
img/cam.png
.png
img/charms/apps.jpg
.jpg
img/charms/arrow.png
.png
img/charms/computer.png
.png
img/charms/download.jpg
.jpg
img/charms/download.png
.png
img/charms/gears.png
.png
img/charms/help.png
.png
img/charms/info.png
.png
img/charms/line.jpg
.jpg
img/charms/pc.jpg
.jpg
img/charms/programms.png
.png
img/charms/reload-sm.png
.png
img/charms/setup.jpg
.jpg
img/charms/setup.png
.png
img/charms/store.png
.png
img/charms/toolkit.png
.png
img/device-class/bluetooth.png
.png
img/device-class/cardreader.png
.png
img/device-class/chipset.png
.png
img/device-class/default.png
.png
img/device-class/inputdev.png
.png
img/device-class/lan.png
.png
img/device-class/massstorage.png
.png
img/device-class/modem.png
.png
img/device-class/monitor.png
.png
img/device-class/other.png
.png
img/device-class/phone.png
.png
img/device-class/printer.png
.png
img/device-class/sound.png
.png
img/device-class/tvtuner.png
.png
img/device-class/undefined-device.png
.png
img/device-class/video.png
.png
img/device-class/webcamera.png
.png
img/device-class/wifi.png
.png
img/device-generic.png
.png
img/driver-row-arrow.png
.png
img/fake-installation/browser.png
.png
img/fake-installation/connect.png
.png
img/fake-installation/firewall.png
.png
img/fake-installation/torrent.png
.png
img/fake-installation/vpn.png
.png
img/final/final_aside-failure$2x.png
.png
img/final/final_button-warning$2x.png
.png
img/final/final_failure$2x.png
.png
img/final/final_main-cta-arrow$2x.png
.png
img/final/final_partial-success$2x.png
.png
img/final/final_success$2x.png
.png
img/games/games-bottom-logo.png
.png
img/games/games-button-icon-green.png
.png
img/games/games-button-icon-white.png
.png
img/games/games-cloud-big.png
.png
img/games/games-cloud.png
.png
img/games/games-top-civilization.jpg
.jpg
img/games/games-top-doom-large.jpg
.jpg
img/games/games-top-doom.jpg
.jpg
img/games/games-top-gta.jpg
.jpg
img/games/games-top-hitman.jpg
.jpg
img/games/games-top-mafia.jpg
.jpg
img/games/games-top-overwatch.jpg
.jpg
img/games/games-top-resident-evil.jpg
.jpg
img/games/games-top-witcher-large.jpg
.jpg
img/games/games-top-witcher.jpg
.jpg
img/header/header-bell.png
.png
img/header/header-logo$2x.png
.png
img/header/header-logo.png
.png
img/info.png
.png
img/installation-loader.gif
.gif
img/installation/banner-arrow-left.png
.png
img/installation/banner-arrow-right.png
.png
img/installation/banner_auth-bg.jpg
.jpg
img/installation/banner_avast-bg.jpg
.jpg
img/installation/banner_browsers-bg.jpg
.jpg
img/installation/banner_bullit-active.png
.png
img/installation/banner_bullit-empty.png
.png
img/installation/banner_catalog-bg-en.jpg
.jpg
img/installation/banner_catalog-bg-pt-br.jpg
.jpg
img/installation/banner_catalog-bg-ru.jpg
.jpg
img/installation/banner_catalog-bg.jpg
.jpg
img/installation/banner_cloud-bg.jpg
.jpg
img/installation/banner_driverpack-for-all-bg.jpg
.jpg
img/installation/banner_how-it-works-bg.jpg
.jpg
img/installation/banner_istart-bg.jpg
.jpg
img/installation/banner_opera-bg.gif
.gif
img/installation/banner_protect-bg-de.jpg
.jpg
img/installation/banner_protect-bg-en.jpg
.jpg
img/installation/banner_protect-bg-es.jpg
.jpg
img/installation/banner_protect-bg-fr.jpg
.jpg
img/installation/banner_protect-bg-pt-br.jpg
.jpg
img/installation/banner_protect-bg-ru.jpg
.jpg
img/installation/banner_protect-bg.jpg
.jpg
img/installation/banner_restore-bg.jpg
.jpg
img/installation/banner_social-bg-en.jpg
.jpg
img/installation/banner_social-bg-ru.jpg
.jpg
img/installation/banner_social-fb.png
.png
img/installation/banner_social-vk.png
.png
img/installation/banner_virus-bg.png
.png
img/installation/banner_win-10-bg.jpg
.jpg
img/installation/banner_yandex.png
.png
img/installation/confirm-popup-check-mark.png
.png
img/installation/controls/cancel.png
.png
img/installation/controls/cancel_disable.png
.png
img/installation/controls/cancel_hover.png
.png
img/installation/controls/close.png
.png
img/installation/controls/close_hover.png
.png
img/installation/controls/info_hover.png
.png
img/installation/controls/info_normal.png
.png
img/installation/controls/less_hover.png
.png
img/installation/controls/less_normal.png
.png
img/installation/controls/more_hover.png
.png
img/installation/controls/more_normal.png
.png
img/installation/controls/pause.png
.png
img/installation/controls/pause_hover.png
.png
img/installation/controls/play.png
.png
img/installation/controls/play_hover.png
.png
img/installation/controls/reload.png
.png
img/installation/controls/reload_disable.png
.png
img/installation/controls/reload_hover.png
.png
img/installation/drivers/DP_Biometric.png
.png
img/installation/drivers/DP_Printer.png
.png
img/installation/drivers/DP_TV_DVB.png
.png
img/installation/drivers/DP_Touchpad.png
.png
img/installation/drivers/DP_xUSB.png
.png
img/installation/drivers/Notebook.png
.png
img/installation/drivers/Scanner.png
.png
img/installation/drivers/bluetooth.png
.png
img/installation/drivers/cardreader.png
.png
img/installation/drivers/chipset.png
.png
img/installation/drivers/inputdev.png
.png
img/installation/drivers/lan.png
.png
img/installation/drivers/massstorage.png
.png
img/installation/drivers/modem.png
.png
img/installation/drivers/monitor.png
.png
img/installation/drivers/other.png
.png
img/installation/drivers/phone.png
.png
img/installation/drivers/printer.png
.png
img/installation/drivers/restore_point.png
.png
img/installation/drivers/sound.png
.png
img/installation/drivers/tvtuner.png
.png
img/installation/drivers/vendor.png
.png
img/installation/drivers/video.png
.png
img/installation/drivers/webcamera.png
.png
img/installation/drivers/wifi.png
.png
img/installation/drivers/zBad.png
.png
img/installation/icon-details.png
.png
img/installation/icon-install.png
.png
img/installation/icon-installed.png
.png
img/installation/soft/Antivirus.png
.png
img/installation/soft/Archiver.png
.png
img/installation/soft/Backup.png
.png
img/installation/soft/Browser.png
.png
img/installation/soft/Drivers.png
.png
img/installation/soft/Internet.png
.png
img/installation/soft/Messenger.png
.png
img/installation/soft/Player.png
.png
img/installation/soft/System.png
.png
img/installation/soft/Viewer.png
.png
img/installation/statuses/done.png
.png
img/installation/statuses/error.png
.png
img/installation/statuses/progress.gif
.gif
img/installation/statuses/sleep.png
.png
img/loading-finish.png
.png
img/loading-spiner.gif
.gif
img/loading.gif
.gif
img/med_logo.png
.png
img/med_logo_dark.png
.png
img/med_logo_ui2.png
.png
img/new-logo.png
.png
img/no_internet/no_internet-complete.png
.png
img/no_internet/no_internet-connection.png
.png
img/no_internet/no_internet-step1.png
.png
img/no_internet/no_internet-step2.png
.png
img/onboarding-new/antivirus.png
.png
img/onboarding-new/assistant-off.png
.png
img/onboarding-new/average.png
.png
img/onboarding-new/awesome.png
.png
img/onboarding-new/checking.png
.png
img/onboarding-new/compilation.png
.png
img/onboarding-new/continuous.png
.png
img/onboarding-new/drp-team.gif
.gif
img/onboarding-new/drp-team.png
.png
img/onboarding-new/hacker.png
.png
img/onboarding-new/opera-chrome.png
.png
img/onboarding-new/opera-low-ram.png
.png
img/onboarding-new/opera-mining.png
.png
img/onboarding-new/opera-notebook.png
.png
img/onboarding-new/opera-opened-browser-ram.png
.png
img/onboarding-new/opera-slow-connection.png
.png
img/onboarding-new/opera-touch-left.png
.png
img/onboarding-new/opera-touch-sync.png
.png
img/onboarding-new/opera-touch-top-right-block-left.png
.png
img/onboarding-new/opera-touch-top-right-block-right.png
.png
- https://is.gd/getnewoperatouch
img/onboarding-new/opera-update.png
.png
img/onboarding-new/opera-vpn.png
.png
img/onboarding-new/opera.png
.png
img/onboarding-new/reboot.png
.png
img/onboarding-new/reliability-2.png
.png
img/onboarding-new/reliability.png
.png
img/onboarding-new/reviews-back.png
.png
img/onboarding-new/second-browser-chrome-blur.png
.png
img/onboarding-new/second-browser-chrome.png
.png
img/onboarding-new/second-browser-edge.png
.png
img/onboarding-new/second-browser-firefox.png
.png
img/onboarding-new/second-browser-opera-blur.png
.png
img/onboarding-new/second-browser-opera.png
.png
img/onboarding-new/second-browser-tor.png
.png
img/onboarding-new/second-browser-yandex.png
.png
img/onboarding-new/service-mode.png
.png
img/onboarding-new/start-off.png
.png
img/onboarding-new/start.png
.png
img/onboarding-new/stories/about.png
.png
img/onboarding-new/stories/drivers.png
.png
img/onboarding-new/stories/false-positive.png
.png
img/onboarding-new/stories/technologies.png
.png
img/onboarding-new/stories/vpn.png
.png
img/onboarding-new/stories/why-free.png
.png
img/onboarding-new/successful-install.png
.png
img/onboarding-new/waiting.png
.png
img/onboarding/antiviruses.gif
.gif
img/onboarding/autostart.png
.png
img/onboarding/blocked.png
.png
img/onboarding/checking.png
.png
img/onboarding/cleaning.png
.png
img/onboarding/done.png
.png
img/onboarding/likes/down-active.png
.png
img/onboarding/likes/down-hover.png
.png
img/onboarding/likes/down.png
.png
img/onboarding/likes/up-active.png
.png
img/onboarding/likes/up-hover.png
.png
img/onboarding/likes/up.png
.png
img/onboarding/settings.png
.png
img/onboarding/social.png
.png
- https://vk.com/driverpacksolution
img/onboarding/soft.png
.png
img/programs/arrow-collapse.png
.png
img/programs/arrow-expand.png
.png
img/programs/btn-icon-install-all-soft.png
.png
img/programs/btn-icon.png
.png
img/programs/confirm-popup-accept.png
.png
img/programs/confirm-popup-deny.png
.png
img/programs/default-soft.png
.png
img/programs/expand-all.png
.png
img/programs/[email protected]
.xml
img/programs/installed-programs_info-success.png
.png
img/programs/installed-programs_info-warn.png
.png
img/programs/protector-bg.png
.png
img/programs/rolling-remove-single.gif
.gif
img/programs/rolling.gif
.gif
img/programs/scan.png
.png
img/programs/soft-bg.png
.png
img/programs/star-empty-protect.png
.png
img/programs/star-empty.png
.png
img/programs/star-full-protect.png
.png
img/programs/star-full.png
.png
img/programs/start_arrow.png
.png
img/programs/start_btn-icon.png
.png
img/programs/uninstall-all-loader.gif
.gif
img/programs/uninstall-single-loader.gif
.gif
img/screens/arrow-bottom.png
.png
img/screens/arrow-start-screen-toggle.png
.png
img/screens/arrow-top.png
.png
img/screens/backup-grey.png
.png
img/screens/checkbox.png
.png
img/screens/configurator-btn-icon.png
.png
img/screens/configurator-loader.gif
.gif
img/screens/control-panel-grey.png
.png
img/screens/driver-filter-arrow.png
.png
img/screens/expert_hover.png
.png
img/screens/expert_normal.png
.png
img/screens/globe_hover.png
.png
img/screens/globe_normal.png
.png
img/screens/icon-device-manager.png
.png
img/screens/icon-driver-row-collapse.png
.png
img/screens/icon-support.png
.png
img/screens/icon-system-restore.png
.png
img/screens/install-programs-grey.png
.png
img/screens/kebab-icon.png
.png
img/screens/language-arrow.png
.png
img/screens/language-arrow_hover.png
.png
img/screens/load-screen-server.png
.png
img/screens/menu-diagnostics.png
.png
img/screens/menu-drivers.png
.png
img/screens/menu-games.png
.png
img/screens/menu-lang-arrow.png
.png
img/screens/menu-lang-icon.png
.png
img/screens/menu-offline.png
.png
img/screens/menu-protect.png
.png
img/screens/menu-report-icon.png
.png
img/screens/menu-settings-icon.png
.png
img/screens/menu-software.png
.png
img/screens/move-to-top_arrow.png
.png
img/screens/new-logo.png
.png
img/screens/settings-bg.png
.png
img/screens/start-info.png
.png
img/screens/startscreen-slider-oval-hover.png
.png
img/screens/startscreen-slider-oval-yellow-hover.png
.png
img/screens/startscreen-slider-oval.png
.png
img/screens/trusted.png
.png
img/screens/trusted_hover.png
.png
img/screens/zero-drivers_button-arrow.png
.png
img/screens/zero-drivers_logo.png
.png
img/server_err_no_internet/browser.png
.png
img/server_err_no_internet/connect.png
.png
img/server_err_no_internet/firewall.png
.png
img/server_err_no_internet/flash.png
.png
img/server_err_no_internet/no_internet-connection-cat.png
.png
img/server_err_no_internet/torrent.png
.png
img/server_err_no_internet/vpn.png
.png
img/speaker.png
.png
img/start-loader.gif
.gif
img/wifi-disabled.png
.png
img/wifi.png
.png
js/soft.js
.js
languages/ar.js
languages/az.js
languages/be.js
languages/bg.js
languages/bn.js
languages/ca.js
languages/cs.js
languages/de.js
languages/el.js
languages/en.js
languages/es-419.js
languages/es.js
languages/et.js
languages/fa.js
languages/fil.js
languages/fr.js
languages/gu.js
languages/he.js
languages/hi.js
languages/hu.js
languages/hy.js
languages/id.js
languages/it.js
languages/ka.js
languages/ko.js
languages/ku.js
languages/nl.js
languages/no.js
languages/om.js
languages/pl.js
languages/ps.js
languages/pt-br.js
languages/pt-pt.js
languages/ro.js
languages/ru.js
languages/sk.js
languages/sl.js
languages/sq.js
languages/sr.js
languages/sw.js
languages/ta.js
languages/te.js
languages/tg.js
languages/th.js
languages/tr.js
languages/uk.js
languages/ur.js
languages/uz.js
languages/vi.js
languages/yo.js
languages/zh-cn.js
languages/zh.js
programs/AvastAntivirusA.exe
.exe windows:5 windows x86 arch:x86

0a0f9de72acbe572583c0fe9af381546

Code Sign

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16-05-2017 00:00

Not After

24-06-2020 12:00

Subject

CN=AVAST Software s.r.o.,O=AVAST Software s.r.o.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16-05-2017 00:00

Not After

24-06-2020 12:00

Subject

CN=AVAST Software s.r.o.,O=AVAST Software s.r.o.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:38:74:1f:c6:35:21:0e:fc:73:c3:af:9f:41:86:81:c4:8c:86:34:2c:a2:27:fc:ab:ae:1d:6b:c8:d0:ab:1b
Signer

Actual PE Digest

06:38:74:1f:c6:35:21:0e:fc:73:c3:af:9f:41:86:81:c4:8c:86:34:2c:a2:27:fc:ab:ae:1d:6b:c8:d0:ab:1b

Digest Algorithm

sha256

PE Digest Matches

true

cc:c9:d8:90:7b:2d:29:51:bb:0c:3a:a2:56:50:e8:04:f4:2e:de:63
Signer

Actual PE Digest

cc:c9:d8:90:7b:2d:29:51:bb:0c:3a:a2:56:50:e8:04:f4:2e:de:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BUILD\work\01\fd301531736b4da4\projects\avast\microstub\x86\Release\microstub.pdb

Imports

kernel32

LocalFree
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
FindResourceW
LoadResource
SizeofResource
CreateFileW
EnumResourceNamesW
lstrlenA
GetSystemTimeAsFileTime
GetVersionExA
GetNativeSystemInfo
lstrcatA
CreateThread
GetCurrentProcess
CreateMutexW
lstrcpynW
HeapFree
GetDiskFreeSpaceExW
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateProcessW
ResumeThread
CreateDirectoryW
GetExitCodeProcess
ReleaseMutex
VirtualQuery
VirtualProtect
GetSystemInfo
InterlockedExchangeAdd
WriteFile
SetEndOfFile
SetFilePointerEx
GetFileSizeEx
GetLastError
InterlockedExchange
ExitProcess
IsProcessorFeaturePresent
HeapSetInformation
SetDllDirectoryW
GetModuleHandleA
WriteConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringW
GetWindowsDirectoryW
Sleep
WaitForSingleObject
SetLastError
GetProcAddress
lstrcpyW
GetSystemDirectoryW
GetProcessHeap
MoveFileExW
HeapAlloc
GetVersionExW
DeviceIoControl
InitializeCriticalSectionAndSpinCount
GetVolumePathNameW
HeapSize
GetVersion
GetVolumeNameForVolumeMountPointW
MultiByteToWideChar
HeapReAlloc
RaiseException
DecodePointer
HeapDestroy
DeleteCriticalSection
GetModuleHandleW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetCommandLineA
GetCommandLineW
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
GetFileType
GetStringTypeW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
LoadLibraryExA

user32

AllowSetForegroundWindow
wsprintfA
MessageBoxExW
LoadStringW
wsprintfW
SetForegroundWindow
FindWindowW
DispatchMessageW
GetMessageW
PostMessageW
CreateWindowExW
SystemParametersInfoW
GetSystemMetrics
LoadImageW
DefWindowProcW
KillTimer
InvalidateRect
SetTimer
EndPaint
FillRect
BeginPaint
RegisterClassExW

gdi32

GetObjectW
CreateSolidBrush
CreatePatternBrush

advapi32

GetSidSubAuthority
CryptHashData
CryptCreateHash
CryptDestroyHash
ConvertStringSecurityDescriptorToSecurityDescriptorA
OpenProcessToken
GetTokenInformation
IsValidSid
CryptGetHashParam
GetSidSubAuthorityCount
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom

comctl32

ord17

crypt32

CryptStringToBinaryW

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
programs/AvastAntivirusWorldwideA.exe
.exe windows:5 windows x86 arch:x86

0a0f9de72acbe572583c0fe9af381546

Code Sign

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16-05-2017 00:00

Not After

24-06-2020 12:00

Subject

CN=AVAST Software s.r.o.,O=AVAST Software s.r.o.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16-05-2017 00:00

Not After

24-06-2020 12:00

Subject

CN=AVAST Software s.r.o.,O=AVAST Software s.r.o.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:80:fe:8e:d1:fd:4e:92:09:c1:a0:bf:96:d0:3b:f2:6c:b5:d2:00:61:e7:15:61:92:de:ed:2a:a7:79:0e:79
Signer

Actual PE Digest

75:80:fe:8e:d1:fd:4e:92:09:c1:a0:bf:96:d0:3b:f2:6c:b5:d2:00:61:e7:15:61:92:de:ed:2a:a7:79:0e:79

Digest Algorithm

sha256

PE Digest Matches

true

18:83:b6:58:26:ff:8d:fc:1a:8f:2f:f1:4a:41:18:b3:8b:c2:a8:fa
Signer

Actual PE Digest

18:83:b6:58:26:ff:8d:fc:1a:8f:2f:f1:4a:41:18:b3:8b:c2:a8:fa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BUILD\work\01\fd301531736b4da4\projects\avast\microstub\x86\Release\microstub.pdb

Imports

kernel32

LocalFree
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
FindResourceW
LoadResource
SizeofResource
CreateFileW
EnumResourceNamesW
lstrlenA
GetSystemTimeAsFileTime
GetVersionExA
GetNativeSystemInfo
lstrcatA
CreateThread
GetCurrentProcess
CreateMutexW
lstrcpynW
HeapFree
GetDiskFreeSpaceExW
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateProcessW
ResumeThread
CreateDirectoryW
GetExitCodeProcess
ReleaseMutex
VirtualQuery
VirtualProtect
GetSystemInfo
InterlockedExchangeAdd
WriteFile
SetEndOfFile
SetFilePointerEx
GetFileSizeEx
GetLastError
InterlockedExchange
ExitProcess
IsProcessorFeaturePresent
HeapSetInformation
SetDllDirectoryW
GetModuleHandleA
WriteConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringW
GetWindowsDirectoryW
Sleep
WaitForSingleObject
SetLastError
GetProcAddress
lstrcpyW
GetSystemDirectoryW
GetProcessHeap
MoveFileExW
HeapAlloc
GetVersionExW
DeviceIoControl
InitializeCriticalSectionAndSpinCount
GetVolumePathNameW
HeapSize
GetVersion
GetVolumeNameForVolumeMountPointW
MultiByteToWideChar
HeapReAlloc
RaiseException
DecodePointer
HeapDestroy
DeleteCriticalSection
GetModuleHandleW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetCommandLineA
GetCommandLineW
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
GetFileType
GetStringTypeW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
LoadLibraryExA

user32

AllowSetForegroundWindow
wsprintfA
MessageBoxExW
LoadStringW
wsprintfW
SetForegroundWindow
FindWindowW
DispatchMessageW
GetMessageW
PostMessageW
CreateWindowExW
SystemParametersInfoW
GetSystemMetrics
LoadImageW
DefWindowProcW
KillTimer
InvalidateRect
SetTimer
EndPaint
FillRect
BeginPaint
RegisterClassExW

gdi32

GetObjectW
CreateSolidBrush
CreatePatternBrush

advapi32

GetSidSubAuthority
CryptHashData
CryptCreateHash
CryptDestroyHash
ConvertStringSecurityDescriptorToSecurityDescriptorA
OpenProcessToken
GetTokenInformation
IsValidSid
CryptGetHashParam
GetSidSubAuthorityCount
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom

comctl32

ord17

crypt32

CryptStringToBinaryW

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
programs/downloader_browser.exe
.exe windows:5 windows x86 arch:x86

a05d88650e5594db2afe874ec2674b55

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

36:67:e1:58:b5:24:c8:ff:bf:e5:38:17:27:86:f1:e2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15-01-2013 00:00

Not After

15-01-2016 23:59

Subject

CN=YANDEX LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=YANDEX LLC,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:9c:dc:8f:04:3a:25:a6:e9:e1:2d:c8:83:77:2b:1c:1f:ff:a2:53
Signer

Actual PE Digest

69:9c:dc:8f:04:3a:25:a6:e9:e1:2d:c8:83:77:2b:1c:1f:ff:a2:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent2\work\a197c1fa8a223363\downloader\Release\downloader.pdb

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

kernel32

GetCurrentProcess
SetHandleInformation
WaitForSingleObject
Sleep
GetVersionExW
GetExitCodeProcess
GetLastError
CloseHandle
GetCurrentProcessId
HeapAlloc
HeapFree
InterlockedDecrement
GetProcessHeap
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
DuplicateHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
CreateProcessW
GetCommandLineW
CreateFileW
HeapReAlloc
GetConsoleMode
HeapSize
OutputDebugStringW
CompareStringW
LoadLibraryExW
SetEnvironmentVariableW
GetStringTypeW
GetConsoleCP
SetEndOfFile
ReadConsoleW
ReadFile
SetLastError
WriteFile
FlushFileBuffers
GetProcAddress
GetModuleHandleExW
ExitProcess
FreeEnvironmentStringsW
LCMapStringW
QueryPerformanceCounter
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetEnvironmentStringsW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
lstrlenA
LocalFree
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW

user32

CharLowerW
wsprintfW

advapi32

ConvertSidToStringSidW
GetLengthSid
LsaNtStatusToWinError
RegOpenKeyExW
RegQueryValueExW
CopySid
GetTokenInformation
OpenProcessToken
RegCloseKey

shell32

ShellExecuteExW
SHCreateDirectoryExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
OleRun

oleaut32

SysFreeString
VariantInit
VariantClear
GetErrorInfo
SysAllocString

urlmon

URLOpenBlockingStreamW

wintrust

WinVerifyTrust

ws2_32

send
freeaddrinfo
socket
WSACleanup
shutdown
htons
WSAGetLastError
getaddrinfo
htonl
WSAStartup
connect
closesocket
recv

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
programs/downloader_browser_tr.exe
.exe windows:5 windows x86 arch:x86

a05d88650e5594db2afe874ec2674b55

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

36:67:e1:58:b5:24:c8:ff:bf:e5:38:17:27:86:f1:e2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15-01-2013 00:00

Not After

15-01-2016 23:59

Subject

CN=YANDEX LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=YANDEX LLC,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:9c:dc:8f:04:3a:25:a6:e9:e1:2d:c8:83:77:2b:1c:1f:ff:a2:53
Signer

Actual PE Digest

69:9c:dc:8f:04:3a:25:a6:e9:e1:2d:c8:83:77:2b:1c:1f:ff:a2:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent2\work\a197c1fa8a223363\downloader\Release\downloader.pdb

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

kernel32

GetCurrentProcess
SetHandleInformation
WaitForSingleObject
Sleep
GetVersionExW
GetExitCodeProcess
GetLastError
CloseHandle
GetCurrentProcessId
HeapAlloc
HeapFree
InterlockedDecrement
GetProcessHeap
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
DuplicateHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
CreateProcessW
GetCommandLineW
CreateFileW
HeapReAlloc
GetConsoleMode
HeapSize
OutputDebugStringW
CompareStringW
LoadLibraryExW
SetEnvironmentVariableW
GetStringTypeW
GetConsoleCP
SetEndOfFile
ReadConsoleW
ReadFile
SetLastError
WriteFile
FlushFileBuffers
GetProcAddress
GetModuleHandleExW
ExitProcess
FreeEnvironmentStringsW
LCMapStringW
QueryPerformanceCounter
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetEnvironmentStringsW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
lstrlenA
LocalFree
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW

user32

CharLowerW
wsprintfW

advapi32

ConvertSidToStringSidW
GetLengthSid
LsaNtStatusToWinError
RegOpenKeyExW
RegQueryValueExW
CopySid
GetTokenInformation
OpenProcessToken
RegCloseKey

shell32

ShellExecuteExW
SHCreateDirectoryExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
OleRun

oleaut32

SysFreeString
VariantInit
VariantClear
GetErrorInfo
SysAllocString

urlmon

URLOpenBlockingStreamW

wintrust

WinVerifyTrust

ws2_32

send
freeaddrinfo
socket
WSACleanup
shutdown
htons
WSAGetLastError
getaddrinfo
htonl
WSAStartup
connect
closesocket
recv

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
programs/downloader_elements.exe
.exe windows:5 windows x86 arch:x86

a05d88650e5594db2afe874ec2674b55

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

36:67:e1:58:b5:24:c8:ff:bf:e5:38:17:27:86:f1:e2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15-01-2013 00:00

Not After

15-01-2016 23:59

Subject

CN=YANDEX LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=YANDEX LLC,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:9c:dc:8f:04:3a:25:a6:e9:e1:2d:c8:83:77:2b:1c:1f:ff:a2:53
Signer

Actual PE Digest

69:9c:dc:8f:04:3a:25:a6:e9:e1:2d:c8:83:77:2b:1c:1f:ff:a2:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent2\work\a197c1fa8a223363\downloader\Release\downloader.pdb

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

kernel32

GetCurrentProcess
SetHandleInformation
WaitForSingleObject
Sleep
GetVersionExW
GetExitCodeProcess
GetLastError
CloseHandle
GetCurrentProcessId
HeapAlloc
HeapFree
InterlockedDecrement
GetProcessHeap
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
DuplicateHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
CreateProcessW
GetCommandLineW
CreateFileW
HeapReAlloc
GetConsoleMode
HeapSize
OutputDebugStringW
CompareStringW
LoadLibraryExW
SetEnvironmentVariableW
GetStringTypeW
GetConsoleCP
SetEndOfFile
ReadConsoleW
ReadFile
SetLastError
WriteFile
FlushFileBuffers
GetProcAddress
GetModuleHandleExW
ExitProcess
FreeEnvironmentStringsW
LCMapStringW
QueryPerformanceCounter
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetEnvironmentStringsW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
lstrlenA
LocalFree
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW

user32

CharLowerW
wsprintfW

advapi32

ConvertSidToStringSidW
GetLengthSid
LsaNtStatusToWinError
RegOpenKeyExW
RegQueryValueExW
CopySid
GetTokenInformation
OpenProcessToken
RegCloseKey

shell32

ShellExecuteExW
SHCreateDirectoryExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
OleRun

oleaut32

SysFreeString
VariantInit
VariantClear
GetErrorInfo
SysAllocString

urlmon

URLOpenBlockingStreamW

wintrust

WinVerifyTrust

ws2_32

send
freeaddrinfo
socket
WSACleanup
shutdown
htons
WSAGetLastError
getaddrinfo
htonl
WSAStartup
connect
closesocket
recv

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
run.hta
.hta .js polyglot

Sharing

General

Malware Config

Signatures

Files

187b3ae62ff818788b8c779ef7bc3d1c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

1f:28:98:08:7c:f9:36:4d:a9:b4:f2:33:2f:11:c7:40Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

1f:28:98:08:7c:f9:36:4d:a9:b4:f2:33:2f:11:c7:40Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

ca:c0:bf:19:8c:50:b3:40:3b:7a:bf:3e:8e:97:b7:7e:77:c9:de:2e:8e:6f:09:f0:2f:21:35:ab:b3:77:d8:6aSigner

d2:42:9f:09:52:89:17:9d:13:25:94:43:df:ef:a0:f8:e2:d3:54:a3Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

Sections

.text Size: 35KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 224B

.rdata Size: 27KB - Virtual size: 26KB

.bss Size: - Virtual size: 107KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 1024B - Virtual size: 44KB

.rsrc Size: 27KB - Virtual size: 27KB

5ef604bbc89e9c69ab661261c1f1e93e

Headers

File Characteristics

Imports

kernel32

msvcrt

ole32

user32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 52B

.rdata Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 1012B

.edata Size: 512B - Virtual size: 160B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 1KB - Virtual size: 1KB

0a0f9de72acbe572583c0fe9af381546

Code Sign

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

1f:28:98:08:7c:f9:36:4d:a9:b4:f2:33:2f:11:c7:40
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

1f:28:98:08:7c:f9:36:4d:a9:b4:f2:33:2f:11:c7:40
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

ca:c0:bf:19:8c:50:b3:40:3b:7a:bf:3e:8e:97:b7:7e:77:c9:de:2e:8e:6f:09:f0:2f:21:35:ab:b3:77:d8:6a
Signer

d2:42:9f:09:52:89:17:9d:13:25:94:43:df:ef:a0:f8:e2:d3:54:a3
Signer

.text
Size: 35KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 224B

.rdata
Size: 27KB - Virtual size: 26KB

.bss
Size: - Virtual size: 107KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 1024B - Virtual size: 44KB

.rsrc
Size: 27KB - Virtual size: 27KB

.text
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 52B

.rdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 1012B

.edata
Size: 512B - Virtual size: 160B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 1KB - Virtual size: 1KB

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

06:38:74:1f:c6:35:21:0e:fc:73:c3:af:9f:41:86:81:c4:8c:86:34:2c:a2:27:fc:ab:ae:1d:6b:c8:d0:ab:1b
Signer

cc:c9:d8:90:7b:2d:29:51:bb:0c:3a:a2:56:50:e8:04:f4:2e:de:63
Signer

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 2KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 52B

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 7KB - Virtual size: 7KB

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

75:80:fe:8e:d1:fd:4e:92:09:c1:a0:bf:96:d0:3b:f2:6c:b5:d2:00:61:e7:15:61:92:de:ed:2a:a7:79:0e:79
Signer

18:83:b6:58:26:ff:8d:fc:1a:8f:2f:f1:4a:41:18:b3:8b:c2:a8:fa
Signer