65c5ea1ebbf5cb6b2df90edf4e220099_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

65c5ea1ebbf5cb6b2df90edf4e220099_JaffaCakes118
Size

13.7MB
MD5

65c5ea1ebbf5cb6b2df90edf4e220099
SHA1

951e2b02a242676160550a28c8c1b4e709b48f4c
SHA256

9d6ed95597857927f0e7e6eb1495c4ec10fa74aced7efbc9199c4392be7585a6
SHA512

a79d36b437d20e7bd5ecdc65dd77a00513277276e52d72651999e18f4e1d537a2e921d738a40efee9869acb2f056df4b7e591541b5401354dbdcc52f2e48401a
SSDEEP

393216:q9n5iYmtRNVb1jwYN7QQ04yZDb8n53MGWq/u:q95i/tRNVb9wyQ7zoebH

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

65c5ea1ebbf5cb6b2df90edf4e220099_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9bca2c7cb3bba360100a3a7a510fe11d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:65:a3:13:e4:ba:e0:10:b1:8b:d5:18:02:7d:4a:88
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25-11-2015 00:00

Not After

23-01-2018 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

96:d0:ca:6f:9f:cb:a1:c4:7b:ed:8d:46:0c:b6:8e:bd:1e:67:66:44
Signer

Actual PE Digest

96:d0:ca:6f:9f:cb:a1:c4:7b:ed:8d:46:0c:b6:8e:bd:1e:67:66:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
CompareFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
GetCurrentProcessId
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryA
GetSystemDirectoryA
CreateProcessA
GetTempFileNameA
lstrlenA
lstrcatA
GetVersion
RemoveDirectoryA
SetFileTime
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

LoadCursorA
CheckDlgButton
ScreenToClient
GetMessagePos
CallWindowProcA
IsWindowVisible
LoadBitmapA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetCursor
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
GetWindowLongA
GetSysColor
RegisterWindowMessageA
CharNextA
ExitWindowsEx
SetWindowPos
PostMessageA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumValueA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/EstUrl.dll
.dll windows:4 windows x86 arch:x86

5eebff966e82adb38fe32cb21b559567

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:65:a3:13:e4:ba:e0:10:b1:8b:d5:18:02:7d:4a:88
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25-11-2015 00:00

Not After

23-01-2018 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:48:a8:8b:d6:5d:11:dd:84:ff:55:8a:0c:2e:ee:5e:1f:f0:43:80
Signer

Actual PE Digest

1c:48:a8:8b:d6:5d:11:dd:84:ff:55:8a:0c:2e:ee:5e:1f:f0:43:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Source\SVN\aldev-svn\common\NSIS\bin\2.46-NEW\Release v16.0107\includeESTsoft\Projects\pdb\EstUrl.pdb

Imports

kernel32

HeapAlloc
GetProcessHeap
Sleep
lstrcatA
GlobalUnlock
GlobalLock
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessA
GetVersion
GetCurrentThreadId
WideCharToMultiByte
GetLastError
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
FreeLibrary
LoadLibraryW
GetVersionExA
GetSystemInfo
CreateMutexA
OpenMutexA
MulDiv
OutputDebugStringA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetLocaleInfoW
HeapSize
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
HeapFree
InterlockedExchange
SetConsoleCtrlHandler
RtlUnwind
InitializeCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleFileNameA
GetStdHandle
WriteFile
HeapCreate
HeapDestroy
HeapReAlloc
VirtualAlloc
VirtualFree
lstrcmpiA
lstrcpyA
GetModuleHandleA
GetProcAddress
GetLogicalDrives
GetDriveTypeA
lstrcmpA
ExitProcess
GlobalAlloc
lstrcpynA
GlobalFree
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
DeleteCriticalSection
GetCommandLineA
MultiByteToWideChar
lstrlenA
LoadLibraryA
SetEnvironmentVariableA

user32

GetParent
EnableWindow
CallNextHookEx
SetWindowLongA
MessageBoxA
CallWindowProcA
InvalidateRect
GetMessagePos
GetMessageA
UnregisterClassA
GetForegroundWindow
AttachThreadInput
LoadImageA
GetWindowTextA
GetDC
DrawTextA
ReleaseDC
RegisterClassA
FindWindowA
EnumWindows
GetWindowThreadProcessId
GetClassNameA
IsWindowVisible
SetForegroundWindow
SetActiveWindow
LoadBitmapA
ShowWindow
GetClientRect
CreateWindowExA
GetWindowLongA
GetWindowRect
ScreenToClient
SetWindowPos
SetWindowsHookExA
WaitForInputIdle
DialogBoxParamA
EndDialog
LoadIconA
SetWindowTextA
GetTopWindow
GetWindow
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
EmptyClipboard
SetClipboardData
CloseClipboard
GetDlgCtrlID
SetFocus
IsWindow
LoadCursorA
SetCursor
FindWindowExA
PeekMessageA
PostQuitMessage
TranslateMessage
DispatchMessageA
DefWindowProcA
GetDlgItem
SendMessageA
wsprintfA
CheckRadioButton
IsWindowEnabled
BringWindowToTop

gdi32

DeleteObject
GetDeviceCaps
GetStockObject
SelectObject

advapi32

RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderPathA

ole32

IIDFromString

oleaut32

SysAllocStringLen
SysFreeString

shlwapi

PathRelativePathToA
PathStripToRootA
PathRemoveBackslashA
PathCanonicalizeA
PathRemoveFileSpecA
StrStrA
PathRemoveBlanksA
PathStripPathA
PathSearchAndQualifyA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

comctl32

ImageList_Create
ImageList_AddMasked

Exports

Exports

AddPerInstaller
ChangeMainFont
CheckVersion
CheckVersion2
CreateControl
CreateFindWindow
CreateMtx
DllVersionCompare
FindAndActiveWindow
FitCheckBoxWidth
FolderMangling
FreeMem
GetDPIPoint
GetIEVersionString
GetMutex
GetOSVersionString
GetParamValue
GetParentPath
GetProductTypeFromCode
GetPropertyFromSNCode
GroupMangling
InitBannerCtrl
InsertProductType
IsCorrectSerial
IsCorrectSerial2
LaunchProcess
Load
MessageBoxN
MessagePumping
Operator
PathIsSystemFile
ReadRegForMultiStr
RemoveExclameStr
RemoveFileSpec
RemoveItemFromRegMultiStr
SetALPassPath
SetBitmap
SetInstalled
ShowALYacCheckDlg
StrFind
StrFindDomain
SubClassALPass
SubClassBanner
SubClassCorpPage
SubClassCorpWithoutSNPage
SubClassMainDlg
SubClassMainFrame
ThreadAttach
TreeAddItem
TreeAddItem2
TreeGetItemState
TreeGroupRefresh
TreeSubClassing
TrimString
UnSubClassBanner
UnSubClassCorpPage
Unload
ValidPath
ValidRoot
VerifyUI
WaitExecute
WaitUntilIdle

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

222ba14d7b8ae575c32dd0b8b77a5dea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GlobalUnlock
GetModuleHandleA
MultiByteToWideChar
GetCurrentDirectoryA
SetCurrentDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrcatA
WritePrivateProfileStringA
lstrcpynA
lstrlenA
lstrcpyA
GlobalFree
lstrcmpiA
GlobalAlloc

user32

OpenClipboard
DestroyIcon
DestroyWindow
LoadCursorA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
SetWindowLongA
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
CreateWindowExA
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamA
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
wsprintfA
CharNextA
MessageBoxA
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextA
SetWindowTextA
SendMessageA
DispatchMessageA

gdi32

SelectObject
CreateRectRgn
GetObjectA
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

34e265a7f45a5a54be208d4166ec2423

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindFirstFileA
lstrcatA
lstrcpyA
MulDiv
GetModuleHandleA
FindNextFileA
lstrcmpiA
GlobalFree
lstrcpynA
GlobalAlloc
FindClose
OutputDebugStringA
lstrlenA

user32

PostMessageA
CallWindowProcA
GetWindowLongA
IsDialogMessageA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
GetWindowTextA
IsDlgButtonChecked
SetWindowTextA
GetDlgItem
wsprintfA
CreateDialogParamA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
SetWindowLongA
SendMessageA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

EST_Destroy
Init
IsSuccess
Select
SetCorperationPack
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

88d8a4a9c21e345682f6b1fac45c4679

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect
MultiByteToWideChar
FreeLibrary

user32

wsprintfA

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

f9dfb8ff6a049e4feb3afa5b7a47b099

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4b:cf:9c:8b:e1:7f:74:a1:72:ad:d3:db:88:6e:ed:76
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2013 00:00

Not After

27-12-2015 23:59

Subject

CN=ESTsoft Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ae:f3:93:99:c5:ea:da:94:21:82:05:df:79:b5:50:c9:3d:ce:27:80
Signer

Actual PE Digest

ae:f3:93:99:c5:ea:da:94:21:82:05:df:79:b5:50:c9:3d:ce:27:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\NSIS\bin\2.46-NEW\Release v14.0322\includeESTsoft\Projects\pdb\inetc.pdb

Imports

wininet

InternetOpenA
InternetCrackUrlA
InternetConnectA
HttpEndRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetErrorDlg
InternetCloseHandle
InternetQueryOptionA
InternetSetOptionA
InternetSetFilePointer
InternetGetLastResponseInfoA
FtpOpenFileA
FtpCreateDirectoryA
HttpQueryInfoA
HttpSendRequestExA
HttpSendRequestA
InternetWriteFile
InternetReadFile

comctl32

ord17

kernel32

GetTimeZoneInformation
FreeLibrary
SetConsoleCtrlHandler
InitializeCriticalSection
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeFormatA
SetEnvironmentVariableA
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetVersion
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
GetTickCount
lstrlenA
WriteFile
ReadFile
lstrcmpA
DeleteFileA
CloseHandle
SleepEx
SetFilePointer
lstrcatA
GetFileSize
CreateFileA
lstrcmpiA
GetProcAddress
LoadLibraryA
MulDiv
GetModuleHandleA
TerminateThread
WaitForSingleObject
CreateThread
lstrlenW
CompareStringA
CompareStringW
lstrcmpiW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
HeapSize
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
HeapDestroy
VirtualFree
EnterCriticalSection
GetEnvironmentStrings
FatalAppExitA
LeaveCriticalSection
DeleteCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetProcessHeap
GetCommandLineA
GetCurrentThreadId
VirtualQuery
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapAlloc
HeapFree
RaiseException
RtlUnwind
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo

user32

CharUpperW
CharUpperA
CharLowerW
CharLowerA
FindWindowExA
CreateDialogParamA
EnableWindow
IsWindowVisible
IsDialogMessageA
GetMessageA
TranslateMessage
DispatchMessageA
RedrawWindow
KillTimer
DestroyWindow
UpdateWindow
LoadIconA
SetTimer
GetWindowRect
GetClientRect
SystemParametersInfoA
SetWindowPos
SendMessageA
GetWindowTextA
PostMessageA
GetDlgItem
SendDlgItemMessageA
SetWindowTextA
GetWindowLongA
SetWindowLongA
ShowWindow
GetParent
MessageBoxA
IsWindow
wsprintfA
SetDlgItemTextA

Exports

Exports

SetTimeLimit
get
head
post
put

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsWeb2.dll
.dll windows:4 windows x86 arch:x86

082c20552519a39cb8a90624898536df

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4b:cf:9c:8b:e1:7f:74:a1:72:ad:d3:db:88:6e:ed:76
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2013 00:00

Not After

27-12-2015 23:59

Subject

CN=ESTsoft Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:aa:c7:a0:85:85:47:ca:39:95:bf:30:70:e9:73:53:e0:6b:3f:65
Signer

Actual PE Digest

9f:aa:c7:a0:85:85:47:ca:39:95:bf:30:70:e9:73:53:e0:6b:3f:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Source\SVN\aldev-svn\common\NSIS\bin\2.46-NEW\Release v14.0806\includeESTsoft\Projects\pdb\nsWeb2.pdb

Imports

kernel32

InterlockedExchange
MultiByteToWideChar
GetEnvironmentVariableA
CompareStringW
CompareStringA
lstrlenW
WideCharToMultiByte
GetStringTypeExW
GetStringTypeExA
lstrcmpiW
lstrcmpiA
lstrlenA
GetLastError
GlobalFree
GlobalAlloc
GetTickCount
OutputDebugStringA
lstrcpyA
SetThreadLocale
lstrcpynA
Sleep
GetVersion
GetModuleHandleA
HeapAlloc
GetProcessHeap
GetTimeZoneInformation
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSection
LoadLibraryA
FreeLibrary
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapFree
GetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
HeapCreate
VirtualFree
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
VirtualProtect
VirtualAlloc
GetProcAddress
GetSystemInfo
VirtualQuery
RaiseException
GetCurrentThreadId
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetEnvironmentVariableA

user32

GetWindowLongA
DispatchMessageA
PeekMessageA
CharLowerW
CharLowerA
CharUpperW
CharUpperA
GetClientRect
LoadCursorA
LoadIconA
RegisterClassA
CreateWindowExA
wsprintfA
DestroyWindow
TranslateMessage
DefWindowProcA
SetWindowLongA

gdi32

GetStockObject

ole32

OleCreate
OleInitialize
CoCreateInstance
OleSetContainedObject

oleaut32

SysAllocStringLen
VariantInit
SysAllocString
SafeArrayCreateVector
SafeArrayUnaccessData
VariantClear
SafeArrayCreate
SafeArrayAccessData
SafeArrayDestroy
SysFreeString

wininet

InternetCloseHandle
InternetOpenA
DeleteUrlCacheEntry

Exports

Exports

DeleteURLCache
GetBannerPageID
GetExtendedProperty
GetProductIsSilentMode
GetProductLocalName
GetProductName
GetProductSetupCmdline
GetProductSetupEulaUrl
GetProductSetupRuntimeMode
GetProductSetupURL
GetRegisterdURLs
GetSendCondition
GetStartBoxIndex
GetStartPageChangeName
GetStartPageCheckURL
GetStartPageDefaultCheck
GetStartPageName
GetStartPageSendURL
GetStartPageURL
IsCheckProduct
IsLoaded
IsLoadedWait
IsLoadedWaitEx
IsOtherProductPageLoaded
SetLanguage
ShowESTWebInPage
ShowESTWebInPagePOST
Unload

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/workerExtension.dll
.dll windows:4 windows x86 arch:x86

fbe3de162591df9b3dad4605ffd762a9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:65:a3:13:e4:ba:e0:10:b1:8b:d5:18:02:7d:4a:88
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25-11-2015 00:00

Not After

23-01-2018 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a3:60:ce:c5:61:bd:ae:a8:f8:1f:2a:90:f3:93:96:cc:7e:aa:29:4c
Signer

Actual PE Digest

a3:60:ce:c5:61:bd:ae:a8:f8:1f:2a:90:f3:93:96:cc:7e:aa:29:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Source\SVN\aldev-svn\common\NSIS\bin\2.46-NEW\Release v16.0125\includeESTsoft\Projects\pdb\workerExtension.pdb

Imports

kernel32

SizeofResource
FindResourceA
LoadResource
LoadLibraryA
GetModuleHandleA
CreateDirectoryA
WritePrivateProfileStringA
DeleteFileA
GetVersionExA
GetProcAddress
GetCurrentProcess
SetCurrentDirectoryA
FindFirstFileA
MoveFileExA
GetCurrentDirectoryA
GetThreadLocale
FindClose
FindNextFileA
RemoveDirectoryA
CreateToolhelp32Snapshot
GetCurrentProcessId
TerminateProcess
Process32Next
lstrcpynA
FindResourceExA
FreeLibrary
Process32First
OpenProcess
GlobalFree
GlobalAlloc
GetTickCount
SetEndOfFile
LocalFree
GetConsoleOutputCP
SetStdHandle
CreateFileA
GetLocaleInfoW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
lstrcpyA
LockResource
MultiByteToWideChar
WideCharToMultiByte
CompareStringA
FileTimeToSystemTime
lstrlenA
GetFileType
SetHandleCount
ReadFile
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetOEMCP
VirtualFree
HeapCreate
GetModuleFileNameA
GetStdHandle
WriteFile
GetLastError
FileTimeToLocalFileTime
InterlockedExchange
LocalAlloc
CreateFileW
CloseHandle
WriteConsoleA
lstrcmpA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
WriteConsoleW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetACP
GetLocaleInfoA
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
GetFileAttributesA
GetCurrentThreadId
GetCommandLineA
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetStartupInfoA

user32

GetMessagePos
wsprintfW
IsWindow
MessageBoxA
SendMessageA
ScreenToClient
DefWindowProcA
SetWindowLongA
InvalidateRect
UnregisterClassA
LoadBitmapA
CallWindowProcA
GetParent
DestroyWindow

gdi32

DeleteObject

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegEnumKeyExA
RegQueryValueExA

shell32

SHGetFolderPathA
ShellExecuteExA
SHGetSpecialFolderPathA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen

shlwapi

PathFileExistsA
SHDeleteKeyA
PathIsDirectoryA

crypt32

CertFreeCertificateContext
CertGetNameStringA
CertOpenStore
CryptQueryObject
CryptDecodeObject
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CryptMsgClose

wintrust

WinVerifyTrustEx

imagehlp

ImageEnumerateCertificates
ImageGetCertificateData

comctl32

ImageList_Create
ImageList_AddMasked

Exports

Exports

BackUpTree
CheckStartPage
ComboAddItem
ComboCreate
DLL_GetVisibleCampaignName
DLL_InitSetterFile
DLL_SetInitPromotion
DoInstalledExt
ElevateNonRun
ElevateRun
GetLogParam
GetParentProcName
GetPreInstInfoParam
GetPreVersion
GetSignerName
GetStateValue
InitSetterFile
IsDebugMode
IsDebugModeForBanner
IsPromotionShow
KillProcess
MoveStartMenuItems
ProceedExtPreInstall
RemoveLicense
RetoreTreeState
RunEventItemsByIds
RunEventItemsByTree
RunMediumIntergrityLevel
SaveLicense
SetCampaignCheckState
SetInitPromotion
SetNsisVersion
SetStateValue
TreeAddEvents
TreeAddItem
TreeBackupTree
TreeDeleteAllItems
TreeEnsureVisible
TreeGetItemHandle
TreeGetItemState
TreeGroupRefresh
TreeInitTree
TreeReCalcCheckState
TreeResetDefaultCheck
TreeRestoreTreeState
TreeSetBackupNodeCheckState
TreeSetInterface
TreeSubClassing
VerifyFile
qwer

Sections

.text
Size: 292KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/zumlib.dll
.dll windows:5 windows x86 arch:x86

6e21ecf5c7fd20210740626c966c0125

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4b:cf:9c:8b:e1:7f:74:a1:72:ad:d3:db:88:6e:ed:76
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2013 00:00

Not After

27-12-2015 23:59

Subject

CN=ESTsoft Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c4:c0:95:d6:11:f8:0d:f6:c8:f2:40:d8:be:db:0a:90:cc:7c:37:74
Signer

Actual PE Digest

c4:c0:95:d6:11:f8:0d:f6:c8:f2:40:d8:be:db:0a:90:cc:7c:37:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\ALToolsSource\ALToolsCommon\Zumlib\trunk\Bin\Release\zumlib.pdb

Imports

kernel32

GetCurrentProcess
DeleteFileW
CreateFileW
GetVersionExW
LoadLibraryW
FreeLibrary
GetProcAddress
lstrlenA
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
GetLastError
WideCharToMultiByte
CloseHandle
MultiByteToWideChar
InitializeCriticalSection
RaiseException
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
HeapFree
GetFileAttributesA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
WriteFile
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
SetStdHandle
WriteConsoleA
GetProcessHeap

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegRestoreKeyW
RegCreateKeyW
RegSaveKeyW
RegOpenKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges

shell32

ShellExecuteW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantClear
SysAllocString
SysFreeString

Exports

Exports

CreateShortCut
GetZumUrl
PinToStartMenu
PintToTaskbar
RegStartPage
RegStartPageSecret
SetStartPageZum
SetStartPageZumSecret

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/ESTsoft/ALUpdate/$R6
.exe windows:5 windows x86 arch:x86

bd7dbcc8c07b8d3a5ed549bf070cb152

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

70:d1:a0:ac:1a:81:a2:01:bf:c4:30:91:ff:be:99:a0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01-12-2011 00:00

Not After

30-11-2013 23:59

Subject

CN=ESTsoft Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:87:65:7f:cf:29:b9:9e:4e:76:3e:86:31:3e:a8:58:a9:50:22:80
Signer

Actual PE Digest

8f:87:65:7f:cf:29:b9:9e:4e:76:3e:86:31:3e:a8:58:a9:50:22:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\ALToolsSource\ALToolsCommon\Zumlib\trunk\Bin\Release\ezt.pdb

Imports

kernel32

Process32FirstW
Process32NextW
LockResource
FindResourceExW
GetCommandLineW
LocalFree
GetCurrentThreadId
GetCurrentProcess
CloseHandle
FlushFileBuffers
CreateToolhelp32Snapshot
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
lstrlenW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
CreateFileA
FreeLibrary
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
ExitProcess
VirtualFree
VirtualAlloc
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA

user32

DefWindowProcW
CharNextW
DestroyWindow

advapi32

RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey

shell32

CommandLineToArgvW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/ESTsoft/Common/ezt.exe
.exe windows:5 windows x86 arch:x86

bd7dbcc8c07b8d3a5ed549bf070cb152

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

70:d1:a0:ac:1a:81:a2:01:bf:c4:30:91:ff:be:99:a0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01-12-2011 00:00

Not After

30-11-2013 23:59

Subject

CN=ESTsoft Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:87:65:7f:cf:29:b9:9e:4e:76:3e:86:31:3e:a8:58:a9:50:22:80
Signer

Actual PE Digest

8f:87:65:7f:cf:29:b9:9e:4e:76:3e:86:31:3e:a8:58:a9:50:22:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\ALToolsSource\ALToolsCommon\Zumlib\trunk\Bin\Release\ezt.pdb

Imports

kernel32

Process32FirstW
Process32NextW
LockResource
FindResourceExW
GetCommandLineW
LocalFree
GetCurrentThreadId
GetCurrentProcess
CloseHandle
FlushFileBuffers
CreateToolhelp32Snapshot
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
lstrlenW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
CreateFileA
FreeLibrary
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
ExitProcess
VirtualFree
VirtualAlloc
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA

user32

DefWindowProcW
CharNextW
DestroyWindow

advapi32

RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey

shell32

CommandLineToArgvW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R6
.dll regsvr32 windows:5 windows x86 arch:x86

22d4f9aca50cebaa5f771f0134d48e1f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4b:cf:9c:8b:e1:7f:74:a1:72:ad:d3:db:88:6e:ed:76
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2013 00:00

Not After

27-12-2015 23:59

Subject

CN=ESTsoft Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:8f:1d:7a:81:e6:0e:c1:3c:33:ad:8f:15:7e:76:d7:73:8f:d1:c5
Signer

Actual PE Digest

09:8f:1d:7a:81:e6:0e:c1:3c:33:ad:8f:15:7e:76:d7:73:8f:d1:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Source\ALZip\Source\ALZip\trunk\ALZip\Bin\AZCtm.pdb

Imports

comctl32

ImageList_Draw

msimg32

TransparentBlt

kernel32

GetCurrentThread
LoadLibraryW
SetFilePointer
GetFileSize
FindClose
FindFirstFileW
ReadFile
CreateFileW
FindNextFileW
GetVersion
HeapFree
HeapAlloc
GetProcessHeap
InterlockedExchange
CreateEventW
SetEvent
ResetEvent
WaitForSingleObject
Sleep
WaitForMultipleObjects
ResumeThread
GetExitCodeThread
SystemTimeToFileTime
FileTimeToSystemTime
lstrcmpiW
GetModuleHandleW
OpenProcess
CompareStringW
CompareStringA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetCurrentProcessId
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CloseHandle
GetVersionExW
GetThreadLocale
SetThreadLocale
LeaveCriticalSection
EnterCriticalSection
GetSystemTime
GetModuleFileNameW
LoadLibraryExW
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
SetEnvironmentVariableA
lstrcpynW
GetProcAddress
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
ExitProcess
HeapCreate
VirtualAlloc
VirtualFree
GetCommandLineA
CreateThread
GetCurrentThreadId
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
SetHandleCount
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
HeapDestroy
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
SetFileTime
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
QueryPerformanceCounter
CreateFileA
GetFileType
SetEndOfFile
WriteFile
GetFileTime
GetFileAttributesW
SetFileAttributesW
CreateDirectoryW
SetLastError
VirtualQuery
VirtualProtect
OpenEventW
TryEnterCriticalSection
GetStdHandle

user32

MessageBoxW
CharNextW
GetSystemMetrics
SetLastErrorEx
DrawIconEx
LoadIconW
EnableMenuItem
IsMenu
GetMenuItemCount
GetMenuItemID
GetMenuStringW
SetMenuItemInfoW
GetIconInfo
GetDC
ReleaseDC
GetSysColor
LoadBitmapW
SystemParametersInfoW
DestroyIcon
SendMessageW
DestroyMenu
GetCursorPos
WindowFromPoint
CreatePopupMenu
DeleteMenu
InsertMenuW
DrawTextW
SetRect
LoadStringW
GetSysColorBrush
FillRect

gdi32

BitBlt
GetDIBits
CreateDIBSection
DeleteObject
GetObjectW
CreateFontIndirectW
GetStockObject
SetBkMode
GetTextExtentPoint32W
CreateCompatibleDC
SelectObject
DeleteDC
SetTextColor
CreateBitmap

advapi32

RegCloseKey
RegCreateKeyW
RegQueryValueExW
RegOpenKeyW
OpenProcessToken
GetTokenInformation
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW

shell32

SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteExW
SHChangeNotify
ord190
ord16
ord155
SHCreateDirectoryExW
ord21
SHGetDesktopFolder
ord256
SHGetFolderPathW
DragQueryFileW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
ReleaseStgMedium
StringFromGUID2
CoCreateInstance

oleaut32

LoadTypeLi
UnRegisterTypeLi
SysStringLen
VarUI4FromStr
SysFreeString
RegisterTypeLi
LoadRegTypeLi
SysAllocString

shlwapi

PathAppendW
PathIsNetworkPathW
PathCompactPathExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 434KB - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ALZip.exe
.exe windows:5 windows x86 arch:x86

da878adf4357beb4a8d9e41f887db221

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:65:a3:13:e4:ba:e0:10:b1:8b:d5:18:02:7d:4a:88
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25-11-2015 00:00

Not After

23-01-2018 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:54:a1:6d:28:75:bd:6b:60:6f:69:15:50:9f:f4:a7:2a:da:0b:ab
Signer

Actual PE Digest

6a:54:a1:6d:28:75:bd:6b:60:6f:69:15:50:9f:f4:a7:2a:da:0b:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\aldev-svn\alzip\trunk\ALZip\Bin\ALZip.pdb

Imports

msvcr90

memset
memcpy
_local_unwind4
_CIsqrt
_onexit
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_vsnwprintf_s
toupper
strcpy_s
rand
srand
towlower
iswalnum
??1exception@std@@UAE@XZ
vswprintf_s
strncmp
iswspace
wcstok_s
iswascii
iswpunct
_i64tow_s
isprint
_except_handler4_common
__CxxFrameHandler3
?terminate@@YAXXZ
isdigit
iswdigit
wcschr
_waccess
_endthreadex
_beginthreadex
wcsncpy_s
swprintf_s
__wargv
__argc
_time64
fclose
fputws
_wfopen_s
iswalpha
_wtoi64
wcsftime
_localtime64_s
_mktime64
_vsnwprintf
_wtoi
memcpy_s
wcsrchr
_wcsdup
_waccess_s
_purecall
wcsstr
free
malloc
_wcsicmp
wcsncmp
wcscpy_s
_wcsnicmp
??0exception@std@@QAE@XZ
memmove_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
_decode_pointer
_CxxThrowException

kernel32

CreateDirectoryW
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
GetLastError
GetModuleHandleW
GetProcAddress
LoadLibraryW
SetLastError
MulDiv
GetVersionExW
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
GetTickCount
GetVersion
GlobalAlloc
GlobalLock
GlobalUnlock
FreeLibrary
GetCurrentProcess
CloseHandle
GetCurrentThread
CreateFileW
GetFileSize
ReadFile
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentThreadId
CreateMutexW
ReleaseMutex
SetCurrentDirectoryW
SetEvent
GetSystemInfo
FindFirstFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
WideCharToMultiByte
WaitForSingleObject
lstrlenW
GetSystemTime
SetPriorityClass
GetTempPathW
GetLocaleInfoW
GetWindowsDirectoryW
GetLongPathNameW
SetThreadIdealProcessor
GetTempFileNameW
DeleteFileW
FindNextFileW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SetThreadPriority
ResumeThread
GetDiskFreeSpaceExW
MoveFileExW
GetFileAttributesW
CreateEventW
WaitForMultipleObjects
SystemTimeToTzSpecificLocalTime
SetFilePointer
WriteFile
ResetEvent
GetDriveTypeW
GetExitCodeThread
GlobalFree
Sleep
ExpandEnvironmentStringsA
LoadLibraryA
QueryPerformanceCounter
SetFileTime
SetFileAttributesW
RaiseException
SetEndOfFile
GetFileTime
OpenEventW
TryEnterCriticalSection
ReleaseSemaphore
OutputDebugStringW
LocalAlloc
InterlockedExchange

user32

InvalidateRect
GetCursorPos
ScreenToClient
PtInRect
DrawFrameControl
OffsetRect
GetWindowTextW
DrawTextW
DrawFocusRect
TrackMouseEvent
SetCapture
GetClientRect
SetRectEmpty
UnionRect
IsRectEmpty
GetDC
ReleaseDC
ClientToScreen
WindowFromPoint
UpdateWindow
SetCursor
LoadCursorW
ReleaseCapture
GetParent
PostMessageW
GetWindowRect
GetWindow
LoadImageW
DestroyIcon
LoadBitmapW
LoadIconW
GetIconInfo
DrawIcon
FillRect
GetSysColorBrush
InflateRect
KillTimer
IsWindowVisible
SetTimer
SetRect
GetFocus
GetWindowLongW
GetAsyncKeyState
GetAncestor
GetActiveWindow
GetSystemMetrics
RedrawWindow
SetWindowRgn
LoadMenuW
GetSubMenu
SetLayeredWindowAttributes
SetWindowPos
LockWindowUpdate
ShowScrollBar
PeekMessageW
GetClassNameW
MoveWindow
BeginDeferWindowPos
CopyRect
SendMessageW
EnableWindow
GetSysColor
SendMessageTimeoutW
DrawStateW
SystemParametersInfoW
InsertMenuW
InsertMenuItemW
PostThreadMessageW
PostQuitMessage
DeferWindowPos
EndDeferWindowPos
MonitorFromRect
GetMonitorInfoW
MapDialogRect
EnumChildWindows
IsWindow
GetClassInfoW
DefWindowProcW
DrawEdge
SetParent
GetWindowDC
GetDlgItemTextW
SetDlgItemTextW
GetDlgItem
SetWindowLongW
CallWindowProcW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetDesktopWindow
IsWindowEnabled
BringWindowToTop
SetActiveWindow
IsIconic
IntersectRect
TabbedTextOutW
DrawTextExW
GrayStringW
AdjustWindowRect
IsZoomed
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
ModifyMenuW
GetMenuItemCount
LoadAcceleratorsW
TranslateAcceleratorW
MonitorFromWindow
RegisterWindowMessageW
GetKeyState
GetCapture
GetMenuItemID
RemoveMenu
ShowWindow
SetWindowTextW
SetFocus
EndDialog
GetComboBoxInfo
EnableMenuItem
SetForegroundWindow
MessageBeep
AdjustWindowRectEx
RegisterClipboardFormatW
GetMenuStringW
DeleteMenu
TrackPopupMenu
DestroyMenu
RegisterClassW
CreateWindowExW
DestroyWindow
MessageBoxW
MonitorFromPoint

gdi32

Escape
ExtTextOutW
TextOutW
PtVisible
GetTextColor
GetCurrentObject
DPtoLP
SelectClipRgn
GetClipRgn
GetViewportExtEx
GetWindowExtEx
GetMapMode
LPtoDP
DeleteDC
DeleteObject
BitBlt
CreateDIBSection
GetDIBits
RectVisible
PatBlt
SelectObject
GetTextMetricsW
GetDeviceCaps
CombineRgn
CreateRectRgnIndirect
CreateRectRgn
StretchBlt
GetObjectW
Rectangle
GetViewportOrgEx
CreateSolidBrush
GetStockObject
GetTextExtentPoint32W
CreatePen
Polygon
CreateCompatibleDC
CreateFontIndirectW
CreateCompatibleBitmap

msimg32

AlphaBlend
TransparentBlt

advapi32

FreeSid
RegCloseKey
OpenProcessToken
RegQueryInfoKeyW
RegOpenKeyExA
RegQueryValueExA
DeleteService
ControlService
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegNotifyChangeKeyValue
RegEnumValueW
RegQueryValueExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
GetUserNameW
EqualSid
OpenThreadToken
CheckTokenMembership
AllocateAndInitializeSid
GetTokenInformation
RegOpenKeyExW

shell32

SHFileOperationW
ShellExecuteExW
SHGetFileInfoW
SHGetFolderLocation
ord2
SHGetSpecialFolderLocation
ord4
ShellExecuteW
ord190
ord155
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHChangeNotify
SHGetFolderPathW
DragQueryFileW
ExtractIconW

comctl32

_TrackMouseEvent
InitCommonControlsEx

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
RevokeDragDrop
RegisterDragDrop
DoDragDrop
CoInitializeEx
CreateStreamOnHGlobal
PropVariantClear
CoCreateInstance

oleaut32

SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0ABV12@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

toolkitpro1640vc90u

?Clone@CXTPRibbonControlSystemRecentFileList@@UAEPAVCXTPControl@@H@Z
?IsCustomizeDragOverAvail@CXTPRibbonControlSystemRecentFileList@@MAEHPAVCXTPCommandBar@@VCPoint@@AAK@Z
?OnLButtonUp@CXTPControl@@MAEXVCPoint@@@Z
?OnClick@CXTPControl@@UAEXHVCPoint@@@Z
?Copy@CXTPControl@@UAEXPAV1@H@Z
?GetIconSize@CXTPControl@@UBE?AVCSize@@XZ
?GetButtonSize@CXTPControl@@UBE?AVCSize@@XZ
?DoPropExchange@CXTPControl@@UAEXPAVCXTPPropExchange@@@Z
?OnCalcDynamicSize@CXTPRibbonControlSystemRecentFileList@@MAEXK@Z
?Draw@CXTPRibbonControlSystemPopupBarListCaption@@MAEXPAVCDC@@@Z
?GetSize@CXTPRibbonControlSystemPopupBarListCaption@@MAE?AVCSize@@PAVCDC@@@Z
?IsTransparent@CXTPControl@@UBEHXZ
?GetRuntimeClass@CXTPRibbonControlSystemRecentFileList@@UBEPAUCRuntimeClass@@XZ
?GetAccessible@CXTPControl@@MAEPAVCCmdTarget@@XZ
?PutAccessibleValue@CXTPAccessible@@UAEJUtagVARIANT@@PA_W@Z
?PutAccessibleName@CXTPAccessible@@UAEJUtagVARIANT@@PA_W@Z
?AccessibleDoDefaultAction@CXTPControl@@MAEJUtagVARIANT@@@Z
?AccessibleHitTest@CXTPControl@@MAEJJJPAUtagVARIANT@@@Z
?AccessibleNavigate@CXTPAccessible@@UAEJJUtagVARIANT@@PAU2@@Z
?AccessibleLocation@CXTPControl@@MAEJPAJ000UtagVARIANT@@@Z
?AccessibleSelect@CXTPControl@@MAEJJUtagVARIANT@@@Z
?GetAccessibleDefaultAction@CXTPControl@@MAEJUtagVARIANT@@PAPA_W@Z
?GetRecentFileList@CXTPRibbonControlSystemRecentFileList@@MAEPAVCRecentFileList@@XZ
?GetAccessibleFocus@CXTPAccessible@@UAEJPAUtagVARIANT@@@Z
?GetAccessibleKeyboardShortcut@CXTPControl@@MAEJUtagVARIANT@@PAPA_W@Z
?GetAccessibleHelpTopic@CXTPAccessible@@UAEJPAPA_WUtagVARIANT@@PAJ@Z
?GetAccessibleHelp@CXTPAccessible@@UAEJUtagVARIANT@@PAPA_W@Z
?GetAccessibleState@CXTPControl@@MAEJUtagVARIANT@@PAU2@@Z
?GetAccessibleRole@CXTPControl@@MAEJUtagVARIANT@@PAU2@@Z
?Remove@CXTPRecentFileList@@UAEXH@Z
?GetAccessibleValue@CXTPAccessible@@UAEJUtagVARIANT@@PAPA_W@Z
?GetAccessibleName@CXTPControl@@MAEJUtagVARIANT@@PAPA_W@Z
?GetAccessibleChild@CXTPControl@@MAEJUtagVARIANT@@PAPAUIDispatch@@@Z
?GetAccessibleChildCount@CXTPControl@@MAEJPAJ@Z
?GetAccessibleParent@CXTPControl@@MAEJPAPAUIDispatch@@@Z
?Clone@CXTPRibbonControlSystemPopupBarButton@@UAEPAVCXTPControl@@H@Z
?OnCaptionChanged@CXTPControl@@MAEXXZ
?OnActionChanging@CXTPControl@@MAEXH@Z
?OnActionChanged@CXTPControl@@MAEXH@Z
?GenerateCommandBarList@CXTPControl@@MAEXAAKPAVCXTPCommandBarList@@PAUXTP_COMMANDBARS_PROPEXCHANGE_PARAM@@@Z
?RestoreCommandBarList@CXTPControl@@MAEXPAVCXTPCommandBarList@@@Z
?OnToolHitTest@CXTPControl@@MBEHVCPoint@@PAUtagTOOLINFOW@@@Z
?OnRemoved@CXTPControl@@MAEXXZ
?OnIdleUpdate@CXTPControl@@MAEXXZ
?GetCustomizeMinHeight@CXTPControl@@MBEHXZ
?GetFirstMruID@CXTPRibbonControlSystemRecentFileList@@MAEHXZ
?PreTranslateMessage@?$CXTPCommandBarsSiteBase@VCFrameWnd@@@@MAEHPAUtagMSG@@@Z
?OnWndMsg@?$CXTPCommandBarsSiteBase@VCFrameWnd@@@@MAEHIIJPAJ@Z
?LoadFrame@?$CXTPFrameWndBase@VCFrameWnd@@@@UAEHIKPAVCWnd@@PAUCCreateContext@@@Z
?OnSetPreviewMode@?$CXTPFrameWndBase@VCFrameWnd@@@@UAEXHPAUCPrintPreviewState@@@Z
??1CXTPRibbonControlSystemPopupBarButton@@UAE@XZ
??1CXTPRibbonControlSystemRecentFileList@@UAE@XZ
??1CXTPFrameWnd@@UAE@XZ
??0CXTPModuleHandle@@QAE@XZ
??1CXTPModuleHandle@@UAE@XZ
?LoadLibraryW@CXTPModuleHandle@@QAEHPB_W@Z
?SetResourceFile@CXTPResourceManager@@QAEXABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?XTPResourceManager@@YAPAVCXTPResourceManager@@XZ
?SetProcessDPIAware@CXTPWinDwmWrapper@@QAEXXZ
??0CXTPRecentFileList@@QAE@IPB_W0HH@Z
??1CXTPRecentFileList@@UAE@XZ
?GetAccessibleSelection@CXTPAccessible@@UAEJPAUtagVARIANT@@@Z
?OnNewItem@CXTPRecentFileList@@MAEXPAVCXTPRecentFileListItem@@@Z
?GetCustomizeMinWidth@CXTPControl@@MBEHXZ
?IsCustomizeResizeAllow@CXTPControl@@MBEHXZ
?IsCustomizeDragOverAvail@CXTPControl@@MAEHPAVCXTPCommandBar@@VCPoint@@AAK@Z
?OnCustomizeDragOver@CXTPControl@@MAEXPAV1@VCPoint@@AAK@Z
?CustomizeStartResize@CXTPControl@@MAEHVCPoint@@@Z
?CustomizeStartDrag@CXTPControl@@MAEXVCPoint@@@Z
?OnSetSelected@CXTPControl@@MAEHH@Z
?OnMouseHover@CXTPControl@@MAEXXZ
?OnMouseMove@CXTPControl@@MAEXVCPoint@@@Z
?OnLButtonDblClk@CXTPControl@@MAEHVCPoint@@@Z
?OnRButtonUp@CXTPControl@@MAEHVCPoint@@@Z
?OnRButtonDown@CXTPControl@@MAEHVCPoint@@@Z
?OnLButtonDown@CXTPControl@@MAEXVCPoint@@@Z
?OnLButtonUp@CXTPControlButton@@MAEXVCPoint@@@Z
?Add@CXTPRecentFileList@@UAEXPB_W@Z
?ReadList@CXTPRecentFileList@@UAEXXZ
?WriteList@CXTPRecentFileList@@UAEXXZ
?GetAccessibleDescription@CXTPControl@@MAEJUtagVARIANT@@PAPA_W@Z
?OnSetPopup@CXTPControl@@MAEHH@Z
?SetParent@CXTPControl@@MAEXPAVCXTPCommandBar@@@Z
?OnHookMouseWheel@CXTPControl@@MAEHIFVCPoint@@@Z
?OnHookKeyDown@CXTPControl@@MAEHIJ@Z
?IsFocusable@CXTPControl@@MBEHXZ
?IsCustomizeMovable@CXTPControl@@UBEHXZ
?OnClick@CXTPControlButton@@MAEXHVCPoint@@@Z
?Copy@CXTPControlButton@@MAEXPAVCXTPControl@@H@Z
?GetIconSize@CXTPRibbonControlSystemPopupBarButton@@UBE?AVCSize@@XZ
?GetButtonSize@CXTPRibbonControlSystemPopupBarButton@@UBE?AVCSize@@XZ
?OnThemeChanged@CXTPControl@@UAEXXZ
?SetAction@CXTPControl@@UAEXPAVCXTPControlAction@@@Z
?GetPopuped@CXTPControl@@UBEHXZ
?OnUnderlineActivate@CXTPControl@@UAEXXZ
?DoPropExchange@CXTPControlButton@@UAEXPAVCXTPPropExchange@@@Z
?GetImage@CXTPControl@@UBEPAVCXTPImageManagerIcon@@H@Z
?OnCalcDynamicSize@CXTPControl@@UAEXK@Z
?Draw@CXTPRibbonControlSystemPopupBarButton@@UAEXPAVCDC@@@Z
?GetSize@CXTPRibbonControlSystemPopupBarButton@@UAE?AVCSize@@PAVCDC@@@Z
?OnExecute@CXTPControl@@UAEXXZ
?IsTransparent@CXTPRibbonControlSystemPopupBarButton@@UBEHXZ
?Compare@CXTPControl@@UAEHPAV1@@Z
?IsCaptionVisible@CXTPControl@@UBEHXZ
?IsVisible@CXTPControl@@UBEHK@Z
?SetRect@CXTPControl@@UAEXVCRect@@@Z
?GetPressed@CXTPControl@@UBEHXZ
?IsFocused@CXTPControl@@UBEHXZ
?SetFocused@CXTPControl@@UAEXH@Z
?GetSelected@CXTPControl@@UBEHXZ
?SetChecked@CXTPControl@@UAEXH@Z
?GetTooltip@CXTPControl@@UBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetDescription@CXTPControl@@UBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetCaption@CXTPControl@@UBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetInterfaceMap@CXTPControl@@MBEPBUAFX_INTERFACEMAP@@XZ
?OnCmdMsg@CXTPControl@@MAEHIHPAXPAUAFX_CMDHANDLERINFO@@@Z
?GetRuntimeClass@CXTPRibbonControlSystemPopupBarButton@@UBEPAUCRuntimeClass@@XZ
?XTPResourceImages@@YAPAVCXTPResourceImages@@XZ
?SetHandle@CXTPResourceImages@@QAEHPAUHINSTANCE__@@PB_WH@Z
??1CXTPWinDwmWrapper@@QAE@XZ
??0CXTPWinDwmWrapper@@QAE@XZ
?IsCompositionEnabled@CXTPWinDwmWrapper@@QAEHXZ
?m_bAllowDwm@CXTPCommandBarsFrameHook@@2HA
?RedrawCommandBars@CXTPCommandBars@@QAEXXZ
?RefreshAll@CXTPImageManager@@QAEXXZ
?SetPaneText@CXTPStatusBar@@QAEHHPB_W@Z
?SetPaneInfo@CXTPStatusBar@@QAEXHIIH@Z
?SetVisible@CXTPControl@@QAEXH@Z
?GetAt@CXTPCommandBars@@QBEPAVCXTPToolBar@@H@Z
?FromUI@CXTPControl@@SAPAV1@PAVCCmdUI@@@Z
?GetQuickAccessHeight@CXTPRibbonBar@@QBEHXZ
?IsQuickAccessBelowRibbon@CXTPRibbonBar@@QBEHXZ
?GetCaptionHeight@CXTPRibbonBar@@QBEHXZ
?SetIndicators@CXTPStatusBar@@QAEHPBIH@Z
?Create@CXTPStatusBar@@QAEHPAVCWnd@@KI@Z
?CreateOriginalControls@CXTPControls@@QAEXXZ
?SetHideFlags@CXTPControl@@UAEXK@Z
?SetHideFlag@CXTPControl@@QAEHW4XTPControlHideFlags@@H@Z
?SetFlags@CXTPControl@@QAEXK@Z
?SetBeginGroup@CXTPControl@@UAEXH@Z
??0CXTPFrameWnd@@QAE@XZ
??0CXTPStatusBar@@QAE@XZ
??1CXTPStatusBar@@UAE@XZ
??0CXTPSplitterWndEx@@QAE@XZ
??1CXTPSplitterWndEx@@UAE@XZ
?InitCommandBars@?$CXTPCommandBarsSiteBase@VCFrameWnd@@@@UAEHPAUCRuntimeClass@@@Z
?GetThisClass@CXTPCommandBars@@SGPAUCRuntimeClass@@XZ
?s_pInstance@CXTPPaintManager@@1PAV1@A
?SetTheme@CXTPPaintManager@@SAXW4XTPPaintTheme@@@Z
?LoadCommandBars@?$CXTPCommandBarsSiteBase@VCFrameWnd@@@@UAEXPB_WH@Z
?GetToolTipContext@CXTPCommandBars@@QBEPAVCXTPToolTipContext@@XZ
?SetStyle@CXTPToolTipContext@@QAEXW4XTPToolTipStyle@@@Z
?ShowTitleAndDescription@CXTPToolTipContext@@QAEXHH@Z
?ShowImage@CXTPToolTipContext@@QAEXHHH@Z
?SetMargin@CXTPToolTipContext@@QAEXPBUtagRECT@@@Z
?SetMaxTipWidth@CXTPToolTipContext@@QAEXH@Z
?SetFont@CXTPToolTipContext@@QAEXPAVCFont@@@Z
?GetPaintManager@CXTPCommandBars@@QBEPAVCXTPPaintManager@@XZ
?SetDelayTime@CXTPToolTipContext@@QAEXKH@Z
??0CXTPRibbonControlSystemRecentFileList@@QAE@XZ
??0CXTPRibbonControlSystemPopupBarButton@@QAE@XZ
?SetTooltip@CXTPControl@@QAEXPB_W@Z
?FindControl@CXTPControls@@QBEPAVCXTPControl@@W4XTPControlType@@HHH@Z
?SetCaption@CXTPControl@@QAEXPB_W@Z
?SaveCommandBars@?$CXTPCommandBarsSiteBase@VCFrameWnd@@@@UAEXPB_W@Z
?GetControlCount@CXTPCommandBar@@QBEHXZ
?GetControl@CXTPCommandBar@@QBEPAVCXTPControl@@H@Z
?SetHeight@CXTPControl@@UAEXH@Z
?SetEnabled@CXTPControl@@UAEXH@Z
?OnEnabledChanged@CXTPControl@@UAEXXZ
?IsRibbonMinimized@CXTPRibbonBar@@QBEHXZ
?RegisterWndClass@CXTPDrawHelpers@@SAHPAUHINSTANCE__@@PB_WIPAUHICON__@@PAUHBRUSH__@@@Z
?Add@CXTPCommandBars@@QAEPAVCXTPToolBar@@PB_WW4XTPBarPosition@@PAUCRuntimeClass@@@Z
?GetThisClass@CXTPRibbonBar@@SGPAUCRuntimeClass@@XZ
?GetTabPaintManager@CXTPRibbonBar@@QBEPAVCXTPTabPaintManager@@XZ
?EnableDocking@CXTPToolBar@@QAEXK@Z
?EnableFrameTheme@CXTPRibbonBar@@QAEXH@Z
?AddSystemButton@CXTPRibbonBar@@QAEPAVCXTPControlPopup@@H@Z
?SetCommandBar@CXTPControlPopup@@QAEXPAVCMenu@@@Z
?SetIcons@CXTPImageManager@@QAEHIPAIHVCSize@@W4XTPImageState@@@Z
?GetImageManager@CXTPCommandBars@@QBEPAVCXTPImageManager@@XZ
?SetStyle@CXTPControl@@QAEXW4XTPButtonStyle@@@Z
?AddTab@CXTPRibbonBar@@QAEPAVCXTPRibbonTab@@H@Z
?AddGroup@CXTPRibbonTab@@QAEPAVCXTPRibbonGroup@@H@Z
?Add@CXTPRibbonGroup@@QAEPAVCXTPControl@@W4XTPControlType@@HPB_WHH@Z
?Add@CXTPControls@@QAEPAVCXTPControl@@W4XTPControlType@@HPB_WHH@Z
?GetCommandBar@CXTPControl@@UBEPAVCXTPCommandBar@@XZ
?SetShortcutText@CXTPControl@@QAEXPB_W@Z
?FindControl@CXTPControls@@QBEPAVCXTPControl@@H@Z
?SetWidth@CXTPControl@@UAEXH@Z

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

gdiplus

GdipGetImageGraphicsContext
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipGraphicsClear
GdipSaveImageToFile
GdipFree
GdipAlloc
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorKeys
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipDeleteBrush
GdipCloneBrush
GdipCreateTexture
GdipFillRectangleI
GdipDrawImageRectI
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipLoadImageFromFile
GdipLoadImageFromStream
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipCreateBitmapFromResource
GdiplusStartup
GdiplusShutdown
GdipBitmapGetPixel

Exports

Exports

?AddToRecentDestination@@YA_NABQB_WQB_W@Z
?AppendToFrequentDestinationCategory@@YA_NQAVTaskInfo@@@Z
?AppendToRecentDestinationCategory@@YA_NQAVTaskInfo@@@Z
?AppendToTask@@YA_NQAVTaskInfo@@QB_W111H@Z
?AppendToTaskSeperator@@YA_NQAVTaskInfo@@@Z
?ClearRecentDestination@@YA_NXZ
?CommitToTask@@YA_NQAVTaskInfo@@@Z
?CreateTaskControl@@YA_NAAPAVTaskControl@@@Z
?CreateTaskInfo@@YA_NAAPAVTaskInfo@@PB_W@Z
?GetApplicationID@@YAQB_WQB_W@Z
?ReleaseTaskControl@@YA_NPAVTaskControl@@@Z
?ReleaseTaskInfo@@YA_NPAVTaskInfo@@@Z
?SetOverlayIcon@@YA_NABQAVTaskControl@@QAUHWND__@@QAUHICON__@@QB_W@Z
?SetProgressGreen@@YA_NABQAVTaskControl@@PAUHWND__@@@Z
?SetProgressGreenMarquee@@YA_NABQAVTaskControl@@PAUHWND__@@@Z
?SetProgressNothing@@YA_NABQAVTaskControl@@PAUHWND__@@@Z
?SetProgressRed@@YA_NABQAVTaskControl@@PAUHWND__@@@Z
?SetProgressValue@@YA_NABQAVTaskControl@@PAUHWND__@@_K2@Z
?SetProgressYellow@@YA_NABQAVTaskControl@@PAUHWND__@@@Z
?TaskbarButtonGroupingByProcess@@YA_NQB_W@Z
?TaskbarButtonGroupingByWindow@@YA_NQB_WQAUHWND__@@@Z

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ALZipCon.exe
.exe windows:5 windows x86 arch:x86

be6ef575a3d572fe8c4e9674365b3634

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4b:cf:9c:8b:e1:7f:74:a1:72:ad:d3:db:88:6e:ed:76
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-10-2013 00:00

Not After

27-12-2015 23:59

Subject

CN=ESTsoft Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9c:c5:6f:cd:c7:2d:55:ee:69:e7:94:be:1a:08:0b:98:2b:96:aa:52
Signer

Actual PE Digest

9c:c5:6f:cd:c7:2d:55:ee:69:e7:94:be:1a:08:0b:98:2b:96:aa:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Source\ALZip\Source\ALZip\trunk\ALZip\Bin\ALZipCon.pdb

Imports

mfc90u

ord600
ord6699
ord6659
ord1271
ord794
ord589
ord1333
ord5867
ord4518
ord1313
ord899
ord1314
ord2676
ord2695
ord935
ord938
ord2081
ord5938
ord2478
ord2479
ord5979
ord4494
ord4490
ord6687
ord4519
ord6013
ord4405
ord1607
ord285
ord3220
ord1599
ord1102
ord2537
ord5851
ord1137
ord933
ord5603
ord811
ord4442
ord286
ord266
ord265
ord1329
ord2694
ord813
ord2326
ord296
ord799
ord280
ord1603
ord801

msvcr90

_wtoi64
_localtime64_s
wcsftime
_wtoi
iswdigit
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
wcscpy_s
wcstok_s
iswspace
_waccess
strncmp
malloc
free
??0exception@std@@QAE@XZ
wcschr
wprintf
memmove_s
wcsstr
swprintf_s
_beginthreadex
_endthreadex
_purecall
_time64
_errno
_controlfp_s
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__winitenv
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
__wargv
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_mktime64
_vsnwprintf_s
toupper
wcsncmp
strcpy_s
rand
srand
towlower
iswalpha
iswalnum
wcsrchr
_wcsicmp
memcpy_s
_CxxThrowException
memset
memcpy
__CxxFrameHandler3
_amsg_exit

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
SystemTimeToTzSpecificLocalTime
GetFileTime
SetEndOfFile
FileTimeToSystemTime
FileTimeToLocalFileTime
ReleaseMutex
ReleaseSemaphore
TryEnterCriticalSection
ResetEvent
SetEvent
OpenEventW
CreateEventW
Sleep
CreateDirectoryW
SetFileAttributesW
SetFileTime
GetFileAttributesW
QueryPerformanceCounter
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
GetLocaleInfoW
LoadLibraryW
DeleteFileW
GetTempFileNameW
FreeLibrary
GetConsoleOutputCP
GetModuleFileNameW
GetSystemInfo
GetCurrentDirectoryW
SetConsoleCtrlHandler
SetConsoleCursorPosition
GetCurrentThreadId
WaitForSingleObject
GetCommandLineW
SetPriorityClass
WriteFile
WideCharToMultiByte
GetStdHandle
WriteConsoleW
GetTempPathW
ReadFile
CreateFileW
FindNextFileW
FindClose
FindFirstFileW
GetFileSize
GetLastError
SetFilePointer
CloseHandle
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetConsoleScreenBufferInfo

user32

GetActiveWindow
PostThreadMessageW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHChangeNotify
SHGetFileInfoW
SHFileOperationW

shlwapi

StrFormatByteSizeW

ole32

PropVariantClear

oleaut32

SysAllocString

msvcp90

?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0ABV12@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?ignore@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@HG@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?getline@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_WH_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?wcin@std@@3V?$basic_istream@_WU?$char_traits@_W@std@@@1@A
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@PA_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z

Sections

.text
Size: 402KB - Virtual size: 401KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9bca2c7cb3bba360100a3a7a510fe11d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

04:65:a3:13:e4:ba:e0:10:b1:8b:d5:18:02:7d:4a:88Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

96:d0:ca:6f:9f:cb:a1:c4:7b:ed:8d:46:0c:b6:8e:bd:1e:67:66:44Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1.6MB

.ndata Size: - Virtual size: 192KB

.rsrc Size: 124KB - Virtual size: 123KB

5eebff966e82adb38fe32cb21b559567

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

04:65:a3:13:e4:ba:e0:10:b1:8b:d5:18:02:7d:4a:88Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

1c:48:a8:8b:d6:5d:11:dd:84:ff:55:8a:0c:2e:ee:5e:1f:f0:43:80Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

comctl32

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 128KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 5KB

222ba14d7b8ae575c32dd0b8b77a5dea

Headers

DLL Characteristics

File Characteristics

Imports

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

04:65:a3:13:e4:ba:e0:10:b1:8b:d5:18:02:7d:4a:88
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

96:d0:ca:6f:9f:cb:a1:c4:7b:ed:8d:46:0c:b6:8e:bd:1e:67:66:44
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1.6MB

.ndata
Size: - Virtual size: 192KB

.rsrc
Size: 124KB - Virtual size: 123KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

04:65:a3:13:e4:ba:e0:10:b1:8b:d5:18:02:7d:4a:88
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

1c:48:a8:8b:d6:5d:11:dd:84:ff:55:8a:0c:2e:ee:5e:1f:f0:43:80
Signer

.text
Size: 132KB - Virtual size: 128KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 400B

.reloc
Size: 1024B - Virtual size: 590B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 816B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 516B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4b:cf:9c:8b:e1:7f:74:a1:72:ad:d3:db:88:6e:ed:76
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ae:f3:93:99:c5:ea:da:94:21:82:05:df:79:b5:50:c9:3d:ce:27:80
Signer