unifying250[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

unifying250.exe
Size

4.0MB
MD5

0e4dd62d0edc758b5f9facbe3cd028c7
SHA1

46504515c189b62e164be68cf4608acb870627e7
SHA256

ace27f43e1ce4925e72c49a33fcc2aa3b3db557ed808f29e75dacedfebf7ab90
SHA512

6eff2f0ffe0c3b502e4627d96b62c995e1485200b16e3ed92ffd8b61045861e883b7065b12faa5d3583e01e6e7600de97f11c399d630dacbd4a1e2570263643f
SSDEEP

98304:UlJd8rujvcDhybI20GUShrGkHTWuyeFDIVNwjmCan94BkD6:WbcVRyhrGkHyuhDIXOmH94BN

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

unifying250.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/03/2013, 00:00

Not After

18/05/2015, 23:59

Subject

CN=Logitech,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Logitech,L=Newark,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c6:68:3c:5f:8c:e6:fb:ef:1d:0c:8a:17:28:0e:56:67:99:9f:e9:50
Signer

Actual PE Digest

c6:68:3c:5f:8c:e6:fb:ef:1d:0c:8a:17:28:0e:56:67:99:9f:e9:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

afa8e526425f3585465337467d0b5909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
lstrcpynA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DJAPI.dll
.dll windows:5 windows x86 arch:x86

fa0bf951c47ae826718ddc4553ee3b98

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/03/2013, 00:00

Not After

18/05/2015, 23:59

Subject

CN=Logitech,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Logitech,L=Newark,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:59:5f:4f:be:cc:22:4d:48:58:10:d3:4b:f6:ed:08:6d:ee:d9:98
Signer

Actual PE Digest

03:59:5f:4f:be:cc:22:4d:48:58:10:d3:4b:f6:ed:08:6d:ee:d9:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Builds\VersionedApps\DJAPI_2.50\2.50.25\Sources\DJAPI\Release\Win32\DJAPI.pdb

Imports

kernel32

DeleteCriticalSection
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
SetEvent
CreateEventW
CloseHandle
CreateProcessW
TerminateThread
GetStartupInfoW
RaiseException
ResetEvent
OpenThread
InterlockedExchangeAdd
WaitForMultipleObjects
CreateThread
WriteFile
ReadFile
GetOverlappedResult
GetLastError
LoadLibraryW
CreateFileW
GetProcAddress
CreateMutexW
QueryPerformanceCounter
Sleep
QueryPerformanceFrequency
ReleaseMutex
FreeLibrary
HeapAlloc
HeapFree
EnterCriticalSection
GetTickCount
FindFirstChangeNotificationW
FindCloseChangeNotification
GetModuleHandleW
GetFileAttributesW
GetModuleFileNameW
FindNextChangeNotification
MultiByteToWideChar
GetFileSize
FindFirstFileW
GetTempPathW
FindClose
FindNextFileW
DeleteFileW
SetFilePointer
CreateDirectoryW
GetLocalTime
GetPrivateProfileStringW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LeaveCriticalSection
InitializeCriticalSection
OutputDebugStringW
GetProcessHeap
GetStringTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
LCMapStringA
WideCharToMultiByte
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
RtlUnwind
LoadLibraryA
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA

user32

SetTimer
KillTimer
RegisterDeviceNotificationW
CreateWindowExW
RegisterClassW
DefWindowProcW
PostMessageW
UnregisterDeviceNotification
wsprintfW
ShowWindow

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetFolderPathW

shlwapi

PathRemoveFileSpecW

Exports

Exports

_DJ_CheckForManifestedUpdatesNow@4
_DJ_CheckForUpdatesNow@0
_DJ_ConfigureUpdates@0
_DJ_DFUAction@12
_DJ_DFUStateToString@4
_DJ_DevInfoToString@8
_DJ_DisconnectDevice@8
_DJ_ErrorToString@4
_DJ_EventToString@4
_DJ_ForceDFU@20
_DJ_GetDJAPIVersion@12
_DJ_GetDefaultReceiver@0
_DJ_GetDefaultWirelessDevice@0
_DJ_GetDeviceInfo@8
_DJ_GetEngineLog@12
_DJ_Initialize@12
_DJ_MoveDevice@8
_DJ_OpenReceiver@8
_DJ_ScanActivity@4

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DJCU.dll
.dll windows:5 windows x86 arch:x86

778c040a4c940170c8609609693762ea

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/03/2013, 00:00

Not After

18/05/2015, 23:59

Subject

CN=Logitech,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Logitech,L=Newark,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:e9:24:f8:99:2d:86:8a:f8:f6:78:56:f7:d3:14:e0:15:6d:31:4a
Signer

Actual PE Digest

2b:e9:24:f8:99:2d:86:8a:f8:f6:78:56:f7:d3:14:e0:15:6d:31:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Builds\DJ\DJ_2.50\2.50.25\Release\Win32\DJCU.pdb

Imports

djapi

_DJ_ConfigureUpdates@0
_DJ_CheckForManifestedUpdatesNow@4
_DJ_CheckForUpdatesNow@0
_DJ_ScanActivity@4
_DJ_GetEngineLog@12
_DJ_GetDJAPIVersion@12
_DJ_DFUAction@12
_DJ_OpenReceiver@8
_DJ_DisconnectDevice@8
_DJ_Initialize@12
_DJ_GetDeviceInfo@8

kernel32

SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
ExitThread
CreateThread
GetCommandLineA
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
HeapReAlloc
Sleep
ExitProcess
SetStdHandle
GetFileType
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
GetModuleFileNameA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
LCMapStringW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CreateFileA
SetEnvironmentVariableA
SizeofResource
LockResource
LoadResource
FindResourceW
GetFileAttributesW
GetModuleFileNameW
GetUserDefaultUILanguage
GetUserGeoID
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetThreadAffinityMask
GetCurrentThread
GetModuleHandleW
VerSetConditionMask
VerifyVersionInfoW
SetThreadUILanguage
SetThreadLocale
GetVersionExW
GetCurrentProcessId
GetCurrentThreadId
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateEventW
CloseHandle
MulDiv
ResumeThread
FreeResource
WaitForSingleObject
SetEvent
ResetEvent
SetLastError
GetLastError
TerminateProcess
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
WritePrivateProfileStringW
GlobalFlags
FileTimeToSystemTime
InterlockedIncrement
SetErrorMode
LoadLibraryW
GetProcAddress
FindResourceExW
GetShortPathNameW
GetFullPathNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
VirtualProtect
CreateFileW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
LocalFree
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
FreeLibrary
InterlockedDecrement
MultiByteToWideChar
lstrlenA
lstrlenW
lstrcmpA
WideCharToMultiByte
GetSystemInfo
OutputDebugStringW
VerLanguageNameW
FormatMessageW
LCMapStringA

user32

DestroyMenu
GetSysColorBrush
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
MapDialogRect
GetAsyncKeyState
CharUpperW
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
MoveWindow
SetWindowTextW
IsDialogMessageW
IsWindowEnabled
GetMessageW
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
DispatchMessageW
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
SetMenu
UpdateWindow
MessageBoxW
GetClassInfoExW
GetClassInfoW
AdjustWindowRectEx
ScreenToClient
CallWindowProcW
PtInRect
GetMenu
GetWindowLongW
SetWindowLongW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetSystemMetrics
InflateRect
SetWindowPos
LoadBitmapW
GetKeyState
GetDlgCtrlID
GetFocus
RedrawWindow
IsWindow
GetClassNameW
GetWindow
SetWindowsHookExW
GetWindowRect
ShowWindow
RemovePropW
FindWindowW
UnhookWindowsHookEx
LoadIconW
CallNextHookEx
CopyRect
GetSysColor
FillRect
InvalidateRect
ReleaseDC
GetDC
SetRect
SetTimer
GetParent
IsWindowVisible
KillTimer
SetCursor
LoadCursorW
GetClientRect
IsRectEmpty
SetRectEmpty
EnableWindow
SendMessageW
GetWindowThreadProcessId
GetForegroundWindow
SendInput
AttachThreadInput
SetForegroundWindow
SetActiveWindow
BringWindowToTop
DefWindowProcW
UnregisterClassW
DestroyWindow
CreateWindowExW
RegisterClassW
PostMessageW

gdi32

SetStretchBltMode
SetMapMode
PtVisible
RectVisible
TextOutW
ExtTextOutW
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateFontIndirectW
DPtoLP
EnumFontFamiliesExW
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
Rectangle
CreatePen
StretchBlt
GetObjectW
GetStockObject
PatBlt
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
CreateSolidBrush
DeleteObject
DeleteDC
SelectObject
Escape
GetDeviceCaps

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegLoadKeyW
RegSaveKeyW
RegRestoreKeyW
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegQueryValueExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW

shell32

ShellExecuteW
SHGetFolderPathW

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW

ole32

CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSetContainedObject
OleCreateStaticFromData
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

OleLoadPicture
VariantClear
VariantChangeType
VariantInit

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipFree
GdipAlloc
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

Exports

Exports

RunDJCU

Sections

.text
Size: 431KB - Virtual size: 430KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DJCUHost.exe
.exe windows:5 windows x86 arch:x86

5d23cd1f231dee47c37707215995630d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/03/2013, 00:00

Not After

18/05/2015, 23:59

Subject

CN=Logitech,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Logitech,L=Newark,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a7:59:98:40:2e:5c:5e:7c:06:2f:93:73:8c:dd:09:1c:ee:75:33:4c
Signer

Actual PE Digest

a7:59:98:40:2e:5c:5e:7c:06:2f:93:73:8c:dd:09:1c:ee:75:33:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Builds\DJ\DJ_2.50\2.50.25\Release\Win32\DJCUHost.pdb

Imports

djcu

RunDJCU

kernel32

GetStartupInfoW
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
HeapSize
VirtualAlloc
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SizeofResource
LockResource
LoadResource
FindResourceW
Sleep
CloseHandle
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
GetLastError
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
MulDiv
lstrlenW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
SetLastError
GetProcAddress
GetModuleHandleW
FreeLibrary
lstrcmpW
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
lstrcmpA
GetModuleFileNameW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
GetTickCount
LoadLibraryA
SetErrorMode
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
GlobalFlags
GetModuleHandleA
WritePrivateProfileStringW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
lstrlenA
InterlockedDecrement
ReleaseMutex
CreateMutexW
GetCurrentProcessId
GetVersionExA
WaitForSingleObject
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GetVersionExW
CompareStringW
GetLocaleInfoA

user32

UnregisterClassW
DestroyMenu
ShowWindow
IsDialogMessageW
PostThreadMessageW
SetWindowTextW
EndPaint
BeginPaint
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetDesktopWindow
ClientToScreen
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
GetWindowThreadProcessId
IsWindowEnabled
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
SetFocus
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
FindWindowW
SendMessageW
PostMessageW
GetSubMenu
GetKeyState
SetMenu
EnableWindow
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
MessageBoxW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
CreateWindowExW
GetClassInfoExW
GetActiveWindow
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
RegisterClipboardFormatW
GetWindow
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetWindowPos
SetWindowLongW
GetWindowLongW
GetMenu
PtInRect
CopyRect
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
GetParent
AdjustWindowRectEx
GetSysColor
RegisterClassW
GetClassInfoW
SetCursor

gdi32

DeleteObject
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegQueryValueW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NonElevatedDll.dll
.dll windows:4 windows x86 arch:x86

54f7b090ac4389e67f51954daf06e702

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:57:34:6b:75:53:24:5d:37:eb:d1:f8:4a:52:b3:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

08/12/2009, 00:00

Not After

11/12/2011, 23:59

Subject

CN=Logitech,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Control Devices,O=Logitech,L=FREMONT,ST=CALIFORNIA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ae:8c:8a:ac:e5:23:45:62:0f:f9:39:dc:26:d5:ac:c6:09:a7:9a:e8
Signer

Actual PE Digest

ae:8c:8a:ac:e5:23:45:62:0f:f9:39:dc:26:d5:ac:c6:09:a7:9a:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\builds\versionedapps\runne_1.10\1.10.2\source\release\NonElevatedDll.pdb

Imports

kernel32

GetModuleHandleExW
WaitForSingleObject
GetCurrentProcess
HeapSize
LCMapStringW
LCMapStringA
CloseHandle
GetVersionExW
GetStringTypeW
MultiByteToWideChar
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
GetLocaleInfoA
GetStringTypeA

user32

UnhookWindowsHookEx
RegisterWindowMessageW
CallNextHookEx
FindWindowW
SendMessageW
SetWindowsHookExW

advapi32

OpenProcessToken
GetTokenInformation

shell32

ShellExecuteExW

Exports

Exports

?GetElevationType@@YAJPAW4_TOKEN_ELEVATION_TYPE@@@Z
?IsElevated@@YAJPAH@Z
?IsVista@@YAHXZ
?MyShellExec@@YAHPAUHWND__@@PB_W1H11@Z
?RunElevated@@YAHPAUHWND__@@PB_W11@Z
?RunNonElevated@@YAHPAUHWND__@@PB_W11@Z

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ve_share
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RunNE.exe
.exe windows:4 windows x86 arch:x86

b7635f0f425673f69a2e7fb66bbf7592

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:57:34:6b:75:53:24:5d:37:eb:d1:f8:4a:52:b3:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

08/12/2009, 00:00

Not After

11/12/2011, 23:59

Subject

CN=Logitech,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Control Devices,O=Logitech,L=FREMONT,ST=CALIFORNIA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:69:5f:4d:71:06:b5:2a:28:8a:a9:26:6a:4a:84:2b:71:b5:66:b9
Signer

Actual PE Digest

93:69:5f:4d:71:06:b5:2a:28:8a:a9:26:6a:4a:84:2b:71:b5:66:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Builds\VersionedApps\RunNE_1.10\1.10.2\Source\release\RunNE.pdb

Imports

nonelevateddll

?RunNonElevated@@YAHPAUHWND__@@PB_W11@Z

kernel32

TlsFree
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
WideCharToMultiByte
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

c6:68:3c:5f:8c:e6:fb:ef:1d:0c:8a:17:28:0e:56:67:99:9f:e9:50Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 96KB

.rsrc Size: 43KB - Virtual size: 42KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

afa8e526425f3585465337467d0b5909

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 741B

.rdata Size: 1024B - Virtual size: 673B

.data Size: 512B - Virtual size: 88B

.reloc Size: 512B - Virtual size: 190B

fa0bf951c47ae826718ddc4553ee3b98

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

03:59:5f:4f:be:cc:22:4d:48:58:10:d3:4b:f6:ed:08:6d:ee:d9:98Signer

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

c6:68:3c:5f:8c:e6:fb:ef:1d:0c:8a:17:28:0e:56:67:99:9f:e9:50
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 96KB

.rsrc
Size: 43KB - Virtual size: 42KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 1024B - Virtual size: 741B

.rdata
Size: 1024B - Virtual size: 673B

.data
Size: 512B - Virtual size: 88B

.reloc
Size: 512B - Virtual size: 190B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

03:59:5f:4f:be:cc:22:4d:48:58:10:d3:4b:f6:ed:08:6d:ee:d9:98
Signer

.text
Size: 171KB - Virtual size: 171KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 10KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2b:e9:24:f8:99:2d:86:8a:f8:f6:78:56:f7:d3:14:e0:15:6d:31:4a
Signer

.text
Size: 431KB - Virtual size: 430KB

.rdata
Size: 115KB - Virtual size: 115KB

.data
Size: 14KB - Virtual size: 30KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 62KB - Virtual size: 61KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6
Certificate