6b88432c1bbbb1c70d08977c74aede1b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

Reason

config extraction: GuloaderBin: guloader: invalid shellcode

General

Target

6b88432c1bbbb1c70d08977c74aede1b_JaffaCakes118
Size

6.9MB
MD5

6b88432c1bbbb1c70d08977c74aede1b
SHA1

bbdbf52b0e1fc23313e55bb816c48e55cd8c6a23
SHA256

12976190a4b825a61913a3b66cc66dc856aea80a6c030da0093bc75ddd56b0a0
SHA512

1e06baa0290c1b32a9fa3d5da5b6dedb7dce9ba090801146e0c636ce3dbcda1425aebd98b329e2c815bd433464323733df568999f796b835cbaf8792a1fbbe51
SSDEEP

196608:R39Q1xaN9HeUdWKqHBiIX384r4EIrfR43MnmsZO:59QmN9HeHKqhiW3RUjR4iO

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/AccessControl.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/AccessControl.dll	upx

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/AccessControl.dll
unpack002/out.upx
unpack001/$PLUGINSDIR/xml.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/C:/abacus/apps/RateDeskPrice/RateDeskPrice.exe
unpack001/$TEMP/MSVBVM60.DLL
unpack001/$_5_/7za.exe
unpack001/$_5_/ForceUpdate/MSVBVM60.DLL
unpack001/$_5_/MSVBVM60.DLL
unpack001/$_5_/RemoteControl/camstudio_cl.exe
unpack001/$_5_/SabreVPNPatch/AbacusWin8_7_Vista_Patch_Jul2013.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$TEMP/InstallAWSScribeScripts.exe	nsis_installer_1
static1/unpack001/$TEMP/InstallAWSScribeScripts.exe	nsis_installer_2

Files

6b88432c1bbbb1c70d08977c74aede1b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:01:6e:8d:8b:2b:4c:17:c9:f1:d1:34:67:01:a9:24
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/07/2014, 00:00

Not After

17/07/2016, 23:59

Subject

CN=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,O=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,POSTALCODE=852,STREET=UNIT 811-818\, TOWER 1+STREET=388 TONG ROAD\, KWUN TONG\, KOWLOON+STREET=MILLENNIUM CITY 1,L=HONG KONG,ST=HONG KONG,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5b:fd:15:d7:ff:a0:d6:77:6c:fd:75:cb:3a:8a:f1:37:88:32:9d:40
Signer

Actual PE Digest

5b:fd:15:d7:ff:a0:d6:77:6c:fd:75:cb:3a:8a:f1:37:88:32:9d:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AccessControl.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ClearOnFile
ClearOnRegKey
DenyOnFile
DenyOnRegKey
DisableFileInheritance
DisableRegKeyInheritance
EnableFileInheritance
EnableRegKeyInheritance
GetCurrentUserName
GetFileGroup
GetFileOwner
GetRegKeyGroup
GetRegKeyOwner
GrantOnFile
GrantOnRegKey
NameToSid
RevokeOnFile
RevokeOnRegKey
SetFileGroup
SetFileOwner
SetOnFile
SetOnRegKey
SetRegKeyGroup
SetRegKeyOwner
SidToName

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/xml.dll
.dll windows:4 windows x86 arch:x86

b5ed5b3a951d4443ce56e5453702d536

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpynA
lstrcmpA
lstrcmpiA
lstrcpyA
RtlUnwind
GetModuleFileNameA
RaiseException
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapSize
GetLastError
LoadLibraryA
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
CloseHandle
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileA
VirtualProtect
GetSystemInfo
VirtualQuery
SetStdHandle
GetLocaleInfoA
InterlockedExchange
SetEndOfFile

Exports

Exports

_CloneNode
_Coordinate
_CreateNode
_CreateText
_CurrentAttribute
_DeclarationEncoding
_DeclarationStandalone
_DeclarationVersion
_ElementPath
_FindCloseElement
_FindNextElement
_FirstAttribute
_FirstChild
_FirstChildElement
_FreeNode
_GetAttribute
_GetNodeValue
_GetText
_GotoHandle
_GotoPath
_InsertAfterNode
_InsertBeforeNode
_InsertEndChild
_IsCDATA
_LastAttribute
_LastChild
_LoadFile
_NextAttribute
_NextSibling
_NextSiblingElement
_NoChildren
_NodeHandle
_NodeType
_Parent
_PreviousAttribute
_PreviousSibling
_RemoveAllChild
_RemoveAttribute
_RemoveNode
_ReplaceNode
_RootElement
_SaveFile
_SetAttribute
_SetAttributeName
_SetAttributeValue
_SetCDATA
_SetCondenseWhiteSpace
_SetEncoding
_SetNodeValue
_SetText
_Unload
_XPathAttribute
_XPathNode
_XPathString

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/AE_remotehost.xml
.xml
$TEMP/AWSChkAPN.exe
.exe windows:4 windows x86 arch:x86

ad060a25ce7277c27044f635eef0ab1c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:dc:ff:19:70:ee:b7:24:2d:d4:5b:a6:56:b9:ed:6f
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/08/2012, 00:00

Not After

03/08/2014, 23:59

Subject

CN=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,O=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,POSTALCODE=852,STREET=QUARRY BAY+STREET=TAIKOO PLACE\, 979 KING'S ROAD+STREET=UNIT C\, 17/F\, SOMERSET HOUSE,L=HONG KONG,ST=HONG KONG,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:4d:86:e3:fc:67:ae:70:0e:11:04:1c:20:bc:2c:ec:bc:9f:9d:49
Signer

Actual PE Digest

05:4d:86:e3:fc:67:ae:70:0e:11:04:1c:20:bc:2c:ec:bc:9f:9d:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord667
ord669
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
ord520
__vbaFPFix
__vbaVargVar
__vbaBoolVarNull
_CIsin
ord525
__vbaChkstk
EVENT_SINK_AddRef
__vbaVarTstEq
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
_adj_fpatan
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaVarLateMemCallLdRf
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarSetVar
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
ord616
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/IP_Private_remotehost.xml
.xml
$TEMP/IP_Public_remotehost.xml
.xml
$TEMP/InstallAWSScribeScripts.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:01:6e:8d:8b:2b:4c:17:c9:f1:d1:34:67:01:a9:24
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/07/2014, 00:00

Not After

17/07/2016, 23:59

Subject

CN=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,O=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,POSTALCODE=852,STREET=UNIT 811-818\, TOWER 1+STREET=388 TONG ROAD\, KWUN TONG\, KOWLOON+STREET=MILLENNIUM CITY 1,L=HONG KONG,ST=HONG KONG,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3c:18:d3:0e:6c:09:30:43:9c:46:fb:71:72:25:1f:f8:16:a2:f4:db
Signer

Actual PE Digest

3c:18:d3:0e:6c:09:30:43:9c:46:fb:71:72:25:1f:f8:16:a2:f4:db

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C:/abacus/FARE.INI
C:/abacus/ITIN.INI
C:/abacus/OLDTAX.INI
C:/abacus/PAX.INI
C:/abacus/PAXNAME_CMD1.INI
C:/abacus/PAXNAME_CMD3.INI
C:/abacus/PAXTYPE.INI
C:/abacus/PAX_INFO.INI
C:/abacus/PDTAX.INI
C:/abacus/SORTED_PAXINFO.INI
C:/abacus/TEMP.INI
C:/abacus/TFR.INI
C:/abacus/TMP_SSR_INFT.INI
C:/abacus/apps/RateDeskPrice/RateDeskPrice.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\meichee_tiong\Documents\Visual Studio 2012\Projects\AIPL_RateDeskPrice_Source\RateDeskPrice\obj\Debug\RateDeskPrice.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 671KB - Virtual size: 670KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C:/abacus/apps/emulator/scribe/commands.properties
C:/abacus/apps/scribe/Airline_EN1.xml
C:/abacus/apps/scribe/CURRENCY_DECIMAL.txt
C:/abacus/apps/scribe/CarTypes_EN1.XML
C:/abacus/apps/scribe/CarTypes_EN1_A.XML
C:/abacus/apps/scribe/CarVendors_EN1.XML
C:/abacus/apps/scribe/Country_EN1.XML
.xml
C:/abacus/apps/scribe/CreditCard_EN1.XML
C:/abacus/apps/scribe/DATA.TXT
C:/abacus/apps/scribe/ER_RESPONSE.TXT
C:/abacus/apps/scribe/HTL_Amenities_EN1.TXT
C:/abacus/apps/scribe/HTL_BUFFBOOK.TXT
C:/abacus/apps/scribe/HTL_BUFFFLH.TXT
C:/abacus/apps/scribe/HTL_BUFFMODY.TXT
C:/abacus/apps/scribe/HTL_BUFFSEARCH.TXT
C:/abacus/apps/scribe/HTL_CCARDCode.TXT
C:/abacus/apps/scribe/HTL_CityName_EN1.txt
C:/abacus/apps/scribe/HTL_City_EN1.txt
C:/abacus/apps/scribe/HTT_RoomTypes_EN1.txt
C:/abacus/apps/scribe/HotelVendor_EN1.XML
C:/abacus/apps/scribe/INAIRCITY.txt
C:/abacus/apps/scribe/INQUEUE.txt
C:/abacus/apps/scribe/PTC.TXT
C:/abacus/apps/scribe/PTRConfig.txt
C:/abacus/apps/scribe/PassengerTypeCode_EN1.XML
C:/abacus/apps/scribe/RoomTypes_EN1.XML
C:/abacus/apps/scribe/compiled/1_HOTEL_SEARCH_(HOT).ssc
C:/abacus/apps/scribe/compiled/2_HOTEL_DETAILS_(HOD).ssc
C:/abacus/apps/scribe/compiled/3_HOTEL_RATE_(HRD).ssc
C:/abacus/apps/scribe/compiled/4_HOTEL_BOOKING.ssc
C:/abacus/apps/scribe/compiled/5_HOTEL_MODIFY.ssc
C:/abacus/apps/scribe/compiled/@CUR-EXC.SSC
C:/abacus/apps/scribe/compiled/@OSI-SSR.SSC
C:/abacus/apps/scribe/compiled/@SPLMEAL.SSC
C:/abacus/apps/scribe/compiled/APIS_SSR.SSC
C:/abacus/apps/scribe/compiled/Child_Infant.ssc
C:/abacus/apps/scribe/compiled/EMDLIMITCHK.ssc
C:/abacus/apps/scribe/compiled/FOID.ssc
C:/abacus/apps/scribe/compiled/GPASSIVE.ssc
C:/abacus/apps/scribe/compiled/OSI.ssc
C:/abacus/apps/scribe/compiled/RateDeskPrice.ssc
C:/abacus/apps/scribe/compiled/~SCRIPTLIB.ssc
$TEMP/KillProc.exe
.exe windows:4 windows x86 arch:x86

2b15d567eef7ce72cc3b9d46b441a07b

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:dc:ff:19:70:ee:b7:24:2d:d4:5b:a6:56:b9:ed:6f
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/08/2012, 00:00

Not After

03/08/2014, 23:59

Subject

CN=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,O=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,POSTALCODE=852,STREET=QUARRY BAY+STREET=TAIKOO PLACE\, 979 KING'S ROAD+STREET=UNIT C\, 17/F\, SOMERSET HOUSE,L=HONG KONG,ST=HONG KONG,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

49:64:f7:56:9f:13:eb:1a:62:21:eb:3f:90:d2:18:04:45:c3:bd:f6
Signer

Actual PE Digest

49:64:f7:56:9f:13:eb:1a:62:21:eb:3f:90:d2:18:04:45:c3:bd:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaNextEachVar
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord626
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord666
ord669
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaStrFixstr
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaObjVar
DllFunctionCall
_adj_fpatan
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaInStrVar
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarSetVar
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaVarCopy
__vbaVarLateMemCallLd
ord616
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
ord618
__vbaForEachVar
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/MSVBVM60.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

52aa5ee856953e49635e554af5207319

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
ExitThread
FlushFileBuffers
CreateDirectoryA
GetTimeZoneInformation
RemoveDirectoryA
MoveFileA
LockFile
UnlockFile
TerminateProcess
RaiseException
SetEnvironmentVariableA
lstrlenA
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
GetStringTypeW
lstrcpynA
FreeLibrary
GetLocaleInfoA
lstrcmpiA
GetLastError
GetModuleHandleA
GetSystemDefaultLangID
FormatMessageA
HeapCreate
GetWindowsDirectoryA
GetPrivateProfileStringA
lstrcatA
CreateFileA
ReadFile
CloseHandle
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
IsBadReadPtr
TlsGetValue
lstrcpyA
DeleteFileA
lstrcmpA
GetCurrentThreadId
GetVersionExA
HeapAlloc
HeapFree
LCMapStringW
GetStringTypeA
GetModuleFileNameW
GetUserDefaultLangID
GetComputerNameA
SetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
SetFileTime
GetLocalTime
SetLocalTime
RtlUnwind
CreateProcessW
IsValidCodePage
FormatMessageW
GetStartupInfoA
UnhandledExceptionFilter
ExitProcess
SetCurrentDirectoryA
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindNextFileA
FindClose
VirtualFree
GetSystemInfo
VirtualAlloc
VirtualProtect
FlushInstructionCache
FindResourceExA
GetShortPathNameA
WinExec
lstrlenW
lstrcpyW
WriteFile
SetEndOfFile
SetFilePointer
GetSystemTime
SystemTimeToFileTime
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
GetCurrentProcess
DuplicateHandle
ResumeThread
GetCommandLineA
TlsSetValue
TlsFree
TlsAlloc
GetVersion
CompareStringW
lstrcmpiW
MulDiv
CreateProcessA
GetExitCodeProcess
LoadLibraryExA
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
GetCurrentProcessId
GetTickCount
GetEnvironmentVariableA
FreeResource
GetSystemDefaultLCID
GetPrivateProfileIntA
IsBadCodePtr
GetUserDefaultLCID
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
Sleep
GlobalDeleteAtom
HeapDestroy
SetErrorMode
GlobalAddAtomA
ReleaseSemaphore
LCMapStringA
CreateSemaphoreA
VirtualQuery
MultiByteToWideChar
GetProfileStringA
WideCharToMultiByte
HeapReAlloc
GetDriveTypeA
CompareStringA
GetFileAttributesA
GetCurrentDirectoryA
GetModuleFileNameA
SetLastError
GetFullPathNameA
SearchPathA
GetFileType
GlobalUnlock
GlobalFree
FindResourceA
LoadResource
SizeofResource
GlobalAlloc
GlobalSize
GlobalHandle
GlobalReAlloc
GlobalLock
_lwrite
_lread
LockResource
GetTempPathA
GetTempFileNameA
_lclose
_llseek
HeapSize
GetCPInfo

user32

DdeGetLastError
DdeCreateDataHandle
DdeCmpStringHandles
DdeGetData
SetCursorPos
EnumClipboardFormats
DestroyCursor
GetAsyncKeyState
WaitForInputIdle
GetForegroundWindow
VkKeyScanW
SetWindowsHookExW
keybd_event
CharUpperBuffW
CharUpperBuffA
CharLowerBuffW
FindWindowW
FindWindowA
MessageBoxIndirectA
DialogBoxParamA
EnumThreadWindows
GetLastActivePopup
SetActiveWindow
GetClassInfoExA
LoadIconA
LoadImageA
FrameRect
CreateDialogParamA
IsDialogMessageA
EnableMenuItem
ShowCursor
OemToCharA
CharToOemBuffA
GetWindowTextA
EndDialog
DrawTextA
SendDlgItemMessageA
SetDlgItemTextA
GetWindowPlacement
GetSystemMetrics
LoadBitmapA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
WaitMessage
PostQuitMessage
UnhookWindowsHookEx
RegisterClipboardFormatA
CreateCursor
CreateIcon
PostMessageW
PeekMessageW
GetPropA
RemovePropA
SetPropA
SetForegroundWindow
ClipCursor
CallWindowProcA
DefFrameProcA
GetKeyState
GetDlgItem
IsWindow
UnregisterClassA
RegisterClassA
AdjustWindowRect
GetTabbedTextExtentA
TabbedTextOutA
FillRect
CharToOemA
MessageBoxA
wsprintfA
WinHelpA
GetDesktopWindow
SetRect
GetWindowDC
DestroyIcon
GetClassInfoA
AdjustWindowRectEx
GetMenuItemCount
RemoveMenu
GetMenuStringA
GetMenuState
DdePostAdvise
DdeAbandonTransaction
CharPrevA
CharNextA
GetUpdateRgn
GetUpdateRect
PtInRect
ChildWindowFromPointEx
ReleaseCapture
SetCapture
InflateRect
GetWindowRect
ClientToScreen
MoveWindow
IsWindowEnabled
IsChild
SetParent
IsIconic
IsZoomed
DefMDIChildProcA
MessageBeep
PeekMessageA
PostMessageA
LoadStringA
AppendMenuA
DestroyMenu
CreatePopupMenu
GetMessageTime
GetMessagePos
DrawFocusRect
CopyAcceleratorTableA
GetWindowRgn
CharUpperA
TranslateMDISysAccel
SubtractRect
IsRectEmpty
InvalidateRgn
InvalidateRect
CopyRect
GetDCEx
IntersectRect
LoadAcceleratorsA
BringWindowToTop
GetWindowThreadProcessId
AttachThreadInput
EqualRect
EnableWindow
SetFocus
SendMessageA
SetWindowsHookExA
GetClassNameA
LoadCursorA
SetCursor
SetWindowLongA
GetWindow
GetFocus
GetKeyboardLayout
GetSystemMenu
CallNextHookEx
GetParent
DestroyWindow
SetWindowTextA
SetWindowPos
UpdateWindow
CreateWindowExA
SystemParametersInfoA
GetCapture
WindowFromPoint
ScreenToClient
SetTimer
IsWindowVisible
ShowWindow
KillTimer
GetDC
ReleaseDC
MapWindowPoints
GetCursorPos
GetCursor
OffsetRect
GetIconInfo
DefWindowProcA
BeginPaint
GetClientRect
EndPaint
GetSysColor
GetActiveWindow
GetWindowLongA
DdeClientTransaction
DdeSetUserHandle
DdeDisconnect
DdeConnect
DdeUninitialize
DdeNameService
DdeCreateStringHandleA
DdeQueryConvInfo
DdeInitializeA
DdeFreeStringHandle
SetScrollRange
DdeQueryStringA
DdeFreeDataHandle
LockWindowUpdate
SetScrollPos
DrawFrameControl
SetClipboardData
CharLowerBuffA
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
OpenClipboard
SetCaretPos
CloseClipboard
GetCaretBlinkTime
ShowCaret
GetWindowTextLengthA
CreateCaret
GetScrollPos
HideCaret
DestroyCaret
SetWindowRgn
GetClipboardFormatNameA
DrawTextExA
DestroyAcceleratorTable
ToAscii
CreateAcceleratorTableA
SetScrollInfo
ShowScrollBar
SetKeyboardState
GetMenuItemInfoA
SetMenuItemInfoA
GetDoubleClickTime
GetKeyboardState
GetQueueStatus
SetMenuDefaultItem
SetWindowContextHelpId
TrackPopupMenu
InsertMenuA
DrawMenuBar
DeleteMenu
GetMenu
GetSubMenu
GetMenuItemID
ModifyMenuA
SetMenu
CreateMenu
EndDeferWindowPos
CheckMenuItem
BeginDeferWindowPos
VkKeyScanA
DeferWindowPos
PostThreadMessageA
DrawIcon
CharLowerA
IsCharAlphaA
GetCaretPos
RegisterClassExA
GetScrollInfo

gdi32

UnrealizeObject
CreatePen
SetBkColor
SetTextColor
CreatePatternBrush
DeleteObject
CreateBitmap
ExtTextOutA
SelectObject
SetBkMode
GetBitmapBits
GetObjectA
GetTextExtentPointA
CreateFontIndirectA
CombineRgn
SetRectRgn
CreateRectRgn
CreateRectRgnIndirect
ExtSelectClipRgn
OffsetRgn
PtInRegion
CreatePalette
SelectPalette
SelectClipRgn
OffsetWindowOrgEx
IntersectClipRect
DeleteDC
BitBlt
SetViewportOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
RestoreDC
RealizePalette
SetROP2
SaveDC
GetClipBox
SetWindowOrgEx
ExcludeClipRect
CreateHalftonePalette
GetTextMetricsA
PatBlt
EnumFontsA
TranslateCharsetInfo
GetROP2
SetBrushOrgEx
GetDeviceCaps
GetObjectType
CreatePenIndirect
CreateBrushIndirect
Rectangle
GetStockObject
Arc
LineTo
MoveToEx
Pie
Ellipse
SetStretchBltMode
GetPixel
GetTextExtentPoint32A
SetPixelV
StretchDIBits
GetCurrentObject
TextOutA
GetBkColor
StretchBlt
CreateDIBitmap
CloseMetaFile
SetWindowExtEx
CreateMetaFileA
EndDoc
AbortDoc
StartPage
EndPage
StartDocA
CreateDCA
ResetDCA
Escape
ScaleViewportExtEx
SetViewportExtEx
SetMapMode
DeleteMetaFile
PlayMetaFile
SetAbortProc
DeleteEnhMetaFile
PlayEnhMetaFile
CreateICA
GetEnhMetaFileHeader
ScaleWindowExtEx
GetWindowOrgEx
GetPaletteEntries
CreateDIBSection
CloseEnhMetaFile
CreateEnhMetaFileA
LPtoDP
EqualRgn
ExtCreateRegion
GetDIBits
SetTextAlign
GetWindowExtEx
GetViewportExtEx
CopyMetaFileA
CopyEnhMetaFileA
PathToRegion
EndPath
BeginPath
WidenPath
GetTextColor
GetMapMode
SetDIBColorTable
RoundRect
CreateEllipticRgnIndirect
CreateRoundRectRgn
GetSystemPaletteEntries
GetNearestColor
CreateHatchBrush
CreateSolidBrush

advapi32

ReportEventA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegOpenKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueA
RegDeleteKeyA
RegEnumKeyA
RegSetValueExA
RegCreateKeyA
RegSetValueA
RegDeleteValueA
RegisterEventSourceA
DeregisterEventSource
RegQueryInfoKeyA
RegEnumKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExW
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegEnumValueA
RegQueryValueExW
RegCreateKeyW

ole32

OleCreateLinkToFile
CoTaskMemFree
BindMoniker
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
DoDragDrop
CreateILockBytesOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
CreateDataAdviseHolder
CreateOleAdviseHolder
CoRegisterClassObject
CoRevokeClassObject
CLSIDFromString
OleDoAutoConvert
OleRegGetUserType
OleSaveToStream
ReadClassStg
ReadClassStm
OleConvertIStorageToOLESTREAM
OleConvertOLESTREAMToIStorage
StgIsStorageILockBytes
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleCreateFromData
OleCreateLinkFromData
OleGetIconOfClass
OleGetClipboard
OleSetClipboard
OleCreateLink
CoTaskMemAlloc
OleGetAutoConvert
OleCreateFromFile
CoMarshalInterface
CoUnmarshalInterface
CreateStreamOnHGlobal
StringFromCLSID
StringFromGUID2
CLSIDFromProgID
ProgIDFromCLSID
CoGetClassObject
CoCreateInstance
MkParseDisplayName
CoIsOle1Class
OleQueryLinkFromData
OleQueryCreateFromData
GetClassFile
CreateBindCtx
OleDuplicateData
ReleaseStgMedium
OleSetMenuDescriptor
CoRegisterMessageFilter
OleUninitialize
OleInitialize
CoGetMalloc
OleRegGetMiscStatus
CoCreateGuid
IIDFromString
CoFreeUnusedLibraries
CoDisconnectObject
IsAccelerator
OleIsRunning
OleRun
OleLockRunning
StgCreateDocfile
WriteClassStg
OleSave
StgOpenStorage
OleLoad

oleaut32

SysStringLen
OleTranslateColor
VariantInit
VariantClear
OleCreatePropertyFrame
SysFreeString
OleCreateFontIndirect
SysAllocString
SysAllocStringByteLen
OaBuildVersion
OleCreatePictureIndirect
VariantChangeType
SetErrorInfo
SysAllocStringLen
GetErrorInfo
DispGetParam
CreateErrorInfo
SysStringByteLen
LoadRegTypeLi
LoadTypeLi
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
LHashValOfNameSys
SafeArrayGetDim
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayDestroy
VariantCopy
OleLoadPicture
SafeArrayDestroyData
VariantChangeTypeEx
VariantCopyInd
DispGetIDsOfNames
DispInvoke
CreateDispTypeInfo
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayRedim
SafeArrayCopy
SafeArrayPutElement
RevokeActiveObject
SafeArrayAllocDescriptor
OleIconToCursor
SafeArrayAllocData
SafeArrayLock
SafeArrayDestroyDescriptor
VarDateFromStr
SysReAllocStringLen
SafeArrayUnlock
VarR8FromStr
VarCyFromI4
GetActiveObject
VarBstrFromI2
VarBstrFromI4
VarBstrFromR8
VarBstrFromDate
VarBstrFromR4
VarI2FromStr
VarI4FromStr
VarBstrFromCy
VarR4FromStr
VarCyFromStr
VarI4FromR8
SysReAllocString
LHashValOfNameSysA

Exports

Exports

BASIC_CLASS_AddRef
BASIC_CLASS_GetIDsOfNames
BASIC_CLASS_Invoke
BASIC_CLASS_QueryInterface
BASIC_CLASS_Release
BASIC_DISPINTERFACE_GetTICount
BASIC_DISPINTERFACE_GetTypeInfo
CopyRecord
CreateIExprSrvObj
DLLGetDocumentation
DllCanUnloadNow
DllFunctionCall
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EVENT_SINK2_AddRef
EVENT_SINK2_Release
EVENT_SINK_AddRef
EVENT_SINK_GetIDsOfNames
EVENT_SINK_Invoke
EVENT_SINK_QueryInterface
EVENT_SINK_Release
EbCreateContext
EbDestroyContext
EbGetErrorInfo
EbGetHandleOfExecutingProject
EbGetObjConnectionCounts
EbGetVBAObject
EbIsProjectOnStack
EbLibraryLoad
EbLibraryUnload
EbLoadRunTime
EbResetProject
EbResetProjectNormal
EbSetContextWorkerThread
GetMem1
GetMem2
GetMem4
GetMem8
GetMemEvent
GetMemNewObj
GetMemObj
GetMemStr
GetMemVar
IID_IVbaHost
MethCallEngine
ProcCallEngine
PutMem1
PutMem2
PutMem4
PutMem8
PutMemEvent
PutMemNewObj
PutMemObj
PutMemStr
PutMemVar
SetMemEvent
SetMemNewObj
SetMemObj
SetMemVar
ThunRTMain
TipCreateInstanceEx
TipCreateInstanceProject2
TipGetAddressOfPredeclaredInstance
TipInvokeMethod
TipInvokeMethod2
TipSetOption
TipUnloadInstance
TipUnloadProject
UserDllMain
VBDllCanUnloadNow
VBDllGetClassObject
VBDllRegisterServer
VBDllUnRegisterServer
VarPtr
Zombie_AddRef
Zombie_GetIDsOfNames
Zombie_GetTypeInfo
Zombie_GetTypeInfoCount
Zombie_Invoke
Zombie_QueryInterface
Zombie_Release
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
__vbaAptOffset
__vbaAryConstruct
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryRebase1Var
__vbaAryRecCopy
__vbaAryRecMove
__vbaAryUnlock
__vbaAryVar
__vbaAryVarVarg
__vbaBoolErrVar
__vbaBoolStr
__vbaBoolVar
__vbaBoolVarNull
__vbaCVarAryUdt
__vbaCastObj
__vbaCastObjVar
__vbaCheckType
__vbaCheckTypeVar
__vbaChkstk
__vbaCopyBytes
__vbaCopyBytesZero
__vbaCyAbs
__vbaCyAdd
__vbaCyErrVar
__vbaCyFix
__vbaCyForInit
__vbaCyForNext
__vbaCyI2
__vbaCyI4
__vbaCyInt
__vbaCyMul
__vbaCyMulI2
__vbaCySgn
__vbaCyStr
__vbaCySub
__vbaCyUI1
__vbaCyVar
__vbaDateR4
__vbaDateR8
__vbaDateStr
__vbaDateVar
__vbaDerefAry
__vbaDerefAry1
__vbaEnd
__vbaErase
__vbaEraseKeepData
__vbaEraseNoPop
__vbaError
__vbaErrorOverflow
__vbaExceptHandler
__vbaExitEachAry
__vbaExitEachColl
__vbaExitEachVar
__vbaExitProc
__vbaFPException
__vbaFPFix
__vbaFPInt
__vbaFailedFriend
__vbaFileClose
__vbaFileCloseAll
__vbaFileLock
__vbaFileOpen
__vbaFileSeek
__vbaFixstrConstruct
__vbaForEachAry
__vbaForEachCollAd
__vbaForEachCollObj
__vbaForEachCollVar
__vbaForEachVar
__vbaFpCDblR4
__vbaFpCDblR8
__vbaFpCSngR4
__vbaFpCSngR8
__vbaFpCmpCy
__vbaFpCy
__vbaFpI2
__vbaFpI4
__vbaFpR4
__vbaFpR8
__vbaFpUI1
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaFreeVarg
__vbaGenerateBoundsError
__vbaGet3
__vbaGet4
__vbaGetFxStr3
__vbaGetFxStr4
__vbaGetOwner3
__vbaGetOwner4
__vbaGosub
__vbaGosubFree
__vbaGosubReturn
__vbaHresultCheck
__vbaHresultCheckNonvirt
__vbaHresultCheckObj
__vbaI2Abs
__vbaI2Cy
__vbaI2ErrVar
__vbaI2ForNextCheck
__vbaI2I4
__vbaI2Sgn
__vbaI2Str
__vbaI2Var
__vbaI4Abs
__vbaI4Cy
__vbaI4ErrVar
__vbaI4ForNextCheck
__vbaI4Sgn
__vbaI4Str
__vbaI4Var
__vbaInStr
__vbaInStrB
__vbaInStrVar
__vbaInStrVarB
__vbaInputFile
__vbaLateIdCall
__vbaLateIdCallLd
__vbaLateIdCallSt
__vbaLateIdNamedCall
__vbaLateIdNamedCallLd
__vbaLateIdNamedCallSt
__vbaLateIdNamedStAd
__vbaLateIdSt
__vbaLateIdStAd
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLateMemCallSt
__vbaLateMemNamedCall
__vbaLateMemNamedCallLd
__vbaLateMemNamedCallSt
__vbaLateMemNamedStAd
__vbaLateMemSt
__vbaLateMemStAd
__vbaLbound
__vbaLdZeroAry
__vbaLenBstr
__vbaLenBstrB
__vbaLenVar
__vbaLenVarB
__vbaLineInputStr
__vbaLineInputVar
__vbaLsetFixstr
__vbaLsetFixstrFree
__vbaMidStmtBstr
__vbaMidStmtBstrB
__vbaMidStmtVar
__vbaMidStmtVarB
__vbaNameFile
__vbaNew
__vbaNew2
__vbaNextEachAry
__vbaNextEachCollAd
__vbaNextEachCollObj
__vbaNextEachCollVar
__vbaNextEachVar
__vbaObjAddref
__vbaObjIs
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaOnGoCheck
__vbaPowerR8
__vbaPrintFile
__vbaPrintObj
__vbaPut3
__vbaPut4
__vbaPutFxStr3
__vbaPutFxStr4
__vbaPutOwner3
__vbaPutOwner4
__vbaR4Cy
__vbaR4ErrVar
__vbaR4ForNextCheck
__vbaR4Sgn
__vbaR4Str
__vbaR4Var
__vbaR8Cy
__vbaR8ErrVar
__vbaR8FixI2
__vbaR8FixI4
__vbaR8ForNextCheck
__vbaR8IntI2
__vbaR8IntI4
__vbaR8Sgn
__vbaR8Str
__vbaR8Var
__vbaRaiseEvent
__vbaRecAnsiToUni
__vbaRecAssign
__vbaRecDestruct
__vbaRecDestructAnsi
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaRedimPreserveVar
__vbaRedimPreserveVar2
__vbaRedimVar
__vbaRedimVar2
__vbaRefVarAry
__vbaResume
__vbaRsetFixstr
__vbaRsetFixstrFree
__vbaSetSystemError
__vbaStopExe
__vbaStr2Vec
__vbaStrAryToAnsi
__vbaStrAryToUnicode
__vbaStrBool
__vbaStrCat
__vbaStrCmp
__vbaStrComp
__vbaStrCompVar
__vbaStrCopy
__vbaStrCy
__vbaStrDate
__vbaStrErrVarCopy
__vbaStrFixstr
__vbaStrI2
__vbaStrI4
__vbaStrLike
__vbaStrMove
__vbaStrR4
__vbaStrR8
__vbaStrTextCmp
__vbaStrTextLike
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrUI1
__vbaStrVarCopy
__vbaStrVarMove
__vbaStrVarVal
__vbaUI1Cy
__vbaUI1ErrVar
__vbaUI1I2
__vbaUI1I4
__vbaUI1Sgn
__vbaUI1Str
__vbaUI1Var
__vbaUbound
__vbaUdtVar
__vbaUnkVar
__vbaVar2Vec
__vbaVarAbs
__vbaVarAdd
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCmpGe
__vbaVarCmpGt
__vbaVarCmpLe
__vbaVarCmpLt
__vbaVarCmpNe
__vbaVarCopy
__vbaVarDateVar
__vbaVarDiv
__vbaVarDup
__vbaVarEqv
__vbaVarErrI4
__vbaVarFix
__vbaVarForInit
__vbaVarForNext
__vbaVarIdiv
__vbaVarImp
__vbaVarIndexLoad
__vbaVarIndexLoadRef
__vbaVarIndexLoadRefLock
__vbaVarIndexStore
__vbaVarIndexStoreObj
__vbaVarInt
__vbaVarLateMemCallLd
__vbaVarLateMemCallLdRf
__vbaVarLateMemCallSt
__vbaVarLateMemSt
__vbaVarLateMemStAd
__vbaVarLike
__vbaVarLikeVar
__vbaVarMod
__vbaVarMove
__vbaVarMul
__vbaVarNeg
__vbaVarNot
__vbaVarOr
__vbaVarPow
__vbaVarSetObj
__vbaVarSetObjAddref
__vbaVarSetUnk
__vbaVarSetUnkAddref
__vbaVarSetVar
__vbaVarSetVarAddref
__vbaVarSub
__vbaVarTextCmpEq
__vbaVarTextCmpGe
__vbaVarTextCmpGt
__vbaVarTextCmpLe
__vbaVarTextCmpLt
__vbaVarTextCmpNe
__vbaVarTextLike
__vbaVarTextLikeVar
__vbaVarTextTstEq
__vbaVarTextTstGe
__vbaVarTextTstGt
__vbaVarTextTstLe
__vbaVarTextTstLt
__vbaVarTextTstNe
__vbaVarTstEq
__vbaVarTstGe
__vbaVarTstGt
__vbaVarTstLe
__vbaVarTstLt
__vbaVarTstNe
__vbaVarVargNofree
__vbaVarXor
__vbaVarZero
__vbaVargObj
__vbaVargObjAddref
__vbaVargParmRef
__vbaVargUnk
__vbaVargUnkAddref
__vbaVargVar
__vbaVargVarCopy
__vbaVargVarMove
__vbaVargVarRef
__vbaVerifyVarObj
__vbaWriteFile
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_allmul
rtBoolFromErrVar
rtBstrFromErrVar
rtCyFromErrVar
rtDecFromVar
rtI2FromErrVar
rtI4FromErrVar
rtR4FromErrVar
rtR8FromErrVar
rtUI1FromErrVar
rtcAbsVar
rtcAnsiValueBstr
rtcAppActivate
rtcAppleScript
rtcArray
rtcAtn
rtcBeep
rtcBstrFromAnsi
rtcBstrFromByte
rtcBstrFromChar
rtcBstrFromError
rtcBstrFromFormatVar
rtcByteValueBstr
rtcCVErrFromVar
rtcCallByName
rtcChangeDir
rtcChangeDrive
rtcCharValueBstr
rtcChoose
rtcCommandBstr
rtcCommandVar
rtcCompareBstr
rtcCos
rtcCreateObject
rtcCreateObject2
rtcCurrentDir
rtcCurrentDirBstr
rtcDDB
rtcDateAdd
rtcDateDiff
rtcDateFromVar
rtcDatePart
rtcDeleteSetting
rtcDir
rtcDoEvents
rtcEndOfFile
rtcEnvironBstr
rtcEnvironVar
rtcErrObj
rtcExp
rtcFV
rtcFileAttributes
rtcFileCopy
rtcFileDateTime
rtcFileLen
rtcFileLength
rtcFileLocation
rtcFileReset
rtcFileSeek
rtcFileWidth
rtcFilter
rtcFixVar
rtcFormatCurrency
rtcFormatDateTime

Sections

.text
Size: 1008KB - Virtual size: 1004KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ENGINE
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/getAWSDir.exe
.exe windows:4 windows x86 arch:x86

b29d1f0a5fbbfd7443a30a5114f6588f

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:01:6e:8d:8b:2b:4c:17:c9:f1:d1:34:67:01:a9:24
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/07/2014, 00:00

Not After

17/07/2016, 23:59

Subject

CN=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,O=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,POSTALCODE=852,STREET=UNIT 811-818\, TOWER 1+STREET=388 TONG ROAD\, KWUN TONG\, KOWLOON+STREET=MILLENNIUM CITY 1,L=HONG KONG,ST=HONG KONG,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c2:e8:aa:02:73:b1:d4:2a:b2:1d:2a:d9:f1:55:b4:0a:c2:d5:0e:03
Signer

Actual PE Digest

c2:e8:aa:02:73:b1:d4:2a:b2:1d:2a:d9:f1:55:b4:0a:c2:d5:0e:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord667
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord520
__vbaFPFix
__vbaBoolVarNull
__vbaVargVar
_CIsin
ord525
__vbaChkstk
EVENT_SINK_AddRef
ord528
__vbaVarTstEq
__vbaObjVar
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
ord606
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaVarLateMemCallLdRf
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarSetVar
__vbaVarCmpEq
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
ord616
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaUnkVar
ord617
__vbaVarSetObjAddref
__vbaLateMemCallLd
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/remotehost.xml
.xml
$_5_/7za.exe
.exe windows:4 windows x86 arch:x86

a27a282eaa8dea8ef01eb4bdd213fffb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharPrevExA
CharPrevA
CharLowerW
CharLowerA
CharUpperW
CharNextA
CharUpperA

oleaut32

VariantCopy
VariantClear
SysFreeString
SysAllocString

kernel32

CompareFileTime
GetStringTypeW
GetStringTypeA
LCMapStringW
SetConsoleCtrlHandler
FileTimeToLocalFileTime
GetCommandLineW
SetFileApisToOEM
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetLastError
FreeLibrary
LoadLibraryA
AreFileApisANSI
GetModuleFileNameA
LocalFree
FormatMessageA
FormatMessageW
GetWindowsDirectoryA
GetWindowsDirectoryW
CloseHandle
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
RemoveDirectoryA
MoveFileA
SetFileAttributesW
RemoveDirectoryW
MoveFileW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DeleteFileW
lstrlenA
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryA
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryW
SearchPathA
SearchPathW
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
CreateFileA
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
GetCurrentProcess
GetProcAddress
FileTimeToSystemTime
GetSystemInfo
GlobalMemoryStatus
GetModuleHandleA
DosDateTimeToFileTime
FileTimeToDosDateTime
SystemTimeToFileTime
GetSystemTime
GetStdHandle
WaitForMultipleObjects
OpenEventA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
LocalFileTimeToFileTime
GetTickCount
GetProcessTimes
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
VirtualAlloc
VirtualFree
WaitForSingleObject
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
RaiseException
RtlUnwind
HeapAlloc
HeapFree
CreateThread
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
ExitProcess
SetUnhandledExceptionFilter
TlsAlloc
TerminateProcess
HeapReAlloc
HeapSize
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
SetHandleCount
GetFileType
GetStartupInfoA
FlushFileBuffers
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
LCMapStringA

Sections

.text
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_5_/AWSDiagnostic.exe
.exe windows:4 windows x86 arch:x86

990e07c8e465459f4c30e60f5fc974b1

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:01:6e:8d:8b:2b:4c:17:c9:f1:d1:34:67:01:a9:24
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/07/2014, 00:00

Not After

17/07/2016, 23:59

Subject

CN=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,O=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,POSTALCODE=852,STREET=UNIT 811-818\, TOWER 1+STREET=388 TONG ROAD\, KWUN TONG\, KOWLOON+STREET=MILLENNIUM CITY 1,L=HONG KONG,ST=HONG KONG,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cf:c4:e7:14:bd:b2:9f:d8:71:cf:f7:c3:f8:aa:0c:d1:eb:6e:9b:44
Signer

Actual PE Digest

cf:c4:e7:14:bd:b2:9f:d8:71:cf:f7:c3:f8:aa:0c:d1:eb:6e:9b:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaNextEachVar
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord626
__vbaStrCat
ord553
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
ord662
__vbaLenVar
_adj_fdiv_m32
ord666
ord667
__vbaAryDestruct
ord669
__vbaVarForInit
ord593
__vbaExitProc
ord594
ord301
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
__vbaStrFixstr
ord520
ord307
__vbaFPFix
__vbaVargVar
__vbaBoolVarNull
__vbaRefVarAry
__vbaVarTstLt
_CIsin
__vbaErase
ord631
ord525
__vbaVarZero
ord632
__vbaVarCmpGt
__vbaChkstk
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaAryConstruct2
__vbaVarTstEq
__vbaObjVar
ord561
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord601
__vbaUI1I2
_CIsqrt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
ord608
ord716
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaI2Var
__vbaExitEachVar
_CIlog
__vbaErrorOverflow
__vbaVarLateMemCallLdRf
__vbaNew2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaFpI4
__vbaUnkVar
ord616
ord617
__vbaVarSetObjAddref
__vbaLateMemCallLd
_CIatan
__vbaStrMove
ord618
__vbaForEachVar
ord619
ord542
ord543
_allmul
ord544
ord545
_CItan
ord546
ord547
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_5_/AWSLauncher.exe
.exe windows:4 windows x86 arch:x86

37581bb8405ca5f8233b4e42856a8469

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:01:6e:8d:8b:2b:4c:17:c9:f1:d1:34:67:01:a9:24
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/07/2014, 00:00

Not After

17/07/2016, 23:59

Subject

CN=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,O=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,POSTALCODE=852,STREET=UNIT 811-818\, TOWER 1+STREET=388 TONG ROAD\, KWUN TONG\, KOWLOON+STREET=MILLENNIUM CITY 1,L=HONG KONG,ST=HONG KONG,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3b:7b:a7:0e:ee:e3:68:3e:ca:f9:76:02:bc:fa:f4:55:b6:c9:27:7c
Signer

Actual PE Digest

3b:7b:a7:0e:ee:e3:68:3e:ca:f9:76:02:bc:fa:f4:55:b6:c9:27:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaLenBstr
__vbaPut3
__vbaFreeVarList
_adj_fdiv_m64
ord621
__vbaNextEachVar
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord626
__vbaResume
__vbaVarCmpNe
__vbaStrCat
__vbaError
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
ord556
__vbaLenVar
_adj_fdiv_m32
ord666
__vbaAryDestruct
__vbaVarIndexLoadRefLock
ord593
__vbaVarForInit
__vbaExitProc
ord594
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord520
__vbaStrFixstr
__vbaFPFix
__vbaVarTstLt
__vbaBoolVarNull
__vbaVargVar
__vbaRefVarAry
_CIsin
__vbaErase
ord631
ord525
__vbaVarCmpGt
ord632
__vbaVarZero
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaPutOwner3
__vbaAryConstruct2
__vbaVarTstEq
__vbaObjVar
ord561
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaFpUI1
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
ord567
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord601
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaStrUI1
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord716
__vbaFPException
__vbaInStrVar
ord717
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaLsetFixstrFree
__vbaI2Var
ord537
ord644
__vbaStopExe
ord645
__vbaExitEachVar
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
ord570
__vbaVarLateMemCallLdRf
__vbaNew2
__vbaVar2Vec
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord578
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaLateMemCall
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
ord616
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaUnkVar
ord617
__vbaVarSetObjAddref
__vbaLateMemCallLd
_CIatan
__vbaStrMove
ord618
__vbaR8IntI4
__vbaForEachVar
__vbaStrVarCopy
_allmul
_CItan
ord546
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_5_/AWSShortcut.exe
.exe windows:4 windows x86 arch:x86

bad7319b378b100271b18c8cd885ed31

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:dc:ff:19:70:ee:b7:24:2d:d4:5b:a6:56:b9:ed:6f
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/08/2012, 00:00

Not After

03/08/2014, 23:59

Subject

CN=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,O=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,POSTALCODE=852,STREET=QUARRY BAY+STREET=TAIKOO PLACE\, 979 KING'S ROAD+STREET=UNIT C\, 17/F\, SOMERSET HOUSE,L=HONG KONG,ST=HONG KONG,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:fa:c6:58:a1:d4:70:f2:55:d7:74:33:97:5a:d8:b1:ad:ea:f7:59
Signer

Actual PE Digest

8c:fa:c6:58:a1:d4:70:f2:55:d7:74:33:97:5a:d8:b1:ad:ea:f7:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaNextEachVar
__vbaFreeObjList
ord517
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord626
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord666
ord669
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord520
__vbaStrFixstr
__vbaFPFix
__vbaVargVar
__vbaBoolVarNull
_CIsin
ord525
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaObjVar
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
__vbaInStrVar
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaVarLateMemCallLdRf
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarSetVar
__vbaVarCmpEq
__vbaVarAdd
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaUnkVar
ord616
__vbaLateMemCallLd
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
ord618
__vbaForEachVar
ord619
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_5_/AWSURLCheck.exe
.exe windows:4 windows x86 arch:x86

cec6ccc973fa8a320a878bd2c34d3219

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:01:6e:8d:8b:2b:4c:17:c9:f1:d1:34:67:01:a9:24
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/07/2014, 00:00

Not After

17/07/2016, 23:59

Subject

CN=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,O=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,POSTALCODE=852,STREET=UNIT 811-818\, TOWER 1+STREET=388 TONG ROAD\, KWUN TONG\, KOWLOON+STREET=MILLENNIUM CITY 1,L=HONG KONG,ST=HONG KONG,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b1:12:ac:4e:e4:03:f3:61:d2:de:bc:7c:55:1b:34:92:90:1d:2f:8f
Signer

Actual PE Digest

b1:12:ac:4e:e4:03:f3:61:d2:de:bc:7c:55:1b:34:92:90:1d:2f:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaNextEachVar
__vbaFreeObjList
ord516
ord517
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord519
ord626
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
__vbaVargVarCopy
_adj_fdiv_m32
ord666
__vbaAryDestruct
ord669
__vbaVarIndexLoadRefLock
__vbaVarForInit
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
__vbaStrFixstr
ord520
__vbaFPFix
__vbaVargVar
__vbaBoolVarNull
__vbaRefVarAry
_CIsin
ord632
__vbaVargVarMove
ord525
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaObjVar
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
ord606
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
__vbaInStrVar
ord717
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaI2Var
ord644
ord537
__vbaExitEachVar
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaLateMemCall
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
__vbaUnkVar
ord616
__vbaVarCopy
__vbaVarLateMemCallLd
ord617
__vbaLateMemCallLd
__vbaVarSetObjAddref
_CIatan
__vbaCastObj
__vbaStrMove
ord618
__vbaForEachVar
_allmul
_CItan
ord546
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_5_/AbacusNews/AbacusNews.exe
.exe windows:4 windows x86 arch:x86

3e8df82e030b8fd1b998106bca2b66e9

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:01:6e:8d:8b:2b:4c:17:c9:f1:d1:34:67:01:a9:24
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/07/2014, 00:00

Not After

17/07/2016, 23:59

Subject

CN=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,O=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,POSTALCODE=852,STREET=UNIT 811-818\, TOWER 1+STREET=388 TONG ROAD\, KWUN TONG\, KOWLOON+STREET=MILLENNIUM CITY 1,L=HONG KONG,ST=HONG KONG,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f0:55:38:c3:86:aa:bd:db:c2:3e:64:dd:50:24:eb:1d:d9:ee:35:c6
Signer

Actual PE Digest

f0:55:38:c3:86:aa:bd:db:c2:3e:64:dd:50:24:eb:1d:d9:ee:35:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaLateIdCall
__vbaFreeVarList
_adj_fdiv_m64
__vbaNextEachVar
__vbaFreeObjList
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord626
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord666
ord669
__vbaExitProc
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord520
__vbaStrFixstr
__vbaFPFix
__vbaBoolVarNull
__vbaVargVar
_CIsin
ord525
__vbaChkstk
EVENT_SINK_AddRef
ord528
__vbaStrCmp
__vbaVarTstEq
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord716
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord537
_CIlog
__vbaErrorOverflow
__vbaVarLateMemCallLdRf
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
__vbaVarCopy
__vbaVarLateMemCallLd
ord616
__vbaUnkVar
ord617
__vbaVarSetObjAddref
__vbaLateMemCallLd
_CIatan
__vbaStrMove
ord618
__vbaForEachVar
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_5_/AbacusNews/AppName.txt
$_5_/AbacusNews/html/ABACUSNEWS.HTM
.html .js polyglot
$_5_/AbacusNews/html/ABACUSNEWS_AIPLAlert.HTM
.html .js polyglot
$_5_/AbacusNews/html/ABACUSNEWS_ALL.HTM
.html .js polyglot
$_5_/AbacusNews/html/ABACUSNEWS_Alert.HTM
.html .js polyglot
$_5_/AbacusNews/html/ABACUSNEWS_Prompt.HTM
.html .js polyglot
$_5_/AbacusNews/html/NMSScroll.js
.js
$_5_/AbacusNews/html/NewsBar.htm
.html
$_5_/AbacusNews/html/abacus.css
$_5_/AutoConfigAWS.exe
.exe windows:4 windows x86 arch:x86

9dc0ad14ffb358efeecf43733e0b8fab

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:dc:ff:19:70:ee:b7:24:2d:d4:5b:a6:56:b9:ed:6f
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/08/2012, 00:00

Not After

03/08/2014, 23:59

Subject

CN=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,O=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,POSTALCODE=852,STREET=QUARRY BAY+STREET=TAIKOO PLACE\, 979 KING'S ROAD+STREET=UNIT C\, 17/F\, SOMERSET HOUSE,L=HONG KONG,ST=HONG KONG,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

41:1c:45:cf:fb:e3:94:49:57:b6:4f:eb:40:a9:81:b9:6e:21:cf:f4
Signer

Actual PE Digest

41:1c:45:cf:fb:e3:94:49:57:b6:4f:eb:40:a9:81:b9:6e:21:cf:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaNextEachVar
__vbaFreeObjList
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord626
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord666
ord669
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
__vbaStrFixstr
__vbaFPFix
__vbaVargVar
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
ord606
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
__vbaVarLateMemCallLd
__vbaVarCopy
ord616
__vbaUnkVar
ord617
__vbaVarSetObjAddref
__vbaLateMemCallLd
_CIatan
__vbaStrMove
ord618
ord619
__vbaForEachVar
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_5_/DiaDescription.txt
$_5_/ForceUpdate/AbacusForceUpdate.exe
.exe windows:4 windows x86 arch:x86

c7a83f3c627badd423a27bc99be02bb3

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:01:6e:8d:8b:2b:4c:17:c9:f1:d1:34:67:01:a9:24
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/07/2014, 00:00

Not After

17/07/2016, 23:59

Subject

CN=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,O=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,POSTALCODE=852,STREET=UNIT 811-818\, TOWER 1+STREET=388 TONG ROAD\, KWUN TONG\, KOWLOON+STREET=MILLENNIUM CITY 1,L=HONG KONG,ST=HONG KONG,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b8:49:89:c4:6f:f3:7b:6d:fd:a8:2a:45:89:ba:d9:43:bc:e0:a9:b7
Signer

Actual PE Digest

b8:49:89:c4:6f:f3:7b:6d:fd:a8:2a:45:89:ba:d9:43:bc:e0:a9:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaLenBstr
__vbaPut3
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
ord621
__vbaNextEachVar
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord626
__vbaResume
__vbaStrCat
__vbaError
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
ord662
ord556
ord557
__vbaLenVar
_adj_fdiv_m32
ord667
__vbaAryDestruct
__vbaVarIndexLoadRefLock
ord669
ord593
__vbaVarForInit
__vbaExitProc
ord594
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
ord702
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaStrFixstr
ord705
ord520
__vbaFPFix
__vbaVarTstLt
__vbaBoolVarNull
__vbaVargVar
__vbaRefVarAry
_CIsin
ord631
__vbaErase
ord709
__vbaVarCmpGt
__vbaVarZero
ord525
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaPutOwner3
__vbaAryConstruct2
__vbaDateR8
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
__vbaFpUI1
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
ord567
__vbaFixstrConstruct
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
ord601
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaStrUI1
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
ord606
_adj_fprem
_adj_fdivr_m64
ord607
__vbaVarDiv
__vbaR8ErrVar
ord608
ord716
__vbaFPException
__vbaInStrVar
ord717
__vbaStrVarVal
__vbaUbound
__vbaGetOwner3
__vbaVarCat
__vbaDateVar
__vbaLsetFixstrFree
__vbaI2Var
__vbaStopExe
ord644
ord537
ord645
__vbaExitEachVar
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaVarLateMemCallLdRf
__vbaInStr
__vbaVar2Vec
ord648
ord570
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
__vbaStrToAnsi
ord612
__vbaVarDup
__vbaFpI2
__vbaFpI4
__vbaVarCopy
__vbaVarLateMemCallLd
ord616
ord617
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaI2ErrVar
ord618
__vbaAryCopy
__vbaR8IntI4
ord619
__vbaForEachVar
__vbaStrVarCopy
ord543
_allmul
_CItan
ord546
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_5_/ForceUpdate/MSVBVM60.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

52aa5ee856953e49635e554af5207319

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
ExitThread
FlushFileBuffers
CreateDirectoryA
GetTimeZoneInformation
RemoveDirectoryA
MoveFileA
LockFile
UnlockFile
TerminateProcess
RaiseException
SetEnvironmentVariableA
lstrlenA
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
GetStringTypeW
lstrcpynA
FreeLibrary
GetLocaleInfoA
lstrcmpiA
GetLastError
GetModuleHandleA
GetSystemDefaultLangID
FormatMessageA
HeapCreate
GetWindowsDirectoryA
GetPrivateProfileStringA
lstrcatA
CreateFileA
ReadFile
CloseHandle
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
IsBadReadPtr
TlsGetValue
lstrcpyA
DeleteFileA
lstrcmpA
GetCurrentThreadId
GetVersionExA
HeapAlloc
HeapFree
LCMapStringW
GetStringTypeA
GetModuleFileNameW
GetUserDefaultLangID
GetComputerNameA
SetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
SetFileTime
GetLocalTime
SetLocalTime
RtlUnwind
CreateProcessW
IsValidCodePage
FormatMessageW
GetStartupInfoA
UnhandledExceptionFilter
ExitProcess
SetCurrentDirectoryA
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindNextFileA
FindClose
VirtualFree
GetSystemInfo
VirtualAlloc
VirtualProtect
FlushInstructionCache
FindResourceExA
GetShortPathNameA
WinExec
lstrlenW
lstrcpyW
WriteFile
SetEndOfFile
SetFilePointer
GetSystemTime
SystemTimeToFileTime
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
GetCurrentProcess
DuplicateHandle
ResumeThread
GetCommandLineA
TlsSetValue
TlsFree
TlsAlloc
GetVersion
CompareStringW
lstrcmpiW
MulDiv
CreateProcessA
GetExitCodeProcess
LoadLibraryExA
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
GetCurrentProcessId
GetTickCount
GetEnvironmentVariableA
FreeResource
GetSystemDefaultLCID
GetPrivateProfileIntA
IsBadCodePtr
GetUserDefaultLCID
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
Sleep
GlobalDeleteAtom
HeapDestroy
SetErrorMode
GlobalAddAtomA
ReleaseSemaphore
LCMapStringA
CreateSemaphoreA
VirtualQuery
MultiByteToWideChar
GetProfileStringA
WideCharToMultiByte
HeapReAlloc
GetDriveTypeA
CompareStringA
GetFileAttributesA
GetCurrentDirectoryA
GetModuleFileNameA
SetLastError
GetFullPathNameA
SearchPathA
GetFileType
GlobalUnlock
GlobalFree
FindResourceA
LoadResource
SizeofResource
GlobalAlloc
GlobalSize
GlobalHandle
GlobalReAlloc
GlobalLock
_lwrite
_lread
LockResource
GetTempPathA
GetTempFileNameA
_lclose
_llseek
HeapSize
GetCPInfo

user32

DdeGetLastError
DdeCreateDataHandle
DdeCmpStringHandles
DdeGetData
SetCursorPos
EnumClipboardFormats
DestroyCursor
GetAsyncKeyState
WaitForInputIdle
GetForegroundWindow
VkKeyScanW
SetWindowsHookExW
keybd_event
CharUpperBuffW
CharUpperBuffA
CharLowerBuffW
FindWindowW
FindWindowA
MessageBoxIndirectA
DialogBoxParamA
EnumThreadWindows
GetLastActivePopup
SetActiveWindow
GetClassInfoExA
LoadIconA
LoadImageA
FrameRect
CreateDialogParamA
IsDialogMessageA
EnableMenuItem
ShowCursor
OemToCharA
CharToOemBuffA
GetWindowTextA
EndDialog
DrawTextA
SendDlgItemMessageA
SetDlgItemTextA
GetWindowPlacement
GetSystemMetrics
LoadBitmapA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
WaitMessage
PostQuitMessage
UnhookWindowsHookEx
RegisterClipboardFormatA
CreateCursor
CreateIcon
PostMessageW
PeekMessageW
GetPropA
RemovePropA
SetPropA
SetForegroundWindow
ClipCursor
CallWindowProcA
DefFrameProcA
GetKeyState
GetDlgItem
IsWindow
UnregisterClassA
RegisterClassA
AdjustWindowRect
GetTabbedTextExtentA
TabbedTextOutA
FillRect
CharToOemA
MessageBoxA
wsprintfA
WinHelpA
GetDesktopWindow
SetRect
GetWindowDC
DestroyIcon
GetClassInfoA
AdjustWindowRectEx
GetMenuItemCount
RemoveMenu
GetMenuStringA
GetMenuState
DdePostAdvise
DdeAbandonTransaction
CharPrevA
CharNextA
GetUpdateRgn
GetUpdateRect
PtInRect
ChildWindowFromPointEx
ReleaseCapture
SetCapture
InflateRect
GetWindowRect
ClientToScreen
MoveWindow
IsWindowEnabled
IsChild
SetParent
IsIconic
IsZoomed
DefMDIChildProcA
MessageBeep
PeekMessageA
PostMessageA
LoadStringA
AppendMenuA
DestroyMenu
CreatePopupMenu
GetMessageTime
GetMessagePos
DrawFocusRect
CopyAcceleratorTableA
GetWindowRgn
CharUpperA
TranslateMDISysAccel
SubtractRect
IsRectEmpty
InvalidateRgn
InvalidateRect
CopyRect
GetDCEx
IntersectRect
LoadAcceleratorsA
BringWindowToTop
GetWindowThreadProcessId
AttachThreadInput
EqualRect
EnableWindow
SetFocus
SendMessageA
SetWindowsHookExA
GetClassNameA
LoadCursorA
SetCursor
SetWindowLongA
GetWindow
GetFocus
GetKeyboardLayout
GetSystemMenu
CallNextHookEx
GetParent
DestroyWindow
SetWindowTextA
SetWindowPos
UpdateWindow
CreateWindowExA
SystemParametersInfoA
GetCapture
WindowFromPoint
ScreenToClient
SetTimer
IsWindowVisible
ShowWindow
KillTimer
GetDC
ReleaseDC
MapWindowPoints
GetCursorPos
GetCursor
OffsetRect
GetIconInfo
DefWindowProcA
BeginPaint
GetClientRect
EndPaint
GetSysColor
GetActiveWindow
GetWindowLongA
DdeClientTransaction
DdeSetUserHandle
DdeDisconnect
DdeConnect
DdeUninitialize
DdeNameService
DdeCreateStringHandleA
DdeQueryConvInfo
DdeInitializeA
DdeFreeStringHandle
SetScrollRange
DdeQueryStringA
DdeFreeDataHandle
LockWindowUpdate
SetScrollPos
DrawFrameControl
SetClipboardData
CharLowerBuffA
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
OpenClipboard
SetCaretPos
CloseClipboard
GetCaretBlinkTime
ShowCaret
GetWindowTextLengthA
CreateCaret
GetScrollPos
HideCaret
DestroyCaret
SetWindowRgn
GetClipboardFormatNameA
DrawTextExA
DestroyAcceleratorTable
ToAscii
CreateAcceleratorTableA
SetScrollInfo
ShowScrollBar
SetKeyboardState
GetMenuItemInfoA
SetMenuItemInfoA
GetDoubleClickTime
GetKeyboardState
GetQueueStatus
SetMenuDefaultItem
SetWindowContextHelpId
TrackPopupMenu
InsertMenuA
DrawMenuBar
DeleteMenu
GetMenu
GetSubMenu
GetMenuItemID
ModifyMenuA
SetMenu
CreateMenu
EndDeferWindowPos
CheckMenuItem
BeginDeferWindowPos
VkKeyScanA
DeferWindowPos
PostThreadMessageA
DrawIcon
CharLowerA
IsCharAlphaA
GetCaretPos
RegisterClassExA
GetScrollInfo

gdi32

UnrealizeObject
CreatePen
SetBkColor
SetTextColor
CreatePatternBrush
DeleteObject
CreateBitmap
ExtTextOutA
SelectObject
SetBkMode
GetBitmapBits
GetObjectA
GetTextExtentPointA
CreateFontIndirectA
CombineRgn
SetRectRgn
CreateRectRgn
CreateRectRgnIndirect
ExtSelectClipRgn
OffsetRgn
PtInRegion
CreatePalette
SelectPalette
SelectClipRgn
OffsetWindowOrgEx
IntersectClipRect
DeleteDC
BitBlt
SetViewportOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
RestoreDC
RealizePalette
SetROP2
SaveDC
GetClipBox
SetWindowOrgEx
ExcludeClipRect
CreateHalftonePalette
GetTextMetricsA
PatBlt
EnumFontsA
TranslateCharsetInfo
GetROP2
SetBrushOrgEx
GetDeviceCaps
GetObjectType
CreatePenIndirect
CreateBrushIndirect
Rectangle
GetStockObject
Arc
LineTo
MoveToEx
Pie
Ellipse
SetStretchBltMode
GetPixel
GetTextExtentPoint32A
SetPixelV
StretchDIBits
GetCurrentObject
TextOutA
GetBkColor
StretchBlt
CreateDIBitmap
CloseMetaFile
SetWindowExtEx
CreateMetaFileA
EndDoc
AbortDoc
StartPage
EndPage
StartDocA
CreateDCA
ResetDCA
Escape
ScaleViewportExtEx
SetViewportExtEx
SetMapMode
DeleteMetaFile
PlayMetaFile
SetAbortProc
DeleteEnhMetaFile
PlayEnhMetaFile
CreateICA
GetEnhMetaFileHeader
ScaleWindowExtEx
GetWindowOrgEx
GetPaletteEntries
CreateDIBSection
CloseEnhMetaFile
CreateEnhMetaFileA
LPtoDP
EqualRgn
ExtCreateRegion
GetDIBits
SetTextAlign
GetWindowExtEx
GetViewportExtEx
CopyMetaFileA
CopyEnhMetaFileA
PathToRegion
EndPath
BeginPath
WidenPath
GetTextColor
GetMapMode
SetDIBColorTable
RoundRect
CreateEllipticRgnIndirect
CreateRoundRectRgn
GetSystemPaletteEntries
GetNearestColor
CreateHatchBrush
CreateSolidBrush

advapi32

ReportEventA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegOpenKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueA
RegDeleteKeyA
RegEnumKeyA
RegSetValueExA
RegCreateKeyA
RegSetValueA
RegDeleteValueA
RegisterEventSourceA
DeregisterEventSource
RegQueryInfoKeyA
RegEnumKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExW
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegEnumValueA
RegQueryValueExW
RegCreateKeyW

ole32

OleCreateLinkToFile
CoTaskMemFree
BindMoniker
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
DoDragDrop
CreateILockBytesOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
CreateDataAdviseHolder
CreateOleAdviseHolder
CoRegisterClassObject
CoRevokeClassObject
CLSIDFromString
OleDoAutoConvert
OleRegGetUserType
OleSaveToStream
ReadClassStg
ReadClassStm
OleConvertIStorageToOLESTREAM
OleConvertOLESTREAMToIStorage
StgIsStorageILockBytes
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleCreateFromData
OleCreateLinkFromData
OleGetIconOfClass
OleGetClipboard
OleSetClipboard
OleCreateLink
CoTaskMemAlloc
OleGetAutoConvert
OleCreateFromFile
CoMarshalInterface
CoUnmarshalInterface
CreateStreamOnHGlobal
StringFromCLSID
StringFromGUID2
CLSIDFromProgID
ProgIDFromCLSID
CoGetClassObject
CoCreateInstance
MkParseDisplayName
CoIsOle1Class
OleQueryLinkFromData
OleQueryCreateFromData
GetClassFile
CreateBindCtx
OleDuplicateData
ReleaseStgMedium
OleSetMenuDescriptor
CoRegisterMessageFilter
OleUninitialize
OleInitialize
CoGetMalloc
OleRegGetMiscStatus
CoCreateGuid
IIDFromString
CoFreeUnusedLibraries
CoDisconnectObject
IsAccelerator
OleIsRunning
OleRun
OleLockRunning
StgCreateDocfile
WriteClassStg
OleSave
StgOpenStorage
OleLoad

oleaut32

SysStringLen
OleTranslateColor
VariantInit
VariantClear
OleCreatePropertyFrame
SysFreeString
OleCreateFontIndirect
SysAllocString
SysAllocStringByteLen
OaBuildVersion
OleCreatePictureIndirect
VariantChangeType
SetErrorInfo
SysAllocStringLen
GetErrorInfo
DispGetParam
CreateErrorInfo
SysStringByteLen
LoadRegTypeLi
LoadTypeLi
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
LHashValOfNameSys
SafeArrayGetDim
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayDestroy
VariantCopy
OleLoadPicture
SafeArrayDestroyData
VariantChangeTypeEx
VariantCopyInd
DispGetIDsOfNames
DispInvoke
CreateDispTypeInfo
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayRedim
SafeArrayCopy
SafeArrayPutElement
RevokeActiveObject
SafeArrayAllocDescriptor
OleIconToCursor
SafeArrayAllocData
SafeArrayLock
SafeArrayDestroyDescriptor
VarDateFromStr
SysReAllocStringLen
SafeArrayUnlock
VarR8FromStr
VarCyFromI4
GetActiveObject
VarBstrFromI2
VarBstrFromI4
VarBstrFromR8
VarBstrFromDate
VarBstrFromR4
VarI2FromStr
VarI4FromStr
VarBstrFromCy
VarR4FromStr
VarCyFromStr
VarI4FromR8
SysReAllocString
LHashValOfNameSysA

Exports

Exports

BASIC_CLASS_AddRef
BASIC_CLASS_GetIDsOfNames
BASIC_CLASS_Invoke
BASIC_CLASS_QueryInterface
BASIC_CLASS_Release
BASIC_DISPINTERFACE_GetTICount
BASIC_DISPINTERFACE_GetTypeInfo
CopyRecord
CreateIExprSrvObj
DLLGetDocumentation
DllCanUnloadNow
DllFunctionCall
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EVENT_SINK2_AddRef
EVENT_SINK2_Release
EVENT_SINK_AddRef
EVENT_SINK_GetIDsOfNames
EVENT_SINK_Invoke
EVENT_SINK_QueryInterface
EVENT_SINK_Release
EbCreateContext
EbDestroyContext
EbGetErrorInfo
EbGetHandleOfExecutingProject
EbGetObjConnectionCounts
EbGetVBAObject
EbIsProjectOnStack
EbLibraryLoad
EbLibraryUnload
EbLoadRunTime
EbResetProject
EbResetProjectNormal
EbSetContextWorkerThread
GetMem1
GetMem2
GetMem4
GetMem8
GetMemEvent
GetMemNewObj
GetMemObj
GetMemStr
GetMemVar
IID_IVbaHost
MethCallEngine
ProcCallEngine
PutMem1
PutMem2
PutMem4
PutMem8
PutMemEvent
PutMemNewObj
PutMemObj
PutMemStr
PutMemVar
SetMemEvent
SetMemNewObj
SetMemObj
SetMemVar
ThunRTMain
TipCreateInstanceEx
TipCreateInstanceProject2
TipGetAddressOfPredeclaredInstance
TipInvokeMethod
TipInvokeMethod2
TipSetOption
TipUnloadInstance
TipUnloadProject
UserDllMain
VBDllCanUnloadNow
VBDllGetClassObject
VBDllRegisterServer
VBDllUnRegisterServer
VarPtr
Zombie_AddRef
Zombie_GetIDsOfNames
Zombie_GetTypeInfo
Zombie_GetTypeInfoCount
Zombie_Invoke
Zombie_QueryInterface
Zombie_Release
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
__vbaAptOffset
__vbaAryConstruct
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryRebase1Var
__vbaAryRecCopy
__vbaAryRecMove
__vbaAryUnlock
__vbaAryVar
__vbaAryVarVarg
__vbaBoolErrVar
__vbaBoolStr
__vbaBoolVar
__vbaBoolVarNull
__vbaCVarAryUdt
__vbaCastObj
__vbaCastObjVar
__vbaCheckType
__vbaCheckTypeVar
__vbaChkstk
__vbaCopyBytes
__vbaCopyBytesZero
__vbaCyAbs
__vbaCyAdd
__vbaCyErrVar
__vbaCyFix
__vbaCyForInit
__vbaCyForNext
__vbaCyI2
__vbaCyI4
__vbaCyInt
__vbaCyMul
__vbaCyMulI2
__vbaCySgn
__vbaCyStr
__vbaCySub
__vbaCyUI1
__vbaCyVar
__vbaDateR4
__vbaDateR8
__vbaDateStr
__vbaDateVar
__vbaDerefAry
__vbaDerefAry1
__vbaEnd
__vbaErase
__vbaEraseKeepData
__vbaEraseNoPop
__vbaError
__vbaErrorOverflow
__vbaExceptHandler
__vbaExitEachAry
__vbaExitEachColl
__vbaExitEachVar
__vbaExitProc
__vbaFPException
__vbaFPFix
__vbaFPInt
__vbaFailedFriend
__vbaFileClose
__vbaFileCloseAll
__vbaFileLock
__vbaFileOpen
__vbaFileSeek
__vbaFixstrConstruct
__vbaForEachAry
__vbaForEachCollAd
__vbaForEachCollObj
__vbaForEachCollVar
__vbaForEachVar
__vbaFpCDblR4
__vbaFpCDblR8
__vbaFpCSngR4
__vbaFpCSngR8
__vbaFpCmpCy
__vbaFpCy
__vbaFpI2
__vbaFpI4
__vbaFpR4
__vbaFpR8
__vbaFpUI1
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaFreeVarg
__vbaGenerateBoundsError
__vbaGet3
__vbaGet4
__vbaGetFxStr3
__vbaGetFxStr4
__vbaGetOwner3
__vbaGetOwner4
__vbaGosub
__vbaGosubFree
__vbaGosubReturn
__vbaHresultCheck
__vbaHresultCheckNonvirt
__vbaHresultCheckObj
__vbaI2Abs
__vbaI2Cy
__vbaI2ErrVar
__vbaI2ForNextCheck
__vbaI2I4
__vbaI2Sgn
__vbaI2Str
__vbaI2Var
__vbaI4Abs
__vbaI4Cy
__vbaI4ErrVar
__vbaI4ForNextCheck
__vbaI4Sgn
__vbaI4Str
__vbaI4Var
__vbaInStr
__vbaInStrB
__vbaInStrVar
__vbaInStrVarB
__vbaInputFile
__vbaLateIdCall
__vbaLateIdCallLd
__vbaLateIdCallSt
__vbaLateIdNamedCall
__vbaLateIdNamedCallLd
__vbaLateIdNamedCallSt
__vbaLateIdNamedStAd
__vbaLateIdSt
__vbaLateIdStAd
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLateMemCallSt
__vbaLateMemNamedCall
__vbaLateMemNamedCallLd
__vbaLateMemNamedCallSt
__vbaLateMemNamedStAd
__vbaLateMemSt
__vbaLateMemStAd
__vbaLbound
__vbaLdZeroAry
__vbaLenBstr
__vbaLenBstrB
__vbaLenVar
__vbaLenVarB
__vbaLineInputStr
__vbaLineInputVar
__vbaLsetFixstr
__vbaLsetFixstrFree
__vbaMidStmtBstr
__vbaMidStmtBstrB
__vbaMidStmtVar
__vbaMidStmtVarB
__vbaNameFile
__vbaNew
__vbaNew2
__vbaNextEachAry
__vbaNextEachCollAd
__vbaNextEachCollObj
__vbaNextEachCollVar
__vbaNextEachVar
__vbaObjAddref
__vbaObjIs
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaOnGoCheck
__vbaPowerR8
__vbaPrintFile
__vbaPrintObj
__vbaPut3
__vbaPut4
__vbaPutFxStr3
__vbaPutFxStr4
__vbaPutOwner3
__vbaPutOwner4
__vbaR4Cy
__vbaR4ErrVar
__vbaR4ForNextCheck
__vbaR4Sgn
__vbaR4Str
__vbaR4Var
__vbaR8Cy
__vbaR8ErrVar
__vbaR8FixI2
__vbaR8FixI4
__vbaR8ForNextCheck
__vbaR8IntI2
__vbaR8IntI4
__vbaR8Sgn
__vbaR8Str
__vbaR8Var
__vbaRaiseEvent
__vbaRecAnsiToUni
__vbaRecAssign
__vbaRecDestruct
__vbaRecDestructAnsi
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaRedimPreserveVar
__vbaRedimPreserveVar2
__vbaRedimVar
__vbaRedimVar2
__vbaRefVarAry
__vbaResume
__vbaRsetFixstr
__vbaRsetFixstrFree
__vbaSetSystemError
__vbaStopExe
__vbaStr2Vec
__vbaStrAryToAnsi
__vbaStrAryToUnicode
__vbaStrBool
__vbaStrCat
__vbaStrCmp
__vbaStrComp
__vbaStrCompVar
__vbaStrCopy
__vbaStrCy
__vbaStrDate
__vbaStrErrVarCopy
__vbaStrFixstr
__vbaStrI2
__vbaStrI4
__vbaStrLike
__vbaStrMove
__vbaStrR4
__vbaStrR8
__vbaStrTextCmp
__vbaStrTextLike
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrUI1
__vbaStrVarCopy
__vbaStrVarMove
__vbaStrVarVal
__vbaUI1Cy
__vbaUI1ErrVar
__vbaUI1I2
__vbaUI1I4
__vbaUI1Sgn
__vbaUI1Str
__vbaUI1Var
__vbaUbound
__vbaUdtVar
__vbaUnkVar
__vbaVar2Vec
__vbaVarAbs
__vbaVarAdd
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCmpGe
__vbaVarCmpGt
__vbaVarCmpLe
__vbaVarCmpLt
__vbaVarCmpNe
__vbaVarCopy
__vbaVarDateVar
__vbaVarDiv
__vbaVarDup
__vbaVarEqv
__vbaVarErrI4
__vbaVarFix
__vbaVarForInit
__vbaVarForNext
__vbaVarIdiv
__vbaVarImp
__vbaVarIndexLoad
__vbaVarIndexLoadRef
__vbaVarIndexLoadRefLock
__vbaVarIndexStore
__vbaVarIndexStoreObj
__vbaVarInt
__vbaVarLateMemCallLd
__vbaVarLateMemCallLdRf
__vbaVarLateMemCallSt
__vbaVarLateMemSt
__vbaVarLateMemStAd
__vbaVarLike
__vbaVarLikeVar
__vbaVarMod
__vbaVarMove
__vbaVarMul
__vbaVarNeg
__vbaVarNot
__vbaVarOr
__vbaVarPow
__vbaVarSetObj
__vbaVarSetObjAddref
__vbaVarSetUnk
__vbaVarSetUnkAddref
__vbaVarSetVar
__vbaVarSetVarAddref
__vbaVarSub
__vbaVarTextCmpEq
__vbaVarTextCmpGe
__vbaVarTextCmpGt
__vbaVarTextCmpLe
__vbaVarTextCmpLt
__vbaVarTextCmpNe
__vbaVarTextLike
__vbaVarTextLikeVar
__vbaVarTextTstEq
__vbaVarTextTstGe
__vbaVarTextTstGt
__vbaVarTextTstLe
__vbaVarTextTstLt
__vbaVarTextTstNe
__vbaVarTstEq
__vbaVarTstGe
__vbaVarTstGt
__vbaVarTstLe
__vbaVarTstLt
__vbaVarTstNe
__vbaVarVargNofree
__vbaVarXor
__vbaVarZero
__vbaVargObj
__vbaVargObjAddref
__vbaVargParmRef
__vbaVargUnk
__vbaVargUnkAddref
__vbaVargVar
__vbaVargVarCopy
__vbaVargVarMove
__vbaVargVarRef
__vbaVerifyVarObj
__vbaWriteFile
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_allmul
rtBoolFromErrVar
rtBstrFromErrVar
rtCyFromErrVar
rtDecFromVar
rtI2FromErrVar
rtI4FromErrVar
rtR4FromErrVar
rtR8FromErrVar
rtUI1FromErrVar
rtcAbsVar
rtcAnsiValueBstr
rtcAppActivate
rtcAppleScript
rtcArray
rtcAtn
rtcBeep
rtcBstrFromAnsi
rtcBstrFromByte
rtcBstrFromChar
rtcBstrFromError
rtcBstrFromFormatVar
rtcByteValueBstr
rtcCVErrFromVar
rtcCallByName
rtcChangeDir
rtcChangeDrive
rtcCharValueBstr
rtcChoose
rtcCommandBstr
rtcCommandVar
rtcCompareBstr
rtcCos
rtcCreateObject
rtcCreateObject2
rtcCurrentDir
rtcCurrentDirBstr
rtcDDB
rtcDateAdd
rtcDateDiff
rtcDateFromVar
rtcDatePart
rtcDeleteSetting
rtcDir
rtcDoEvents
rtcEndOfFile
rtcEnvironBstr
rtcEnvironVar
rtcErrObj
rtcExp
rtcFV
rtcFileAttributes
rtcFileCopy
rtcFileDateTime
rtcFileLen
rtcFileLength
rtcFileLocation
rtcFileReset
rtcFileSeek
rtcFileWidth
rtcFilter
rtcFixVar
rtcFormatCurrency
rtcFormatDateTime

Sections

.text
Size: 1008KB - Virtual size: 1004KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ENGINE
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_5_/ForceUpdate/downloadEncodedFile.vbs
.vbs
$_5_/ForceUpdate/remotehost.xml
.xml
$_5_/ForceUpdate/version.xml
.xml
$_5_/MSVBVM60.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

52aa5ee856953e49635e554af5207319

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
ExitThread
FlushFileBuffers
CreateDirectoryA
GetTimeZoneInformation
RemoveDirectoryA
MoveFileA
LockFile
UnlockFile
TerminateProcess
RaiseException
SetEnvironmentVariableA
lstrlenA
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
GetStringTypeW
lstrcpynA
FreeLibrary
GetLocaleInfoA
lstrcmpiA
GetLastError
GetModuleHandleA
GetSystemDefaultLangID
FormatMessageA
HeapCreate
GetWindowsDirectoryA
GetPrivateProfileStringA
lstrcatA
CreateFileA
ReadFile
CloseHandle
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
IsBadReadPtr
TlsGetValue
lstrcpyA
DeleteFileA
lstrcmpA
GetCurrentThreadId
GetVersionExA
HeapAlloc
HeapFree
LCMapStringW
GetStringTypeA
GetModuleFileNameW
GetUserDefaultLangID
GetComputerNameA
SetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
SetFileTime
GetLocalTime
SetLocalTime
RtlUnwind
CreateProcessW
IsValidCodePage
FormatMessageW
GetStartupInfoA
UnhandledExceptionFilter
ExitProcess
SetCurrentDirectoryA
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindNextFileA
FindClose
VirtualFree
GetSystemInfo
VirtualAlloc
VirtualProtect
FlushInstructionCache
FindResourceExA
GetShortPathNameA
WinExec
lstrlenW
lstrcpyW
WriteFile
SetEndOfFile
SetFilePointer
GetSystemTime
SystemTimeToFileTime
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
GetCurrentProcess
DuplicateHandle
ResumeThread
GetCommandLineA
TlsSetValue
TlsFree
TlsAlloc
GetVersion
CompareStringW
lstrcmpiW
MulDiv
CreateProcessA
GetExitCodeProcess
LoadLibraryExA
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
GetCurrentProcessId
GetTickCount
GetEnvironmentVariableA
FreeResource
GetSystemDefaultLCID
GetPrivateProfileIntA
IsBadCodePtr
GetUserDefaultLCID
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
Sleep
GlobalDeleteAtom
HeapDestroy
SetErrorMode
GlobalAddAtomA
ReleaseSemaphore
LCMapStringA
CreateSemaphoreA
VirtualQuery
MultiByteToWideChar
GetProfileStringA
WideCharToMultiByte
HeapReAlloc
GetDriveTypeA
CompareStringA
GetFileAttributesA
GetCurrentDirectoryA
GetModuleFileNameA
SetLastError
GetFullPathNameA
SearchPathA
GetFileType
GlobalUnlock
GlobalFree
FindResourceA
LoadResource
SizeofResource
GlobalAlloc
GlobalSize
GlobalHandle
GlobalReAlloc
GlobalLock
_lwrite
_lread
LockResource
GetTempPathA
GetTempFileNameA
_lclose
_llseek
HeapSize
GetCPInfo

user32

DdeGetLastError
DdeCreateDataHandle
DdeCmpStringHandles
DdeGetData
SetCursorPos
EnumClipboardFormats
DestroyCursor
GetAsyncKeyState
WaitForInputIdle
GetForegroundWindow
VkKeyScanW
SetWindowsHookExW
keybd_event
CharUpperBuffW
CharUpperBuffA
CharLowerBuffW
FindWindowW
FindWindowA
MessageBoxIndirectA
DialogBoxParamA
EnumThreadWindows
GetLastActivePopup
SetActiveWindow
GetClassInfoExA
LoadIconA
LoadImageA
FrameRect
CreateDialogParamA
IsDialogMessageA
EnableMenuItem
ShowCursor
OemToCharA
CharToOemBuffA
GetWindowTextA
EndDialog
DrawTextA
SendDlgItemMessageA
SetDlgItemTextA
GetWindowPlacement
GetSystemMetrics
LoadBitmapA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
WaitMessage
PostQuitMessage
UnhookWindowsHookEx
RegisterClipboardFormatA
CreateCursor
CreateIcon
PostMessageW
PeekMessageW
GetPropA
RemovePropA
SetPropA
SetForegroundWindow
ClipCursor
CallWindowProcA
DefFrameProcA
GetKeyState
GetDlgItem
IsWindow
UnregisterClassA
RegisterClassA
AdjustWindowRect
GetTabbedTextExtentA
TabbedTextOutA
FillRect
CharToOemA
MessageBoxA
wsprintfA
WinHelpA
GetDesktopWindow
SetRect
GetWindowDC
DestroyIcon
GetClassInfoA
AdjustWindowRectEx
GetMenuItemCount
RemoveMenu
GetMenuStringA
GetMenuState
DdePostAdvise
DdeAbandonTransaction
CharPrevA
CharNextA
GetUpdateRgn
GetUpdateRect
PtInRect
ChildWindowFromPointEx
ReleaseCapture
SetCapture
InflateRect
GetWindowRect
ClientToScreen
MoveWindow
IsWindowEnabled
IsChild
SetParent
IsIconic
IsZoomed
DefMDIChildProcA
MessageBeep
PeekMessageA
PostMessageA
LoadStringA
AppendMenuA
DestroyMenu
CreatePopupMenu
GetMessageTime
GetMessagePos
DrawFocusRect
CopyAcceleratorTableA
GetWindowRgn
CharUpperA
TranslateMDISysAccel
SubtractRect
IsRectEmpty
InvalidateRgn
InvalidateRect
CopyRect
GetDCEx
IntersectRect
LoadAcceleratorsA
BringWindowToTop
GetWindowThreadProcessId
AttachThreadInput
EqualRect
EnableWindow
SetFocus
SendMessageA
SetWindowsHookExA
GetClassNameA
LoadCursorA
SetCursor
SetWindowLongA
GetWindow
GetFocus
GetKeyboardLayout
GetSystemMenu
CallNextHookEx
GetParent
DestroyWindow
SetWindowTextA
SetWindowPos
UpdateWindow
CreateWindowExA
SystemParametersInfoA
GetCapture
WindowFromPoint
ScreenToClient
SetTimer
IsWindowVisible
ShowWindow
KillTimer
GetDC
ReleaseDC
MapWindowPoints
GetCursorPos
GetCursor
OffsetRect
GetIconInfo
DefWindowProcA
BeginPaint
GetClientRect
EndPaint
GetSysColor
GetActiveWindow
GetWindowLongA
DdeClientTransaction
DdeSetUserHandle
DdeDisconnect
DdeConnect
DdeUninitialize
DdeNameService
DdeCreateStringHandleA
DdeQueryConvInfo
DdeInitializeA
DdeFreeStringHandle
SetScrollRange
DdeQueryStringA
DdeFreeDataHandle
LockWindowUpdate
SetScrollPos
DrawFrameControl
SetClipboardData
CharLowerBuffA
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
OpenClipboard
SetCaretPos
CloseClipboard
GetCaretBlinkTime
ShowCaret
GetWindowTextLengthA
CreateCaret
GetScrollPos
HideCaret
DestroyCaret
SetWindowRgn
GetClipboardFormatNameA
DrawTextExA
DestroyAcceleratorTable
ToAscii
CreateAcceleratorTableA
SetScrollInfo
ShowScrollBar
SetKeyboardState
GetMenuItemInfoA
SetMenuItemInfoA
GetDoubleClickTime
GetKeyboardState
GetQueueStatus
SetMenuDefaultItem
SetWindowContextHelpId
TrackPopupMenu
InsertMenuA
DrawMenuBar
DeleteMenu
GetMenu
GetSubMenu
GetMenuItemID
ModifyMenuA
SetMenu
CreateMenu
EndDeferWindowPos
CheckMenuItem
BeginDeferWindowPos
VkKeyScanA
DeferWindowPos
PostThreadMessageA
DrawIcon
CharLowerA
IsCharAlphaA
GetCaretPos
RegisterClassExA
GetScrollInfo

gdi32

UnrealizeObject
CreatePen
SetBkColor
SetTextColor
CreatePatternBrush
DeleteObject
CreateBitmap
ExtTextOutA
SelectObject
SetBkMode
GetBitmapBits
GetObjectA
GetTextExtentPointA
CreateFontIndirectA
CombineRgn
SetRectRgn
CreateRectRgn
CreateRectRgnIndirect
ExtSelectClipRgn
OffsetRgn
PtInRegion
CreatePalette
SelectPalette
SelectClipRgn
OffsetWindowOrgEx
IntersectClipRect
DeleteDC
BitBlt
SetViewportOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
RestoreDC
RealizePalette
SetROP2
SaveDC
GetClipBox
SetWindowOrgEx
ExcludeClipRect
CreateHalftonePalette
GetTextMetricsA
PatBlt
EnumFontsA
TranslateCharsetInfo
GetROP2
SetBrushOrgEx
GetDeviceCaps
GetObjectType
CreatePenIndirect
CreateBrushIndirect
Rectangle
GetStockObject
Arc
LineTo
MoveToEx
Pie
Ellipse
SetStretchBltMode
GetPixel
GetTextExtentPoint32A
SetPixelV
StretchDIBits
GetCurrentObject
TextOutA
GetBkColor
StretchBlt
CreateDIBitmap
CloseMetaFile
SetWindowExtEx
CreateMetaFileA
EndDoc
AbortDoc
StartPage
EndPage
StartDocA
CreateDCA
ResetDCA
Escape
ScaleViewportExtEx
SetViewportExtEx
SetMapMode
DeleteMetaFile
PlayMetaFile
SetAbortProc
DeleteEnhMetaFile
PlayEnhMetaFile
CreateICA
GetEnhMetaFileHeader
ScaleWindowExtEx
GetWindowOrgEx
GetPaletteEntries
CreateDIBSection
CloseEnhMetaFile
CreateEnhMetaFileA
LPtoDP
EqualRgn
ExtCreateRegion
GetDIBits
SetTextAlign
GetWindowExtEx
GetViewportExtEx
CopyMetaFileA
CopyEnhMetaFileA
PathToRegion
EndPath
BeginPath
WidenPath
GetTextColor
GetMapMode
SetDIBColorTable
RoundRect
CreateEllipticRgnIndirect
CreateRoundRectRgn
GetSystemPaletteEntries
GetNearestColor
CreateHatchBrush
CreateSolidBrush

advapi32

ReportEventA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegOpenKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueA
RegDeleteKeyA
RegEnumKeyA
RegSetValueExA
RegCreateKeyA
RegSetValueA
RegDeleteValueA
RegisterEventSourceA
DeregisterEventSource
RegQueryInfoKeyA
RegEnumKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExW
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegEnumValueA
RegQueryValueExW
RegCreateKeyW

ole32

OleCreateLinkToFile
CoTaskMemFree
BindMoniker
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
DoDragDrop
CreateILockBytesOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
CreateDataAdviseHolder
CreateOleAdviseHolder
CoRegisterClassObject
CoRevokeClassObject
CLSIDFromString
OleDoAutoConvert
OleRegGetUserType
OleSaveToStream
ReadClassStg
ReadClassStm
OleConvertIStorageToOLESTREAM
OleConvertOLESTREAMToIStorage
StgIsStorageILockBytes
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleCreateFromData
OleCreateLinkFromData
OleGetIconOfClass
OleGetClipboard
OleSetClipboard
OleCreateLink
CoTaskMemAlloc
OleGetAutoConvert
OleCreateFromFile
CoMarshalInterface
CoUnmarshalInterface
CreateStreamOnHGlobal
StringFromCLSID
StringFromGUID2
CLSIDFromProgID
ProgIDFromCLSID
CoGetClassObject
CoCreateInstance
MkParseDisplayName
CoIsOle1Class
OleQueryLinkFromData
OleQueryCreateFromData
GetClassFile
CreateBindCtx
OleDuplicateData
ReleaseStgMedium
OleSetMenuDescriptor
CoRegisterMessageFilter
OleUninitialize
OleInitialize
CoGetMalloc
OleRegGetMiscStatus
CoCreateGuid
IIDFromString
CoFreeUnusedLibraries
CoDisconnectObject
IsAccelerator
OleIsRunning
OleRun
OleLockRunning
StgCreateDocfile
WriteClassStg
OleSave
StgOpenStorage
OleLoad

oleaut32

SysStringLen
OleTranslateColor
VariantInit
VariantClear
OleCreatePropertyFrame
SysFreeString
OleCreateFontIndirect
SysAllocString
SysAllocStringByteLen
OaBuildVersion
OleCreatePictureIndirect
VariantChangeType
SetErrorInfo
SysAllocStringLen
GetErrorInfo
DispGetParam
CreateErrorInfo
SysStringByteLen
LoadRegTypeLi
LoadTypeLi
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
LHashValOfNameSys
SafeArrayGetDim
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayDestroy
VariantCopy
OleLoadPicture
SafeArrayDestroyData
VariantChangeTypeEx
VariantCopyInd
DispGetIDsOfNames
DispInvoke
CreateDispTypeInfo
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayRedim
SafeArrayCopy
SafeArrayPutElement
RevokeActiveObject
SafeArrayAllocDescriptor
OleIconToCursor
SafeArrayAllocData
SafeArrayLock
SafeArrayDestroyDescriptor
VarDateFromStr
SysReAllocStringLen
SafeArrayUnlock
VarR8FromStr
VarCyFromI4
GetActiveObject
VarBstrFromI2
VarBstrFromI4
VarBstrFromR8
VarBstrFromDate
VarBstrFromR4
VarI2FromStr
VarI4FromStr
VarBstrFromCy
VarR4FromStr
VarCyFromStr
VarI4FromR8
SysReAllocString
LHashValOfNameSysA

Exports

Exports

BASIC_CLASS_AddRef
BASIC_CLASS_GetIDsOfNames
BASIC_CLASS_Invoke
BASIC_CLASS_QueryInterface
BASIC_CLASS_Release
BASIC_DISPINTERFACE_GetTICount
BASIC_DISPINTERFACE_GetTypeInfo
CopyRecord
CreateIExprSrvObj
DLLGetDocumentation
DllCanUnloadNow
DllFunctionCall
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EVENT_SINK2_AddRef
EVENT_SINK2_Release
EVENT_SINK_AddRef
EVENT_SINK_GetIDsOfNames
EVENT_SINK_Invoke
EVENT_SINK_QueryInterface
EVENT_SINK_Release
EbCreateContext
EbDestroyContext
EbGetErrorInfo
EbGetHandleOfExecutingProject
EbGetObjConnectionCounts
EbGetVBAObject
EbIsProjectOnStack
EbLibraryLoad
EbLibraryUnload
EbLoadRunTime
EbResetProject
EbResetProjectNormal
EbSetContextWorkerThread
GetMem1
GetMem2
GetMem4
GetMem8
GetMemEvent
GetMemNewObj
GetMemObj
GetMemStr
GetMemVar
IID_IVbaHost
MethCallEngine
ProcCallEngine
PutMem1
PutMem2
PutMem4
PutMem8
PutMemEvent
PutMemNewObj
PutMemObj
PutMemStr
PutMemVar
SetMemEvent
SetMemNewObj
SetMemObj
SetMemVar
ThunRTMain
TipCreateInstanceEx
TipCreateInstanceProject2
TipGetAddressOfPredeclaredInstance
TipInvokeMethod
TipInvokeMethod2
TipSetOption
TipUnloadInstance
TipUnloadProject
UserDllMain
VBDllCanUnloadNow
VBDllGetClassObject
VBDllRegisterServer
VBDllUnRegisterServer
VarPtr
Zombie_AddRef
Zombie_GetIDsOfNames
Zombie_GetTypeInfo
Zombie_GetTypeInfoCount
Zombie_Invoke
Zombie_QueryInterface
Zombie_Release
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
__vbaAptOffset
__vbaAryConstruct
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryRebase1Var
__vbaAryRecCopy
__vbaAryRecMove
__vbaAryUnlock
__vbaAryVar
__vbaAryVarVarg
__vbaBoolErrVar
__vbaBoolStr
__vbaBoolVar
__vbaBoolVarNull
__vbaCVarAryUdt
__vbaCastObj
__vbaCastObjVar
__vbaCheckType
__vbaCheckTypeVar
__vbaChkstk
__vbaCopyBytes
__vbaCopyBytesZero
__vbaCyAbs
__vbaCyAdd
__vbaCyErrVar
__vbaCyFix
__vbaCyForInit
__vbaCyForNext
__vbaCyI2
__vbaCyI4
__vbaCyInt
__vbaCyMul
__vbaCyMulI2
__vbaCySgn
__vbaCyStr
__vbaCySub
__vbaCyUI1
__vbaCyVar
__vbaDateR4
__vbaDateR8
__vbaDateStr
__vbaDateVar
__vbaDerefAry
__vbaDerefAry1
__vbaEnd
__vbaErase
__vbaEraseKeepData
__vbaEraseNoPop
__vbaError
__vbaErrorOverflow
__vbaExceptHandler
__vbaExitEachAry
__vbaExitEachColl
__vbaExitEachVar
__vbaExitProc
__vbaFPException
__vbaFPFix
__vbaFPInt
__vbaFailedFriend
__vbaFileClose
__vbaFileCloseAll
__vbaFileLock
__vbaFileOpen
__vbaFileSeek
__vbaFixstrConstruct
__vbaForEachAry
__vbaForEachCollAd
__vbaForEachCollObj
__vbaForEachCollVar
__vbaForEachVar
__vbaFpCDblR4
__vbaFpCDblR8
__vbaFpCSngR4
__vbaFpCSngR8
__vbaFpCmpCy
__vbaFpCy
__vbaFpI2
__vbaFpI4
__vbaFpR4
__vbaFpR8
__vbaFpUI1
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaFreeVarg
__vbaGenerateBoundsError
__vbaGet3
__vbaGet4
__vbaGetFxStr3
__vbaGetFxStr4
__vbaGetOwner3
__vbaGetOwner4
__vbaGosub
__vbaGosubFree
__vbaGosubReturn
__vbaHresultCheck
__vbaHresultCheckNonvirt
__vbaHresultCheckObj
__vbaI2Abs
__vbaI2Cy
__vbaI2ErrVar
__vbaI2ForNextCheck
__vbaI2I4
__vbaI2Sgn
__vbaI2Str
__vbaI2Var
__vbaI4Abs
__vbaI4Cy
__vbaI4ErrVar
__vbaI4ForNextCheck
__vbaI4Sgn
__vbaI4Str
__vbaI4Var
__vbaInStr
__vbaInStrB
__vbaInStrVar
__vbaInStrVarB
__vbaInputFile
__vbaLateIdCall
__vbaLateIdCallLd
__vbaLateIdCallSt
__vbaLateIdNamedCall
__vbaLateIdNamedCallLd
__vbaLateIdNamedCallSt
__vbaLateIdNamedStAd
__vbaLateIdSt
__vbaLateIdStAd
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLateMemCallSt
__vbaLateMemNamedCall
__vbaLateMemNamedCallLd
__vbaLateMemNamedCallSt
__vbaLateMemNamedStAd
__vbaLateMemSt
__vbaLateMemStAd
__vbaLbound
__vbaLdZeroAry
__vbaLenBstr
__vbaLenBstrB
__vbaLenVar
__vbaLenVarB
__vbaLineInputStr
__vbaLineInputVar
__vbaLsetFixstr
__vbaLsetFixstrFree
__vbaMidStmtBstr
__vbaMidStmtBstrB
__vbaMidStmtVar
__vbaMidStmtVarB
__vbaNameFile
__vbaNew
__vbaNew2
__vbaNextEachAry
__vbaNextEachCollAd
__vbaNextEachCollObj
__vbaNextEachCollVar
__vbaNextEachVar
__vbaObjAddref
__vbaObjIs
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaOnGoCheck
__vbaPowerR8
__vbaPrintFile
__vbaPrintObj
__vbaPut3
__vbaPut4
__vbaPutFxStr3
__vbaPutFxStr4
__vbaPutOwner3
__vbaPutOwner4
__vbaR4Cy
__vbaR4ErrVar
__vbaR4ForNextCheck
__vbaR4Sgn
__vbaR4Str
__vbaR4Var
__vbaR8Cy
__vbaR8ErrVar
__vbaR8FixI2
__vbaR8FixI4
__vbaR8ForNextCheck
__vbaR8IntI2
__vbaR8IntI4
__vbaR8Sgn
__vbaR8Str
__vbaR8Var
__vbaRaiseEvent
__vbaRecAnsiToUni
__vbaRecAssign
__vbaRecDestruct
__vbaRecDestructAnsi
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaRedimPreserveVar
__vbaRedimPreserveVar2
__vbaRedimVar
__vbaRedimVar2
__vbaRefVarAry
__vbaResume
__vbaRsetFixstr
__vbaRsetFixstrFree
__vbaSetSystemError
__vbaStopExe
__vbaStr2Vec
__vbaStrAryToAnsi
__vbaStrAryToUnicode
__vbaStrBool
__vbaStrCat
__vbaStrCmp
__vbaStrComp
__vbaStrCompVar
__vbaStrCopy
__vbaStrCy
__vbaStrDate
__vbaStrErrVarCopy
__vbaStrFixstr
__vbaStrI2
__vbaStrI4
__vbaStrLike
__vbaStrMove
__vbaStrR4
__vbaStrR8
__vbaStrTextCmp
__vbaStrTextLike
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrUI1
__vbaStrVarCopy
__vbaStrVarMove
__vbaStrVarVal
__vbaUI1Cy
__vbaUI1ErrVar
__vbaUI1I2
__vbaUI1I4
__vbaUI1Sgn
__vbaUI1Str
__vbaUI1Var
__vbaUbound
__vbaUdtVar
__vbaUnkVar
__vbaVar2Vec
__vbaVarAbs
__vbaVarAdd
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCmpGe
__vbaVarCmpGt
__vbaVarCmpLe
__vbaVarCmpLt
__vbaVarCmpNe
__vbaVarCopy
__vbaVarDateVar
__vbaVarDiv
__vbaVarDup
__vbaVarEqv
__vbaVarErrI4
__vbaVarFix
__vbaVarForInit
__vbaVarForNext
__vbaVarIdiv
__vbaVarImp
__vbaVarIndexLoad
__vbaVarIndexLoadRef
__vbaVarIndexLoadRefLock
__vbaVarIndexStore
__vbaVarIndexStoreObj
__vbaVarInt
__vbaVarLateMemCallLd
__vbaVarLateMemCallLdRf
__vbaVarLateMemCallSt
__vbaVarLateMemSt
__vbaVarLateMemStAd
__vbaVarLike
__vbaVarLikeVar
__vbaVarMod
__vbaVarMove
__vbaVarMul
__vbaVarNeg
__vbaVarNot
__vbaVarOr
__vbaVarPow
__vbaVarSetObj
__vbaVarSetObjAddref
__vbaVarSetUnk
__vbaVarSetUnkAddref
__vbaVarSetVar
__vbaVarSetVarAddref
__vbaVarSub
__vbaVarTextCmpEq
__vbaVarTextCmpGe
__vbaVarTextCmpGt
__vbaVarTextCmpLe
__vbaVarTextCmpLt
__vbaVarTextCmpNe
__vbaVarTextLike
__vbaVarTextLikeVar
__vbaVarTextTstEq
__vbaVarTextTstGe
__vbaVarTextTstGt
__vbaVarTextTstLe
__vbaVarTextTstLt
__vbaVarTextTstNe
__vbaVarTstEq
__vbaVarTstGe
__vbaVarTstGt
__vbaVarTstLe
__vbaVarTstLt
__vbaVarTstNe
__vbaVarVargNofree
__vbaVarXor
__vbaVarZero
__vbaVargObj
__vbaVargObjAddref
__vbaVargParmRef
__vbaVargUnk
__vbaVargUnkAddref
__vbaVargVar
__vbaVargVarCopy
__vbaVargVarMove
__vbaVargVarRef
__vbaVerifyVarObj
__vbaWriteFile
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_allmul
rtBoolFromErrVar
rtBstrFromErrVar
rtCyFromErrVar
rtDecFromVar
rtI2FromErrVar
rtI4FromErrVar
rtR4FromErrVar
rtR8FromErrVar
rtUI1FromErrVar
rtcAbsVar
rtcAnsiValueBstr
rtcAppActivate
rtcAppleScript
rtcArray
rtcAtn
rtcBeep
rtcBstrFromAnsi
rtcBstrFromByte
rtcBstrFromChar
rtcBstrFromError
rtcBstrFromFormatVar
rtcByteValueBstr
rtcCVErrFromVar
rtcCallByName
rtcChangeDir
rtcChangeDrive
rtcCharValueBstr
rtcChoose
rtcCommandBstr
rtcCommandVar
rtcCompareBstr
rtcCos
rtcCreateObject
rtcCreateObject2
rtcCurrentDir
rtcCurrentDirBstr
rtcDDB
rtcDateAdd
rtcDateDiff
rtcDateFromVar
rtcDatePart
rtcDeleteSetting
rtcDir
rtcDoEvents
rtcEndOfFile
rtcEnvironBstr
rtcEnvironVar
rtcErrObj
rtcExp
rtcFV
rtcFileAttributes
rtcFileCopy
rtcFileDateTime
rtcFileLen
rtcFileLength
rtcFileLocation
rtcFileReset
rtcFileSeek
rtcFileWidth
rtcFilter
rtcFixVar
rtcFormatCurrency
rtcFormatDateTime

Sections

.text
Size: 1008KB - Virtual size: 1004KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ENGINE
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_5_/MonitorRemoteSession.exe
.exe windows:4 windows x86 arch:x86

54928747eb869b8f6ca76d01fb31286a

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:01:6e:8d:8b:2b:4c:17:c9:f1:d1:34:67:01:a9:24
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/07/2014, 00:00

Not After

17/07/2016, 23:59

Subject

CN=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,O=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,POSTALCODE=852,STREET=UNIT 811-818\, TOWER 1+STREET=388 TONG ROAD\, KWUN TONG\, KOWLOON+STREET=MILLENNIUM CITY 1,L=HONG KONG,ST=HONG KONG,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

14:78:ac:02:1f:4d:37:84:7c:81:4f:07:78:10:38:f4:1b:82:ae:56
Signer

Actual PE Digest

14:78:ac:02:1f:4d:37:84:7c:81:4f:07:78:10:38:f4:1b:82:ae:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaNextEachVar
__vbaFreeObjList
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord626
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord666
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaStrFixstr
__vbaFPFix
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaI2I4
__vbaObjVar
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
__vbaInStrVar
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarSetVar
__vbaVarCmpEq
__vbaVarAdd
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
__vbaUnkVar
ord616
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaLateMemCallLd
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
ord618
__vbaForEachVar
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_5_/RemoteControl/Readme.txt
$_5_/RemoteControl/RecordingResult/Readme.txt
$_5_/RemoteControl/camstudio_cl.exe
.exe windows:5 windows x86 arch:x86

5c0b2073a7396284bee996023273feff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetDIBits
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
BitBlt
DeleteDC
GetDeviceCaps
GetObjectA

winmm

timeGetTime

msvfw32

ICClose
ICOpen
ord2
ICSendMessage
ICGetInfo
ICInfo

avifil32

AVIMakeCompressedStream
AVIFileCreateStreamA
AVIFileExit
AVIStreamRelease
AVIFileInit
AVISaveOptionsFree
AVIStreamSetFormat
AVIFileOpenA
AVIStreamWrite
AVIFileRelease

kernel32

CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
FindResourceA
OpenFile
LoadResource
GlobalLock
WaitForSingleObject
GetCurrentThread
FindResourceExA
GlobalAlloc
WideCharToMultiByte
TerminateThread
Sleep
SizeofResource
ExitThread
SetThreadPriority
GlobalUnlock
GlobalFree
GetLocalTime
GetExitCodeThread
LockResource
GlobalHandle
CloseHandle
DeleteFileA
CreateThread
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetCPInfo
RtlUnwind
LCMapStringA
LCMapStringW
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetModuleHandleA

user32

SetRect
GetCursorPos
ReleaseDC
GetCursor
GetDC
GetIconInfo
DrawIcon

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_5_/RemoteControl/recording-converter-r1.1.jar
.jar
$_5_/RemoteControl/screen-player-r2.2.jar
.jar
$_5_/RemoteControl/screen-recorder-r2.2.jar
.jar
$_5_/RemoteControl/uvnc/UltraVNC.ini
$_5_/RemoteControl/uvnc/X64/UltraVNC.ini
$_5_/RemoteControl/uvnc/X64/vncviewer.exe
.exe windows:6 windows x64 arch:x64

b7e50548c90e9548a96231867f8e9257

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:4f:40:ed:c7:0c:dd:e5:a0:56:f5:57:3a:a3:09:50
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/08/2013, 00:00

Not After

11/10/2016, 23:59

Subject

CN=uvnc bvba,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

aa:bf:e4:e3:9b:da:d1:1b:b7:8c:c2:b6:4c:1b:0e:d5:8c:0b:a9:5e
Signer

Actual PE Digest

aa:bf:e4:e3:9b:da:d1:1b:b7:8c:c2:b6:4c:1b:0e:d5:8c:0b:a9:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

L:\UltraVNC_INSTALL_VS2013\ultravnc_test2\UltraVNC Project Root\UltraVNC\vncviewer\x64\Release\vncviewer.pdb

Imports

comctl32

ImageList_ReplaceIcon
ord6
CreateToolbarEx
InitCommonControlsEx
ImageList_Create
ord17

winmm

timeGetTime
timeSetEvent
timeKillEvent
PlaySoundA

ws2_32

getpeername
connect
inet_addr
select
WSACleanup
WSAStartup
accept
htons
shutdown
setsockopt
socket
__WSAFDIsSet
closesocket
gethostbyname
send
listen
WSAAsyncSelect
bind
recv
WSAGetLastError
ioctlsocket

kernel32

FindNextFileA
GetTempPathA
DeleteFileA
lstrcpyA
CreateFileA
SetFilePointer
lstrlenA
MoveFileExA
SetEndOfFile
SetErrorMode
SystemTimeToFileTime
CompareFileTime
SetFileTime
WriteFile
GetDriveTypeA
InitializeCriticalSection
GetFileAttributesA
LeaveCriticalSection
FileTimeToSystemTime
ReadFile
FlushFileBuffers
CreateDirectoryA
GetLogicalDriveStringsA
lstrcmpiA
EnterCriticalSection
MoveFileA
GetFileTime
DeleteCriticalSection
FileTimeToLocalFileTime
MulDiv
AllocConsole
GetStdHandle
WriteConsoleA
OutputDebugStringA
GetComputerNameA
GetVersionExA
DeleteFileW
GetStringTypeW
SetFileAttributesW
CreateFileW
SetEnvironmentVariableW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
SetConsoleCtrlHandler
CreateDirectoryW
GetFileAttributesExW
GetModuleFileNameW
FatalAppExitA
CreateSemaphoreW
FindClose
GetStartupInfoW
TlsFree
TerminateProcess
CreateEventW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
GetModuleFileNameA
SetLastError
GetOEMCP
GetACP
IsValidCodePage
HeapSize
RtlLookupFunctionEntry
RaiseException
RtlPcToFileHeader
LoadLibraryExW
ExitThread
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
RtlUnwindEx
GetCPInfo
SetFilePointerEx
ReadConsoleW
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetCommandLineA
AreFileApisANSI
GetModuleHandleExW
ExitProcess
SetStdHandle
GetTimeZoneInformation
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
CreateSemaphoreA
GetSystemTime
TlsSetValue
TlsGetValue
TlsAlloc
SetThreadPriority
GetCurrentThreadId
GetCurrentThread
ReleaseSemaphore
DuplicateHandle
GetFileType
lstrcatA
ReleaseMutex
CreateMutexA
GetProcessHeap
HeapFree
GetCurrentProcess
HeapAlloc
lstrcpynA
LocalFileTimeToFileTime
GetVersion
GetLocalTime
SetFileAttributesA
GetVolumeInformationA
GetLocaleInfoA
SetVolumeLabelA
DosDateTimeToFileTime
GetFullPathNameA
QueryPerformanceFrequency
QueryPerformanceCounter
RtlCaptureContext
LoadLibraryA
CopyFileA
GetProcAddress
FindFirstFileA
FreeLibrary
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
GlobalSize
GetPrivateProfileStringA
WritePrivateProfileStringA
RemoveDirectoryW
GlobalUnlock
GetPrivateProfileIntA
GlobalAlloc
GlobalLock
CreateThread
ResumeThread
LocalFree
CloseHandle
GetLastError
Beep
CreateEventA
Sleep
FormatMessageA
GetTickCount
SetEvent
WaitForSingleObject
GetModuleHandleA
SetCurrentDirectoryW
GetCurrentDirectoryW
MoveFileExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
GetFullPathNameW
GetModuleHandleW

user32

SetCaretBlinkTime
ReleaseCapture
CallWindowProcA
GetCaretBlinkTime
GetMessageA
PostThreadMessageA
CallNextHookEx
GetForegroundWindow
SetWindowsHookExA
GetWindowThreadProcessId
ToAscii
GetKeyState
keybd_event
VkKeyScanW
GetKeyboardState
ToUnicode
SetWindowRgn
GetScrollInfo
PtInRect
IntersectRect
GetDesktopWindow
GetMenuStringA
WindowFromDC
MapWindowPoints
ModifyMenuA
DrawTextA
GetParent
GetWindowTextLengthA
TranslateMessage
PeekMessageA
SendMessageTimeoutA
GetMenuItemCount
DispatchMessageA
GetComboBoxInfo
EnableWindow
SetCapture
ScreenToClient
IsDlgButtonChecked
LoadKeyboardLayoutA
SetWindowLongPtrA
LoadBitmapA
DestroyIcon
EnumDisplaySettingsExA
MonitorFromPoint
GetMonitorInfoA
SystemParametersInfoA
GetSystemMetrics
EnumDisplayDevicesA
ValidateRect
RegisterClassExA
TrackPopupMenu
GetMenuItemID
GetSubMenu
LoadStringA
LoadMenuA
SetMenuDefaultItem
IsClipboardFormatAvailable
RegisterClipboardFormatA
SetWindowLongA
SetCursorPos
RedrawWindow
GetCursorPos
CloseClipboard
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
GetClipboardOwner
EndPaint
DestroyWindow
SetCursor
GetDlgItemInt
GetSystemMenu
SetTimer
GetWindowRect
PostQuitMessage
IsIconic
FillRect
SendNotifyMessageA
KillTimer
GetFocus
LoadIconA
InvalidateRgn
wsprintfA
GetClientRect
SetFocus
RegisterWindowMessageA
BeginPaint
GetDC
SetDlgItemInt
GetWindowTextA
SetRect
MessageBoxA
InvalidateRect
GetWindowLongA
CreateWindowExA
ReleaseDC
EnableMenuItem
ChangeClipboardChain
DefWindowProcA
SetWindowPos
ShowWindow
CreatePopupMenu
GetSysColorBrush
DrawMenuBar
AppendMenuA
IsWindow
ShowScrollBar
PostMessageA
AdjustWindowRectEx
ScrollWindowEx
SetWindowTextA
UpdateWindow
DestroyMenu
LoadCursorA
SetClipboardViewer
SetScrollInfo
CheckMenuItem
RegisterClassA
MoveWindow
GetKeyboardLayoutNameA
GetWindowLongPtrA
SendMessageA
GetDlgItem
GetDlgItemTextA
DestroyAcceleratorTable
CreateAcceleratorTableA
TranslateAcceleratorA
SetForegroundWindow
EndDialog
LoadImageA
DialogBoxParamA
SetDlgItemTextA
IsRectEmpty
wvsprintfA
CharToOemA
OemToCharA
SendDlgItemMessageA

gdi32

DeleteDC
SetStretchBltMode
SelectPalette
RealizePalette
CombineRgn
CreatePalette
SetDIBColorTable
SetBrushOrgEx
StretchBlt
GetDeviceCaps
GetStockObject
CreateRectRgnIndirect
Rectangle
CreatePen
SetBkMode
CreateFontA
SetTextColor
LineTo
MoveToEx
CreatePolygonRgn
SetROP2
UpdateColors
BitBlt
CreateDIBSection
PatBlt
DeleteObject
SelectObject
CreateCompatibleDC
GetClipBox
CreateRectRgn
CreateSolidBrush

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
IsValidAcl
OpenProcessToken
GetKernelObjectSecurity
GetSecurityDescriptorLength
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
AdjustTokenPrivileges
IsValidSecurityDescriptor
GetSecurityDescriptorSacl
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
LookupPrivilegeValueA
GetSecurityDescriptorControl
RegSetValueExA

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHFileOperationA
Shell_NotifyIconA
SHGetFolderPathA

imm32

ImmAssociateContext

Sections

.text
Size: 889KB - Virtual size: 889KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 474KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_5_/RemoteControl/uvnc/X64/winvnc.exe
.exe windows:6 windows x64 arch:x64

c90bc1202a6686e20be0ca8a81f86726

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:4f:40:ed:c7:0c:dd:e5:a0:56:f5:57:3a:a3:09:50
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/08/2013, 00:00

Not After

11/10/2016, 23:59

Subject

CN=uvnc bvba,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f4:18:a3:f9:de:c5:be:70:a1:15:84:64:62:2d:66:c8:8a:bf:85:fe
Signer

Actual PE Digest

f4:18:a3:f9:de:c5:be:70:a1:15:84:64:62:2d:66:c8:8a:bf:85:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

gethostname
inet_ntoa
getsockname
send
getpeername
WSAIoctl
select
WSAGetLastError
gethostbyname
shutdown
setsockopt
WSACleanup
bind
__WSAFDIsSet
getsockopt
listen
accept
connect
WSAStartup
inet_addr
htonl
htons
recv
socket
closesocket

winmm

timeSetEvent
PlaySoundA
timeGetTime
timeKillEvent

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

userenv

ExpandEnvironmentStringsForUserA
CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

SetLastError
Process32First
SetEvent
WaitNamedPipeW
WriteFile
GetSystemDirectoryW
LoadLibraryW
CreateEventA
GetExitCodeProcess
ReadFile
CreateFileW
Process32Next
OpenEventA
WaitForMultipleObjects
lstrcatW
CreateToolhelp32Snapshot
OutputDebugStringA
GetVersionExA
GetCurrentProcessId
GetEnvironmentVariableA
SetCurrentDirectoryA
SetFileAttributesA
ResumeThread
TryEnterCriticalSection
ResetEvent
CreateFileA
GetFileSize
CompareFileTime
GetFileTime
SetFilePointer
MoveFileExA
SetEndOfFile
SetErrorMode
SystemTimeToFileTime
SetFileTime
GetDriveTypeA
GetFileAttributesA
FileTimeToSystemTime
FlushFileBuffers
CreateDirectoryA
GetLogicalDriveStringsA
MoveFileA
GetSystemTime
GetCurrentThread
VirtualFreeEx
ReadProcessMemory
CreateProcessA
TerminateProcess
SetThreadPriority
VirtualAllocEx
TerminateThread
FindResourceA
LoadResource
SizeofResource
LockResource
CreateMutexA
FormatMessageA
GetStdHandle
OpenFileMappingA
GlobalDeleteAtom
GlobalGetAtomNameA
GlobalAddAtomA
SetProcessShutdownParameters
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
HeapSize
RtlLookupFunctionEntry
RtlPcToFileHeader
LoadLibraryExW
ExitThread
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
GetCurrentDirectoryA
SetEnvironmentVariableA
RtlUnwindEx
GetCPInfo
SetFilePointerEx
GetTimeZoneInformation
ReadConsoleW
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetCommandLineA
SetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
TlsFree
TlsAlloc
DuplicateHandle
ReleaseSemaphore
CreateSemaphoreA
TlsSetValue
TlsGetValue
GetFileType
lstrcatA
lstrcmpiA
GetProcessHeap
HeapFree
HeapAlloc
lstrcpynA
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetLocalTime
GetVolumeInformationA
GetLocaleInfoA
SetVolumeLabelA
DosDateTimeToFileTime
GetFullPathNameA
lstrcpyA
WriteConsoleA
ReleaseMutex
IsValidCodePage
GetACP
GetOEMCP
GetStringTypeW
CreateFileMappingA
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
GetPrivateProfileStructA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
OpenProcess
WritePrivateProfileSectionA
WritePrivateProfileStructA
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
WinExec
GetLastError
GetComputerNameA
GetVersion
GetSystemInfo
lstrlenA
DeleteFileA
GetTempPathA
FindNextFileA
FindClose
FindFirstFileA
FreeLibrary
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcessTimes
InitializeCriticalSection
GetSystemTimeAsFileTime
GetTickCount
GetCurrentProcess
CreateThread
CloseHandle
Sleep
GetCurrentThreadId
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GlobalFree
GlobalUnlock
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalSize
GetModuleFileNameW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
SetEnvironmentVariableW
GetFileAttributesExW
SetFileAttributesW
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
MoveFileExW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
GetFullPathNameW
GetStartupInfoW
GetModuleHandleW
AllocConsole
RemoveDirectoryW

user32

TrackPopupMenu
GetMenuItemID
GetSubMenu
LoadMenuA
EnableMenuItem
RemoveMenu
SetMenuDefaultItem
DestroyMenu
EnableWindow
ToAscii
GetAsyncKeyState
MapVirtualKeyA
VkKeyScanA
IsIconic
DestroyWindow
PostThreadMessageA
SendNotifyMessageA
WaitMessage
PeekMessageA
ChangeClipboardChain
SetClipboardViewer
GetClipboardOwner
EnumDesktopWindows
GetClassNameA
OpenDesktopA
FillRect
DrawTextA
WaitForInputIdle
FindWindowExA
WindowFromPoint
IsDlgButtonChecked
EnumWindows
GetIconInfo
GetWindowTextA
SetRect
IsWindow
IsWindowVisible
EndPaint
DrawIconEx
BeginPaint
GetUpdateRect
IntersectRect
DestroyIcon
PtInRect
GetKeyboardState
SetActiveWindow
MessageBeep
FlashWindow
ChangeDisplaySettingsExA
keybd_event
GetKeyState
EnumDisplaySettingsA
ScreenToClient
GetWindowRect
SendDlgItemMessageA
LoadStringA
GetClientRect
SetFocus
CheckDlgButton
SetDlgItemInt
GetDlgItemInt
GetProcessWindowStation
RegisterWindowMessageA
GetScrollInfo
InvalidateRect
GetDlgItem
EndDialog
GetCursorPos
SetWindowTextA
GetDlgItemTextA
DialogBoxParamA
SetDlgItemTextA
MoveWindow
ExitWindowsEx
GetDesktopWindow
wsprintfA
GetWindowThreadProcessId
SystemParametersInfoA
GetForegroundWindow
MessageBoxA
SendMessageA
PostMessageA
FindWindowA
mouse_event
GetMessageA
GetUserObjectInformationA
SetTimer
GetWindowLongPtrA
RegisterClassExA
PostQuitMessage
GetThreadDesktop
KillTimer
LoadIconA
OpenInputDesktop
CloseDesktop
TranslateMessage
CreateWindowExA
DefWindowProcA
SetWindowPos
ShowWindow
SetThreadDesktop
SetWindowLongPtrA
DispatchMessageA
GetSystemMetrics
LoadImageA
AdjustWindowRect
LoadCursorA
IsRectEmpty
GetDC
ReleaseDC
CloseClipboard
IsClipboardFormatAvailable
RegisterClipboardFormatA
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
OemToCharA
CharToOemA
wvsprintfA
SetForegroundWindow

gdi32

GetBitmapBits
SetTextColor
SetBkColor
GdiFlush
CreatePalette
RealizePalette
SelectPalette
CreateFontIndirectA
GetObjectA
ExtEscape
GetSystemPaletteEntries
GetRgnBox
GetRegionData
SetRectRgn
PtInRegion
CombineRgn
OffsetRgn
CreateRectRgn
PatBlt
StretchBlt
CreateDCA
SetBkMode
GetClipBox
GetPixel
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
GetDIBits
GetDeviceCaps
CreateDIBSection
DeleteDC
BitBlt
SetDIBColorTable
GetStockObject
CreateSolidBrush

advapi32

GetSecurityDescriptorLength
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSecurityDescriptor
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
GetSecurityDescriptorControl
GetKernelObjectSecurity
IsValidAcl
RegCreateKeyA
SetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetServiceStatus
RegDeleteValueA
QueryServiceStatus
RegCreateKeyExA
RegDeleteKeyA
CreateServiceA
RegisterServiceCtrlHandlerA
DeleteService
StartServiceCtrlDispatcherA
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueA
SetTokenInformation
FreeSid
RevertToSelf
AllocateAndInitializeSid
ImpersonateLoggedOnUser
EqualSid
GetTokenInformation
OpenProcessToken
CreateProcessAsUserA
RegSetValueExA
QueryServiceConfigA
OpenSCManagerA
EnumServicesStatusA
CloseServiceHandle
LookupAccountSidA
OpenServiceA
GetUserNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteExA
Shell_NotifyIconA
SHAppBarMessage
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA
ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

imm32

ImmGetDefaultIMEWnd

Sections

.text
Size: 883KB - Virtual size: 883KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 713KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 760KB - Virtual size: 759KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_5_/RemoteControl/uvnc/XP/UltraVNC.ini
$_5_/RemoteControl/uvnc/XP/X64/UltraVNC.ini
$_5_/RemoteControl/uvnc/XP/X64/vncviewer.exe
.exe windows:6 windows x64 arch:x64

b7e50548c90e9548a96231867f8e9257

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:4f:40:ed:c7:0c:dd:e5:a0:56:f5:57:3a:a3:09:50
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/08/2013, 00:00

Not After

11/10/2016, 23:59

Subject

CN=uvnc bvba,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

aa:bf:e4:e3:9b:da:d1:1b:b7:8c:c2:b6:4c:1b:0e:d5:8c:0b:a9:5e
Signer

Actual PE Digest

aa:bf:e4:e3:9b:da:d1:1b:b7:8c:c2:b6:4c:1b:0e:d5:8c:0b:a9:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

L:\UltraVNC_INSTALL_VS2013\ultravnc_test2\UltraVNC Project Root\UltraVNC\vncviewer\x64\Release\vncviewer.pdb

Imports

comctl32

ImageList_ReplaceIcon
ord6
CreateToolbarEx
InitCommonControlsEx
ImageList_Create
ord17

winmm

timeGetTime
timeSetEvent
timeKillEvent
PlaySoundA

ws2_32

getpeername
connect
inet_addr
select
WSACleanup
WSAStartup
accept
htons
shutdown
setsockopt
socket
__WSAFDIsSet
closesocket
gethostbyname
send
listen
WSAAsyncSelect
bind
recv
WSAGetLastError
ioctlsocket

kernel32

FindNextFileA
GetTempPathA
DeleteFileA
lstrcpyA
CreateFileA
SetFilePointer
lstrlenA
MoveFileExA
SetEndOfFile
SetErrorMode
SystemTimeToFileTime
CompareFileTime
SetFileTime
WriteFile
GetDriveTypeA
InitializeCriticalSection
GetFileAttributesA
LeaveCriticalSection
FileTimeToSystemTime
ReadFile
FlushFileBuffers
CreateDirectoryA
GetLogicalDriveStringsA
lstrcmpiA
EnterCriticalSection
MoveFileA
GetFileTime
DeleteCriticalSection
FileTimeToLocalFileTime
MulDiv
AllocConsole
GetStdHandle
WriteConsoleA
OutputDebugStringA
GetComputerNameA
GetVersionExA
DeleteFileW
GetStringTypeW
SetFileAttributesW
CreateFileW
SetEnvironmentVariableW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
SetConsoleCtrlHandler
CreateDirectoryW
GetFileAttributesExW
GetModuleFileNameW
FatalAppExitA
CreateSemaphoreW
FindClose
GetStartupInfoW
TlsFree
TerminateProcess
CreateEventW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
GetModuleFileNameA
SetLastError
GetOEMCP
GetACP
IsValidCodePage
HeapSize
RtlLookupFunctionEntry
RaiseException
RtlPcToFileHeader
LoadLibraryExW
ExitThread
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
RtlUnwindEx
GetCPInfo
SetFilePointerEx
ReadConsoleW
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetCommandLineA
AreFileApisANSI
GetModuleHandleExW
ExitProcess
SetStdHandle
GetTimeZoneInformation
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
CreateSemaphoreA
GetSystemTime
TlsSetValue
TlsGetValue
TlsAlloc
SetThreadPriority
GetCurrentThreadId
GetCurrentThread
ReleaseSemaphore
DuplicateHandle
GetFileType
lstrcatA
ReleaseMutex
CreateMutexA
GetProcessHeap
HeapFree
GetCurrentProcess
HeapAlloc
lstrcpynA
LocalFileTimeToFileTime
GetVersion
GetLocalTime
SetFileAttributesA
GetVolumeInformationA
GetLocaleInfoA
SetVolumeLabelA
DosDateTimeToFileTime
GetFullPathNameA
QueryPerformanceFrequency
QueryPerformanceCounter
RtlCaptureContext
LoadLibraryA
CopyFileA
GetProcAddress
FindFirstFileA
FreeLibrary
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
GlobalSize
GetPrivateProfileStringA
WritePrivateProfileStringA
RemoveDirectoryW
GlobalUnlock
GetPrivateProfileIntA
GlobalAlloc
GlobalLock
CreateThread
ResumeThread
LocalFree
CloseHandle
GetLastError
Beep
CreateEventA
Sleep
FormatMessageA
GetTickCount
SetEvent
WaitForSingleObject
GetModuleHandleA
SetCurrentDirectoryW
GetCurrentDirectoryW
MoveFileExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
GetFullPathNameW
GetModuleHandleW

user32

SetCaretBlinkTime
ReleaseCapture
CallWindowProcA
GetCaretBlinkTime
GetMessageA
PostThreadMessageA
CallNextHookEx
GetForegroundWindow
SetWindowsHookExA
GetWindowThreadProcessId
ToAscii
GetKeyState
keybd_event
VkKeyScanW
GetKeyboardState
ToUnicode
SetWindowRgn
GetScrollInfo
PtInRect
IntersectRect
GetDesktopWindow
GetMenuStringA
WindowFromDC
MapWindowPoints
ModifyMenuA
DrawTextA
GetParent
GetWindowTextLengthA
TranslateMessage
PeekMessageA
SendMessageTimeoutA
GetMenuItemCount
DispatchMessageA
GetComboBoxInfo
EnableWindow
SetCapture
ScreenToClient
IsDlgButtonChecked
LoadKeyboardLayoutA
SetWindowLongPtrA
LoadBitmapA
DestroyIcon
EnumDisplaySettingsExA
MonitorFromPoint
GetMonitorInfoA
SystemParametersInfoA
GetSystemMetrics
EnumDisplayDevicesA
ValidateRect
RegisterClassExA
TrackPopupMenu
GetMenuItemID
GetSubMenu
LoadStringA
LoadMenuA
SetMenuDefaultItem
IsClipboardFormatAvailable
RegisterClipboardFormatA
SetWindowLongA
SetCursorPos
RedrawWindow
GetCursorPos
CloseClipboard
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
GetClipboardOwner
EndPaint
DestroyWindow
SetCursor
GetDlgItemInt
GetSystemMenu
SetTimer
GetWindowRect
PostQuitMessage
IsIconic
FillRect
SendNotifyMessageA
KillTimer
GetFocus
LoadIconA
InvalidateRgn
wsprintfA
GetClientRect
SetFocus
RegisterWindowMessageA
BeginPaint
GetDC
SetDlgItemInt
GetWindowTextA
SetRect
MessageBoxA
InvalidateRect
GetWindowLongA
CreateWindowExA
ReleaseDC
EnableMenuItem
ChangeClipboardChain
DefWindowProcA
SetWindowPos
ShowWindow
CreatePopupMenu
GetSysColorBrush
DrawMenuBar
AppendMenuA
IsWindow
ShowScrollBar
PostMessageA
AdjustWindowRectEx
ScrollWindowEx
SetWindowTextA
UpdateWindow
DestroyMenu
LoadCursorA
SetClipboardViewer
SetScrollInfo
CheckMenuItem
RegisterClassA
MoveWindow
GetKeyboardLayoutNameA
GetWindowLongPtrA
SendMessageA
GetDlgItem
GetDlgItemTextA
DestroyAcceleratorTable
CreateAcceleratorTableA
TranslateAcceleratorA
SetForegroundWindow
EndDialog
LoadImageA
DialogBoxParamA
SetDlgItemTextA
IsRectEmpty
wvsprintfA
CharToOemA
OemToCharA
SendDlgItemMessageA

gdi32

DeleteDC
SetStretchBltMode
SelectPalette
RealizePalette
CombineRgn
CreatePalette
SetDIBColorTable
SetBrushOrgEx
StretchBlt
GetDeviceCaps
GetStockObject
CreateRectRgnIndirect
Rectangle
CreatePen
SetBkMode
CreateFontA
SetTextColor
LineTo
MoveToEx
CreatePolygonRgn
SetROP2
UpdateColors
BitBlt
CreateDIBSection
PatBlt
DeleteObject
SelectObject
CreateCompatibleDC
GetClipBox
CreateRectRgn
CreateSolidBrush

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
IsValidAcl
OpenProcessToken
GetKernelObjectSecurity
GetSecurityDescriptorLength
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
AdjustTokenPrivileges
IsValidSecurityDescriptor
GetSecurityDescriptorSacl
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
LookupPrivilegeValueA
GetSecurityDescriptorControl
RegSetValueExA

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHFileOperationA
Shell_NotifyIconA
SHGetFolderPathA

imm32

ImmAssociateContext

Sections

.text
Size: 889KB - Virtual size: 889KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 474KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_5_/RemoteControl/uvnc/XP/X64/winvnc.exe
.exe windows:6 windows x64 arch:x64

c90bc1202a6686e20be0ca8a81f86726

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:4f:40:ed:c7:0c:dd:e5:a0:56:f5:57:3a:a3:09:50
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/08/2013, 00:00

Not After

11/10/2016, 23:59

Subject

CN=uvnc bvba,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f4:18:a3:f9:de:c5:be:70:a1:15:84:64:62:2d:66:c8:8a:bf:85:fe
Signer

Actual PE Digest

f4:18:a3:f9:de:c5:be:70:a1:15:84:64:62:2d:66:c8:8a:bf:85:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

gethostname
inet_ntoa
getsockname
send
getpeername
WSAIoctl
select
WSAGetLastError
gethostbyname
shutdown
setsockopt
WSACleanup
bind
__WSAFDIsSet
getsockopt
listen
accept
connect
WSAStartup
inet_addr
htonl
htons
recv
socket
closesocket

winmm

timeSetEvent
PlaySoundA
timeGetTime
timeKillEvent

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

userenv

ExpandEnvironmentStringsForUserA
CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

SetLastError
Process32First
SetEvent
WaitNamedPipeW
WriteFile
GetSystemDirectoryW
LoadLibraryW
CreateEventA
GetExitCodeProcess
ReadFile
CreateFileW
Process32Next
OpenEventA
WaitForMultipleObjects
lstrcatW
CreateToolhelp32Snapshot
OutputDebugStringA
GetVersionExA
GetCurrentProcessId
GetEnvironmentVariableA
SetCurrentDirectoryA
SetFileAttributesA
ResumeThread
TryEnterCriticalSection
ResetEvent
CreateFileA
GetFileSize
CompareFileTime
GetFileTime
SetFilePointer
MoveFileExA
SetEndOfFile
SetErrorMode
SystemTimeToFileTime
SetFileTime
GetDriveTypeA
GetFileAttributesA
FileTimeToSystemTime
FlushFileBuffers
CreateDirectoryA
GetLogicalDriveStringsA
MoveFileA
GetSystemTime
GetCurrentThread
VirtualFreeEx
ReadProcessMemory
CreateProcessA
TerminateProcess
SetThreadPriority
VirtualAllocEx
TerminateThread
FindResourceA
LoadResource
SizeofResource
LockResource
CreateMutexA
FormatMessageA
GetStdHandle
OpenFileMappingA
GlobalDeleteAtom
GlobalGetAtomNameA
GlobalAddAtomA
SetProcessShutdownParameters
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
HeapSize
RtlLookupFunctionEntry
RtlPcToFileHeader
LoadLibraryExW
ExitThread
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
GetCurrentDirectoryA
SetEnvironmentVariableA
RtlUnwindEx
GetCPInfo
SetFilePointerEx
GetTimeZoneInformation
ReadConsoleW
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetCommandLineA
SetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
TlsFree
TlsAlloc
DuplicateHandle
ReleaseSemaphore
CreateSemaphoreA
TlsSetValue
TlsGetValue
GetFileType
lstrcatA
lstrcmpiA
GetProcessHeap
HeapFree
HeapAlloc
lstrcpynA
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetLocalTime
GetVolumeInformationA
GetLocaleInfoA
SetVolumeLabelA
DosDateTimeToFileTime
GetFullPathNameA
lstrcpyA
WriteConsoleA
ReleaseMutex
IsValidCodePage
GetACP
GetOEMCP
GetStringTypeW
CreateFileMappingA
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
GetPrivateProfileStructA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
OpenProcess
WritePrivateProfileSectionA
WritePrivateProfileStructA
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
WinExec
GetLastError
GetComputerNameA
GetVersion
GetSystemInfo
lstrlenA
DeleteFileA
GetTempPathA
FindNextFileA
FindClose
FindFirstFileA
FreeLibrary
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcessTimes
InitializeCriticalSection
GetSystemTimeAsFileTime
GetTickCount
GetCurrentProcess
CreateThread
CloseHandle
Sleep
GetCurrentThreadId
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GlobalFree
GlobalUnlock
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalSize
GetModuleFileNameW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
SetEnvironmentVariableW
GetFileAttributesExW
SetFileAttributesW
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
MoveFileExW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
GetFullPathNameW
GetStartupInfoW
GetModuleHandleW
AllocConsole
RemoveDirectoryW

user32

TrackPopupMenu
GetMenuItemID
GetSubMenu
LoadMenuA
EnableMenuItem
RemoveMenu
SetMenuDefaultItem
DestroyMenu
EnableWindow
ToAscii
GetAsyncKeyState
MapVirtualKeyA
VkKeyScanA
IsIconic
DestroyWindow
PostThreadMessageA
SendNotifyMessageA
WaitMessage
PeekMessageA
ChangeClipboardChain
SetClipboardViewer
GetClipboardOwner
EnumDesktopWindows
GetClassNameA
OpenDesktopA
FillRect
DrawTextA
WaitForInputIdle
FindWindowExA
WindowFromPoint
IsDlgButtonChecked
EnumWindows
GetIconInfo
GetWindowTextA
SetRect
IsWindow
IsWindowVisible
EndPaint
DrawIconEx
BeginPaint
GetUpdateRect
IntersectRect
DestroyIcon
PtInRect
GetKeyboardState
SetActiveWindow
MessageBeep
FlashWindow
ChangeDisplaySettingsExA
keybd_event
GetKeyState
EnumDisplaySettingsA
ScreenToClient
GetWindowRect
SendDlgItemMessageA
LoadStringA
GetClientRect
SetFocus
CheckDlgButton
SetDlgItemInt
GetDlgItemInt
GetProcessWindowStation
RegisterWindowMessageA
GetScrollInfo
InvalidateRect
GetDlgItem
EndDialog
GetCursorPos
SetWindowTextA
GetDlgItemTextA
DialogBoxParamA
SetDlgItemTextA
MoveWindow
ExitWindowsEx
GetDesktopWindow
wsprintfA
GetWindowThreadProcessId
SystemParametersInfoA
GetForegroundWindow
MessageBoxA
SendMessageA
PostMessageA
FindWindowA
mouse_event
GetMessageA
GetUserObjectInformationA
SetTimer
GetWindowLongPtrA
RegisterClassExA
PostQuitMessage
GetThreadDesktop
KillTimer
LoadIconA
OpenInputDesktop
CloseDesktop
TranslateMessage
CreateWindowExA
DefWindowProcA
SetWindowPos
ShowWindow
SetThreadDesktop
SetWindowLongPtrA
DispatchMessageA
GetSystemMetrics
LoadImageA
AdjustWindowRect
LoadCursorA
IsRectEmpty
GetDC
ReleaseDC
CloseClipboard
IsClipboardFormatAvailable
RegisterClipboardFormatA
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
OemToCharA
CharToOemA
wvsprintfA
SetForegroundWindow

gdi32

GetBitmapBits
SetTextColor
SetBkColor
GdiFlush
CreatePalette
RealizePalette
SelectPalette
CreateFontIndirectA
GetObjectA
ExtEscape
GetSystemPaletteEntries
GetRgnBox
GetRegionData
SetRectRgn
PtInRegion
CombineRgn
OffsetRgn
CreateRectRgn
PatBlt
StretchBlt
CreateDCA
SetBkMode
GetClipBox
GetPixel
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
GetDIBits
GetDeviceCaps
CreateDIBSection
DeleteDC
BitBlt
SetDIBColorTable
GetStockObject
CreateSolidBrush

advapi32

GetSecurityDescriptorLength
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSecurityDescriptor
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
GetSecurityDescriptorControl
GetKernelObjectSecurity
IsValidAcl
RegCreateKeyA
SetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetServiceStatus
RegDeleteValueA
QueryServiceStatus
RegCreateKeyExA
RegDeleteKeyA
CreateServiceA
RegisterServiceCtrlHandlerA
DeleteService
StartServiceCtrlDispatcherA
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueA
SetTokenInformation
FreeSid
RevertToSelf
AllocateAndInitializeSid
ImpersonateLoggedOnUser
EqualSid
GetTokenInformation
OpenProcessToken
CreateProcessAsUserA
RegSetValueExA
QueryServiceConfigA
OpenSCManagerA
EnumServicesStatusA
CloseServiceHandle
LookupAccountSidA
OpenServiceA
GetUserNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteExA
Shell_NotifyIconA
SHAppBarMessage
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA
ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

imm32

ImmGetDefaultIMEWnd

Sections

.text
Size: 883KB - Virtual size: 883KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 713KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 760KB - Virtual size: 759KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_5_/RemoteControl/uvnc/XP/uvnc_settings.exe
.exe windows:5 windows x86 arch:x86

a9ea2106838ba087f6c156cc0e582f8b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:4f:40:ed:c7:0c:dd:e5:a0:56:f5:57:3a:a3:09:50
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/08/2013, 00:00

Not After

11/10/2016, 23:59

Subject

CN=uvnc bvba,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

89:93:a9:66:b7:ef:21:1c:69:53:ef:57:30:7c:96:bc:1e:63:c9:70
Signer

Actual PE Digest

89:93:a9:66:b7:ef:21:1c:69:53:ef:57:30:7c:96:bc:1e:63:c9:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

L:\UltraVNC_INSTALL_VS2013\ultravnc_test2\UltraVNC Project Root\UltraVNC\uvnc_settings\Release\uvnc_settings.pdb

Imports

comctl32

InitCommonControlsEx
ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
DeleteFileA
CreateEventA
WaitForSingleObject
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetPrivateProfileStructA
WritePrivateProfileStructA
InterlockedIncrement
LocalFree
FormatMessageA
lstrlenA
LocalAlloc
FindClose
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
FindNextFileA
InterlockedDecrement
CreateThread
GetModuleFileNameA
FindFirstFileA
Sleep
CreateDirectoryA

user32

EnableWindow
GetDlgItem
SendMessageA
SetForegroundWindow
SetWindowLongA
GetWindowLongA
MessageBoxA
EnumDisplaySettingsA
DestroyWindow
SetWindowPos
MapWindowPoints
GetWindowRect
CreateDialogParamA
LoadStringA
DialogBoxParamA
IsDlgButtonChecked
CheckDlgButton
wsprintfA
SetFocus
ShowWindow
GetWindowTextA
SetWindowTextA
GetDlgItemTextA
GetDlgItemInt
SetDlgItemTextA
SetDlgItemInt
EndDialog
SendDlgItemMessageA

gdi32

DeleteDC
CreateDCA

advapi32

StartServiceA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerA

shell32

ShellExecuteA

ole32

CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx

oleaut32

SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysFreeString
SysAllocString

msvcr90

srand
rand
??_V@YAXPAX@Z
??_U@YAPAXI@Z
strrchr
sprintf
strcpy_s
??2@YAPAXI@Z
vsprintf
strncat
_stricmp
sprintf_s
strncpy
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_time64
free
malloc
??3@YAXPAX@Z
memset
_CxxThrowException
__CxxFrameHandler3
_itoa
memcpy

iphlpapi

GetAdaptersInfo

ws2_32

WSACleanup
WSAStartup

msvcp90

??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_5_/RemoteControl/uvnc/XP/vncviewer.exe
.exe windows:6 windows x86 arch:x86

83582c9b1fc7b8859001a44b345d0d92

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:4f:40:ed:c7:0c:dd:e5:a0:56:f5:57:3a:a3:09:50
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/08/2013, 00:00

Not After

11/10/2016, 23:59

Subject

CN=uvnc bvba,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:64:51:d6:70:97:3d:20:30:14:72:63:de:ff:76:14:a7:80:cd:e4
Signer

Actual PE Digest

6d:64:51:d6:70:97:3d:20:30:14:72:63:de:ff:76:14:a7:80:cd:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

L:\UltraVNC_INSTALL_VS2013\ultravnc_test2\UltraVNC Project Root\UltraVNC\vncviewer\Release\vncviewer.pdb

Imports

comctl32

ImageList_ReplaceIcon
ord6
CreateToolbarEx
InitCommonControlsEx
ImageList_Create
ord17

winmm

timeGetTime
timeSetEvent
timeKillEvent
PlaySoundA

ws2_32

getpeername
connect
inet_addr
select
WSACleanup
WSAStartup
accept
htons
shutdown
setsockopt
socket
__WSAFDIsSet
closesocket
gethostbyname
send
listen
WSAAsyncSelect
bind
recv
WSAGetLastError
ioctlsocket

kernel32

FindNextFileA
GetTempPathA
DeleteFileA
lstrcpyA
CreateFileA
SetFilePointer
lstrlenA
MoveFileExA
SetEndOfFile
SetErrorMode
SystemTimeToFileTime
CompareFileTime
SetFileTime
WriteFile
GetDriveTypeA
InitializeCriticalSection
GetFileAttributesA
LeaveCriticalSection
FileTimeToSystemTime
ReadFile
FlushFileBuffers
CreateDirectoryA
GetLogicalDriveStringsA
lstrcmpiA
EnterCriticalSection
MoveFileA
GetFileTime
DeleteCriticalSection
FileTimeToLocalFileTime
MulDiv
AllocConsole
GetStdHandle
WriteConsoleA
OutputDebugStringA
GetComputerNameA
GetVersionExA
DeleteFileW
GetStringTypeW
SetFileAttributesW
CreateFileW
SetEnvironmentVariableW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
CreateDirectoryW
GetFileAttributesExW
GetModuleFileNameW
FindClose
GetModuleHandleW
GetStartupInfoW
TlsFree
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
GetModuleFileNameA
SetLastError
GetOEMCP
GetACP
IsValidCodePage
HeapSize
RaiseException
LoadLibraryExW
ExitThread
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
RtlUnwind
GetCPInfo
SetFilePointerEx
ReadConsoleW
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetCommandLineA
AreFileApisANSI
GetModuleHandleExW
ExitProcess
SetStdHandle
GetTimeZoneInformation
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
TlsAlloc
DuplicateHandle
GetCurrentThreadId
SetThreadPriority
CreateSemaphoreA
TlsSetValue
GetCurrentThread
TlsGetValue
GetFileType
lstrcatA
ReleaseMutex
CreateMutexA
GetProcessHeap
HeapFree
GetCurrentProcess
HeapAlloc
lstrcpynA
LocalFileTimeToFileTime
GetVersion
GetLocalTime
SetFileAttributesA
GetVolumeInformationA
GetLocaleInfoA
SetVolumeLabelA
DosDateTimeToFileTime
GetFullPathNameA
QueryPerformanceFrequency
QueryPerformanceCounter
UnhandledExceptionFilter
LoadLibraryA
CopyFileA
GetProcAddress
FindFirstFileA
FreeLibrary
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
GlobalSize
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalUnlock
RemoveDirectoryW
GetPrivateProfileIntA
GlobalAlloc
GlobalLock
CreateThread
ResumeThread
LocalFree
CloseHandle
GetLastError
Beep
CreateEventA
Sleep
FormatMessageA
GetTickCount
SetEvent
WaitForSingleObject
GetModuleHandleA
GetCurrentDirectoryW
MoveFileExW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
GetFullPathNameW

user32

ReleaseCapture
CallWindowProcA
GetCaretBlinkTime
GetMessageA
PostThreadMessageA
CallNextHookEx
GetForegroundWindow
SetWindowsHookExA
GetWindowThreadProcessId
ToAscii
GetKeyState
keybd_event
VkKeyScanW
GetKeyboardState
ToUnicode
SetWindowRgn
LoadBitmapA
PtInRect
SetCaretBlinkTime
GetDesktopWindow
GetMenuStringA
ModifyMenuA
SendDlgItemMessageA
DrawTextA
GetWindowTextLengthA
TranslateMessage
PeekMessageA
SendMessageTimeoutA
GetMenuItemCount
DispatchMessageA
GetComboBoxInfo
EnableWindow
DestroyIcon
EnumDisplaySettingsExA
MonitorFromPoint
GetScrollInfo
SetCapture
ScreenToClient
LoadKeyboardLayoutA
IsDlgButtonChecked
GetMonitorInfoA
SystemParametersInfoA
GetSystemMetrics
EnumDisplayDevicesA
ValidateRect
RegisterClassExA
TrackPopupMenu
GetMenuItemID
GetSubMenu
LoadStringA
LoadMenuA
SetMenuDefaultItem
IsClipboardFormatAvailable
RegisterClipboardFormatA
SetWindowLongA
SetCursorPos
RedrawWindow
GetCursorPos
CloseClipboard
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
GetClipboardOwner
EndPaint
DestroyWindow
SetCursor
GetDlgItemInt
GetSystemMenu
SetTimer
GetWindowRect
PostQuitMessage
IsIconic
FillRect
SendNotifyMessageA
KillTimer
GetFocus
LoadIconA
InvalidateRgn
wsprintfA
GetClientRect
SetFocus
RegisterWindowMessageA
BeginPaint
GetDC
SetDlgItemInt
GetWindowTextA
SetRect
MessageBoxA
InvalidateRect
CreateWindowExA
ReleaseDC
EnableMenuItem
ChangeClipboardChain
DefWindowProcA
SetWindowPos
ShowWindow
CreatePopupMenu
GetSysColorBrush
DrawMenuBar
AppendMenuA
IsWindow
ShowScrollBar
PostMessageA
AdjustWindowRectEx
ScrollWindowEx
SetWindowTextA
UpdateWindow
DestroyMenu
LoadCursorA
SetClipboardViewer
SetScrollInfo
CheckMenuItem
RegisterClassA
MoveWindow
GetKeyboardLayoutNameA
SendMessageA
GetWindowLongA
GetDlgItem
GetDlgItemTextA
DestroyAcceleratorTable
CreateAcceleratorTableA
TranslateAcceleratorA
SetForegroundWindow
EndDialog
LoadImageA
DialogBoxParamA
SetDlgItemTextA
wvsprintfA
CharToOemA
OemToCharA
GetParent

gdi32

DeleteDC
SetStretchBltMode
SelectPalette
RealizePalette
CombineRgn
CreatePalette
SetDIBColorTable
SetBrushOrgEx
StretchBlt
GetDeviceCaps
GetStockObject
CreateRectRgnIndirect
Rectangle
CreatePen
SetBkMode
CreateFontA
SetTextColor
LineTo
MoveToEx
CreatePolygonRgn
SetROP2
UpdateColors
BitBlt
CreateDIBSection
DeleteObject
SelectObject
CreateCompatibleDC
CreateRectRgn
CreateSolidBrush

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
IsValidAcl
OpenProcessToken
GetKernelObjectSecurity
GetSecurityDescriptorLength
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
AdjustTokenPrivileges
IsValidSecurityDescriptor
GetSecurityDescriptorSacl
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
LookupPrivilegeValueA
GetSecurityDescriptorControl
RegSetValueExA

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHFileOperationA
Shell_NotifyIconA
SHGetFolderPathA

imm32

ImmAssociateContext

Sections

.text
Size: 689KB - Virtual size: 688KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 474KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_5_/RemoteControl/uvnc/XP/winvnc.exe
.exe windows:6 windows x86 arch:x86

e38d0ace7fc61e9c365036dc71be4d22

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:4f:40:ed:c7:0c:dd:e5:a0:56:f5:57:3a:a3:09:50
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/08/2013, 00:00

Not After

11/10/2016, 23:59

Subject

CN=uvnc bvba,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:4a:df:e8:13:41:39:3e:c3:d0:57:b4:fb:9c:fa:44:8d:20:2d:9b
Signer

Actual PE Digest

7e:4a:df:e8:13:41:39:3e:c3:d0:57:b4:fb:9c:fa:44:8d:20:2d:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

L:\UltraVNC_INSTALL_VS2013\ultravnc_test2\UltraVNC Project Root\UltraVNC\winvnc\Release\winvnc.pdb

Imports

ws2_32

gethostname
inet_ntoa
getsockname
send
getpeername
WSAIoctl
select
WSAGetLastError
gethostbyname
shutdown
setsockopt
WSACleanup
bind
__WSAFDIsSet
getsockopt
listen
accept
connect
WSAStartup
inet_addr
htonl
htons
recv
socket
closesocket

winmm

timeSetEvent
PlaySoundA
timeGetTime
timeKillEvent

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

userenv

ExpandEnvironmentStringsForUserA
CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

SetLastError
Process32First
SetEvent
WaitNamedPipeW
WriteFile
GetSystemDirectoryW
LoadLibraryW
CreateEventA
GetExitCodeProcess
ReadFile
CreateFileW
Process32Next
OpenEventA
WaitForMultipleObjects
lstrcatW
CreateToolhelp32Snapshot
OutputDebugStringA
GetVersionExA
GetCurrentProcessId
GetEnvironmentVariableA
SetCurrentDirectoryA
SetFileAttributesA
ResumeThread
TryEnterCriticalSection
ResetEvent
CreateFileA
GetFileSize
CompareFileTime
GetFileTime
SetFilePointer
MoveFileExA
SetEndOfFile
SetErrorMode
SystemTimeToFileTime
SetFileTime
GetDriveTypeA
GetFileAttributesA
FileTimeToSystemTime
FlushFileBuffers
CreateDirectoryA
GetLogicalDriveStringsA
MoveFileA
GetSystemTime
GetCurrentThread
VirtualFreeEx
ReadProcessMemory
CreateProcessA
TerminateProcess
SetThreadPriority
VirtualAllocEx
TerminateThread
FindResourceA
LoadResource
CreateMutexA
LockResource
AllocConsole
OpenFileMappingA
GetStdHandle
WriteConsoleA
GlobalDeleteAtom
GlobalGetAtomNameA
GlobalAddAtomA
SetProcessShutdownParameters
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
LoadLibraryExW
ExitThread
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
GetCurrentDirectoryA
SetEnvironmentVariableA
RtlUnwind
GetCPInfo
SetFilePointerEx
GetTimeZoneInformation
ReadConsoleW
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetCommandLineA
SetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
TlsFree
TlsAlloc
DuplicateHandle
ReleaseSemaphore
CreateSemaphoreA
TlsSetValue
TlsGetValue
GetFileType
lstrcatA
lstrcmpiA
GetProcessHeap
HeapFree
HeapAlloc
lstrcpynA
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetLocalTime
GetVolumeInformationA
GetLocaleInfoA
SetVolumeLabelA
DosDateTimeToFileTime
GetFullPathNameA
lstrcpyA
FormatMessageA
ReleaseMutex
IsValidCodePage
GetACP
GetOEMCP
GetStringTypeW
CreateFileMappingA
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
GetPrivateProfileStructA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
OpenProcess
WritePrivateProfileSectionA
WritePrivateProfileStructA
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
WinExec
GetLastError
GetComputerNameA
GetVersion
GetSystemInfo
lstrlenA
DeleteFileA
GetTempPathA
FindNextFileA
FindClose
FindFirstFileA
FreeLibrary
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcessTimes
InitializeCriticalSection
GetSystemTimeAsFileTime
GetTickCount
GetCurrentProcess
CreateThread
CloseHandle
Sleep
GetCurrentThreadId
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GlobalFree
GlobalUnlock
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalSize
GetModuleFileNameW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
SetEnvironmentVariableW
GetFileAttributesExW
SetFileAttributesW
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
MoveFileExW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
GetFullPathNameW
GetStartupInfoW
GetModuleHandleW
SizeofResource
RemoveDirectoryW

user32

TrackPopupMenu
GetMenuItemID
GetSubMenu
LoadMenuA
EnableMenuItem
RemoveMenu
SetMenuDefaultItem
DestroyMenu
EnableWindow
ToAscii
GetAsyncKeyState
MapVirtualKeyA
VkKeyScanA
IsIconic
DestroyWindow
PostThreadMessageA
SendNotifyMessageA
WaitMessage
PeekMessageA
ChangeClipboardChain
SetClipboardViewer
GetClipboardOwner
EnumDesktopWindows
GetClassNameA
OpenDesktopA
FillRect
DrawTextA
WaitForInputIdle
FindWindowExA
WindowFromPoint
RegisterWindowMessageA
EnumWindows
IsDlgButtonChecked
GetWindowTextA
SetRect
IsWindow
IsWindowVisible
EndPaint
DrawIconEx
BeginPaint
GetUpdateRect
IntersectRect
DestroyIcon
PtInRect
GetKeyboardState
SetActiveWindow
MessageBeep
FlashWindow
ChangeDisplaySettingsExA
keybd_event
GetKeyState
EnumDisplaySettingsA
ScreenToClient
GetWindowRect
SendDlgItemMessageA
SetForegroundWindow
LoadStringA
GetClientRect
SetFocus
GetScrollInfo
InvalidateRect
GetDlgItem
EndDialog
CheckDlgButton
SetDlgItemInt
GetDlgItemInt
GetProcessWindowStation
GetIconInfo
GetCursorPos
SetWindowTextA
GetDlgItemTextA
DialogBoxParamA
SetDlgItemTextA
MoveWindow
ExitWindowsEx
GetDesktopWindow
wsprintfA
GetWindowThreadProcessId
SystemParametersInfoA
GetForegroundWindow
MessageBoxA
SendMessageA
PostMessageA
FindWindowA
mouse_event
GetMessageA
GetUserObjectInformationA
SetTimer
RegisterClassExA
PostQuitMessage
GetThreadDesktop
KillTimer
LoadIconA
OpenInputDesktop
CloseDesktop
TranslateMessage
SetWindowLongA
GetWindowLongA
CreateWindowExA
DefWindowProcA
SetWindowPos
ShowWindow
SetThreadDesktop
DispatchMessageA
GetSystemMetrics
LoadImageA
AdjustWindowRect
LoadCursorA
IsRectEmpty
GetDC
ReleaseDC
CloseClipboard
IsClipboardFormatAvailable
RegisterClipboardFormatA
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
OemToCharA
CharToOemA
wvsprintfA

gdi32

GetBitmapBits
SetTextColor
SetBkColor
GdiFlush
CreatePalette
RealizePalette
SelectPalette
CreateFontIndirectA
GetObjectA
ExtEscape
GetSystemPaletteEntries
GetRgnBox
GetRegionData
SetRectRgn
PtInRegion
CombineRgn
OffsetRgn
CreateRectRgn
PatBlt
StretchBlt
CreateDCA
SetBkMode
GetClipBox
GetStockObject
CreateSolidBrush
BitBlt
DeleteDC
GetPixel
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
GetDIBits
SetDIBColorTable
CreateDIBSection
GetDeviceCaps

advapi32

GetSecurityDescriptorLength
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSecurityDescriptor
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
GetSecurityDescriptorControl
GetKernelObjectSecurity
IsValidAcl
RegCreateKeyA
SetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetServiceStatus
RegDeleteValueA
QueryServiceStatus
RegCreateKeyExA
RegDeleteKeyA
CreateServiceA
RegisterServiceCtrlHandlerA
DeleteService
StartServiceCtrlDispatcherA
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueA
SetTokenInformation
FreeSid
RevertToSelf
AllocateAndInitializeSid
ImpersonateLoggedOnUser
EqualSid
GetTokenInformation
OpenProcessToken
CreateProcessAsUserA
RegSetValueExA
QueryServiceConfigA
OpenSCManagerA
EnumServicesStatusA
CloseServiceHandle
LookupAccountSidA
OpenServiceA
GetUserNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

SHAppBarMessage
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

imm32

ImmGetDefaultIMEWnd

Sections

.text
Size: 830KB - Virtual size: 829KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 760KB - Virtual size: 759KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_5_/RemoteControl/uvnc/uvnc_settings.exe
.exe windows:5 windows x86 arch:x86

a9ea2106838ba087f6c156cc0e582f8b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:4f:40:ed:c7:0c:dd:e5:a0:56:f5:57:3a:a3:09:50
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/08/2013, 00:00

Not After

11/10/2016, 23:59

Subject

CN=uvnc bvba,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

89:93:a9:66:b7:ef:21:1c:69:53:ef:57:30:7c:96:bc:1e:63:c9:70
Signer

Actual PE Digest

89:93:a9:66:b7:ef:21:1c:69:53:ef:57:30:7c:96:bc:1e:63:c9:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

L:\UltraVNC_INSTALL_VS2013\ultravnc_test2\UltraVNC Project Root\UltraVNC\uvnc_settings\Release\uvnc_settings.pdb

Imports

comctl32

InitCommonControlsEx
ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
DeleteFileA
CreateEventA
WaitForSingleObject
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetPrivateProfileStructA
WritePrivateProfileStructA
InterlockedIncrement
LocalFree
FormatMessageA
lstrlenA
LocalAlloc
FindClose
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
FindNextFileA
InterlockedDecrement
CreateThread
GetModuleFileNameA
FindFirstFileA
Sleep
CreateDirectoryA

user32

EnableWindow
GetDlgItem
SendMessageA
SetForegroundWindow
SetWindowLongA
GetWindowLongA
MessageBoxA
EnumDisplaySettingsA
DestroyWindow
SetWindowPos
MapWindowPoints
GetWindowRect
CreateDialogParamA
LoadStringA
DialogBoxParamA
IsDlgButtonChecked
CheckDlgButton
wsprintfA
SetFocus
ShowWindow
GetWindowTextA
SetWindowTextA
GetDlgItemTextA
GetDlgItemInt
SetDlgItemTextA
SetDlgItemInt
EndDialog
SendDlgItemMessageA

gdi32

DeleteDC
CreateDCA

advapi32

StartServiceA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerA

shell32

ShellExecuteA

ole32

CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx

oleaut32

SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysFreeString
SysAllocString

msvcr90

srand
rand
??_V@YAXPAX@Z
??_U@YAPAXI@Z
strrchr
sprintf
strcpy_s
??2@YAPAXI@Z
vsprintf
strncat
_stricmp
sprintf_s
strncpy
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_time64
free
malloc
??3@YAXPAX@Z
memset
_CxxThrowException
__CxxFrameHandler3
_itoa
memcpy

iphlpapi

GetAdaptersInfo

ws2_32

WSACleanup
WSAStartup

msvcp90

??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_5_/RemoteControl/uvnc/vncviewer.exe
.exe windows:6 windows x86 arch:x86

83582c9b1fc7b8859001a44b345d0d92

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:4f:40:ed:c7:0c:dd:e5:a0:56:f5:57:3a:a3:09:50
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/08/2013, 00:00

Not After

11/10/2016, 23:59

Subject

CN=uvnc bvba,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:64:51:d6:70:97:3d:20:30:14:72:63:de:ff:76:14:a7:80:cd:e4
Signer

Actual PE Digest

6d:64:51:d6:70:97:3d:20:30:14:72:63:de:ff:76:14:a7:80:cd:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

L:\UltraVNC_INSTALL_VS2013\ultravnc_test2\UltraVNC Project Root\UltraVNC\vncviewer\Release\vncviewer.pdb

Imports

comctl32

ImageList_ReplaceIcon
ord6
CreateToolbarEx
InitCommonControlsEx
ImageList_Create
ord17

winmm

timeGetTime
timeSetEvent
timeKillEvent
PlaySoundA

ws2_32

getpeername
connect
inet_addr
select
WSACleanup
WSAStartup
accept
htons
shutdown
setsockopt
socket
__WSAFDIsSet
closesocket
gethostbyname
send
listen
WSAAsyncSelect
bind
recv
WSAGetLastError
ioctlsocket

kernel32

FindNextFileA
GetTempPathA
DeleteFileA
lstrcpyA
CreateFileA
SetFilePointer
lstrlenA
MoveFileExA
SetEndOfFile
SetErrorMode
SystemTimeToFileTime
CompareFileTime
SetFileTime
WriteFile
GetDriveTypeA
InitializeCriticalSection
GetFileAttributesA
LeaveCriticalSection
FileTimeToSystemTime
ReadFile
FlushFileBuffers
CreateDirectoryA
GetLogicalDriveStringsA
lstrcmpiA
EnterCriticalSection
MoveFileA
GetFileTime
DeleteCriticalSection
FileTimeToLocalFileTime
MulDiv
AllocConsole
GetStdHandle
WriteConsoleA
OutputDebugStringA
GetComputerNameA
GetVersionExA
DeleteFileW
GetStringTypeW
SetFileAttributesW
CreateFileW
SetEnvironmentVariableW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
CreateDirectoryW
GetFileAttributesExW
GetModuleFileNameW
FindClose
GetModuleHandleW
GetStartupInfoW
TlsFree
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
GetModuleFileNameA
SetLastError
GetOEMCP
GetACP
IsValidCodePage
HeapSize
RaiseException
LoadLibraryExW
ExitThread
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
RtlUnwind
GetCPInfo
SetFilePointerEx
ReadConsoleW
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetCommandLineA
AreFileApisANSI
GetModuleHandleExW
ExitProcess
SetStdHandle
GetTimeZoneInformation
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
TlsAlloc
DuplicateHandle
GetCurrentThreadId
SetThreadPriority
CreateSemaphoreA
TlsSetValue
GetCurrentThread
TlsGetValue
GetFileType
lstrcatA
ReleaseMutex
CreateMutexA
GetProcessHeap
HeapFree
GetCurrentProcess
HeapAlloc
lstrcpynA
LocalFileTimeToFileTime
GetVersion
GetLocalTime
SetFileAttributesA
GetVolumeInformationA
GetLocaleInfoA
SetVolumeLabelA
DosDateTimeToFileTime
GetFullPathNameA
QueryPerformanceFrequency
QueryPerformanceCounter
UnhandledExceptionFilter
LoadLibraryA
CopyFileA
GetProcAddress
FindFirstFileA
FreeLibrary
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
GlobalSize
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalUnlock
RemoveDirectoryW
GetPrivateProfileIntA
GlobalAlloc
GlobalLock
CreateThread
ResumeThread
LocalFree
CloseHandle
GetLastError
Beep
CreateEventA
Sleep
FormatMessageA
GetTickCount
SetEvent
WaitForSingleObject
GetModuleHandleA
GetCurrentDirectoryW
MoveFileExW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
GetFullPathNameW

user32

ReleaseCapture
CallWindowProcA
GetCaretBlinkTime
GetMessageA
PostThreadMessageA
CallNextHookEx
GetForegroundWindow
SetWindowsHookExA
GetWindowThreadProcessId
ToAscii
GetKeyState
keybd_event
VkKeyScanW
GetKeyboardState
ToUnicode
SetWindowRgn
LoadBitmapA
PtInRect
SetCaretBlinkTime
GetDesktopWindow
GetMenuStringA
ModifyMenuA
SendDlgItemMessageA
DrawTextA
GetWindowTextLengthA
TranslateMessage
PeekMessageA
SendMessageTimeoutA
GetMenuItemCount
DispatchMessageA
GetComboBoxInfo
EnableWindow
DestroyIcon
EnumDisplaySettingsExA
MonitorFromPoint
GetScrollInfo
SetCapture
ScreenToClient
LoadKeyboardLayoutA
IsDlgButtonChecked
GetMonitorInfoA
SystemParametersInfoA
GetSystemMetrics
EnumDisplayDevicesA
ValidateRect
RegisterClassExA
TrackPopupMenu
GetMenuItemID
GetSubMenu
LoadStringA
LoadMenuA
SetMenuDefaultItem
IsClipboardFormatAvailable
RegisterClipboardFormatA
SetWindowLongA
SetCursorPos
RedrawWindow
GetCursorPos
CloseClipboard
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
GetClipboardOwner
EndPaint
DestroyWindow
SetCursor
GetDlgItemInt
GetSystemMenu
SetTimer
GetWindowRect
PostQuitMessage
IsIconic
FillRect
SendNotifyMessageA
KillTimer
GetFocus
LoadIconA
InvalidateRgn
wsprintfA
GetClientRect
SetFocus
RegisterWindowMessageA
BeginPaint
GetDC
SetDlgItemInt
GetWindowTextA
SetRect
MessageBoxA
InvalidateRect
CreateWindowExA
ReleaseDC
EnableMenuItem
ChangeClipboardChain
DefWindowProcA
SetWindowPos
ShowWindow
CreatePopupMenu
GetSysColorBrush
DrawMenuBar
AppendMenuA
IsWindow
ShowScrollBar
PostMessageA
AdjustWindowRectEx
ScrollWindowEx
SetWindowTextA
UpdateWindow
DestroyMenu
LoadCursorA
SetClipboardViewer
SetScrollInfo
CheckMenuItem
RegisterClassA
MoveWindow
GetKeyboardLayoutNameA
SendMessageA
GetWindowLongA
GetDlgItem
GetDlgItemTextA
DestroyAcceleratorTable
CreateAcceleratorTableA
TranslateAcceleratorA
SetForegroundWindow
EndDialog
LoadImageA
DialogBoxParamA
SetDlgItemTextA
wvsprintfA
CharToOemA
OemToCharA
GetParent

gdi32

DeleteDC
SetStretchBltMode
SelectPalette
RealizePalette
CombineRgn
CreatePalette
SetDIBColorTable
SetBrushOrgEx
StretchBlt
GetDeviceCaps
GetStockObject
CreateRectRgnIndirect
Rectangle
CreatePen
SetBkMode
CreateFontA
SetTextColor
LineTo
MoveToEx
CreatePolygonRgn
SetROP2
UpdateColors
BitBlt
CreateDIBSection
DeleteObject
SelectObject
CreateCompatibleDC
CreateRectRgn
CreateSolidBrush

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
IsValidAcl
OpenProcessToken
GetKernelObjectSecurity
GetSecurityDescriptorLength
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
AdjustTokenPrivileges
IsValidSecurityDescriptor
GetSecurityDescriptorSacl
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
LookupPrivilegeValueA
GetSecurityDescriptorControl
RegSetValueExA

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHFileOperationA
Shell_NotifyIconA
SHGetFolderPathA

imm32

ImmAssociateContext

Sections

.text
Size: 689KB - Virtual size: 688KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 474KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_5_/RemoteControl/uvnc/winvnc.exe
.exe windows:6 windows x86 arch:x86

e38d0ace7fc61e9c365036dc71be4d22

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:4f:40:ed:c7:0c:dd:e5:a0:56:f5:57:3a:a3:09:50
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/08/2013, 00:00

Not After

11/10/2016, 23:59

Subject

CN=uvnc bvba,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:4a:df:e8:13:41:39:3e:c3:d0:57:b4:fb:9c:fa:44:8d:20:2d:9b
Signer

Actual PE Digest

7e:4a:df:e8:13:41:39:3e:c3:d0:57:b4:fb:9c:fa:44:8d:20:2d:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

L:\UltraVNC_INSTALL_VS2013\ultravnc_test2\UltraVNC Project Root\UltraVNC\winvnc\Release\winvnc.pdb

Imports

ws2_32

gethostname
inet_ntoa
getsockname
send
getpeername
WSAIoctl
select
WSAGetLastError
gethostbyname
shutdown
setsockopt
WSACleanup
bind
__WSAFDIsSet
getsockopt
listen
accept
connect
WSAStartup
inet_addr
htonl
htons
recv
socket
closesocket

winmm

timeSetEvent
PlaySoundA
timeGetTime
timeKillEvent

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

userenv

ExpandEnvironmentStringsForUserA
CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

SetLastError
Process32First
SetEvent
WaitNamedPipeW
WriteFile
GetSystemDirectoryW
LoadLibraryW
CreateEventA
GetExitCodeProcess
ReadFile
CreateFileW
Process32Next
OpenEventA
WaitForMultipleObjects
lstrcatW
CreateToolhelp32Snapshot
OutputDebugStringA
GetVersionExA
GetCurrentProcessId
GetEnvironmentVariableA
SetCurrentDirectoryA
SetFileAttributesA
ResumeThread
TryEnterCriticalSection
ResetEvent
CreateFileA
GetFileSize
CompareFileTime
GetFileTime
SetFilePointer
MoveFileExA
SetEndOfFile
SetErrorMode
SystemTimeToFileTime
SetFileTime
GetDriveTypeA
GetFileAttributesA
FileTimeToSystemTime
FlushFileBuffers
CreateDirectoryA
GetLogicalDriveStringsA
MoveFileA
GetSystemTime
GetCurrentThread
VirtualFreeEx
ReadProcessMemory
CreateProcessA
TerminateProcess
SetThreadPriority
VirtualAllocEx
TerminateThread
FindResourceA
LoadResource
CreateMutexA
LockResource
AllocConsole
OpenFileMappingA
GetStdHandle
WriteConsoleA
GlobalDeleteAtom
GlobalGetAtomNameA
GlobalAddAtomA
SetProcessShutdownParameters
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
LoadLibraryExW
ExitThread
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
GetCurrentDirectoryA
SetEnvironmentVariableA
RtlUnwind
GetCPInfo
SetFilePointerEx
GetTimeZoneInformation
ReadConsoleW
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetCommandLineA
SetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
TlsFree
TlsAlloc
DuplicateHandle
ReleaseSemaphore
CreateSemaphoreA
TlsSetValue
TlsGetValue
GetFileType
lstrcatA
lstrcmpiA
GetProcessHeap
HeapFree
HeapAlloc
lstrcpynA
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetLocalTime
GetVolumeInformationA
GetLocaleInfoA
SetVolumeLabelA
DosDateTimeToFileTime
GetFullPathNameA
lstrcpyA
FormatMessageA
ReleaseMutex
IsValidCodePage
GetACP
GetOEMCP
GetStringTypeW
CreateFileMappingA
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
GetPrivateProfileStructA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
OpenProcess
WritePrivateProfileSectionA
WritePrivateProfileStructA
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
WinExec
GetLastError
GetComputerNameA
GetVersion
GetSystemInfo
lstrlenA
DeleteFileA
GetTempPathA
FindNextFileA
FindClose
FindFirstFileA
FreeLibrary
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcessTimes
InitializeCriticalSection
GetSystemTimeAsFileTime
GetTickCount
GetCurrentProcess
CreateThread
CloseHandle
Sleep
GetCurrentThreadId
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GlobalFree
GlobalUnlock
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalSize
GetModuleFileNameW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
SetEnvironmentVariableW
GetFileAttributesExW
SetFileAttributesW
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
MoveFileExW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
GetFullPathNameW
GetStartupInfoW
GetModuleHandleW
SizeofResource
RemoveDirectoryW

user32

TrackPopupMenu
GetMenuItemID
GetSubMenu
LoadMenuA
EnableMenuItem
RemoveMenu
SetMenuDefaultItem
DestroyMenu
EnableWindow
ToAscii
GetAsyncKeyState
MapVirtualKeyA
VkKeyScanA
IsIconic
DestroyWindow
PostThreadMessageA
SendNotifyMessageA
WaitMessage
PeekMessageA
ChangeClipboardChain
SetClipboardViewer
GetClipboardOwner
EnumDesktopWindows
GetClassNameA
OpenDesktopA
FillRect
DrawTextA
WaitForInputIdle
FindWindowExA
WindowFromPoint
RegisterWindowMessageA
EnumWindows
IsDlgButtonChecked
GetWindowTextA
SetRect
IsWindow
IsWindowVisible
EndPaint
DrawIconEx
BeginPaint
GetUpdateRect
IntersectRect
DestroyIcon
PtInRect
GetKeyboardState
SetActiveWindow
MessageBeep
FlashWindow
ChangeDisplaySettingsExA
keybd_event
GetKeyState
EnumDisplaySettingsA
ScreenToClient
GetWindowRect
SendDlgItemMessageA
SetForegroundWindow
LoadStringA
GetClientRect
SetFocus
GetScrollInfo
InvalidateRect
GetDlgItem
EndDialog
CheckDlgButton
SetDlgItemInt
GetDlgItemInt
GetProcessWindowStation
GetIconInfo
GetCursorPos
SetWindowTextA
GetDlgItemTextA
DialogBoxParamA
SetDlgItemTextA
MoveWindow
ExitWindowsEx
GetDesktopWindow
wsprintfA
GetWindowThreadProcessId
SystemParametersInfoA
GetForegroundWindow
MessageBoxA
SendMessageA
PostMessageA
FindWindowA
mouse_event
GetMessageA
GetUserObjectInformationA
SetTimer
RegisterClassExA
PostQuitMessage
GetThreadDesktop
KillTimer
LoadIconA
OpenInputDesktop
CloseDesktop
TranslateMessage
SetWindowLongA
GetWindowLongA
CreateWindowExA
DefWindowProcA
SetWindowPos
ShowWindow
SetThreadDesktop
DispatchMessageA
GetSystemMetrics
LoadImageA
AdjustWindowRect
LoadCursorA
IsRectEmpty
GetDC
ReleaseDC
CloseClipboard
IsClipboardFormatAvailable
RegisterClipboardFormatA
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
OemToCharA
CharToOemA
wvsprintfA

gdi32

GetBitmapBits
SetTextColor
SetBkColor
GdiFlush
CreatePalette
RealizePalette
SelectPalette
CreateFontIndirectA
GetObjectA
ExtEscape
GetSystemPaletteEntries
GetRgnBox
GetRegionData
SetRectRgn
PtInRegion
CombineRgn
OffsetRgn
CreateRectRgn
PatBlt
StretchBlt
CreateDCA
SetBkMode
GetClipBox
GetStockObject
CreateSolidBrush
BitBlt
DeleteDC
GetPixel
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
GetDIBits
SetDIBColorTable
CreateDIBSection
GetDeviceCaps

advapi32

GetSecurityDescriptorLength
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSecurityDescriptor
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
GetSecurityDescriptorControl
GetKernelObjectSecurity
IsValidAcl
RegCreateKeyA
SetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetServiceStatus
RegDeleteValueA
QueryServiceStatus
RegCreateKeyExA
RegDeleteKeyA
CreateServiceA
RegisterServiceCtrlHandlerA
DeleteService
StartServiceCtrlDispatcherA
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueA
SetTokenInformation
FreeSid
RevertToSelf
AllocateAndInitializeSid
ImpersonateLoggedOnUser
EqualSid
GetTokenInformation
OpenProcessToken
CreateProcessAsUserA
RegSetValueExA
QueryServiceConfigA
OpenSCManagerA
EnumServicesStatusA
CloseServiceHandle
LookupAccountSidA
OpenServiceA
GetUserNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

SHAppBarMessage
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

imm32

ImmGetDefaultIMEWnd

Sections

.text
Size: 830KB - Virtual size: 829KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 760KB - Virtual size: 759KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_5_/SabreVPNPatch/AbacusWin8_7_Vista_Patch_Jul2013.exe
.exe windows:4 windows x86 arch:x86

690c9e79bb34f8d71799aa65a51d3c5d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageA
GetSystemDefaultLCID
GetProcAddress
GetTempFileNameA
MulDiv
CreateProcessA
WaitForSingleObject
GetStartupInfoA
IsDBCSLeadByte
Sleep
CompareStringA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
FreeLibrary
RemoveDirectoryA
FindNextFileA
WritePrivateProfileSectionA
WritePrivateProfileStringA
lstrcpynA
GetPrivateProfileSectionA
WriteFile
DeleteFileA
LocalAlloc
LockResource
LoadResource
FindResourceA
SizeofResource
GetModuleHandleA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MultiByteToWideChar
lstrcmpiA
GetDiskFreeSpaceA
HeapAlloc
GetProcessHeap
HeapFree
GetModuleFileNameA
ExitProcess
CreateFileA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFileAttributesA
GetFileSize
ReadFile
SetFilePointer
FindFirstFileA
CreateDirectoryA
GetLastError
GetPrivateProfileStringA
FindClose
GetFileAttributesA
lstrcatA
lstrlenA
GetWindowsDirectoryA
lstrcpyA
GetSystemDirectoryA
GetTempPathA
MoveFileExA
LoadLibraryA
LocalFree
GetShortPathNameA
FlushFileBuffers
CloseHandle
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersion
GetCommandLineA
RtlUnwind

user32

GetParent
GetDlgItem
SendDlgItemMessageA
EnableWindow
CheckRadioButton
SetWindowTextA
GetWindowTextA
LoadStringA
LoadImageA
MessageBoxA
IsDlgButtonChecked
GetDlgItemTextA
SetDlgItemTextA
ReleaseDC
GetDC
GetWindowLongA
SetFocus
PostMessageA
GetWindow
wsprintfA
GetDesktopWindow
DestroyWindow
CreateDialogParamA
DispatchMessageA
TranslateMessage
GetSysColor
GetSysColorBrush
FillRect
BeginPaint
DrawTextA
EndPaint
GetClientRect
ScreenToClient
MoveWindow
SetParent
MapDialogRect
GetNextDlgTabItem
GetWindowRect
CreateDialogIndirectParamA
IsWindow
InvalidateRect
IsWindowEnabled
ShowWindow
UpdateWindow
IsDialogMessageA
SetWindowPos
GetActiveWindow
SetActiveWindow
CharNextA
LoadIconA
SendMessageA
PeekMessageA
SetWindowLongA

gdi32

DeleteObject
CreatePalette
RealizePalette
GetDeviceCaps
CreateDIBitmap
GetObjectA
SelectPalette
EnumFontFamiliesExA
GetTextExtentPointA
GetStockObject
TextOutA
DeleteDC
SelectObject
CreateCompatibleDC
SetBkMode
BitBlt
SetTextColor
CreateSolidBrush
SetBkColor
CreateFontIndirectA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

lz32

LZOpenFileA
LZCopy
LZClose

comctl32

ord17

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_5_/SocketTest.exe
.exe windows:4 windows x86 arch:x86

b706b34a090a559944f77064d3ab45af

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:01:6e:8d:8b:2b:4c:17:c9:f1:d1:34:67:01:a9:24
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/07/2014, 00:00

Not After

17/07/2016, 23:59

Subject

CN=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,O=ABACUS DISTRIBUTION SYSTEMS (HONG KONG) LTD,POSTALCODE=852,STREET=UNIT 811-818\, TOWER 1+STREET=388 TONG ROAD\, KWUN TONG\, KOWLOON+STREET=MILLENNIUM CITY 1,L=HONG KONG,ST=HONG KONG,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3b:f4:04:26:38:dc:5d:f6:b0:63:5f:f2:f8:ea:28:71:2c:e5:42:ec
Signer

Actual PE Digest

3b:f4:04:26:38:dc:5d:f6:b0:63:5f:f2:f8:ea:28:71:2c:e5:42:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaNextEachVar
__vbaFreeObjList
ord516
ord517
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord519
ord626
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
__vbaVargVarCopy
_adj_fdiv_m32
ord666
__vbaAryDestruct
ord669
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord520
__vbaStrFixstr
__vbaFPFix
__vbaVargVar
__vbaBoolVarNull
_CIsin
ord632
__vbaVargVarMove
ord525
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaObjVar
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
__vbaInStrVar
ord717
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord644
ord537
__vbaExitEachVar
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaLateMemCall
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
__vbaUnkVar
ord616
__vbaVarCopy
__vbaVarLateMemCallLd
ord617
__vbaLateMemCallLd
__vbaVarSetObjAddref
_CIatan
__vbaCastObj
__vbaStrMove
ord618
__vbaForEachVar
_allmul
_CItan
ord546
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_5_/market.txt

Sharing

Errors

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

67:01:6e:8d:8b:2b:4c:17:c9:f1:d1:34:67:01:a9:24Certificate

Extended Key Usages

Key Usages

5b:fd:15:d7:ff:a0:d6:77:6c:fd:75:cb:3a:8a:f1:37:88:32:9d:40Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 26KB - Virtual size: 26KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 24KB

UPX1 Size: 5KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 348B

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 1024B - Virtual size: 984B

b5ed5b3a951d4443ce56e5453702d536

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 11KB

.reloc Size: 7KB - Virtual size: 7KB

ad060a25ce7277c27044f635eef0ab1c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

29:dc:ff:19:70:ee:b7:24:2d:d4:5b:a6:56:b9:ed:6fCertificate

Extended Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

67:01:6e:8d:8b:2b:4c:17:c9:f1:d1:34:67:01:a9:24
Certificate

5b:fd:15:d7:ff:a0:d6:77:6c:fd:75:cb:3a:8a:f1:37:88:32:9d:40
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 26KB - Virtual size: 26KB

UPX0
Size: - Virtual size: 24KB

UPX1
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 1024B - Virtual size: 984B

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 7KB - Virtual size: 7KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

29:dc:ff:19:70:ee:b7:24:2d:d4:5b:a6:56:b9:ed:6f
Certificate

05:4d:86:e3:fc:67:ae:70:0e:11:04:1c:20:bc:2c:ec:bc:9f:9d:49
Signer

.text
Size: 44KB - Virtual size: 43KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 28KB - Virtual size: 25KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

67:01:6e:8d:8b:2b:4c:17:c9:f1:d1:34:67:01:a9:24
Certificate

3c:18:d3:0e:6c:09:30:43:9c:46:fb:71:72:25:1f:f8:16:a2:f4:db
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 26KB - Virtual size: 26KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 671KB - Virtual size: 670KB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 52KB - Virtual size: 51KB

.reloc
Size: 512B - Virtual size: 12B