2dc4c306da01adebbc2304f3d82d009bc3ca4a097209e4f6dd5400ef4f93cbc8

Sharing

Copy URL

Twitter E-mail

General

Target

2dc4c306da01adebbc2304f3d82d009bc3ca4a097209e4f6dd5400ef4f93cbc8
Size

14.5MB
MD5

917e42dbfd2d1d578f09f5bbddf6b1f7
SHA1

9c5b7b61d9b894b67316105b1b270aef6ae09717
SHA256

2dc4c306da01adebbc2304f3d82d009bc3ca4a097209e4f6dd5400ef4f93cbc8
SHA512

9f47b14742e5b891036b545b2739ff03ad2d39abd9251fd69a059fd0aadba88d5509eeecb3f91062d0f8e60181d39dd81828420346be0ed4a063151f1dd5a341
SSDEEP

393216:wk3xanAglS90KZCMYhKcVKRW1JKjaR7nB:l3xajlg0KZu8ayWRzB

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/HShield/Update/autoup.exe	upx
static1/unpack004/$PLUGINSDIR/AhnRpt.exe	upx

Unsigned PE 26 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/HShield/AhnUpGS.dll
unpack001/HShield/AspINet.dll
unpack001/HShield/Bz32Ex.dll
unpack001/HShield/HSInst.dll
unpack004/$PLUGINSDIR/PackAPI.dll
unpack001/HShield/V3InetGS.dll
unpack001/HShield/asc/asc_com.dll
unpack001/HShield/asc/asc_dh.dll
unpack001/HShield/asc/asc_fse.dll
unpack001/HShield/asc/asc_intg.dll
unpack001/HShield/asc/asc_mmgr.dll
unpack001/HShield/asc/asc_unp.dll
unpack001/HShield/asc/fse_base.dll
unpack001/HShield/asc/fse_fact.dll
unpack001/HShield/asc/fse_pe.dll
unpack001/HShield/asc/gfs_base.dll
unpack001/HShield/asc/gfs_fact.dll
unpack001/HShield/asc/gfs_file.dll
unpack001/HShield/asc/gfs_mem.dll
unpack001/HShield/asc/gfs_os.dll
unpack001/HShield/asc/gfs_proc.dll
unpack001/HShield/asc/gfs_util.dll
unpack001/HShield/ehsvc.dll
unpack001/HShield/mspatcha.dll
unpack001/HShield/psapi.dll
unpack001/ðյHS[״Ϸ].exe

NSIS installer 4 IoCs

installer

Processes:

resource	yara_rule
static1/unpack003/ahnrpt.ex-	nsis_installer_1
static1/unpack003/ahnrpt.ex-	nsis_installer_2
static1/unpack001/HShield/ahnrpt.exe	nsis_installer_1
static1/unpack001/HShield/ahnrpt.exe	nsis_installer_2

Files

2dc4c306da01adebbc2304f3d82d009bc3ca4a097209e4f6dd5400ef4f93cbc8
.zip
HShield/3n.mhe
HShield/AhnUpCtl.dll
.dll windows:4 windows x86 arch:x86

8085f207588e60ec09a5ff8065c39ac6

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:eb:81:eb:87:d1:bf:6b:d8:94:8a:76:60:e5:7d:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11-10-2006 00:00

Not After

11-10-2007 23:59

Subject

CN=AhnLab Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information System Team,O=AhnLab Inc.,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetDriveTypeA
GetWindowsDirectoryA
lstrcpynA
lstrcpyA
lstrcmpA
GetSystemDirectoryA
GetModuleHandleA
lstrcatA
lstrlenA
GetCurrentProcess
GetModuleFileNameA
FatalAppExitA
TlsAlloc
TerminateProcess
SetEndOfFile
GetFileAttributesA
SetFileAttributesA
GetUserDefaultLangID
GetDateFormatA
SetLastError
GetTimeFormatA
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetLastError
DeleteFileA
MoveFileA
GetCommandLineA
GetVersion
RtlUnwind
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetVersionExA
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetLocaleInfoW
GetCurrentThreadId
TlsSetValue
CreateFileA
TlsFree
TlsGetValue
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
HeapSize
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetStringTypeA
GetStringTypeW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
ReadFile
FlushFileBuffers
CloseHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA

user32

wsprintfA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegOpenKeyA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

AhnUpCtl_GetInfo
AhnUpCtl_GetInfo2
AhnUpCtl_GetInstalledAndNeighborsPdList
AhnUpCtl_GetInstalledPdCount
AhnUpCtl_GetInstalledPdList
AhnUpCtl_GetMainFile
AhnUpCtl_GetPdList
AhnUpCtl_GetSection
AhnUpCtl_GetSubPdList
AhnUpCtl_GetText
AhnUpCtl_GetType

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/AhnUpGS.dll
.dll windows:4 windows x86 arch:x86

05f9018ee7e090741b1aa1ba14b15317

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenFileMappingA
FileTimeToSystemTime
MapViewOfFile
FileTimeToLocalFileTime
FreeLibrary
GetProcAddress
LoadLibraryA
ReadFile
LocalFree
OutputDebugStringA
LocalAlloc
lstrcpyA
lstrcatA
FormatMessageA
GetSystemInfo
GetModuleHandleA
GetVersionExA
GlobalMemoryStatus
GetCurrentProcess
GetCurrentThread
GetDiskFreeSpaceA
GetVolumeInformationA
GetDriveTypeA
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
WaitForSingleObject
Sleep
UnmapViewOfFile
GetFileSize
DeleteFileA
CopyFileA
CreateFileA
LocalFileTimeToFileTime
SetFileTime
CloseHandle
FindFirstFileA
FindNextFileA
FindClose
SetFileAttributesA
RemoveDirectoryA
CreateDirectoryA
GetLastError
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetEndOfFile
SetConsoleCtrlHandler
GetStringTypeW
SetLastError
lstrlenA
lstrcpynA
SetStdHandle
GetStringTypeA
GetComputerNameA
FlushFileBuffers
IsBadWritePtr
GetModuleFileNameA
InitializeCriticalSection
IsBadReadPtr
GetUserDefaultLCID
IsBadCodePtr
GetLocaleInfoA
IsValidCodePage
EnumSystemLocalesA
GetTimeZoneInformation
GetOEMCP
IsValidLocale
GetCPInfo
SetFilePointer
GetFileAttributesA
HeapFree
HeapAlloc
RtlUnwind
CreateThread
GetCurrentThreadId
ExitThread
InterlockedDecrement
InterlockedIncrement
RaiseException
GetLocalTime
GetCommandLineA
GetVersion
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
LCMapStringA
GetACP
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
TerminateProcess
HeapSize
UnhandledExceptionFilter
WideCharToMultiByte
MultiByteToWideChar
GetFileType
LCMapStringW
SetUnhandledExceptionFilter
WriteFile
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW

user32

LoadStringA
GetSystemMetrics
wsprintfA
wvsprintfA

advapi32

OpenThreadToken
OpenProcessToken
FreeSid
LookupAccountSidA
AllocateAndInitializeSid
EqualSid
RegQueryValueExA
RegCloseKey
GetTokenInformation
RegOpenKeyExA

v3inetgs

?Initialize@V3INetEx@@QAEHXZ
?RegisterInterface@V3INetEx@@QAEHPAVAbsInterface@@@Z
?Close@V3INetEx@@QAEHXZ
?GetFile@V3INetEx@@QAEKPAUINTERNET_CONNECT_INFO@@PAU__V3INETDATA__@@J@Z
??1V3INetEx@@QAE@XZ
??0V3INetEx@@QAE@XZ

v3hunt

V3Net_GetFileVersion
V3Net_IsFileEqual
V3Net_GetCount
V3Net_GetFileTime
V3Net_CloseHandle
V3Net_GetUpdateData2
V3Net_CompareFileInfo2
V3Net_SetDestFullPath
V3Net_GetAt
V3Net_CompareFileInfo

bz32ex

ord101

ahnupctl

AhnUpCtl_GetText
AhnUpCtl_GetInfo
AhnUpCtl_GetSection

aspinet

AIN_OpenSessionIndirect
AIN_DownloadFile
AIN_CloseSession

Exports

Exports

?DownloadFile@@YAJPBD00PAUUD_STATUS@@JPAXH@Z
?UpdateProgress@@YAHKKJ@Z
AhnUp_ClearPatchURL
AhnUp_DoIt
AhnUp_GetPatchPath
AhnUp_GetPatchURL
AhnUp_SetDefaultPatchURL
AhnUp_SetPatchURL

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/AspINet.dll
.dll windows:4 windows x86 arch:x86

6e5f9376b0c1335bb79db6e3bcbdecfd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GlobalSize
SetStdHandle
CompareStringW
CompareStringA
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
SetEnvironmentVariableA
DeleteCriticalSection
VirtualAlloc
LCMapStringW
LCMapStringA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetACP
HeapSize
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
TerminateProcess
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
FindResourceA
LoadResource
LockResource
GetFullPathNameA
WritePrivateProfileStringA
CreateThread
CreateEventA
GetFileAttributesA
SetCurrentDirectoryA
GetCommandLineA
GetModuleFileNameA
Sleep
GetProfileStringA
MulDiv
CreateFileA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
SetEvent
GlobalAlloc
WaitForSingleObject
CloseHandle
GetCurrentThreadId
ExitProcess
GetModuleHandleA
GetProcAddress
LoadLibraryA
GlobalFree
FreeLibrary
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GlobalFlags
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
SetLastError
lstrcpynA
InitializeCriticalSection
GetVersionExA
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindFirstFileA
FindNextFileA
FindClose
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetVolumeInformationA
GetTickCount
GlobalUnlock
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
IsBadWritePtr
HeapAlloc

user32

GetWindowRect
SendMessageA
GetWindowLongA
GetSystemMetrics
RedrawWindow
InvalidateRect
SetWindowLongA
GetSysColor
EnableWindow
wsprintfA
IsWindowVisible
FillRect
OffsetRect
GetClientRect
PtInRect
SetParent
GetParent
LoadCursorA
IsRectEmpty
IsWindow
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
PostMessageA
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
GetFocus
TranslateMessage
LoadIconA
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetSubMenu
EnableMenuItem
GetDC
ReleaseDC
SetForegroundWindow
EqualRect
ValidateRect
GetDlgCtrlID
EnumDisplaySettingsA
LoadImageA
MessageBoxA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
DrawFrameControl
DrawEdge
DrawFocusRect
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetMessageA
DispatchMessageA
SetCursor
GetKeyState
SetRectEmpty
RegisterClipboardFormatA
ClientToScreen
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
DestroyWindow
GetWindowTextA
GetWindowTextLengthA
GetDlgItem
ChildWindowFromPointEx
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
CharUpperA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetNextDlgTabItem
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
CreateDialogIndirectParamA
EndDialog
GetClassNameA
GetDesktopWindow
UnregisterClassA
GetSysColorBrush
LoadStringA
WindowFromPoint
GetCursorPos
SetCursorPos
GetMenu
SetMenu
PeekMessageA
IsIconic
SetActiveWindow
DestroyMenu
SetFocus
SetWindowPos
GetActiveWindow
GetTopWindow
GetWindow
IsChild
DestroyAcceleratorTable
DestroyCursor
SetWindowRgn
UpdateWindow
GetMessagePos
ScreenToClient

gdi32

CreatePalette
SelectPalette
RealizePalette
GetDIBits
SetBkColor
StartDocA
CreatePolygonRgn
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
SetStretchBltMode
StretchBlt
CreateDIBitmap
GetClipRgn
SelectClipRgn
DeleteObject
LPtoDP
CreateRectRgnIndirect
DeleteDC
EndDoc
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
StartPage
EndPage
CreateCompatibleBitmap
CreateDCA
GetDeviceCaps
DPtoLP
CreateBitmap
CreateCompatibleDC
SelectObject
BitBlt
GetObjectA
CreatePen
PatBlt
Rectangle
Ellipse
RoundRect
CombineRgn
CreateRectRgn
FillRgn
GetCurrentObject
GetTextExtentPoint32A
CreateSolidBrush
GetStockObject
CreateFontIndirectA
GetTextMetricsA
GetClipBox
SetTextColor
SaveDC
RestoreDC
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
LineTo
MoveToEx
ExcludeClipRect
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
GetSystemPaletteEntries

winmm

waveOutReset
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutUnprepareHeader
waveOutPause
waveOutWrite
waveOutPrepareHeader

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
RegCloseKey
RegQueryValueA
RegOpenKeyExA
RegSetValueExA

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

OleInitialize
OleUninitialize
CLSIDFromString

oleaut32

LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

comctl32

ord17
ImageList_Destroy

ws2_32

getpeername
accept
WSACleanup
closesocket
WSAAsyncSelect
inet_ntoa
recvfrom
ioctlsocket
recv

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA

Exports

Exports

AIN_Cancel
AIN_CloseObject
AIN_CloseSession
AIN_DownloadFile
AIN_DownloadFiles
AIN_GetLastError
AIN_GetUserParam
AIN_OpenObject
AIN_OpenSession
AIN_OpenSessionIndirect
AIN_SetUserParam

Sections

.text
Size: 484KB - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/Bz32Ex.dll
.dll windows:4 windows x86 arch:x86

18a7e7e93efbc40f1a84deb884e477f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

ungetc
_iob
fclose
fread
fopen
sprintf
strncpy
fwrite
free
exit
strncmp
strstr
signal
remove
fflush
strerror
_errno
fprintf
fgetc
perror
_stat
malloc
_pctype
__mb_cur_max
_isctype
getenv
_initterm
_adjust_fdiv
__dllonexit
_onexit
_isatty
_fileno
_setmode
_fdopen

Exports

Exports

Bz32Ex_FileCompress
Bz32Ex_FileExtract

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 878B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/HSInst.dll
.dll windows:4 windows x86 arch:x86

f2bc3a8a14ce7711c87550abd401ef46

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
WriteFile
GetModuleHandleA
GetModuleFileNameA
GetVersionExA
MultiByteToWideChar
LocalFree
lstrcpynA
CreateFileA
SetFilePointer
ReadFile
CloseHandle
lstrcpyA
lstrcmpiA
lstrcmpA
FormatMessageA
GetProcAddress
GetProcessHeap
RtlUnwind
GetCPInfo
GetACP
ExitProcess
SetStdHandle
FatalAppExitA
LoadLibraryA
GetUserDefaultLCID
SetConsoleCtrlHandler
GetLocaleInfoA
IsValidCodePage
EnumSystemLocalesA
GetStringTypeW
GetStringTypeA
IsValidLocale
LCMapStringA
UnhandledExceptionFilter
LCMapStringW
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadCodePtr
EnterCriticalSection
IsBadWritePtr
VirtualAlloc
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
FlushFileBuffers
lstrlenA
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
InitializeCriticalSection
DeleteCriticalSection
GetEnvironmentVariableA
LeaveCriticalSection
VirtualFree
HeapSize
HeapCreate
HeapDestroy
GetOEMCP
Sleep
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
HeapReAlloc
FreeEnvironmentStringsA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW

user32

SetWindowTextA
SetWindowLongA
LoadStringA
wsprintfA
GetWindowPlacement
CreateWindowExA
GetWindowLongA
SendMessageA
GetClientRect
SetWindowPos
GetSystemMetrics
IsWindow
ShowWindow
CreateDialogParamA
CopyImage
DestroyWindow
GetWindowRect
LoadImageA
SystemParametersInfoA
InvalidateRect

gdi32

GetStockObject
SelectObject
SetBkMode
SetTextColor
CreateFontA
DeleteObject
CreateCompatibleDC
GetObjectA
BitBlt
StretchBlt

oleaut32

OleLoadPicturePath

comctl32

ord17

winmm

timeGetTime

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/HSUpdate.env
HShield/HSUpdate.exe
.exe windows:4 windows x86 arch:x86

273b774a75d0c550434d1822b745c8f8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:1f:15:c8:b8:92:25:b9:bb:ff:e9:23:24:1a:6a:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06-10-2009 00:00

Not After

06-10-2010 23:59

Subject

CN=AhnLab\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AhnLab\, Inc.,L=Yeongdeungpo-gu\ ,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

73:c9:d4:e7:2b:aa:a0:7f:3f:3f:64:b6:a5:1d:21:09:fd:7a:1c:3e
Signer

Actual PE Digest

73:c9:d4:e7:2b:aa:a0:7f:3f:3f:64:b6:a5:1d:21:09:fd:7a:1c:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

ResumeThread
TerminateProcess
lstrcpyA
CreateProcessA
GetSystemInfo
GetVersionExA
GetCurrentProcessId
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
GetModuleHandleA
WriteFile
HeapFree
HeapAlloc
GetProcessHeap
CreateThread
LocalAlloc
OpenFileMappingA
GetCommandLineA
GetProcAddress
FreeLibrary
LoadLibraryA
OpenEventA
OutputDebugStringA
Sleep
lstrcatA
GlobalMemoryStatus
GetComputerNameA
GetCurrentProcess
GetCurrentThread
GetDiskFreeSpaceA
GetVolumeInformationA
GetDriveTypeA
CreateEventA
SetEvent
CreateMutexA
GetLastError
WaitForSingleObject
CloseHandle
GetTickCount
lstrcmpiA
lstrcmpA
FormatMessageA
LocalFree
lstrcpynA
lstrlenA
CompareStringA
CompareStringW
SetEnvironmentVariableA
UnmapViewOfFile
MapViewOfFile
FindFirstFileA
GetFullPathNameA
HeapDestroy
GetEnvironmentVariableA
GetTimeZoneInformation
FileTimeToLocalFileTime
HeapCreate
CreateDirectoryA
SetEndOfFile
FindClose
FlushFileBuffers
SetStdHandle
SetConsoleCtrlHandler
GetStringTypeA
LCMapStringW
GetStringTypeW
MultiByteToWideChar
IsBadCodePtr
LCMapStringA
SetUnhandledExceptionFilter
GetFileType
IsBadReadPtr
SetHandleCount
GetEnvironmentStringsW
GetStdHandle
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
SetCurrentDirectoryA
GetCurrentDirectoryA
RtlUnwind
GetFileAttributesA
ExitProcess
GetLocalTime
GetStartupInfoA
GetVersion
FileTimeToSystemTime
GetCPInfo
IsBadWritePtr
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetACP
GetOEMCP
HeapSize

user32

LoadStringA
SendMessageA
LoadCursorA
wsprintfA
RegisterClassA
GetParent
LoadIconA
MessageBoxA
CreateWindowExA
SetWindowPos
ShowWindow
BeginPaint
DefWindowProcA
EndPaint
IsWindow
PostQuitMessage
IsDialogMessageA
DispatchMessageA
GetMessageA
GetWindowPlacement
GetSystemMetrics
wvsprintfA
SystemParametersInfoA
GetWindowRect
TranslateMessage
GetClientRect

gdi32

GetStockObject

advapi32

RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegCloseKey
GetTokenInformation
OpenProcessToken
OpenThreadToken
LookupAccountSidA
FreeSid
EqualSid
AllocateAndInitializeSid

winmm

timeGetTime

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HShield/MapleStory.exe
.exe windows:4 windows x86 arch:x86

915f9a5fd30700701d8d140f24889442

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:be:5e:fd:84:d8:bc:69:5c:b6:12:a1:13:a2:49:53
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

15-05-2008 07:27

Not After

15-05-2010 07:27

Subject

CN=NEXON Corp.,OU=Development Department,O=NEXON Corp.,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocalTime

Exports

Exports

ZtlTaskMemAllocImp
ZtlTaskMemFreeImp
ZtlTaskMemReallocImp

Sections

Size: 2.8MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 996KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tpuaozxc
Size: 792KB - Virtual size: 792KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jtrppsow
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uvrwsdpb
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HShield/Update/ahn.ui
HShield/Update/ahni2.dll
.dll windows:4 windows x86 arch:x86

080c76bc1e295545b7cc2bca97569823

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:eb:81:eb:87:d1:bf:6b:d8:94:8a:76:60:e5:7d:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11-10-2006 00:00

Not After

11-10-2007 23:59

Subject

CN=AhnLab Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information System Team,O=AhnLab Inc.,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
DeleteFileA
GetLocalTime
GetWindowsDirectoryA
GetDriveTypeA
lstrcmpiA
GetDateFormatA
FindClose
FindFirstFileA
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
GetModuleHandleA
GetCurrentProcess
SetEndOfFile
GetFileSize
CloseHandle
SetFilePointer
SetFileAttributesA
WriteFile
ReadFile
SetLastError
lstrlenA
lstrcpynA
CreateDirectoryA
GetLastError

user32

CharPrevA
CharNextA
IsCharAlphaNumericA

advapi32

RegDeleteValueA
RegCreateKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumValueA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msvcrt

memset
rand
_mbsnbcmp
strcpy
srand
_snprintf
memcpy
_mbsnbicmp
free
wcslen
malloc
strlen
??3@YAXPAX@Z
abs
_mbsnbcpy
strcat
atol
_mbschr
atoi
sprintf
_mbsnicmp
__dllonexit
_onexit
_initterm
_adjust_fdiv
time

Exports

Exports

AhnInst2_AddUpdateProduct
AhnInst2_ConcealSerial
AhnInst2_DeleteUserInfo
AhnInst2_DeleteUserInfoEx
AhnInst2_EnDeSecData
AhnInst2_GetDaysLeft
AhnInst2_GetInstallVersion
AhnInst2_GetSecProfileInt
AhnInst2_GetSecProfileString
AhnInst2_GetTDaysLeft
AhnInst2_GetTValidDuration
AhnInst2_GetUserInfo
AhnInst2_GetUserInfoEx
AhnInst2_InvalidSerialNum
AhnInst2_IsT
AhnInst2_IsTOver
AhnInst2_OpUserInfo
AhnInst2_RebuildSerial
AhnInst2_RemoveUpdateProduct
AhnInst2_SecFree
AhnInst2_SecMalloc
AhnInst2_SetUserInfo
AhnInst2_SetUserInfoEx
AhnInst2_UpdateUserInfo
AhnInst2_WriteSecProfileInt
AhnInst2_WriteSecProfileString

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/Update/ahnupctl.dll
.dll windows:4 windows x86 arch:x86

8085f207588e60ec09a5ff8065c39ac6

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:eb:81:eb:87:d1:bf:6b:d8:94:8a:76:60:e5:7d:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11-10-2006 00:00

Not After

11-10-2007 23:59

Subject

CN=AhnLab Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information System Team,O=AhnLab Inc.,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetDriveTypeA
GetWindowsDirectoryA
lstrcpynA
lstrcpyA
lstrcmpA
GetSystemDirectoryA
GetModuleHandleA
lstrcatA
lstrlenA
GetCurrentProcess
GetModuleFileNameA
FatalAppExitA
TlsAlloc
TerminateProcess
SetEndOfFile
GetFileAttributesA
SetFileAttributesA
GetUserDefaultLangID
GetDateFormatA
SetLastError
GetTimeFormatA
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetLastError
DeleteFileA
MoveFileA
GetCommandLineA
GetVersion
RtlUnwind
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetVersionExA
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetLocaleInfoW
GetCurrentThreadId
TlsSetValue
CreateFileA
TlsFree
TlsGetValue
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
HeapSize
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetStringTypeA
GetStringTypeW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
ReadFile
FlushFileBuffers
CloseHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA

user32

wsprintfA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegOpenKeyA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

AhnUpCtl_GetInfo
AhnUpCtl_GetInfo2
AhnUpCtl_GetInstalledAndNeighborsPdList
AhnUpCtl_GetInstalledPdCount
AhnUpCtl_GetInstalledPdList
AhnUpCtl_GetMainFile
AhnUpCtl_GetPdList
AhnUpCtl_GetSection
AhnUpCtl_GetSubPdList
AhnUpCtl_GetText
AhnUpCtl_GetType

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/Update/autoup.exe
.exe windows:4 windows x86 arch:x86

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:eb:81:eb:87:d1:bf:6b:d8:94:8a:76:60:e5:7d:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11-10-2006 00:00

Not After

11-10-2007 23:59

Subject

CN=AhnLab Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information System Team,O=AhnLab Inc.,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 328KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 173KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HShield/Update/patch/39/ahn.ui
HShield/Update/patch/39/ahnrpt.ex-
.bz2
ahnrpt.ex-
.exe windows:4 windows x86 arch:x86

15a0f1d644e443ffc57a495d97f7c764

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:ff:4c:bb:36:84:a2:14:eb:a5:4b:dc:d2:ce:51:2a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

06-10-2008 00:00

Not After

06-10-2009 23:59

Subject

CN=AhnLab\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information System Team,O=AhnLab\, Inc.,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:cc:35:31:48:3b:dd:1c:44:64:d3:4b:3f:2c:44:b3:56:97:46:5e
Signer

Actual PE Digest

33:cc:35:31:48:3b:dd:1c:44:64:d3:4b:3f:2c:44:b3:56:97:46:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

ScreenToClient
GetWindowRect
CreateDialogParamA
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
EndDialog
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ExitWindowsEx
DestroyWindow
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
OpenClipboard
CharNextA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AhnRpt.exe
.exe windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:ff:4c:bb:36:84:a2:14:eb:a5:4b:dc:d2:ce:51:2a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

06-10-2008 00:00

Not After

06-10-2009 23:59

Subject

CN=AhnLab\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information System Team,O=AhnLab\, Inc.,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

75:29:7a:ea:5c:e1:31:9a:33:2f:54:18:78:c7:bf:1a:0f:23:99:e7
Signer

Actual PE Digest

75:29:7a:ea:5c:e1:31:9a:33:2f:54:18:78:c7:bf:1a:0f:23:99:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 488KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 265KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/PackAPI.dll
.dll windows:4 windows x86 arch:x86

9e1cb78c23287aaa2e1ad23f5c3cda3f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetVersionExA
lstrcmpA
lstrcmpiA
lstrcpynA
GlobalAlloc
GlobalFree
lstrcpyA
SetEnvironmentVariableA

Exports

Exports

CheckOS
IsWinOrLater
PreUnload
SetEnvStr

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 189B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/Update/patch/39/ahnrpt.in-
.bz2
ahnrpt.in-
HShield/Update/patch/39/bldinfo.in-
.bz2
bldinfo.in-
HShield/Update/patch/39/ehsvc.dl-
.bz2
ehsvc.dl-
.dll windows:4 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:1f:15:c8:b8:92:25:b9:bb:ff:e9:23:24:1a:6a:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06-10-2009 00:00

Not After

06-10-2010 23:59

Subject

CN=AhnLab\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AhnLab\, Inc.,L=Yeongdeungpo-gu\ ,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:ac:a2:3b:22:13:82:48:c2:b0:49:e6:0f:05:a7:75:ab:98:6f:cf
Signer

Actual PE Digest

64:ac:a2:3b:22:13:82:48:c2:b0:49:e6:0f:05:a7:75:ab:98:6f:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Exports

Exports

1
10
12
13
14
15
16
17
18
19
2
20
21
22
23
24
25
26
3
4
5
6
7
8
9

Sections

Size: 408KB - Virtual size: 904KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 452KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

alfadcme
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

samyrnvf
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HShield/Update/patch/39/hshield.da-
.bz2
hshield.da-
HShield/Update/patch/39/hslogmgr.ex-
.bz2
HShield/Update/patch/39/psapi.dl-
.bz2
HShield/Update/patch/39/update/hsupdate.ex-
.bz2
HShield/Update/supdate.log
HShield/Update/supdate2.log
HShield/Update/user.dat
HShield/Update/v3bz32.dll
.dll windows:4 windows x86 arch:x86

d9981f712091463ac76aa9bfe651486e

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:69:14:df:22:57:c9:be:ed:25:a7:90:c5:df:c3:50
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

26-01-2006 07:02

Not After

24-02-2008 11:25

Subject

CN=AhnLab\, Inc.,OU=R & D,O=AhnLab\, Inc.,L=Kangnamgu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
CloseHandle
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
RaiseException
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime

msvcrt

strncmp
fseek
fread
fclose
fopen
free
memset
malloc
_iob
strchr
fwrite
fflush
fprintf
fputc
fgetc
remove
perror
_stat
strcpy
strlen
exit
strcmp
signal
strcat
mktime
localtime
memcpy
_except_handler3
_initterm
_adjust_fdiv
__dllonexit
_onexit
_setmode
_fileno
_isatty
_chmod

Exports

Exports

V3BZ32_FileCompress
V3BZ32_FileExtract

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/Update/win/e/b/b_echo_sl/asc_com.dl-
.bz2
HShield/Update/win/e/b/b_echo_sl/asc_dh.dl-
.bz2
HShield/Update/win/e/b/b_echo_sl/asc_fse.dl-
.bz2
HShield/Update/win/e/b/b_echo_sl/asc_intg.dl-
.bz2
HShield/Update/win/e/b/b_echo_sl/asc_mmgr.dl-
.bz2
HShield/Update/win/e/b/b_echo_sl/asc_unp.dl-
.bz2
HShield/Update/win/e/b/b_echo_sl/fse_base.dl-
.bz2
HShield/Update/win/e/b/b_echo_sl/fse_fact.dl-
.bz2
HShield/Update/win/e/b/b_echo_sl/fse_pe.dl-
.bz2
HShield/Update/win/e/b/b_echo_sl/gfs_base.dl-
.bz2
HShield/Update/win/e/b/b_echo_sl/gfs_fact.dl-
.bz2
HShield/Update/win/e/b/b_echo_sl/gfs_file.dl-
.bz2
HShield/Update/win/e/b/b_echo_sl/gfs_mem.dl-
.bz2
HShield/Update/win/e/b/b_echo_sl/gfs_os.dl-
.bz2
HShield/Update/win/e/b/b_echo_sl/gfs_proc.dl-
.bz2
HShield/Update/win/e/b/b_echo_sl/gfs_util.dl-
.bz2
HShield/Update/win/e/b/b_sign_hs/0asc.sc-
.bz2
HShield/Update/win/e/b/b_sign_hs/0sccure.sc-
.bz2
HShield/Update/win/e/b/b_sign_hs/0sgame.sc-
.bz2
HShield/Update/win/e/b/b_sign_hs/0spe3f.sc-
.bz2
HShield/Update/win/e/b/b_sign_hs/moduler.sc-
.bz2
HShield/Update/win/e/b/b_sign_hs/option.sc-
.bz2
HShield/Update/win/e/b/v3_echo_hs/v3pro32s.dl-
.bz2
HShield/Update/win/e/hs_heuristic/3n.mh-
.bz2
HShield/V3Hunt.dll
.dll windows:4 windows x86 arch:x86

194cb1796f8034dcf928114d34af3dca

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:eb:81:eb:87:d1:bf:6b:d8:94:8a:76:60:e5:7d:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11-10-2006 00:00

Not After

11-10-2007 23:59

Subject

CN=AhnLab Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information System Team,O=AhnLab Inc.,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
lstrcatA
lstrlenA
GetFileSize
ReadFile
lstrcpyA
GetLastError
lstrcmpiA
SetLastError
WaitNamedPipeA
WriteFile
CopyFileA
SetNamedPipeHandleState
CloseHandle
SetEndOfFile
FreeLibrary
GetProcAddress
LoadLibraryA
CallNamedPipeA
TlsAlloc
TlsFree
LocalFree
TlsSetValue
LocalAlloc
TlsGetValue
lstrcpynA
DeleteFileA
SetFileTime
GetComputerNameA
GetFileTime
FileTimeToSystemTime
GetCurrentProcessId
OutputDebugStringA
LocalFileTimeToFileTime
SystemTimeToFileTime
GetWindowsDirectoryA
GetSystemDirectoryA
GetModuleHandleA
GetCurrentProcess
SetFilePointer
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetShortPathNameA
MoveFileExA
CreateDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
FormatMessageA
HeapFree
HeapAlloc
GetModuleFileNameA
GetCommandLineA
FileTimeToLocalFileTime
GetDriveTypeA
GetLocalTime
GetFileType
lstrcmpA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
RtlUnwind
TerminateProcess
HeapSize
GetCurrentThreadId
GetCurrentThread
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetStdHandle
Sleep
InterlockedDecrement
InterlockedIncrement
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
FlushFileBuffers
GetTimeZoneInformation
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetVersion
GetEnvironmentVariableA

user32

LoadStringA
IsCharAlphaA
CharLowerA
wsprintfA
CharNextA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

V3Net_AddArray
V3Net_CheckFileCRC
V3Net_CloseHandle
V3Net_CompareFileInfo
V3Net_CompareFileInfo2
V3Net_CompareFileVersion2
V3Net_GetAt
V3Net_GetCount
V3Net_GetEngineDate
V3Net_GetFileCRC
V3Net_GetFileTime
V3Net_GetFileVersion
V3Net_GetLastErrorMessage
V3Net_GetUpdateCfg
V3Net_GetUpdateData
V3Net_GetUpdateData2
V3Net_IsFileEqual
V3Net_IsFileEqual2
V3Net_IsFileValid
V3Net_RemoveAt
V3Net_RemoveFileCRC
V3Net_SetAt
V3Net_SetDestFullPath
V3Net_UpdateFromFolder
V3Net_UpdateFromNT
V3Net_WriteFileCRC

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/V3InetGS.dll
.dll windows:4 windows x86 arch:x86

f1c034572ffc449557a21e2ef9553b1a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
DeleteFileA
Sleep
LocalFree
SetEvent
OutputDebugStringA
LocalAlloc
lstrcpyA
CreateEventA
CloseHandle
ResetEvent
GetLastError
FormatMessageA
GetModuleFileNameA
lstrlenA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection

user32

wvsprintfA
wsprintfA

wininet

InternetOpenA
InternetSetStatusCallback
InternetReadFileExA
InternetReadFile
InternetOpenUrlA
HttpQueryInfoA
FtpGetFileA
FtpOpenFileA
InternetQueryDataAvailable
InternetCloseHandle
InternetConnectA
InternetGetLastResponseInfoA

msvcrt

strchr
??2@YAPAXI@Z
malloc
sprintf
_stat
_stricmp
_adjust_fdiv
_initterm
__CxxFrameHandler
fopen
free
_strdate
_strtime
_purecall
??3@YAXPAX@Z
strncpy
_except_handler3
fclose
fwrite

Exports

Exports

??0V3INetEx@@QAE@XZ
??1V3INetEx@@QAE@XZ
??4V3INetEx@@QAEAAV0@ABV0@@Z
?Cancel@V3INetEx@@QAEHXZ
?Close@V3INetEx@@QAEHXZ
?GetFile@V3INetEx@@QAEKPAUINTERNET_CONNECT_INFO@@PAU__V3INETDATA__@@J@Z
?Initialize@V3INetEx@@QAEHXZ
?RegisterInterface@V3INetEx@@QAEHPAVAbsInterface@@@Z
?fnV3INetEx@@YAHXZ
?nV3INetEx@@3HA

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/afs.dat
HShield/ahnrpt.exe
.exe windows:4 windows x86 arch:x86

15a0f1d644e443ffc57a495d97f7c764

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:ff:4c:bb:36:84:a2:14:eb:a5:4b:dc:d2:ce:51:2a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

06-10-2008 00:00

Not After

06-10-2009 23:59

Subject

CN=AhnLab\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information System Team,O=AhnLab\, Inc.,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:cc:35:31:48:3b:dd:1c:44:64:d3:4b:3f:2c:44:b3:56:97:46:5e
Signer

Actual PE Digest

33:cc:35:31:48:3b:dd:1c:44:64:d3:4b:3f:2c:44:b3:56:97:46:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

ScreenToClient
GetWindowRect
CreateDialogParamA
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
EndDialog
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ExitWindowsEx
DestroyWindow
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
OpenClipboard
CharNextA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HShield/ahnrpt.ini
HShield/asc/0asc.scd
HShield/asc/0sccure.scd
HShield/asc/0sgame.scd
HShield/asc/0spe3f.scd
HShield/asc/asc_com.dll
.dll windows:4 windows x86 arch:x86

e958945902eec242eed5b9d4ba65b2cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFullPathNameA
GetFullPathNameW
GetLastError
CreateFileA
GetVersionExA
CloseHandle
ReadFile
WriteFile
SetFilePointer
GetFileSize
SetEndOfFile
GetFileType
DeleteFileA
MoveFileA
SetFileAttributesA
GetFileAttributesA
FindClose
FindFirstFileA
SetFileTime
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCurrentThreadId
GetTempPathA
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
DisableThreadLibraryCalls

msvcrt

_iob
fopen
_vsnwprintf
_vsnprintf
fprintf
fflush
fwrite
fseek
sprintf
fclose
atoi
_ultoa
memset
_rotl
_rotr
wcscpy
wcsncpy
wcscat
wcsncat
wcscmp
wcsncmp
wcschr
wcsrchr
wcslen
wcsspn
wcspbrk
wcsstr
wcstoul
strcpy
strncpy
strcat
strncat
strcmp
strncmp
strchr
strrchr
strlen
strspn
strcspn
strpbrk
memcpy
memmove
memcmp
strstr
memchr
strtoul
malloc
free
_initterm
_adjust_fdiv
__dllonexit
_onexit
ftell
_wcsnicmp
_strnicmp
_stricmp

Exports

Exports

GetExPluginSpec
GetExportSpec
GetImPluginSpec
GetImportSpec
GetModuleId
GetModuleVersion
MMApplyUpdate
MMFinalize
MMFiniThread
MMGetDate
MMGetVersion
MMInitThread
MMInitialize
MMUpdateModules

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/asc/asc_dh.dll
.dll windows:4 windows x86 arch:x86

cb5d8e6d5cb075eeb8e5838726699142

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
__dllonexit
_onexit
malloc
_initterm
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

GetExPluginSpec
GetExportSpec
GetImPluginSpec
GetImportSpec
GetModuleId
GetModuleVersion
MMApplyUpdate
MMFinalize
MMFiniThread
MMGetDate
MMGetVersion
MMInitThread
MMInitialize
MMUpdateModules

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/asc/asc_fse.dll
.dll windows:4 windows x86 arch:x86

cb5d8e6d5cb075eeb8e5838726699142

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
__dllonexit
_onexit
malloc
_initterm
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

GetExPluginSpec
GetExportSpec
GetImPluginSpec
GetImportSpec
GetModuleId
GetModuleVersion
MMApplyUpdate
MMFinalize
MMFiniThread
MMGetDate
MMGetVersion
MMInitThread
MMInitialize
MMUpdateModules

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 238B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/asc/asc_intg.dll
.dll windows:4 windows x86 arch:x86

b5e0f5b4411a147e546ecdf14970f820

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
GetSystemDirectoryA
DisableThreadLibraryCalls

msvcrt

free
_adjust_fdiv
__dllonexit
_onexit
malloc
_initterm

Exports

Exports

GetExPluginSpec
GetExportSpec
GetImPluginSpec
GetImportSpec
GetModuleId
GetModuleVersion
MMApplyUpdate
MMFinalize
MMFiniThread
MMGetDate
MMGetVersion
MMInitThread
MMInitialize
MMUpdateModules

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/asc/asc_mmgr.dll
.dll windows:4 windows x86 arch:x86

d09a1f9ad1ec2f17257f7d9940ba97ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetTempPathA
MoveFileA
DeleteFileA
LoadLibraryA
FreeLibrary
GetProcAddress
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameA
GetFullPathNameW
GetLastError
CreateFileA
GetVersionExA
CloseHandle
ReadFile
WriteFile
SetFilePointer
GetFileSize
SetEndOfFile
GetFileType
SetFileAttributesA
GetFileAttributesA
FindClose
FindFirstFileA
SetFileTime
GetCurrentDirectoryA
SetCurrentDirectoryA
DisableThreadLibraryCalls

msvcrt

fprintf
fflush
fwrite
fseek
sprintf
fopen
fclose
ftell
strcpy
strncpy
strcat
strncat
strcmp
strncmp
strchr
strrchr
strlen
strspn
strcspn
strpbrk
memset
memcpy
memmove
memcmp
strstr
memchr
strtoul
malloc
free
_rotl
_rotr
_vsnprintf
wcscpy
wcsncpy
wcscat
wcsncat
wcscmp
wcsncmp
wcschr
wcsrchr
wcslen
wcsspn
wcspbrk
wcsstr
wcstoul
_initterm
_adjust_fdiv
__dllonexit
_onexit
_iob
_strnicmp
_stricmp
_wcsnicmp

Exports

Exports

GetExPluginSpec
GetExportSpec
GetImPluginSpec
GetImportSpec
GetModuleId
GetModuleVersion
MMApplyUpdate
MMFinalize
MMFiniThread
MMGetDate
MMGetVersion
MMInitThread
MMInitialize
MMUpdateModules

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/asc/asc_unp.dll
.dll windows:4 windows x86 arch:x86

cb5d8e6d5cb075eeb8e5838726699142

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
__dllonexit
_onexit
malloc
_initterm
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

GetExPluginSpec
GetExportSpec
GetImPluginSpec
GetImportSpec
GetModuleId
GetModuleVersion
MMApplyUpdate
MMFinalize
MMFiniThread
MMGetDate
MMGetVersion
MMInitThread
MMInitialize
MMUpdateModules

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/asc/fse_base.dll
.dll windows:4 windows x86 arch:x86

cb5d8e6d5cb075eeb8e5838726699142

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
__dllonexit
_onexit
malloc
_initterm
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

GetExPluginSpec
GetExportSpec
GetImPluginSpec
GetImportSpec
GetModuleId
GetModuleVersion
MMApplyUpdate
MMFinalize
MMFiniThread
MMGetDate
MMGetVersion
MMInitThread
MMInitialize
MMUpdateModules

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 490B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/asc/fse_fact.dll
.dll windows:4 windows x86 arch:x86

cb5d8e6d5cb075eeb8e5838726699142

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
__dllonexit
_onexit
malloc
_initterm
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

GetExPluginSpec
GetExportSpec
GetImPluginSpec
GetImportSpec
GetModuleId
GetModuleVersion
MMApplyUpdate
MMFinalize
MMFiniThread
MMGetDate
MMGetVersion
MMInitThread
MMInitialize
MMUpdateModules

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/asc/fse_pe.dll
.dll windows:4 windows x86 arch:x86

cb5d8e6d5cb075eeb8e5838726699142

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
__dllonexit
_onexit
malloc
_initterm
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

GetExPluginSpec
GetExportSpec
GetImPluginSpec
GetImportSpec
GetModuleId
GetModuleVersion
MMApplyUpdate
MMFinalize
MMFiniThread
MMGetDate
MMGetVersion
MMInitThread
MMInitialize
MMUpdateModules

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/asc/gfs_base.dll
.dll windows:4 windows x86 arch:x86

cb5d8e6d5cb075eeb8e5838726699142

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
__dllonexit
_onexit
malloc
_initterm
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

GetExPluginSpec
GetExportSpec
GetImPluginSpec
GetImportSpec
GetModuleId
GetModuleVersion
MMApplyUpdate
MMFinalize
MMFiniThread
MMGetDate
MMGetVersion
MMInitThread
MMInitialize
MMUpdateModules

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 354B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/asc/gfs_fact.dll
.dll windows:4 windows x86 arch:x86

cb5d8e6d5cb075eeb8e5838726699142

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
__dllonexit
_onexit
malloc
_initterm
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

GetExPluginSpec
GetExportSpec
GetImPluginSpec
GetImportSpec
GetModuleId
GetModuleVersion
MMApplyUpdate
MMFinalize
MMFiniThread
MMGetDate
MMGetVersion
MMInitThread
MMInitialize
MMUpdateModules

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/asc/gfs_file.dll
.dll windows:4 windows x86 arch:x86

cb5d8e6d5cb075eeb8e5838726699142

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
__dllonexit
_onexit
malloc
_initterm
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

GetExPluginSpec
GetExportSpec
GetImPluginSpec
GetImportSpec
GetModuleId
GetModuleVersion
MMApplyUpdate
MMFinalize
MMFiniThread
MMGetDate
MMGetVersion
MMInitThread
MMInitialize
MMUpdateModules

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/asc/gfs_mem.dll
.dll windows:4 windows x86 arch:x86

cb5d8e6d5cb075eeb8e5838726699142

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
__dllonexit
_onexit
malloc
_initterm
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

GetExPluginSpec
GetExportSpec
GetImPluginSpec
GetImportSpec
GetModuleId
GetModuleVersion
MMApplyUpdate
MMFinalize
MMFiniThread
MMGetDate
MMGetVersion
MMInitThread
MMInitialize
MMUpdateModules

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 466B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/asc/gfs_os.dll
.dll windows:4 windows x86 arch:x86

45db1665e232114b8244401e691b39b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindFirstFileA
FindClose
GetLastError
FindNextFileA
CreateDirectoryA
RemoveDirectoryA
LocalFree
FormatMessageA
GetCurrentDirectoryA
DisableThreadLibraryCalls

msvcrt

free
_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit
_tempnam

Exports

Exports

GetExPluginSpec
GetExportSpec
GetImPluginSpec
GetImportSpec
GetModuleId
GetModuleVersion
MMApplyUpdate
MMFinalize
MMFiniThread
MMGetDate
MMGetVersion
MMInitThread
MMInitialize
MMUpdateModules

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/asc/gfs_proc.dll
.dll windows:4 windows x86 arch:x86

d68e5b4a4692f3ff26bef4b34e9364b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
OpenProcess
LocalFree
FormatMessageA
CloseHandle
ReadProcessMemory
WriteProcessMemory
DisableThreadLibraryCalls

msvcrt

_initterm
_adjust_fdiv
__dllonexit
_onexit
free
malloc

Exports

Exports

GetExPluginSpec
GetExportSpec
GetImPluginSpec
GetImportSpec
GetModuleId
GetModuleVersion
MMApplyUpdate
MMFinalize
MMFiniThread
MMGetDate
MMGetVersion
MMInitThread
MMInitialize
MMUpdateModules

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 374B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/asc/gfs_util.dll
.dll windows:4 windows x86 arch:x86

cb5d8e6d5cb075eeb8e5838726699142

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
__dllonexit
_onexit
malloc
_initterm
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

GetExPluginSpec
GetExportSpec
GetImPluginSpec
GetImportSpec
GetModuleId
GetModuleVersion
MMApplyUpdate
MMFinalize
MMFiniThread
MMGetDate
MMGetVersion
MMInitThread
MMInitialize
MMUpdateModules

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/asc/moduler.scd
HShield/asc/option.scd
HShield/asc_main.dll
.dll windows:4 windows x86 arch:x86

dc64621494916a06cfc3b33effe63d0a

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:e7:65:88:68:ea:97:3e:da:24:e7:ec:91:71:98:ba
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27-04-2012 00:00

Not After

26-06-2014 23:59

Subject

CN=AhnLab\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information System Team,O=AhnLab\, Inc.,L=Seongnam,ST=Gyeounggi,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:ad:48:0b:72:59:6f:43:a3:59:cd:55:e6:f5:d5:41:af:9d:13:86
Signer

Actual PE Digest

0f:ad:48:0b:72:59:6f:43:a3:59:cd:55:e6:f5:d5:41:af:9d:13:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
FindClose
FindFirstFileA
CreateDirectoryA
DeleteFileA
MoveFileA
MoveFileExA
GetTempPathA
GetVersionExA
GetProcAddress
GetModuleHandleA
GetSystemDirectoryA
GetWindowsDirectoryA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LoadLibraryA
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThread
GetFullPathNameW
FindNextFileA
RemoveDirectoryA
SetFileTime
GetFileTime
GetFileSize
SetEndOfFile
SetFilePointer
GetFileType
GetFileAttributesA
CloseHandle
WriteFile
ReadFile
CreateFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetCurrentProcess
SetFileAttributesA
CopyFileA
GetLastError
GetCurrentProcessId
GetFullPathNameA
GetCurrentThreadId
DisableThreadLibraryCalls

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenThreadToken

msvcrt

time
fclose
fwrite
fflush
fprintf
fseek
fopen
_iob
ftell
_rotl
_rotr
strcpy
strncpy
strcat
strncat
strcmp
strncmp
strchr
strrchr
strlen
strspn
strcspn
strpbrk
memset
memcpy
memmove
memcmp
strstr
memchr
strtoul
malloc
free
wcscpy
wcsncpy
wcscat
wcsncat
wcscmp
wcsncmp
wcschr
wcsrchr
wcslen
wcsspn
wcspbrk
wcsstr
wcstoul
atoi
_ultoa
_vsnprintf
_initterm
_adjust_fdiv
__dllonexit
_onexit
localtime
_strnicmp
_stricmp
_wcsnicmp

Exports

Exports

AscAddTraversePathA
AscAddTraversePathW
AscAssignOption
AscCbGetCallbackData
AscCbGetCleanAttributes
AscCbGetCleanStatus
AscCbGetDetectedCodeNum
AscCbGetDetectedInfo
AscCbGetDetectedName
AscCbGetDetectedType
AscCbGetFileFormat
AscCbHowToClean
AscCleanMethodToString
AscCreateEngine
AscCreateOption
AscCreateTraverse
AscDestroyEngine
AscDestroyOption
AscDestroyTraverse
AscFinalize
AscFiniThread
AscGetDate
AscGetDetectedNameWithCodeNum
AscGetEngineCallback
AscGetEngineUserData
AscGetOptionBit
AscGetOptionCallback
AscGetOptionInt
AscGetOptionPointer
AscGetOptionStringA
AscGetOptionStringW
AscGetRiskLevelWithCodeNum
AscGetTraverseState
AscGetVersion
AscGfsDirFinalize
AscGfsDirInitialize
AscGfsFileFinalize
AscGfsFileInitialize
AscGfsFsFinalize
AscGfsFsInitialize
AscGfsSetExternalIO
AscInitThread
AscInitializeA
AscInitializeW
AscIsBufferToScan
AscIsFileToScan
AscScanA
AscScanW
AscSetEngineCallback
AscSetEngineUserData
AscSetOptionBit
AscSetOptionCallback
AscSetOptionInt
AscSetOptionPointer
AscSetOptionStringA
AscSetOptionStringW
AscSetOptionTempPathA
AscSetOptionTempPathW
AscUpdate

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/bldinfo.ini
HShield/ehsvc.dll
.dll windows:5 windows x86 arch:x86

fc7e9f2131998846366a6147b37934ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\hiro\Documents\Visual Studio 2010\Projects\ehsvc_5_6_28\Release\ehsvc.pdb

Imports

kernel32

ReadFile
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

wsprintfW

msvcr100

_lock

imagehlp

ImageEnumerateCertificates

Exports

Exports

10
26
27
28
29
30

Sections

.text
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

9s8a7g90
Size: - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

9s8a7g91
Size: 499KB - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HShield/ehsvc.ini
HShield/ehsvc.old
.dll windows:4 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:1f:15:c8:b8:92:25:b9:bb:ff:e9:23:24:1a:6a:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06-10-2009 00:00

Not After

06-10-2010 23:59

Subject

CN=AhnLab\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AhnLab\, Inc.,L=Yeongdeungpo-gu\ ,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:ac:a2:3b:22:13:82:48:c2:b0:49:e6:0f:05:a7:75:ab:98:6f:cf
Signer

Actual PE Digest

64:ac:a2:3b:22:13:82:48:c2:b0:49:e6:0f:05:a7:75:ab:98:6f:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Exports

Exports

1
10
12
13
14
15
16
17
18
19
2
20
21
22
23
24
25
26
3
4
5
6
7
8
9

Sections

Size: 408KB - Virtual size: 904KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 452KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

alfadcme
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

samyrnvf
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HShield/hshield.dat
HShield/hshield.log
HShield/hslogmgr.exe
.exe .js windows:4 windows x86 arch:x86 polyglot

ca73cd08f4e00c8e817dec4a2cc04b81

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:1f:15:c8:b8:92:25:b9:bb:ff:e9:23:24:1a:6a:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06-10-2009 00:00

Not After

06-10-2010 23:59

Subject

CN=AhnLab\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AhnLab\, Inc.,L=Yeongdeungpo-gu\ ,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:55:75:bb:db:31:f0:ac:dd:d9:9e:23:c5:a2:7b:3a:df:f4:c9:77
Signer

Actual PE Digest

4e:55:75:bb:db:31:f0:ac:dd:d9:9e:23:c5:a2:7b:3a:df:f4:c9:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord561
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord4698
ord5307
ord825
ord815
ord641
ord800
ord818
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord3738
ord5302
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord1146
ord4673
ord567
ord540
ord2863
ord2379
ord755
ord470
ord1200
ord2818
ord6453
ord2486
ord2623
ord860
ord3237
ord3005
ord2135
ord6215
ord4299
ord823
ord4079
ord2725
ord2396
ord5300
ord3346
ord3922
ord5199
ord1089
ord2554
ord5731
ord2512
ord4274
ord4486
ord6375
ord5163
ord6374
ord1168
ord1576

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_initterm
__set_app_type
_controlfp
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
malloc
free
_mbsrchr
atol
__p___argc
__p___argv
__getmainargs
_vsnprintf
_except_handler3
strstr
__CxxFrameHandler
strchr
_setmbcp

kernel32

GetCommandLineA
CreateProcessA
GetModuleFileNameA
WritePrivateProfileStringA
CreateMutexA
GetLastError
GetSystemDefaultLangID
MultiByteToWideChar
CloseHandle
GetVersionExA
WideCharToMultiByte
lstrlenA
InterlockedDecrement
GetModuleHandleA
InterlockedIncrement
GetStartupInfoA

user32

GetClientRect
DrawIcon
SendMessageA
LoadIconA
GetWindowRect
GetSystemMenu
PostQuitMessage
GetSystemMetrics
IsIconic
PostMessageA
EnableWindow

oleaut32

VariantClear
SysAllocString

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/hsupdate.jpg
.jpg
HShield/mspatcha.dll
.dll windows:5 windows x86 arch:x86

c4b92bed908721391735f18934804327

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
SetLastError
GetLastError
UnmapViewOfFile
GetFileSize
GetFileTime
DeleteFileA
CloseHandle
CreateFileA
DeleteFileW
CreateFileW
MultiByteToWideChar
MapViewOfFile
CreateFileMappingA
SetFileTime
SetEndOfFile
SetFilePointer
FlushViewOfFile
VirtualAlloc
VirtualFree

Exports

Exports

ApplyPatchToFileA
ApplyPatchToFileByHandles
ApplyPatchToFileByHandlesEx
ApplyPatchToFileExA
ApplyPatchToFileExW
ApplyPatchToFileW
GetFilePatchSignatureA
GetFilePatchSignatureByHandle
GetFilePatchSignatureW
TestApplyPatchToFileA
TestApplyPatchToFileByHandles
TestApplyPatchToFileW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 386B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/psapi.dll
.dll windows:5 windows x86 arch:x86

a06529690d58edd08ef4703a44d5e7db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

psapi.pdb

Imports

ntdll

RtlUnwind
wcslen
wcschr
_stricmp
atoi
NtClose
NtStopProfile
_snprintf
DbgPrint
RtlUnicodeToOemN
RtlAdjustPrivilege
RtlMultiByteToUnicodeN
NtAllocateVirtualMemory
NtCreateProfile
NtSetIntervalProfile
NtStartProfile
NtWriteFile
NtSetInformationProcess
NtQueryInformationProcess
NtQueryVirtualMemory
NtQuerySystemInformation
RtlNtStatusToDosError

kernel32

GetSystemInfo
LoadLibraryA
InterlockedExchange
FreeLibrary
GetProcAddress
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLastError
DisableThreadLibraryCalls
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateFileA
CloseHandle
GetProcessHeap
SetLastError
LocalFree
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
ReadProcessMemory
RaiseException
SetProcessWorkingSetSize
GetProcessWorkingSetSize
lstrcpyA
lstrlenA
HeapFree
HeapAlloc

Exports

Exports

EmptyWorkingSet
EnumDeviceDrivers
EnumPageFilesA
EnumPageFilesW
EnumProcessModules
EnumProcesses
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetMappedFileNameA
GetMappedFileNameW
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleInformation
GetPerformanceInfo
GetProcessImageFileNameA
GetProcessImageFileNameW
GetProcessMemoryInfo
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet
QueryWorkingSetEx

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HShield/sensapi.dll.lnk
.lnk
HShield/supdate.log
HShield/v3pro32s.dll
.dll windows:4 windows x86 arch:x86

f18af43d770859b2bb9fc19241ef799a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:1f:15:c8:b8:92:25:b9:bb:ff:e9:23:24:1a:6a:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06-10-2009 00:00

Not After

06-10-2010 23:59

Subject

CN=AhnLab\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AhnLab\, Inc.,L=Yeongdeungpo-gu\ ,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:a2:e8:9c:40:b1:8a:7e:85:1c:e8:a9:49:00:1a:71:41:b2:32:c6
Signer

Actual PE Digest

23:a2:e8:9c:40:b1:8a:7e:85:1c:e8:a9:49:00:1a:71:41:b2:32:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
SetFileAttributesA
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
GetCurrentProcessId
FindClose
FindNextFileA
FindFirstFileA
GetTempPathA
CloseHandle
FlushFileBuffers
WriteFile
ReadFile
CreateFileA
SetEnvironmentVariableA
GetEnvironmentVariableA
GetVersionExA
MoveFileA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LoadLibraryA
FreeLibrary
GetProcAddress
GetFullPathNameA
GetFullPathNameW
GetLastError
SetFilePointer
GetFileSize
SetEndOfFile
GetFileType
GetFileAttributesA
SetFileTime
GetCurrentDirectoryA
SetCurrentDirectoryA
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue

msvcrt

sprintf
toupper
strrchr
malloc
free
strtoul
localtime
time
fclose
fprintf
fflush
fwrite
fseek
fopen
_iob
ftell
strncpy
strncat
strncmp
strchr
strspn
strcspn
strpbrk
memmove
strstr
memchr
wcscpy
wcsncpy
wcscat
wcsncat
wcscmp
wcsncmp
wcschr
wcsrchr
wcslen
wcsspn
wcspbrk
wcsstr
wcstoul
_vsnprintf
_initterm
_adjust_fdiv
__dllonexit
_onexit
_strnicmp
_stricmp
_wcsnicmp

Exports

Exports

AhnBootInformation
AhnCheckBootSector
AhnCheckDefaultExtensions
AhnCheckFile
AhnCheckMemory
AhnCheckProcess
AhnGetBootRepairStatus
AhnGetDefaultExtensions
AhnGetEngineDate
AhnGetEngineDateString
AhnGetEngineDateValue
AhnGetExtRepairStatus
AhnGetRepairStatus
AhnGetVersion
AhnGetVirusFileCureData
AhnGetVirusName
AhnGetVirusName32
AhnGetVirusNameStr
AhnGetVirusNameStr32
AhnInitVaccineEngine
AhnRepairBootSector
AhnRepairFile
AhnRepairMemory
AhnSetDefaultOption
AhnSetExtensions
PV3CALGetInfoAddr
V3CALGetInfo
V3CALGetShowInfo
V3CALGetTotalInfoCount
_AhnGetFileEntry

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ðյHS[״Ϸ].exe
.exe windows:4 windows x86 arch:x86

9165ea3e914e03bda3346f13edbd6ccd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
CreateDirectoryA
GetTempPathA
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
GetStringTypeA
LCMapStringW
LCMapStringA
HeapAlloc
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeW

user32

MessageBoxA
wsprintfA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8085f207588e60ec09a5ff8065c39ac6

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

38:eb:81:eb:87:d1:bf:6b:d8:94:8a:76:60:e5:7d:f5Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 85KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 32KB - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 992B

.reloc Size: 8KB - Virtual size: 6KB

05f9018ee7e090741b1aa1ba14b15317

Headers

File Characteristics

Imports

kernel32

user32

advapi32

v3inetgs

v3hunt

bz32ex

ahnupctl

aspinet

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 112KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 28KB - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 1000B

.reloc Size: 8KB - Virtual size: 7KB

6e5f9376b0c1335bb79db6e3bcbdecfd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Exports

Exports

Sections

.text Size: 484KB - Virtual size: 481KB

.rdata Size: 76KB - Virtual size: 74KB

.data Size: 72KB - Virtual size: 134KB

.rsrc Size: 24KB - Virtual size: 21KB

.reloc Size: 68KB - Virtual size: 67KB

18a7e7e93efbc40f1a84deb884e477f7

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

38:eb:81:eb:87:d1:bf:6b:d8:94:8a:76:60:e5:7d:f5
Certificate

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 32KB - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 992B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 112KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 28KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 1000B

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 484KB - Virtual size: 481KB

.rdata
Size: 76KB - Virtual size: 74KB

.data
Size: 72KB - Virtual size: 134KB

.rsrc
Size: 24KB - Virtual size: 21KB

.reloc
Size: 68KB - Virtual size: 67KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 4KB - Virtual size: 878B

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 968B

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 92KB - Virtual size: 88KB

.reloc
Size: 8KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

6d:1f:15:c8:b8:92:25:b9:bb:ff:e9:23:24:1a:6a:c4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

73:c9:d4:e7:2b:aa:a0:7f:3f:3f:64:b6:a5:1d:21:09:fd:7a:1c:3e
Signer

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 20KB - Virtual size: 23KB

.rsrc
Size: 32KB - Virtual size: 30KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate