74c73bc794a169b5c33e7dec2dca6c2a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

74c73bc794a169b5c33e7dec2dca6c2a_JaffaCakes118
Size

11.3MB
MD5

74c73bc794a169b5c33e7dec2dca6c2a
SHA1

73329626c3fc3eff5028e374910c59ed545b6659
SHA256

4c6e11cf5f3cb2a9f9c106535d15a6090a12ee19c28c2e8d4177d9c886d56ff0
SHA512

4cabecfc4c9c837ca1d460346a8b08091592ae6d02d2900c98fd0730dd879cb19e7334e84ada59ca644fe7e6d180309ef15240629bd5d774442067a70f28ba4d
SSDEEP

196608:0rAW9fUB1xHL+N3Y+3crkLkvVPRl3B+FVDAVkDqArL1ZcH/aL+Mj56mINZBAruqV:BWcHxH2NIvVPkVzbrL6aiM1pINZBQV

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

74c73bc794a169b5c33e7dec2dca6c2a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9bca2c7cb3bba360100a3a7a510fe11d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/01/2018, 00:00

Not After

11/04/2020, 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:17:ab:54:cc:67:21:8c:20:b1:50:e0:38:2a:5d:5f:b4:7b:2c:28
Signer

Actual PE Digest

2b:17:ab:54:cc:67:21:8c:20:b1:50:e0:38:2a:5d:5f:b4:7b:2c:28

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
CompareFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
GetCurrentProcessId
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryA
GetSystemDirectoryA
CreateProcessA
GetTempFileNameA
lstrlenA
lstrcatA
GetVersion
RemoveDirectoryA
SetFileTime
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

LoadCursorA
CheckDlgButton
ScreenToClient
GetMessagePos
CallWindowProcA
IsWindowVisible
LoadBitmapA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetCursor
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
GetWindowLongA
GetSysColor
RegisterWindowMessageA
CharNextA
ExitWindowsEx
SetWindowPos
PostMessageA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumValueA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 212KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/EstUrl.dll
.dll windows:4 windows x86 arch:x86

eeb38f232fa753bbd4952f6a14cefac5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/01/2018, 00:00

Not After

11/04/2020, 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:5f:bb:b4:06:8a:43:a7:c9:d4:bf:6b:7e:bb:46:57:a1:0b:07:69
Signer

Actual PE Digest

14:5f:bb:b4:06:8a:43:a7:c9:d4:bf:6b:7e:bb:46:57:a1:0b:07:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Source\svn\aldev-svn\common\NSIS\bin\2.46-NEW\Release-alupdate-svc\includeESTsoft\Projects\pdb\EstUrl.pdb

Imports

kernel32

HeapAlloc
GetProcessHeap
Sleep
lstrcatA
GlobalUnlock
GlobalLock
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessA
GetVersion
GetCurrentThreadId
WideCharToMultiByte
GetLastError
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
FreeLibrary
LoadLibraryW
GetVersionExA
GetSystemInfo
CreateMutexA
OutputDebugStringA
ReleaseMutex
OpenMutexA
MulDiv
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetLocaleInfoW
HeapSize
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
HeapFree
LoadLibraryA
InterlockedExchange
SetConsoleCtrlHandler
RtlUnwind
InitializeCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleFileNameA
GetStdHandle
WriteFile
HeapCreate
HeapDestroy
HeapReAlloc
VirtualAlloc
VirtualFree
lstrcmpiA
lstrcpyA
GetModuleHandleA
GetProcAddress
GetLogicalDrives
GetDriveTypeA
lstrcmpA
ExitProcess
GlobalAlloc
lstrcpynA
GlobalFree
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
DeleteCriticalSection
GetCommandLineA
MultiByteToWideChar
lstrlenA
GetStringTypeA
SetEnvironmentVariableA

user32

GetParent
EnableWindow
CallNextHookEx
SetWindowLongA
MessageBoxA
CallWindowProcA
InvalidateRect
GetMessagePos
GetMessageA
UnregisterClassA
GetForegroundWindow
AttachThreadInput
LoadImageA
GetWindowTextA
GetDC
DrawTextA
ReleaseDC
RegisterClassA
FindWindowA
EnumWindows
GetWindowThreadProcessId
GetClassNameA
IsWindowVisible
SetForegroundWindow
SetActiveWindow
LoadBitmapA
ShowWindow
GetClientRect
CreateWindowExA
GetWindowLongA
GetWindowRect
ScreenToClient
SetWindowPos
SetWindowsHookExA
WaitForInputIdle
DialogBoxParamA
EndDialog
LoadIconA
SetWindowTextA
GetTopWindow
GetWindow
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
EmptyClipboard
SetClipboardData
CloseClipboard
GetDlgCtrlID
SetFocus
IsWindow
LoadCursorA
SetCursor
FindWindowExA
PeekMessageA
PostQuitMessage
TranslateMessage
DispatchMessageA
DefWindowProcA
GetDlgItem
SendMessageA
wsprintfA
CheckRadioButton
IsWindowEnabled
BringWindowToTop

gdi32

DeleteObject
GetDeviceCaps
GetStockObject
SelectObject

advapi32

RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderPathA

ole32

IIDFromString

oleaut32

SysAllocStringLen
SysFreeString

shlwapi

PathRelativePathToA
PathStripToRootA
PathRemoveBackslashA
PathCanonicalizeA
PathRemoveFileSpecA
StrStrA
PathRemoveBlanksA
PathStripPathA
PathSearchAndQualifyA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

comctl32

ImageList_Create
ImageList_AddMasked

Exports

Exports

AddPerInstaller
ChangeMainFont
CheckVersion
CheckVersion2
CreateControl
CreateFindWindow
CreateMtx
DllVersionCompare
FindAndActiveWindow
FitCheckBoxWidth
FolderMangling
FreeMem
GetDPIPoint
GetIEVersionString
GetMutex
GetOSVersionString
GetParamValue
GetParentPath
GetProductTypeFromCode
GetPropertyFromSNCode
GroupMangling
InitBannerCtrl
InsertProductType
IsCorrectSerial
IsCorrectSerial2
LaunchProcess
Load
MessageBoxN
MessagePumping
Operator
PathIsSystemFile
ReadRegForMultiStr
ReleaseMtx
RemoveExclameStr
RemoveFileSpec
RemoveItemFromRegMultiStr
SetALPassPath
SetBitmap
SetInstalled
ShowALYacCheckDlg
StrFind
StrFindDomain
SubClassALPass
SubClassBanner
SubClassCorpPage
SubClassCorpWithoutSNPage
SubClassMainDlg
SubClassMainFrame
ThreadAttach
TreeAddItem
TreeAddItem2
TreeGetItemState
TreeGroupRefresh
TreeSubClassing
TrimString
UnSubClassBanner
UnSubClassCorpPage
Unload
ValidPath
ValidRoot
VerifyUI
WaitExecute
WaitUntilIdle

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

34e265a7f45a5a54be208d4166ec2423

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindFirstFileA
lstrcatA
lstrcpyA
MulDiv
GetModuleHandleA
FindNextFileA
lstrcmpiA
GlobalFree
lstrcpynA
GlobalAlloc
FindClose
OutputDebugStringA
lstrlenA

user32

PostMessageA
CallWindowProcA
GetWindowLongA
IsDialogMessageA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
GetWindowTextA
IsDlgButtonChecked
SetWindowTextA
GetDlgItem
wsprintfA
CreateDialogParamA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
SetWindowLongA
SendMessageA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

EST_Destroy
Init
IsSuccess
Select
SetCorperationPack
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

88d8a4a9c21e345682f6b1fac45c4679

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect
MultiByteToWideChar
FreeLibrary

user32

wsprintfA

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

f9dfb8ff6a049e4feb3afa5b7a47b099

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/01/2018, 00:00

Not After

11/04/2020, 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:d0:56:a2:8e:ee:a7:21:b1:66:ba:31:84:34:09:fd:d3:e7:28:b8
Signer

Actual PE Digest

36:d0:56:a2:8e:ee:a7:21:b1:66:ba:31:84:34:09:fd:d3:e7:28:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Source\altools\common\altools-nsis\includeESTsoft\Projects\pdb\inetc.pdb

Imports

wininet

InternetOpenA
InternetCrackUrlA
InternetConnectA
HttpEndRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetErrorDlg
InternetCloseHandle
InternetQueryOptionA
InternetSetOptionA
InternetSetFilePointer
InternetGetLastResponseInfoA
FtpOpenFileA
FtpCreateDirectoryA
HttpQueryInfoA
HttpSendRequestExA
HttpSendRequestA
InternetWriteFile
InternetReadFile

comctl32

ord17

kernel32

GetTimeZoneInformation
FreeLibrary
SetConsoleCtrlHandler
InitializeCriticalSection
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeFormatA
SetEnvironmentVariableA
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetVersion
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
GetTickCount
lstrlenA
WriteFile
ReadFile
lstrcmpA
DeleteFileA
CloseHandle
SleepEx
SetFilePointer
lstrcatA
GetFileSize
CreateFileA
lstrcmpiA
GetProcAddress
LoadLibraryA
MulDiv
GetModuleHandleA
TerminateThread
WaitForSingleObject
CreateThread
lstrlenW
CompareStringA
CompareStringW
lstrcmpiW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
HeapSize
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
HeapDestroy
VirtualFree
EnterCriticalSection
GetEnvironmentStrings
FatalAppExitA
LeaveCriticalSection
DeleteCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetProcessHeap
GetCommandLineA
GetCurrentThreadId
VirtualQuery
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapAlloc
HeapFree
RaiseException
RtlUnwind
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo

user32

CharUpperW
CharUpperA
CharLowerW
CharLowerA
FindWindowExA
CreateDialogParamA
EnableWindow
IsWindowVisible
IsDialogMessageA
GetMessageA
TranslateMessage
DispatchMessageA
RedrawWindow
KillTimer
DestroyWindow
UpdateWindow
LoadIconA
SetTimer
GetWindowRect
GetClientRect
SystemParametersInfoA
SetWindowPos
SendMessageA
GetWindowTextA
PostMessageA
GetDlgItem
SendDlgItemMessageA
SetWindowTextA
GetWindowLongA
SetWindowLongA
ShowWindow
GetParent
MessageBoxA
IsWindow
wsprintfA
SetDlgItemTextA

Exports

Exports

SetTimeLimit
get
head
post
put

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsWeb2.dll
.dll windows:4 windows x86 arch:x86

082c20552519a39cb8a90624898536df

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/01/2018, 00:00

Not After

11/04/2020, 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:1f:fa:98:c4:87:e9:51:7d:9d:3e:34:ae:ff:24:02:e5:42:88:00
Signer

Actual PE Digest

1a:1f:fa:98:c4:87:e9:51:7d:9d:3e:34:ae:ff:24:02:e5:42:88:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Source\altools\common\altools-nsis\includeESTsoft\Projects\pdb\nsWeb2.pdb

Imports

kernel32

InterlockedExchange
MultiByteToWideChar
GetEnvironmentVariableA
CompareStringW
CompareStringA
lstrlenW
WideCharToMultiByte
GetStringTypeExW
GetStringTypeExA
lstrcmpiW
lstrcmpiA
lstrlenA
GetLastError
GlobalFree
GlobalAlloc
GetTickCount
OutputDebugStringA
lstrcpyA
SetThreadLocale
lstrcpynA
Sleep
GetVersion
GetModuleHandleA
HeapAlloc
GetProcessHeap
GetTimeZoneInformation
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSection
LoadLibraryA
FreeLibrary
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapFree
GetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
HeapCreate
VirtualFree
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
VirtualProtect
VirtualAlloc
GetProcAddress
GetSystemInfo
VirtualQuery
RaiseException
GetCurrentThreadId
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetEnvironmentVariableA

user32

GetWindowLongA
DispatchMessageA
PeekMessageA
CharLowerW
CharLowerA
CharUpperW
CharUpperA
GetClientRect
LoadCursorA
LoadIconA
RegisterClassA
CreateWindowExA
wsprintfA
DestroyWindow
TranslateMessage
DefWindowProcA
SetWindowLongA

gdi32

GetStockObject

ole32

OleCreate
OleInitialize
CoCreateInstance
OleSetContainedObject

oleaut32

SysAllocStringLen
VariantInit
SysAllocString
SafeArrayCreateVector
SafeArrayUnaccessData
VariantClear
SafeArrayCreate
SafeArrayAccessData
SafeArrayDestroy
SysFreeString

wininet

InternetCloseHandle
InternetOpenA
DeleteUrlCacheEntry

Exports

Exports

DeleteURLCache
GetBannerPageID
GetExtendedProperty
GetProductIsSilentMode
GetProductLocalName
GetProductName
GetProductSetupCmdline
GetProductSetupEulaUrl
GetProductSetupRuntimeMode
GetProductSetupURL
GetProductVersion
GetRegisterdURLs
GetSendCondition
GetStartBoxIndex
GetStartPageChangeName
GetStartPageCheckURL
GetStartPageDefaultCheck
GetStartPageName
GetStartPageSendURL
GetStartPageURL
IsCheckProduct
IsLoaded
IsLoadedWait
IsLoadedWaitEx
IsOtherProductPageLoaded
SetLanguage
ShowESTWebInPage
ShowESTWebInPagePOST
Unload

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/stext/estci_l.bmp
$PLUGINSDIR/workerExtension.dll
.dll windows:4 windows x86 arch:x86

65e99b55b9060de4c07bb55e638ce5e7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/01/2018, 00:00

Not After

11/04/2020, 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:cf:b8:42:a1:08:40:02:1c:c0:2e:05:8f:72:d3:60:2b:0e:78:da
Signer

Actual PE Digest

7d:cf:b8:42:a1:08:40:02:1c:c0:2e:05:8f:72:d3:60:2b:0e:78:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Source\altools\common\altools-nsis\altools-nsis\includeESTsoft\Projects\pdb\workerExtension.pdb

Imports

kernel32

GetSystemDefaultLangID
SetFileAttributesA
ReadFile
CreateFileA
GetPrivateProfileStringA
ProcessIdToSessionId
SetLastError
GetTickCount
Process32First
OutputDebugStringA
lstrcpynA
lstrcpyA
CreateToolhelp32Snapshot
GlobalAlloc
GlobalFree
GetModuleFileNameA
WaitForSingleObject
FreeLibrary
OpenProcess
TerminateProcess
GetCurrentProcessId
GetModuleFileNameW
Process32Next
RemoveDirectoryA
FindFirstFileA
GetThreadLocale
SetCurrentDirectoryA
FindClose
GetCurrentDirectoryA
FindNextFileA
MoveFileExA
GetModuleHandleA
WritePrivateProfileStringA
GetProcAddress
GetVersionExA
DeleteFileA
CreateDirectoryA
LoadLibraryA
GetCurrentProcess
SizeofResource
LockResource
FindResourceA
LoadResource
CompareStringW
InterlockedExchange
CreateFileW
WideCharToMultiByte
LocalAlloc
GetLastError
GetVersion
FileTimeToLocalFileTime
lstrcmpA
lstrlenA
CompareStringA
MultiByteToWideChar
CloseHandle
LocalFree
FileTimeToSystemTime
SetEnvironmentVariableA
FormatMessageA
GlobalUnlock
GlobalLock
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetCurrentThreadId
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
InterlockedIncrement
GlobalGetAtomNameA
GetFileAttributesA
GetFileTime
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalFlags
GetLocaleInfoA
GetCPInfo
GetOEMCP
HeapFree
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
VirtualAlloc
GetCommandLineA
GetProcessHeap
RtlUnwind
RaiseException
HeapSize
SetStdHandle
GetFileType
ExitProcess
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
SetHandleCount
GetStartupInfoA
Sleep
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

GetClassInfoA
GetClassInfoExA
PostMessageA
GetMenu
GetClientRect
SetForegroundWindow
MapWindowPoints
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetDlgItem
GetForegroundWindow
IsWindow
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
GetCapture
WinHelpA
LoadIconA
RegisterWindowMessageA
SetWindowTextA
ClientToScreen
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
RegisterClassA
DestroyMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetParent
GetWindowThreadProcessId
GetWindowTextA
GetLastActivePopup
LoadBitmapA
IsWindowEnabled
EnableWindow
LoadCursorA
GetSysColor
GetSysColorBrush
GetWindowLongA
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
SystemParametersInfoA
CharUpperA
wsprintfW
SetWindowLongA
DefWindowProcA
SendMessageA
ValidateRect
GetSystemMetrics
CreateWindowExA
CallWindowProcA
MessageBoxA
ReleaseDC
GetDC
IsIconic
GetWindowPlacement
GetSubMenu
GetMenuItemCount
GetMenuItemID
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
SetWindowPos
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
UnhookWindowsHookEx
GetWindowRect
PostQuitMessage
GetWindow

gdi32

PtVisible
RectVisible
TextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ExtTextOutA
SetWindowExtEx
ScaleWindowExtEx
SetMapMode
ScaleViewportExtEx
GetDeviceCaps
RestoreDC
SaveDC
DeleteObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetStockObject
DeleteDC

advapi32

GetTokenInformation
LookupAccountNameA
IsValidSid
GetSidSubAuthority
LookupAccountSidA
OpenProcessToken
GetSidIdentifierAuthority
GetSidSubAuthorityCount
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegEnumKeyExA

shell32

ShellExecuteA
SHGetFolderPathA
SHGetSpecialFolderPathA
ShellExecuteExA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantChangeType
VariantClear
SysAllocString
SysFreeString
SysAllocStringLen
VariantInit

shlwapi

PathIsDirectoryA
PathRemoveFileSpecA
SHDeleteKeyA
PathFileExistsA
UrlUnescapeA
PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecW

crypt32

CryptMsgClose
CertFindCertificateInStore
CertGetNameStringA
CryptMsgGetParam
CertOpenStore
CertFreeCertificateContext
CryptDecodeObject
CertCloseStore
CryptQueryObject

wintrust

WinVerifyTrustEx

imagehlp

ImageEnumerateCertificates
ImageGetCertificateData

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryDataAvailable
HttpQueryInfoA
InternetCloseHandle
InternetGetLastResponseInfoA
InternetOpenA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
HttpSendRequestA
InternetConnectA
HttpOpenRequestA

oleacc

LresultFromObject
CreateStdAccessibleObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetFileTitleA

Exports

Exports

CheckStartPage
CreateCheckbox
CreateRichEdit
DLL_GetVisibleCampaignName
DLL_InitSetterFile
DLL_SetInitPromotion
DWORD_CallExternalDll_stringw
DoCrash
DoInstalledExt
ElevateNonRun
ElevateRun
EndECRSC
GetLogParam
GetPVLogParam
GetParentProcName
GetPreInstInfoParam
GetPreVersion
GetSignerName
GetStateValue
InitSetterFile
IsDebugMode
IsDebugModeForBanner
KillProcess
LoadRTF
MoveStartMenuItems
ProceedExtPreInstall
RemoveLicense
RunEventItemsByIds
RunMediumIntergrityLevel
SaveLicense
SetInitPromotion
SetNsisVersion
SetStartPageCheckBoxStateOnBannerParam
SetStateValue
StartECRSC
SubClassLicenseDlgForRichEdit2
SubClassMultiCheckbox
VerifyFile
VersionCompare
WaitProcess
WriteLastDisplayedAdvert
qwer
void_CallExternalDll_stringw

Sections

.text
Size: 392KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/zumlib.dll
.dll windows:5 windows x86 arch:x86

6e21ecf5c7fd20210740626c966c0125

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4b:cf:9c:8b:e1:7f:74:a1:72:ad:d3:db:88:6e:ed:76
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/10/2013, 00:00

Not After

27/12/2015, 23:59

Subject

CN=ESTsoft Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c4:c0:95:d6:11:f8:0d:f6:c8:f2:40:d8:be:db:0a:90:cc:7c:37:74
Signer

Actual PE Digest

c4:c0:95:d6:11:f8:0d:f6:c8:f2:40:d8:be:db:0a:90:cc:7c:37:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\ALToolsSource\ALToolsCommon\Zumlib\trunk\Bin\Release\zumlib.pdb

Imports

kernel32

GetCurrentProcess
DeleteFileW
CreateFileW
GetVersionExW
LoadLibraryW
FreeLibrary
GetProcAddress
lstrlenA
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
GetLastError
WideCharToMultiByte
CloseHandle
MultiByteToWideChar
InitializeCriticalSection
RaiseException
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
HeapFree
GetFileAttributesA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
WriteFile
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
SetStdHandle
WriteConsoleA
GetProcessHeap

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegRestoreKeyW
RegCreateKeyW
RegSaveKeyW
RegOpenKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges

shell32

ShellExecuteW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantClear
SysAllocString
SysFreeString

Exports

Exports

CreateShortCut
GetZumUrl
PinToStartMenu
PintToTaskbar
RegStartPage
RegStartPageSecret
SetStartPageZum
SetStartPageZumSecret

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/ESTsoft/ALUpdate/$R6
.exe windows:5 windows x86 arch:x86

bd7dbcc8c07b8d3a5ed549bf070cb152

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/01/2018, 00:00

Not After

11/04/2020, 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:f2:36:c7:6b:92:83:c2:dd:49:9c:59:d5:ea:b8:5a:a8:d4:3a:40
Signer

Actual PE Digest

32:f2:36:c7:6b:92:83:c2:dd:49:9c:59:d5:ea:b8:5a:a8:d4:3a:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Source\SVN\aldev-svn\common\Zumlib\trunk\Bin\Release\ezt.pdb

Imports

kernel32

Process32FirstW
Process32NextW
LockResource
FindResourceExW
GetCommandLineW
LocalFree
GetCurrentThreadId
GetCurrentProcess
CloseHandle
FlushFileBuffers
CreateToolhelp32Snapshot
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
lstrlenW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
CreateFileA
FreeLibrary
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
ExitProcess
VirtualFree
VirtualAlloc
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA

user32

DefWindowProcW
CharNextW
DestroyWindow

advapi32

RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey

shell32

CommandLineToArgvW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/ESTsoft/Common/ezt.exe
.exe windows:5 windows x86 arch:x86

bd7dbcc8c07b8d3a5ed549bf070cb152

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/01/2018, 00:00

Not After

11/04/2020, 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:f2:36:c7:6b:92:83:c2:dd:49:9c:59:d5:ea:b8:5a:a8:d4:3a:40
Signer

Actual PE Digest

32:f2:36:c7:6b:92:83:c2:dd:49:9c:59:d5:ea:b8:5a:a8:d4:3a:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Source\SVN\aldev-svn\common\Zumlib\trunk\Bin\Release\ezt.pdb

Imports

kernel32

Process32FirstW
Process32NextW
LockResource
FindResourceExW
GetCommandLineW
LocalFree
GetCurrentThreadId
GetCurrentProcess
CloseHandle
FlushFileBuffers
CreateToolhelp32Snapshot
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
lstrlenW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
CreateFileA
FreeLibrary
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
ExitProcess
VirtualFree
VirtualAlloc
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA

user32

DefWindowProcW
CharNextW
DestroyWindow

advapi32

RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey

shell32

CommandLineToArgvW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R6
.dll regsvr32 windows:5 windows x86 arch:x86

5c8bab841e78f3563a21d205699a92cb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/01/2018, 00:00

Not After

11/04/2020, 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a2:03:29:dc:94:cb:68:8b:98:d1:d4:96:1f:91:d5:6b:2c:a5:3f:76
Signer

Actual PE Digest

a2:03:29:dc:94:cb:68:8b:98:d1:d4:96:1f:91:d5:6b:2c:a5:3f:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\ALTools\ALToolbar\ALToolbar\Bin\Release\Debuginfo\ALToolBand.pdb

Imports

kernel32

TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareFileTime
FileTimeToLocalFileTime
GetFileTime
SystemTimeToFileTime
GetPrivateProfileSectionNamesW
OutputDebugStringW
WaitForMultipleObjectsEx
QueryDepthSList
InterlockedFlushSList
VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
GetNumberFormatW
CompareStringW
OpenMutexW
IsBadWritePtr
lstrcmpiW
LoadLibraryExW
DuplicateHandle
SetEnvironmentVariableA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
WriteConsoleW
SetStdHandle
GetFileType
GetStdHandle
SetFilePointerEx
GetACP
IsValidCodePage
GetStringTypeW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTimeZoneInformation
GetModuleHandleExW
GetCommandLineA
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetCPInfo
ExitThread
CreateThread
GetFileAttributesExW
RtlUnwind
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
lstrlenA
ExitProcess
FormatMessageW
GetTempFileNameW
ExpandEnvironmentStringsW
GetTimeFormatW
GetDateFormatW
GlobalFlags
GlobalSize
DisableThreadLibraryCalls
EncodePointer
GlobalHandle
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileStringW
CreateProcessW
IsDebuggerPresent
GetOEMCP
CreateSemaphoreW
CreateMutexW
ReleaseMutex
ReleaseSemaphore
TryEnterCriticalSection
AreFileApisANSI
GetTempPathA
LoadLibraryA
FormatMessageA
GetSystemTimeAsFileTime
QueryPerformanceCounter
UnlockFile
SetEndOfFile
LockFileEx
LockFile
GetFullPathNameW
GetFullPathNameA
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
FlushFileBuffers
DeleteFileA
CreateFileA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ResumeThread
CreateEventW
ResetEvent
SetEvent
GetExitCodeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CopyFileW
lstrcmpW
LocalFree
LocalAlloc
GetModuleHandleW
GetSystemInfo
ReadFile
GetTickCount
OpenProcess
TerminateProcess
GetCurrentProcessId
Sleep
WaitForSingleObject
GetSystemTime
VerifyVersionInfoW
lstrlenW
lstrcpyW
GetModuleHandleA
GetVersionExW
FlushInstructionCache
GetCurrentThreadId
GetCurrentProcess
SetLastError
VerSetConditionMask
WriteFile
MulDiv
RaiseException
DecodePointer
GetModuleFileNameW
CloseHandle
GetTempPathW
SetFilePointer
SetFileAttributesW
RemoveDirectoryW
GetFileSize
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
InitializeCriticalSection
WideCharToMultiByte
GetSystemDirectoryW
GetVolumeInformationW
MultiByteToWideChar
MoveFileW
WritePrivateProfileStringW
GetPrivateProfileIntW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetLocalTime
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
DeleteFileW
FreeLibrary
LoadLibraryW
GetProcAddress
MoveFileExW
UnregisterWaitEx

user32

CreateAcceleratorTableW
IsWindowEnabled
GetFocus
CharNextW
CreateDialogIndirectParamW
IsChild
MonitorFromPoint
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
MonitorFromWindow
MapWindowPoints
MessageBeep
SetFocus
SetDlgItemTextW
EnableWindow
GetDlgItem
DialogBoxParamW
DestroyAcceleratorTable
UpdateWindow
InvalidateRgn
RedrawWindow
SetWindowContextHelpId
MapDialogRect
SendDlgItemMessageW
GetForegroundWindow
DrawIconEx
GetWindowPlacement
ChildWindowFromPoint
GetKeyState
LoadMenuW
UnregisterClassW
SendMessageW
PostMessageW
DefWindowProcW
CallWindowProcW
SetWindowPos
GetDlgCtrlID
GetCapture
ReleaseCapture
GetMenu
DrawTextW
InvalidateRect
GetClientRect
GetWindowRect
AdjustWindowRectEx
GetCursorPos
ClientToScreen
WindowFromPoint
GetSysColor
DrawFocusRect
CheckMenuItem
GetLastInputInfo
DrawStateW
SetWindowRgn
GetWindowRgn
DialogBoxIndirectParamW
EqualRect
SetDlgItemInt
GetDlgItemInt
GetSysColorBrush
CheckDlgButton
IsDlgButtonChecked
GetTopWindow
SetClassLongW
SetLayeredWindowAttributes
EndMenu
ChildWindowFromPointEx
GetMessagePos
GetAsyncKeyState
SetScrollPos
GetDoubleClickTime
SetForegroundWindow
CheckMenuRadioItem
LockWindowUpdate
SetCursorPos
IsIconic
IsRectEmpty
SetScrollInfo
GetScrollInfo
InsertMenuW
FillRect
CopyRect
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
LoadBitmapW
RegisterWindowMessageW
DrawEdge
DrawFrameControl
GetMessageW
DispatchMessageW
PeekMessageW
PostQuitMessage
RegisterClassExW
CreateWindowExW
DestroyWindow
ShowWindow
MoveWindow
GetActiveWindow
SetCapture
GetSystemMetrics
GetDC
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
FrameRect
InflateRect
OffsetRect
GetClassLongW
LoadCursorW
SystemParametersInfoW
IsWindowVisible
GetSubMenu
ModifyMenuW
DeleteMenu
SetActiveWindow
keybd_event
ShowScrollBar
EndDialog
MessageBoxW
FindWindowExW
TranslateMessage
GetWindow
GetClassNameW
EnumChildWindows
GetDesktopWindow
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetRect
GetUpdateRect
DestroyIcon
UpdateLayeredWindow
SetMenuItemBitmaps
GetScrollPos
GetWindowTextW
GetWindowTextLengthW
SetCursor
SendMessageTimeoutW
FindWindowW
GetWindowThreadProcessId
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
IsDialogMessageW
IntersectRect
UnionRect
MonitorFromRect
GetMonitorInfoW
EnumDisplayMonitors
LoadImageW
GetClassInfoExW
SetTimer
KillTimer
IsWindow
CharUpperBuffW
CharLowerBuffW
SetRectEmpty
SwitchToThisWindow
LoadIconW
CreateDialogParamW
SetWindowTextW
ScreenToClient

gdi32

SetBitmapBits
GetClipBox
GetBitmapBits
GetROP2
SetROP2
SetTextAlign
SetPixel
RoundRect
GetDIBits
Ellipse
CreateFontW
MoveToEx
LineTo
CreateBitmap
OffsetWindowOrgEx
CreateCompatibleBitmap
SetStretchBltMode
PatBlt
ExtTextOutW
SetTextColor
BitBlt
CreateCompatibleDC
CreateFontIndirectW
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject
SetBkMode
StretchBlt
GetObjectW
CreateDIBSection
CombineRgn
CreatePalette
CreatePen
CreateRectRgnIndirect
ExcludeClipRect
GetStockObject
GetTextExtentPoint32W
Rectangle
SelectPalette
CreateHatchBrush
GetViewportOrgEx
CreateDCW
TextOutW
GetCurrentObject
SetViewportOrgEx
SelectClipRgn
GetPixel
CreatePolygonRgn
PtInRegion
CreateRoundRectRgn
CreateRectRgn
SetBrushOrgEx
SetTextCharacterExtra
CreatePatternBrush
Polygon
DPtoLP
SetBkColor
SetRectRgn
RealizePalette
RestoreDC
ExtSelectClipRgn
StretchDIBits
SaveDC
SetDIBitsToDevice
SetPolyFillMode

comdlg32

GetOpenFileNameW
ChooseColorW
GetSaveFileNameW

advapi32

RegCreateKeyExW
GetUserNameW
RegQueryValueExW
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
GetTokenInformation
OpenProcessToken

shell32

SHGetMalloc
ord165
SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteExW
SHCreateDirectoryExW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetFileInfoW
ExtractIconW

ole32

CoTaskMemFree
CoCreateInstance
StringFromGUID2
OleDraw
CoCreateGuid
ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
DoDragDrop
CoTaskMemRealloc
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoInitialize
CoUninitialize
CreateStreamOnHGlobal

oleaut32

VariantCopy
VarDecCmp
VarDecFromStr
VarDateFromStr
VarR8FromStr
VarI4FromStr
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
OleCreateFontIndirect
DispCallFunc
LoadRegTypeLi
LoadTypeLi
OleLoadPicture
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocStringLen
VarBstrCmp
VariantClear
VariantInit
SysAllocString
SysFreeString

wsock32

htons
ntohl
recv
recvfrom
select
send
setsockopt
shutdown
socket
__WSAFDIsSet
gethostname
gethostbyname
inet_addr
ioctlsocket
sendto
accept
closesocket
connect
WSAStartup
inet_ntoa
WSAGetLastError
getsockopt

icuuc44

uidna_IDNToASCII_44
utf8_nextCharSafeBody_44

uxtheme

GetWindowTheme

shlwapi

SHDeleteKeyW
PathFileExistsW
StrStrIW
UrlGetPartW
PathRemoveFileSpecW

comctl32

CreateToolbarEx
ImageList_GetImageInfo
ImageList_AddMasked
ImageList_Add
InitCommonControlsEx
ImageList_GetIconSize
ImageList_LoadImageW
ImageList_Draw
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
_TrackMouseEvent
ImageList_DragShowNolock

msimg32

AlphaBlend
TransparentBlt

wininet

FindNextUrlCacheEntryExW
GetUrlCacheEntryInfoW
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetOpenUrlW
InternetReadFile
InternetWriteFile
InternetQueryDataAvailable
HttpOpenRequestW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpSendRequestW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoA
HttpQueryInfoW
FindFirstUrlCacheEntryExA
InternetGetCookieW
InternetGetConnectedState
InternetSetOptionW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winmm

timeGetTime

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

gdiplus

GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI

psapi

GetProcessMemoryInfo

imm32

ImmReleaseContext
ImmGetConversionStatus
ImmSetConversionStatus
ImmSetOpenStatus
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmGetContext

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxImageGIF@@QAE@ABV0@@Z
??0CxImageJPG@@QAE@ABV0@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxExifInfo@CxImageJPG@@QAEAAV01@ABV01@@Z
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxImageGIF@@QAEAAV0@ABV0@@Z
??4CxImageJPG@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxImageGIF@@6B@
??_7CxImageJPG@@6B@
??_7CxMemFile@@6B@
??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@23@XZ@51
??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@23@XZ@51
??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@VAntiPhishingData@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@VAntiPhishingData@@@23@XZ@51
??_B?1??get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VAntiPhishingData@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@VAntiPhishingData@@@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ@51
??_B?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@51
??_B?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ@51
??_FCxExifInfo@CxImageJPG@@QAEXXZ
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXAAV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Decode@CxImageGIF@@QAE_NPAU_iobuf@@@Z
?Decode@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?DecodeExif@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?Encode@CxImageGIF@@QAE_NPAU_iobuf@@@Z
?Encode@CxImageGIF@@QAE_NPAU_iobuf@@PAPAVCxImage@@H_N@Z
?Encode@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEHXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEHXZ
?GetExifInfo@CxImage@@QAEPAUtag_ExifInfo@@XZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPB_W0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEHPBDPAX@Z
?Seek@CxIOFile@@UAE_NHH@Z
?Size@CxIOFile@@UAEHXZ
?Tell@CxIOFile@@UAEHXZ
?Write@CxIOFile@@UAEIPBXII@Z
?get_const_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@VAntiPhishingData@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@VAntiPhishingData@@@23@XZ
?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vbinary_iarchive@archive@boost@@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VAntiPhishingData@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vbinary_iarchive@archive@boost@@VAntiPhishingData@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?get_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@23@XZ
?get_instance@?$singleton@V?$extended_type_info_typeid@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@23@XZ
?get_instance@?$singleton@V?$extended_type_info_typeid@VAntiPhishingData@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@VAntiPhishingData@@@23@XZ
?get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VAntiPhishingData@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@VAntiPhishingData@@@detail@archive@3@XZ
?get_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@23@A
?instance@?$singleton@V?$extended_type_info_typeid@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@23@A
?instance@?$singleton@V?$extended_type_info_typeid@VAntiPhishingData@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@VAntiPhishingData@@@23@A
?instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@detail@archive@3@A
?instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vbinary_iarchive@archive@boost@@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@detail@archive@3@A
?instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VAntiPhishingData@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vbinary_iarchive@archive@boost@@VAntiPhishingData@@@detail@archive@3@A
?instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@0AAV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@3@A
?instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@0AAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@A
?instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@0AAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@A
?is_destroyed@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VAntiPhishingData@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@serialization@boost@@@detail@34@A
?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@serialization@boost@@@detail@34@A
?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@VAntiPhishingData@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@VAntiPhishingData@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@VAntiPhishingData@@@serialization@boost@@@detail@34@A
?t@?1??get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@detail@archive@boost@@@634@A
?t@?1??get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@V?$unordered_map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HU?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@std@@@2@@std@@@detail@archive@boost@@@634@A
?t@?1??get_instance@?$singleton@V?$iserializer@Vbinary_iarchive@archive@boost@@VAntiPhishingData@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vbinary_iarchive@archive@boost@@VAntiPhishingData@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@VAntiPhishingData@@@detail@archive@boost@@@634@A
?t@?1??get_instance@?$singleton@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@CAAAV?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@4@XZ@4V?$singleton_wrapper@V?$map@Vbinary_iarchive@archive@boost@@@extra_detail@detail@archive@boost@@@734@A
?t@?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@4V?$singleton_wrapper@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@detail@34@A
?t@?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ@4V?$singleton_wrapper@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@detail@34@A
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 453KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AtbHelper.exe
.exe windows:5 windows x86 arch:x86

ce624e5503f6663b06687bd53fc0cc82

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/01/2018, 00:00

Not After

11/04/2020, 23:59

Subject

CN=ESTsoft Corp.,O=ESTsoft Corp.,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d3:bd:b0:72:de:3b:4e:7d:56:db:19:f1:be:4d:6d:84:dc:67:ec:1c
Signer

Actual PE Digest

d3:bd:b0:72:de:3b:4e:7d:56:db:19:f1:be:4d:6d:84:dc:67:ec:1c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\ALTools\ALToolbar\ALToolbar\Bin\Release\Debuginfo\AtbHelper.pdb

Imports

kernel32

Sleep
GetCurrentProcessId
GetCurrentThreadId
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
TryEnterCriticalSection
ReleaseSemaphore
ReleaseMutex
CreateMutexW
CreateSemaphoreW
SetThreadPriority
ResumeThread
GetOEMCP
GetCommandLineW
CreateDirectoryW
SetLastError
CreateProcessW
OpenProcess
LoadLibraryA
MoveFileExW
MulDiv
WriteFile
GetPrivateProfileStringW
GetStdHandle
GetTempFileNameW
TerminateProcess
GetExitCodeProcess
GetSystemTime
FreeConsole
AttachConsole
WriteConsoleW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetEndOfFile
FlushFileBuffers
SetStdHandle
OutputDebugStringA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetTickCount
SetFilePointerEx
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetFileType
GetCurrentThread
GetACP
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetFileAttributesExW
InterlockedFlushSList
LoadLibraryExW
RtlUnwind
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FormatMessageW
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
GetExitCodeThread
TerminateThread
WaitForSingleObject
ReadFile
CopyFileW
lstrcmpW
LocalFree
LocalAlloc
VerifyVersionInfoW
GetModuleHandleW
GetVersionExW
GetSystemInfo
GetCurrentProcess
VerSetConditionMask
RaiseException
DecodePointer
GetModuleFileNameW
CloseHandle
DeleteFileW
GetTempPathW
SetFilePointer
SetFileAttributesW
RemoveDirectoryW
GetFileSize
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
WideCharToMultiByte
GetSystemDirectoryW
GetVolumeInformationW
MultiByteToWideChar
MoveFileW
WritePrivateProfileStringW
GetPrivateProfileIntW
FindResourceW
LoadLibraryW
SizeofResource
LockResource
LoadResource
GetProcAddress
FreeLibrary
FindResourceExW
GetLocalTime
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
GetConsoleCP

user32

EqualRect
GetWindowRect
LoadCursorW
MessageBoxW
EnumWindows
IntersectRect
PtInRect
UnregisterClassW
UnionRect
OffsetRect
InflateRect
SetRect
DrawFocusRect
ClientToScreen
GetCursorPos
MonitorFromRect
GetMonitorInfoW
EnumDisplayMonitors
GetDC
SetCursor
AdjustWindowRectEx
GetClientRect
ReleaseDC
LoadBitmapW
LoadImageW
RegisterWindowMessageW
SendMessageTimeoutW
IsWindow
CharUpperBuffW
CharLowerBuffW
SetRectEmpty
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
PostMessageW
CreateWindowExW
DestroyWindow
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
DrawTextW
GetMenu
GetSystemMetrics
IsWindowEnabled
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetCapture
GetDlgCtrlID
GetDlgItem
EndDialog
CreateDialogParamW
SetWindowPos
MoveWindow
CallWindowProcW
DefWindowProcW
DrawEdge
GetActiveWindow
DialogBoxParamW
SystemParametersInfoW
GetWindow
GetWindowThreadProcessId
GetClassNameW
FindWindowExW
FindWindowW
EnumChildWindows
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
IsWindowVisible

gdi32

SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
CreateDIBSection
CreateCompatibleDC
SetBkMode
GetObjectW
CreateFontIndirectW
SetTextColor
DeleteDC
BitBlt

advapi32

RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
SetSecurityInfo
SetNamedSecurityInfoW
ConvertStringSidToSidW
RegSetValueExW
RegSetKeySecurity
RegQueryInfoKeyW
RegOpenKeyExW
RegGetKeySecurity
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
InitializeAcl
GetTokenInformation
GetSecurityDescriptorDacl
GetLengthSid
GetFileSecurityW
FreeSid
CopySid
AdjustTokenPrivileges
OpenProcessToken
SetEntriesInAclW
SetSecurityDescriptorDacl
SetFileSecurityW
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetSecurityInfo
GetSidSubAuthorityCount
GetSidSubAuthority
DuplicateTokenEx
RegQueryValueExW

shell32

SHBrowseForFolderW
ShellExecuteExW
SHGetMalloc
ShellExecuteW
CommandLineToArgvW
SHGetPathFromIDListW
ord165
SHGetFolderPathW
SHGetDesktopFolder
SHGetFileInfoW
SHGetSpecialFolderPathW

ole32

CoUninitialize
StringFromCLSID
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoInitialize

oleaut32

CreateErrorInfo
VarBstrCmp
VarBstrCat
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString
GetErrorInfo
VariantChangeType
SetErrorInfo

shlwapi

SHDeleteKeyW
PathFileExistsW

comctl32

ImageList_LoadImageW
ImageList_Draw
ImageList_Destroy
_TrackMouseEvent
ImageList_GetIconSize

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

authz

AuthzInitializeResourceManager
AuthzInitializeContextFromToken

ws2_32

inet_addr

wininet

HttpQueryInfoA
HttpEndRequestW
HttpSendRequestExW
HttpSendRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
HttpQueryInfoW
InternetQueryDataAvailable
InternetWriteFile
InternetReadFile
InternetOpenUrlW
InternetConnectW
InternetSetCookieExW
InternetOpenW
HttpOpenRequestW
InternetCloseHandle

wintrust

WinVerifyTrust

Sections

.text
Size: 707KB - Virtual size: 707KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 575KB - Virtual size: 575KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9bca2c7cb3bba360100a3a7a510fe11d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

2b:17:ab:54:cc:67:21:8c:20:b1:50:e0:38:2a:5d:5f:b4:7b:2c:28Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1.6MB

.ndata Size: - Virtual size: 212KB

.rsrc Size: 124KB - Virtual size: 123KB

eeb38f232fa753bbd4952f6a14cefac5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

14:5f:bb:b4:06:8a:43:a7:c9:d4:bf:6b:7e:bb:46:57:a1:0b:07:69Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

comctl32

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 128KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 6KB

34e265a7f45a5a54be208d4166ec2423

Headers

DLL Characteristics

File Characteristics

Imports

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

2b:17:ab:54:cc:67:21:8c:20:b1:50:e0:38:2a:5d:5f:b4:7b:2c:28
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1.6MB

.ndata
Size: - Virtual size: 212KB

.rsrc
Size: 124KB - Virtual size: 123KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

14:5f:bb:b4:06:8a:43:a7:c9:d4:bf:6b:7e:bb:46:57:a1:0b:07:69
Signer

.text
Size: 132KB - Virtual size: 128KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 400B

.reloc
Size: 1024B - Virtual size: 590B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 816B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 516B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

36:d0:56:a2:8e:ee:a7:21:b1:66:ba:31:84:34:09:fd:d3:e7:28:b8
Signer

.text
Size: 111KB - Virtual size: 110KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 5KB - Virtual size: 9KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 7KB - Virtual size: 6KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

42:1a:69:d2:23:d9:91:08:02:7b:f8:c6:7d:47:2a:8f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate