7c370cb3eb7c9e2efb5f9b053ec3065f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

7c370cb3eb7c9e2efb5f9b053ec3065f_JaffaCakes118
Size

2.0MB
MD5

7c370cb3eb7c9e2efb5f9b053ec3065f
SHA1

21eb73bf2731ebd7b716bbc0e22498eb7dd00115
SHA256

209a4474cb7f906d4fd6c7df839841b7944b4917ec5f65bc0c92acfa552f9040
SHA512

c81f35d70702c3bd36dde354c456bc11644858400e95ff07f16d8310d75c971e2f939c487d01a05487dfc4b82186bcd446fbc7b1a133b210e0c09c6894047452
SSDEEP

49152:eaft/3yR4Epqwlvj1CPExyS+vXqKNoM+iiNH:jVqkmvjDy1N5+iid

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/md5dll.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/md5dll.dll	upx

Unsigned PE 26 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/ask.exe
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsDialogs.dll
unpack002/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/md5dll.dll
unpack003/out.upx
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack001/$PLUGINSDIR/nsProcess2.dll
unpack001/$PROGRAMFILES/Bench/BService/1.1/bhelper.dll
unpack001/$PROGRAMFILES/Bench/BService/1.1/bhelper64.dll
unpack001/$PROGRAMFILES/Bench/BService/1.1/bservice.exe
unpack001/$PROGRAMFILES/Bench/BService/1.1/bservice64.exe
unpack001/$PROGRAMFILES/Bench/NmHost/nmhost.exe
unpack001/$PROGRAMFILES/Bench/Updater/1.7.0.0/updater.exe
unpack001/$PROGRAMFILES/Bench/Updater/updater.exe
unpack001/$PROGRAMFILES/Bench/Wd/wd.exe
unpack001/$R0/$PROGRAMFILES/Bench/Proxy/cl.exe
unpack001/$R0/$PROGRAMFILES/Bench/Proxy/proc.exe
unpack001/$R0/$PROGRAMFILES/Bench/Proxy/pwdg.exe
unpack001/SoftwareDetector.exe
unpack001/gpedit.exe
unpack001/sqlite3.exe
unpack001/storageedit.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_2
static1/unpack001/$PLUGINSDIR/ask.exe	nsis_installer_2

Files

7c370cb3eb7c9e2efb5f9b053ec3065f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

28a099a911237a28521d8b7ea250f089

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:11:41:95:14:7f:3d:93:df:9d:38:dd:30:6d:a6:3a
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

30-04-2014 00:00

Not After

30-04-2015 23:59

Subject

CN=Actually Apps,O=Actually Apps,L=Philadelphia,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

fd:2e:96:92:0a:81:52:70:1c:97:78:95:cb:0e:f3:cb:39:43:60:02
Signer

Actual PE Digest

fd:2e:96:92:0a:81:52:70:1c:97:78:95:cb:0e:f3:cb:39:43:60:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 106KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

ea0aa0a9e9dc166e514586b9219c0789

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalFree
GlobalSize
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcatA
lstrcpyA
lstrcpynA
lstrlenA

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_unlock
_winmajor
abort
calloc
free
fwrite
malloc
memcpy
strlen
strncmp
vfprintf

ole32

CLSIDFromString
StringFromGUID2

user32

wsprintfA

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ask.exe
.exe windows:4 windows x86 arch:x86

28a099a911237a28521d8b7ea250f089

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 106KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

ea0aa0a9e9dc166e514586b9219c0789

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalFree
GlobalSize
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcatA
lstrcpyA
lstrcpynA
lstrlenA

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_unlock
_winmajor
abort
calloc
free
fwrite
malloc
memcpy
strlen
strncmp
vfprintf

ole32

CLSIDFromString
StringFromGUID2

user32

wsprintfA

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

4fb4d15e957b6564bf15c23e80f0202a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

SetTextColor

kernel32

GetCurrentDirectoryA
GetFileAttributesA
GetProcessHeap
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
HeapReAlloc
MulDiv
SetCurrentDirectoryA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

ole32

CoTaskMemFree

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

user32

CallWindowProcA
CharNextA
CharPrevA
CreateDialogParamA
CreateWindowExA
DestroyWindow
DispatchMessageA
DrawFocusRect
DrawTextA
GetClientRect
GetDlgItem
GetMessageA
GetPropA
GetWindowLongA
GetWindowRect
GetWindowTextA
IsDialogMessageA
IsWindow
KillTimer
LoadCursorA
MapDialogRect
MapWindowPoints
RemovePropA
SendMessageA
SetCursor
SetPropA
SetTimer
SetWindowLongA
SetWindowPos
ShowWindow
TranslateMessage
wsprintfA

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 363B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

06e07a9e2c8ec78ec44f1a538a1bd2a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

kernel32

CloseHandle
CopyFileA
CreateFileA
CreateFileMappingA
CreatePipe
CreateProcessA
DeleteFileA
ExitProcess
GetCommandLineA
GetCurrentProcess
GetExitCodeProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetTempFileNameA
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
MapViewOfFile
PeekNamedPipe
ReadFile
Sleep
TerminateProcess
UnmapViewOfFile
WaitForSingleObject
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

user32

CharNextA
CharPrevA
FindWindowExA
OemToCharBuffA
SendMessageA
wsprintfA

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ping.js
.js
$PLUGINSDIR/splash.bmp
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

4fb4d15e957b6564bf15c23e80f0202a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

SetTextColor

kernel32

GetCurrentDirectoryA
GetFileAttributesA
GetProcessHeap
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
HeapReAlloc
MulDiv
SetCurrentDirectoryA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

ole32

CoTaskMemFree

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

user32

CallWindowProcA
CharNextA
CharPrevA
CreateDialogParamA
CreateWindowExA
DestroyWindow
DispatchMessageA
DrawFocusRect
DrawTextA
GetClientRect
GetDlgItem
GetMessageA
GetPropA
GetWindowLongA
GetWindowRect
GetWindowTextA
IsDialogMessageA
IsWindow
KillTimer
LoadCursorA
MapDialogRect
MapWindowPoints
RemovePropA
SendMessageA
SetCursor
SetPropA
SetTimer
SetWindowLongA
SetWindowPos
ShowWindow
TranslateMessage
wsprintfA

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 363B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

06e07a9e2c8ec78ec44f1a538a1bd2a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

kernel32

CloseHandle
CopyFileA
CreateFileA
CreateFileMappingA
CreatePipe
CreateProcessA
DeleteFileA
ExitProcess
GetCommandLineA
GetCurrentProcess
GetExitCodeProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetTempFileNameA
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
MapViewOfFile
PeekNamedPipe
ReadFile
Sleep
TerminateProcess
UnmapViewOfFile
WaitForSingleObject
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

user32

CharNextA
CharPrevA
FindWindowExA
OemToCharBuffA
SendMessageA
wsprintfA

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess2.dll
.dll windows:5 windows x86 arch:x86

a17b21d6d2e59cd74bd6cdff8263fb9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Work\SVN\trunk\NSIS\plugins\nsProcess2\Release\nsProcess2.pdb

Imports

kernel32

lstrcpynA
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
Process32First
OpenProcess
TerminateProcess
Module32First
Process32Next
CreateToolhelp32Snapshot
CloseHandle
IsProcessorFeaturePresent
RtlUnwind
GetCurrentThreadId
DecodePointer
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetLastError
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
HeapSize

user32

wsprintfA

Exports

Exports

KillProcessByName

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ping.js
.js
$PROGRAMFILES/Bench/BService/1.1/bhelper.dll
.dll windows:5 windows x86 arch:x86

4bef99650e1a1ce11d5ea940e31f762d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\WORK\mercurial\50onred\misc\ChromeHook\Release\bhelper.pdb

Imports

netapi32

NetApiBufferAllocate

kernel32

TlsAlloc
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
VirtualProtect
GetLastError
IsBadStringPtrA
IsBadCodePtr
IsBadReadPtr
lstrcmpiA
GetStringTypeW
MultiByteToWideChar
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
WriteFile
LCMapStringW

user32

CallNextHookEx

shlwapi

PathFindFileNameW

Exports

Exports

InstallHook

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Bench/BService/1.1/bhelper64.dll
.dll windows:5 windows x64 arch:x64

81619899425d0d756b26ab74e2ff26fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Work\canvas-kango\misc\ChromeHook\Release\bhelper64.pdb

Imports

netapi32

NetApiBufferAllocate

kernel32

GetFileType
CreateFileW
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
GetModuleHandleW
DecodePointer
GetModuleFileNameW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetProcAddress
VirtualProtect
IsBadStringPtrA
IsBadCodePtr
IsBadReadPtr
lstrcmpiA
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
GetCommandLineA
GetCurrentThreadId
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
RtlUnwindEx
SetLastError
GetStdHandle
RtlPcToFileHeader
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteFile
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LCMapStringW
GetStringTypeW
FlushFileBuffers
GetConsoleCP

user32

CallNextHookEx

shlwapi

PathFindFileNameW

Exports

Exports

InstallHook

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Bench/BService/1.1/bservice.exe
.exe windows:5 windows x86 arch:x86

a321e8e85b87023c654b3bc349d6a404

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

bservice.pdb

Imports

kernel32

GetModuleFileNameW
SetCurrentDirectoryW
LoadLibraryW
GetProcAddress
SetLastError
OpenMutexW
GetLastError
CreateMutexW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
RtlUnwind
GetStringTypeW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCommandLineW
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetCurrentThreadId
LCMapStringW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
Sleep
WideCharToMultiByte
MultiByteToWideChar

user32

TranslateMessage
GetMessageW
UnhookWindowsHookEx
SetWindowsHookExW
DispatchMessageW
BroadcastSystemMessageW

shlwapi

PathRemoveFileSpecW
PathAppendW

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Bench/BService/1.1/bservice64.exe
.exe windows:5 windows x64 arch:x64

a91c729cbbb9c48778b4ee7291b778ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bservice64.pdb

Imports

kernel32

LockResource
GetProcAddress
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetLastError
SetLastError
LoadResource
SizeofResource
CreateMutexW
OpenMutexW
LoadLibraryW
GetModuleFileNameW
FindResourceW
FindResourceExW
SetCurrentDirectoryW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetCommandLineW
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThreadId
GetStdHandle
GetFileType
GetStartupInfoW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LoadLibraryExW
GetStringTypeW
LCMapStringW
CreateFileW

user32

UnhookWindowsHookEx
BroadcastSystemMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SetWindowsHookExW

shlwapi

PathRemoveFileSpecW
PathAppendW

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Bench/NmHost/manifest.json
$PROGRAMFILES/Bench/NmHost/nmhost.exe
.exe windows:5 windows x86 arch:x86

d69fdefcb26f6901696ce759b0109d19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileW
GetProcAddress
GetModuleHandleW
GetLastError
ReadFile
FindResourceExW
GetModuleFileNameW
TerminateProcess
LoadLibraryW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
RtlUnwind
LCMapStringW
GetCPInfo
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
ExitProcess
WriteFile
GetStdHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
SetEndOfFile

shlwapi

PathAppendW
PathAddBackslashW
PathRemoveFileSpecW

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Bench/Updater/$R0
.xml
$PROGRAMFILES/Bench/Updater/1.7.0.0/updater.exe
.exe windows:5 windows x86 arch:x86

6f241fddb3778eb958051a466fe3f6b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseMutex
WaitForSingleObject
lstrcmpiW
CreateMutexW
LoadLibraryExW
GetModuleFileNameW
CreateDirectoryW
TerminateProcess
SetLastError
FindClose
CreateProcessW
GetTempPathW
RemoveDirectoryW
GetFileAttributesW
FindFirstFileW
FindNextFileW
WTSGetActiveConsoleSessionId
ReadFile
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentProcess
GetConsoleCP
FlushFileBuffers
SetStdHandle
LCMapStringW
FreeLibrary
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
CreateFileW
FindResourceExW
FindResourceW
GetModuleHandleW
CloseHandle
SetFilePointer
SetEndOfFile
WriteFile
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
DecodePointer
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GlobalFree
GetProcAddress
GetStringTypeW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetCommandLineW
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
RtlUnwind
EncodePointer
OutputDebugStringW
IsDebuggerPresent
LockResource
WriteConsoleW

user32

DestroyWindow
DefWindowProcW
CharNextW

advapi32

OpenProcessToken
RegCreateKeyExW
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
IsValidSid
GetTokenInformation
CheckTokenMembership
ImpersonateLoggedOnUser
GetUserNameW
FreeSid
AllocateAndInitializeSid
RevertToSelf
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey

shell32

SHGetFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

VarUI4FromStr

shlwapi

PathAddBackslashW
PathAppendW
PathFindFileNameW
PathCanonicalizeW
PathRemoveFileSpecW
PathFileExistsW

wininet

InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetQueryOptionW
InternetSetOptionW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW

comctl32

InitCommonControlsEx

wtsapi32

WTSQueryUserToken

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Bench/Updater/updater.exe
.exe windows:5 windows x86 arch:x86

5fc60cdeaa443836f430e420109925d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FindClose
FindNextFileW
FindFirstFileW
GetModuleFileNameW
CreateProcessW
CloseHandle
CreateFileW
LCMapStringW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCommandLineW
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
RtlUnwind
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetStringTypeW
LoadLibraryW
SetStdHandle
WriteConsoleW
FlushFileBuffers

shlwapi

PathRemoveFileSpecW
PathFindFileNameW

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Bench/Wd/wd.exe
.exe windows:5 windows x86 arch:x86

9a6af95072f984006c279aa522d780ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wd.pdb

Imports

kernel32

FindResourceExW
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetProcAddress
GetCurrentProcess
TerminateProcess
CloseHandle
GetModuleFileNameW
GetModuleHandleW
FindResourceW
SetLastError
Sleep
CreateMutexW
OpenMutexW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FlushFileBuffers
WriteConsoleW
SetStdHandle
LCMapStringW
ExpandEnvironmentStringsW
SizeofResource
LoadResource
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetStringTypeW
CreateFileW
LoadLibraryExW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
RtlUnwind
GetCommandLineW
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
IsProcessorFeaturePresent
GetCurrentThreadId
GetStdHandle
WriteFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

GetMessageW
TranslateMessage
DispatchMessageW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Coupon Server/AppFramework/appAPI_bg.js
.js
$PROGRAMFILES/Coupon Server/AppFramework/appAPI_browseraction.js
.js
$PROGRAMFILES/Coupon Server/AppFramework/appAPI_common.js
.js
$PROGRAMFILES/Coupon Server/AppFramework/appAPI_content.js
.js
$PROGRAMFILES/Coupon Server/AppFramework/appAPI_settings.js
.js
$PROGRAMFILES/Coupon Server/AppFramework/appAPI_webrequest.js
.js
$PROGRAMFILES/Coupon Server/AppFramework/jquery.min.js
.js
$PROGRAMFILES/Coupon Server/CanvasFramework/canvas_bg.js
.js
$PROGRAMFILES/Coupon Server/CanvasFramework/canvasscript_engine.js
.js
$PROGRAMFILES/Coupon Server/CanvasFramework/md5.js
.js
$PROGRAMFILES/Coupon Server/CanvasFramework/registry.js
.js
$PROGRAMFILES/Coupon Server/CanvasFramework/webrequest.js
.js
$PROGRAMFILES/Coupon Server/FrameworkBHO.dll
.dll regsvr32 windows:5 windows x86 arch:x86

0da924c88bf2c5078c6da45f83d97f5a

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:11:41:95:14:7f:3d:93:df:9d:38:dd:30:6d:a6:3a
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

30-04-2014 00:00

Not After

30-04-2015 23:59

Subject

CN=Actually Apps,O=Actually Apps,L=Philadelphia,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ff:cd:f0:18:1b:d3:88:d2:b8:99:59:6f:83:bc:57:5f:e8:e1:a6:2f
Signer

Actual PE Digest

ff:cd:f0:18:1b:d3:88:d2:b8:99:59:6f:83:bc:57:5f:e8:e1:a6:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdiplus

GdipDeleteBrush
GdipCreateSolidFill
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCloneBrush
GdipDeleteGraphics
GdipSetCompositingMode
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipFree
GdipCreateHBITMAPFromBitmap
GdipDeletePath
GdiplusShutdown
GdiplusStartup
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipFillPath
GdipAddPathArcI
GdipClosePathFigure
GdipAlloc
GdipCreatePath
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipFillRectangleI
GdipGraphicsClear
GdipSetPageUnit

wininet

InternetSetCookieW
InternetGetCookieExW

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStartupInfoW
GetFileType
SetFilePointerEx
GetConsoleMode
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
GetCommandLineA
LockResource
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
LoadResource
SizeofResource
FindResourceW
FindResourceExW
MultiByteToWideChar
GetProcAddress
GetVersion
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
RaiseException
GetCurrentThreadId
GetLastError
SetLastError
Sleep
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
MulDiv
lstrcmpW
LoadLibraryW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
OutputDebugStringA
GetFileAttributesW
DecodePointer
FreeLibrary
TerminateProcess
CloseHandle
CreateFileW
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
GetVersionExW
lstrcmpiW
LoadLibraryExW
LoadLibraryA
EncodePointer
GetThreadLocale
SetThreadLocale
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
IsDebuggerPresent
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
RtlUnwind
WideCharToMultiByte
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteConsoleW
EnterCriticalSection

user32

GetActiveWindow
GetMonitorInfoW
MonitorFromPoint
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
GetSystemMetrics
IsWindowVisible
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
GetWindowDC
GetMenu
UpdateLayeredWindow
LoadCursorW
GetWindow
GetClassNameW
FindWindowExW
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
FillRect
GetSysColor
ScreenToClient
ClientToScreen
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
SetWindowPos
MoveWindow
DestroyWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
SendMessageW
RegisterWindowMessageW
IsChild

gdi32

ExtTextOutW
SetBkMode
GetTextExtentPoint32W
GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush

advapi32

RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

ole32

CoCreateInstance
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
OleUninitialize
OleLockRunning
CoTaskMemRealloc
CreateStreamOnHGlobal

oleaut32

VariantChangeType
SysAllocStringByteLen
SysStringByteLen
SysAllocString
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
SysStringLen
LoadTypeLi
LoadRegTypeLi
DispCallFunc
UnRegisterTypeLi
OleCreateFontIndirect
VariantCopy
VarUI4FromStr
RegisterTypeLi

shlwapi

PathFileExistsW
PathAddBackslashW
PathRemoveFileSpecW

urlmon

CoInternetGetSession
CreateUri

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Coupon Server/FrameworkBHO64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

9f513a865fc6eb2c7ae3bd184e108954

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:11:41:95:14:7f:3d:93:df:9d:38:dd:30:6d:a6:3a
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

30-04-2014 00:00

Not After

30-04-2015 23:59

Subject

CN=Actually Apps,O=Actually Apps,L=Philadelphia,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

2c:a6:b3
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

01-04-2014 07:00

Not After

01-04-2019 07:00

Subject

CN=Starfield Services Timestamp Authority,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, LLC,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a2:ab:5c:3f:df:df:66:65:5a:2b:a6:38:b1:0c:26:cd:7b:94:6e:20
Signer

Actual PE Digest

a2:ab:5c:3f:df:df:66:65:5a:2b:a6:38:b1:0c:26:cd:7b:94:6e:20

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

gdiplus

GdipDeleteBrush
GdipCreateSolidFill
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCloneBrush
GdipDeleteGraphics
GdipSetCompositingMode
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipFree
GdipCreateHBITMAPFromBitmap
GdipDeletePath
GdiplusShutdown
GdiplusStartup
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipFillPath
GdipAddPathArcI
GdipClosePathFigure
GdipAlloc
GdipCreatePath
GdipDrawImageRectRect
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateBitmapFromResource
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromFile
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipFillRectangleI
GdipGraphicsClear
GdipSetPageUnit

wininet

InternetSetCookieW
InternetGetCookieExW

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStartupInfoW
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
WriteFile
GetStdHandle
ExitProcess
LockResource
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
LoadResource
SizeofResource
FindResourceW
FindResourceExW
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
RaiseException
GetCurrentThreadId
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
Sleep
lstrcmpW
LoadLibraryW
GetModuleFileNameW
GetModuleHandleExW
OutputDebugStringA
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
DecodePointer
FreeLibrary
GetProcAddress
OpenProcess
TerminateProcess
GetFileSize
ReadFile
CloseHandle
GetModuleHandleW
GetTempPathW
GetTempFileNameW
CreateFileW
InitializeCriticalSection
DisableThreadLibraryCalls
GetVersionExW
lstrcmpiW
LoadLibraryExW
EncodePointer
GetThreadLocale
SetThreadLocale
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
IsDebuggerPresent
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
VirtualAlloc
VirtualFree
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
WideCharToMultiByte
IsProcessorFeaturePresent
GetCommandLineA
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteConsoleW
SetEndOfFile
MulDiv

user32

GetActiveWindow
GetMonitorInfoW
MonitorFromPoint
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
GetSystemMetrics
IsWindowVisible
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
GetWindowDC
GetMenu
UpdateLayeredWindow
LoadCursorW
GetWindow
GetClassNameW
FindWindowExW
GetParent
GetDesktopWindow
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
FillRect
GetSysColor
ScreenToClient
ClientToScreen
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
MoveWindow
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
SendMessageW
RegisterWindowMessageW
SetWindowPos

gdi32

ExtTextOutW
SetBkMode
GetTextExtentPoint32W
GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DeleteDC

advapi32

CryptDestroyHash
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

shell32

SHGetFolderPathW

ole32

CoCreateInstance
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
OleUninitialize
OleLockRunning
CreateStreamOnHGlobal
CoTaskMemRealloc

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
SysStringLen
LoadTypeLi
LoadRegTypeLi
DispCallFunc
VariantChangeType
OleCreateFontIndirect
VariantCopy
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SysStringByteLen
SysAllocStringByteLen

shlwapi

PathRemoveFileSpecW
PathStripPathW
PathFileExistsW
PathAddBackslashW

urlmon

CoInternetGetSession
CreateUri

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Coupon Server/FrameworkEngine.exe
.exe windows:5 windows x86 arch:x86

0b41e06fad3d405b1252e52ef1a67df6

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:11:41:95:14:7f:3d:93:df:9d:38:dd:30:6d:a6:3a
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

30-04-2014 00:00

Not After

30-04-2015 23:59

Subject

CN=Actually Apps,O=Actually Apps,L=Philadelphia,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23-08-2013 00:00

Not After

23-09-2024 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e2:e8:55:c0:c3:f6:42:f0:8a:9e:b9:91:d6:ef:54:34:8a:17:da:d1
Signer

Actual PE Digest

e2:e8:55:c0:c3:f6:42:f0:8a:9e:b9:91:d6:ef:54:34:8a:17:da:d1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetSetCookieW
InternetSetCookieExW
InternetGetCookieExW

kernel32

OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
lstrcmpW
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
GetFileSize
FreeLibrary
TerminateProcess
ReadFile
CreateFileW
DecodePointer
CloseHandle
WriteFile
DeleteFileW
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
FreeConsole
WriteConsoleW
AllocConsole
GetStdHandle
SetConsoleTitleW
lstrcmpiW
LoadLibraryExW
LoadLibraryA
SetEvent
GetCommandLineW
InterlockedDecrement
InterlockedIncrement
WaitForSingleObject
Sleep
CreateEventW
CreateThread
TerminateThread
RtlUnwind
GetModuleFileNameW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
GetModuleHandleExW
ExitProcess
ExitThread
EncodePointer
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
ReadConsoleW
SetFilePointerEx
GetFileType
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
LCMapStringW
GetConsoleMode
LoadLibraryW
GetFileAttributesW
GetVersion
GetProcAddress
GetModuleHandleW
GetModuleHandleA
SetLastError
RaiseException
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetStringTypeW
SetStdHandle
FlushFileBuffers
SetEndOfFile

user32

GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindowTextLengthW
GetDlgItem
IsWindow
GetClassNameW
GetSysColor
CharNextW
SetWindowPos
RedrawWindow
CreateWindowExW
DestroyWindow
RegisterWindowMessageW
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
EndDialog
PostThreadMessageW
CharUpperW
GetMessageW
TranslateMessage
DispatchMessageW
LoadImageW
MessageBoxW
GetActiveWindow
GetSystemMetrics
GetForegroundWindow
ShowWindow
DialogBoxParamW
SystemParametersInfoW
SetTimer
KillTimer
GetWindow
CreateAcceleratorTableW
ClientToScreen
GetParent
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
GetClientRect
InvalidateRgn
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
GetWindowLongW
SetWindowLongW
CallWindowProcW
DefWindowProcW
LoadCursorW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
SendMessageW
FindWindowExW
PostMessageW
GetWindowRect

gdi32

GetDeviceCaps
GetObjectW
GetStockObject
DeleteDC
BitBlt
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush

advapi32

CryptReleaseContext
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
CryptHashData
RegSetValueExW
RegCloseKey
CryptDestroyHash
CryptDestroyKey
RegOpenKeyExW
CryptGetHashParam
CryptAcquireContextW
RegCreateKeyExW
RegDeleteValueW
CryptCreateHash

shell32

SHGetFolderPathW

ole32

CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects
CoReleaseServerProcess
CoAddRefServerProcess
CoUninitialize
CoInitialize
StringFromCLSID
CoTaskMemRealloc
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
OleUninitialize
CoCreateInstance
OleInitialize

oleaut32

SysAllocString
SysAllocStringLen
VariantInit
VariantClear
SysStringLen
SysStringByteLen
SysAllocStringByteLen
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantCopy
OleCreateFontIndirect
DispCallFunc
LoadTypeLi
LoadRegTypeLi
SysFreeString

shlwapi

PathStripPathW
PathFileExistsW
PathAddBackslashW
PathRemoveFileSpecW

urlmon

URLDownloadToFileW

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Coupon Server/background.html
$PROGRAMFILES/Coupon Server/config.xml
.xml
$PROGRAMFILES/Coupon Server/extension_info.json
$PROGRAMFILES/Coupon Server/framework-ui/browser_button.js
.js
$PROGRAMFILES/Coupon Server/framework-ui/context_menu.js
.js
$PROGRAMFILES/Coupon Server/framework-ui/context_menu_item_handler.html
.html
$PROGRAMFILES/Coupon Server/framework-ui/framework_api.js
.js
$PROGRAMFILES/Coupon Server/framework-ui/notification.html
.html .js polyglot
$PROGRAMFILES/Coupon Server/framework-ui/notifications.js
.js
$PROGRAMFILES/Coupon Server/framework-ui/options.js
.js
$PROGRAMFILES/Coupon Server/framework-ui/theme/bubble/bottom-left.png
.png
$PROGRAMFILES/Coupon Server/framework-ui/theme/bubble/bottom-middle.png
.png
$PROGRAMFILES/Coupon Server/framework-ui/theme/bubble/bottom-right.png
.png
$PROGRAMFILES/Coupon Server/framework-ui/theme/bubble/middle-left.png
.png
$PROGRAMFILES/Coupon Server/framework-ui/theme/bubble/middle-right.png
.png
$PROGRAMFILES/Coupon Server/framework-ui/theme/bubble/tail-bottom.png
.png
$PROGRAMFILES/Coupon Server/framework-ui/theme/bubble/tail-left.png
.png
$PROGRAMFILES/Coupon Server/framework-ui/theme/bubble/tail-right.png
.png
$PROGRAMFILES/Coupon Server/framework-ui/theme/bubble/tail-top.png
.png
$PROGRAMFILES/Coupon Server/framework-ui/theme/bubble/top-left.png
.png
$PROGRAMFILES/Coupon Server/framework-ui/theme/bubble/top-middle.png
.png
$PROGRAMFILES/Coupon Server/framework-ui/theme/bubble/top-right.png
.png
$PROGRAMFILES/Coupon Server/framework-ui/ui_base.js
.js
$PROGRAMFILES/Coupon Server/framework/backgroundscript_engine.js
.js
$PROGRAMFILES/Coupon Server/framework/base.js
.js
$PROGRAMFILES/Coupon Server/framework/browser.js
.js
$PROGRAMFILES/Coupon Server/framework/console.js
.js
$PROGRAMFILES/Coupon Server/framework/framework.js
.js
$PROGRAMFILES/Coupon Server/framework/global.js
.js
$PROGRAMFILES/Coupon Server/framework/i18n.js
.js
$PROGRAMFILES/Coupon Server/framework/initialize.js
.js
$PROGRAMFILES/Coupon Server/framework/invoke_async.js
.js
$PROGRAMFILES/Coupon Server/framework/io.js
.js
$PROGRAMFILES/Coupon Server/framework/json2.js
.js
$PROGRAMFILES/Coupon Server/framework/lang.js
.js
$PROGRAMFILES/Coupon Server/framework/legacy.js
$PROGRAMFILES/Coupon Server/framework/message_target.js
.js
$PROGRAMFILES/Coupon Server/framework/messaging.js
.js
$PROGRAMFILES/Coupon Server/framework/storage.js
.js
$PROGRAMFILES/Coupon Server/framework/timer.js
.js
$PROGRAMFILES/Coupon Server/framework/updater.js
.js
$PROGRAMFILES/Coupon Server/framework/userscript_client.js
.js
$PROGRAMFILES/Coupon Server/framework/userscript_engine.js
.js
$PROGRAMFILES/Coupon Server/framework/utils.js
.js
$PROGRAMFILES/Coupon Server/framework/xhr.js
.js
$PROGRAMFILES/Coupon Server/icons/button.png
.png
$PROGRAMFILES/Coupon Server/icons/icon100.png
.png
$PROGRAMFILES/Coupon Server/icons/icon128.png
.png
$PROGRAMFILES/Coupon Server/icons/icon32.png
.png
$PROGRAMFILES/Coupon Server/icons/icon48.png
.png
$R0/$PROGRAMFILES/Bench/Proxy/cl.exe
.exe windows:5 windows x86 arch:x86

53e440eab525a2322ed7c3bbc0d56450

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

settings_cleaner.pdb

Imports

kernel32

SizeofResource
LockResource
LoadResource
WideCharToMultiByte
FindResourceExW
MultiByteToWideChar
GetModuleHandleW
FindResourceW
GetProcAddress
LoadLibraryW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCommandLineW
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
IsProcessorFeaturePresent
RtlUnwind
LCMapStringW
GetStringTypeW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW

wininet

InternetSetOptionW

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0/$PROGRAMFILES/Bench/Proxy/icon.ico
$R0/$PROGRAMFILES/Bench/Proxy/proc.exe
.exe windows:5 windows x86 arch:x86

3ef7c6817c49370cf30fb881a7d8aa31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

proxy.pdb

Imports

wininet

InternetQueryOptionW
HttpQueryInfoW
InternetCloseHandle
InternetReadFile
InternetOpenW
InternetConnectW
HttpOpenRequestW
InternetSetOptionW
HttpSendRequestW

kernel32

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
GetFileSize
CreateMutexW
ReleaseMutex
ReadFile
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesW
SetLastError
GetCurrentProcess
TerminateProcess
OpenProcess
LoadLibraryW
GetModuleFileNameW
CreateProcessW
WTSGetActiveConsoleSessionId
GetTempPathW
FreeLibrary
CreateDirectoryW
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetVersionExW
GetCurrentThreadId
WaitForMultipleObjects
EnumSystemLocalesA
GetLocaleInfoA
DeleteFileW
FatalAppExitA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GlobalFree
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
SetEndOfFile
SetFilePointer
WriteFile
GetModuleHandleW
GetProcAddress
CreateFileW
GetLastError
Sleep
WaitForSingleObject
TerminateThread
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
ExpandEnvironmentStringsW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
IsValidLocale
SetConsoleCtrlHandler
SetEnvironmentVariableA
InterlockedExchange
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleW
GetTimeZoneInformation
LCMapStringW
GetLocaleInfoW
GetStdHandle
ExitProcess
HeapCreate
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetDateFormatW
GetTimeFormatW
CompareStringW
GetUserDefaultLCID
GetSystemTimeAsFileTime
RtlUnwind
EncodePointer
DecodePointer
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount

user32

GetSystemMetrics
GetMessageW
TranslateMessage
CreateWindowExW
ShowWindow
UpdateWindow
RegisterClassExW
DefWindowProcW
GetWindowLongW
SetWindowLongW
DispatchMessageW

gdi32

GetStockObject

advapi32

RegQueryInfoKeyW
CryptDestroyHash
RegQueryValueExW
RegDeleteValueW
RegOpenKeyW
RegEnumKeyW
RegCreateKeyExW
RegEnumValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCloseKey
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptReleaseContext
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
CreateProcessAsUserW
GetUserNameW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CryptDestroyKey

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteW

ole32

CoInitialize
CoUninitialize
StringFromCLSID
CoTaskMemFree

oleaut32

SysFreeString

shlwapi

PathCanonicalizeW
PathSkipRootW
PathRemoveFileSpecW
PathFindFileNameW
PathAddBackslashW
PathFileExistsW
PathRemoveBackslashW
PathIsDirectoryW

psapi

EnumProcesses

wtsapi32

WTSQueryUserToken

rpcrt4

UuidCreate

iphlpapi

GetExtendedTcpTable

ws2_32

send
freeaddrinfo
socket
getaddrinfo
WSAStartup
connect
ntohs
closesocket
select
WSAGetLastError
WSACleanup
recv
accept
listen
bind

Sections

.text
Size: 361KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0/$PROGRAMFILES/Bench/Proxy/pwdg.exe
.exe windows:5 windows x86 arch:x86

26dc1f8472657aa453b49573c612809d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ProxyWatchdog.pdb

Imports

kernel32

LoadLibraryW
MultiByteToWideChar
WriteFile
GetVersionExW
GetModuleHandleW
GlobalFree
CreateMutexW
ReleaseMutex
Sleep
FlushInstructionCache
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
RaiseException
CreateThread
TerminateThread
SetFilePointer
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
RtlUnwind
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
Process32NextW
FreeEnvironmentStringsW
GetStringTypeW
LCMapStringW
HeapCreate
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
SetLastError
CreateFileW
WaitForSingleObject
GetCurrentProcess
GetModuleFileNameW
GetProcAddress
SizeofResource
GetLastError
CloseHandle
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LockResource
GetEnvironmentStringsW

user32

GetParent
GetDlgItem
SetWindowPos
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
GetWindow
MonitorFromWindow
GetWindowLongW
SetWindowLongW
EndDialog
SendMessageW
DispatchMessageW
GetMonitorInfoW
GetWindowRect
GetClientRect
MapWindowPoints
MonitorFromPoint
DestroyMenu
GetSubMenu
TrackPopupMenu
LoadMenuW
SetMenuItemInfoW
SetForegroundWindow
GetCursorPos
LoadImageW
CallWindowProcW
DestroyIcon
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
PostQuitMessage
DestroyWindow
DefWindowProcW
DialogBoxParamW
PostMessageW
GetActiveWindow
LoadIconW
GetMessageW
TranslateMessage
UnregisterClassA

advapi32

RegEnumValueW
RegQueryValueExW
RegEnumKeyW
RegOpenKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

ShellExecuteW
Shell_NotifyIconW

shlwapi

PathRemoveFileSpecW

psapi

GetModuleFileNameExW

wininet

InternetQueryOptionW
InternetSetOptionW
InternetOpenW
InternetReadFile
InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
HttpSendRequestW
InternetConnectW

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftwareDetector.exe
.exe windows:5 windows x86 arch:x86

73a50ebe6d6d383fba1f0ed9c3678c8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

SoftwareDetector.pdb

Imports

kernel32

GetProcAddress
InterlockedIncrement
lstrlenW
GetModuleHandleW
InterlockedDecrement
ReadFile
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlUnwind
GetCommandLineW
HeapSetInformation
HeapFree
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapAlloc
IsProcessorFeaturePresent
CloseHandle
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
ExitProcess
WriteFile
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
HeapSize
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileW
LoadLibraryW
LCMapStringW
MultiByteToWideChar
GetStringTypeW
SetFilePointer
WriteConsoleW
SetEndOfFile
GetProcessHeap

user32

LoadStringW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
chrome_gp_update.js
.js
chrome_installer.js
.js
clear_cache.js
.js
common.js
.js
firefox/AppFramework/appAPI_bg.js
.js
firefox/AppFramework/appAPI_browseraction.js
.js
firefox/AppFramework/appAPI_common.js
.js
firefox/AppFramework/appAPI_content.js
.js
firefox/AppFramework/appAPI_settings.js
.js
firefox/AppFramework/appAPI_webrequest.js
.js
firefox/AppFramework/jquery.min.js
.js
firefox/CanvasFramework/canvas_bg.js
.js
firefox/CanvasFramework/canvasscript_engine.js
.js
firefox/CanvasFramework/md5.js
.js
firefox/CanvasFramework/registry.js
.js
firefox/CanvasFramework/webrequest.js
.js
firefox/background.html
firefox/bootstrap.js
.js
firefox/chrome.manifest
firefox/extension_info.json
firefox/framework-ui/browser_button.js
.js
firefox/framework-ui/contentNotification.tmpl
firefox/framework-ui/contentNotificationStyle.tmpl
firefox/framework-ui/content_notifications.js
.js
firefox/framework-ui/context_menu.js
.js
firefox/framework-ui/framework_api.js
.js
firefox/framework-ui/notifications.js
.js
firefox/framework-ui/options.js
.js
firefox/framework-ui/ui_base.js
.js
firefox/framework/backgroundscript_engine.js
.js
firefox/framework/base.js
.js
firefox/framework/browser.js
.js
firefox/framework/chrome_windows.js
.js
firefox/framework/console.js
.js
firefox/framework/content_proxy.js
.js
firefox/framework/framework.js
.js
firefox/framework/i18n.js
.js
firefox/framework/invoke_async.js
.js
firefox/framework/io.js
.js
firefox/framework/lang.js
.js
firefox/framework/legacy.js
firefox/framework/message_target.js
.js
firefox/framework/messaging.js
.js
firefox/framework/storage.js
.js
firefox/framework/timer.js
.js
firefox/framework/uninstall.js
.js
firefox/framework/userscript_client.js
.js
firefox/framework/userscript_engine.js
.js
firefox/framework/utils.js
.js
firefox/framework/xhr.js
.js
firefox/icons/button.png
.png
firefox/icons/icon100.png
.png
firefox/icons/icon128.png
.png
firefox/icons/icon32.png
.png
firefox/icons/icon48.png
.png
firefox/install.rdf
.xml
firefox_installer.js
.js
gpedit.exe
.exe windows:5 windows x86 arch:x86

beca21e2b660debd11ab2eb6b5b7514e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetProcAddress
MultiByteToWideChar
FindResourceExW
LoadResource
LockResource
SizeofResource
lstrlenW
FindResourceW
CloseHandle
CreateFileW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlUnwind
GetCommandLineW
HeapSetInformation
EncodePointer
DecodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
IsProcessorFeaturePresent
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LoadLibraryW
LCMapStringW
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

advapi32

RegCreateKeyExW
RegDeleteValueW
RegEnumValueW
RegCloseKey
RegSetValueExW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
icon.ico
ie_installer.js
.js
info.xml
.xml
installer.js
.js
main_installer.js
.js
migrate.js
.js
projectInstaller.js
.js
repair.js
.js
sqlite3.exe
.exe windows:4 windows x86 arch:x86

27da149de9afed20b5dc5d5889566b10

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
ExitProcess
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TlsGetValue
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_access
_assert
_cexit
_flsbuf
_iob
_isatty
_isctype
_onexit
_pclose
_pctype
_popen
_setmode
_winmajor
abort
atexit
atoi
calloc
exit
fclose
fflush
fgets
fopen
fprintf
fputc
fputs
free
fwrite
getenv
localtime
malloc
memcmp
memmove
memset
printf
putchar
puts
qsort
realloc
signal
strcmp
strncmp
strncpy
strtol
tolower
vfprintf

Sections

.text
Size: 420KB - Virtual size: 419KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
storageedit.exe
.exe windows:5 windows x86 arch:x86

6003f1768a9ba54a9f149b29b92d5dd1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

storageedit.pdb

Imports

kernel32

MultiByteToWideChar
GetLastError
GetProcAddress
LockResource
CloseHandle
CreateFileW
DeleteFileW
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetModuleFileNameW
ReadFile
TerminateProcess
SizeofResource
LoadLibraryW
GetModuleHandleW
LoadResource
FreeLibrary
FindResourceW
FindResourceExW
GetFileSize
WriteFile
LCMapStringW
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetStringTypeW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

advapi32

CryptDestroyHash
CryptDestroyKey
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptHashData

shell32

SHGetFolderPathW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree

shlwapi

PathFileExistsW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe.nsis

Sharing

General

Malware Config

Signatures

Files

28a099a911237a28521d8b7ea250f089

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

76:11:41:95:14:7f:3d:93:df:9d:38:dd:30:6d:a6:3aCertificate

Extended Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

fd:2e:96:92:0a:81:52:70:1c:97:78:95:cb:0e:f3:cb:39:43:60:02Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

version

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 136B

.rdata Size: 9KB - Virtual size: 8KB

.bss Size: - Virtual size: 106KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 1024B - Virtual size: 88KB

.rsrc Size: 34KB - Virtual size: 34KB

ea0aa0a9e9dc166e514586b9219c0789

Headers

File Characteristics

Imports

kernel32

msvcrt

ole32

user32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 52B

.rdata Size: 1024B - Virtual size: 828B

.bss Size: - Virtual size: 1KB

.edata Size: 512B - Virtual size: 160B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 1KB - Virtual size: 1KB

28a099a911237a28521d8b7ea250f089

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

version

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 140B

.rdata Size: 9KB - Virtual size: 8KB

.bss Size: - Virtual size: 106KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 1024B - Virtual size: 48KB

.rsrc Size: 36KB - Virtual size: 36KB

ea0aa0a9e9dc166e514586b9219c0789

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

76:11:41:95:14:7f:3d:93:df:9d:38:dd:30:6d:a6:3a
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

fd:2e:96:92:0a:81:52:70:1c:97:78:95:cb:0e:f3:cb:39:43:60:02
Signer

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 136B

.rdata
Size: 9KB - Virtual size: 8KB

.bss
Size: - Virtual size: 106KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 1024B - Virtual size: 88KB

.rsrc
Size: 34KB - Virtual size: 34KB

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 52B

.rdata
Size: 1024B - Virtual size: 828B

.bss
Size: - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 160B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 140B

.rdata
Size: 9KB - Virtual size: 8KB

.bss
Size: - Virtual size: 106KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 1024B - Virtual size: 48KB

.rsrc
Size: 36KB - Virtual size: 36KB

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 52B

.rdata
Size: 1024B - Virtual size: 828B

.bss
Size: - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 160B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 512B - Virtual size: 176B

.bss
Size: - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 363B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 140B

.reloc
Size: 512B - Virtual size: 464B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 100B

.bss
Size: - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 108B

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 308B

UPX0
Size: - Virtual size: 24KB

UPX1
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 912B