81fea16538ea9b3e785edf5fe2135b32_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

81fea16538ea9b3e785edf5fe2135b32_JaffaCakes118
Size

2.0MB
MD5

81fea16538ea9b3e785edf5fe2135b32
SHA1

2937b7f3f8571e301ee6159a64567ccaf003866e
SHA256

16009e1e8c1f314061e08b267092d36dc4601c14efdf200b8d72a98b135eba88
SHA512

1f07aa16e79fe7c5b51af7cd9151e2db3b3cf44b1d8ed72a5076573a9a27d30ed3a8abcc434c836cddc4179c360793152156a5d6c51d98dde14aab0063d6be43
SSDEEP

49152:Jlxf/Za32ZdpKt9Qh1fzwUfrEoUwbnN6/yEjS7Q08Grq1eoNjXh2:Jw32ZdpjfsmNR6an7/8Jn

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll

Files

81fea16538ea9b3e785edf5fe2135b32_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/PublisherLogoDefault.bmp
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/alerts_icon.bmp
$PLUGINSDIR/home_icon.bmp
$PLUGINSDIR/license.txt
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/search_icon.bmp
$PLUGINSDIR/setup_top.bmp
$PLUGINSDIR/truste_setup.bmp
$PROGRAMFILES/$_36_/$_46_
.dll regsvr32 windows:5 windows x86 arch:x86

bc01c9c9fecf22ab8caa8bede8a64cb5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Conduit\RnD\Client\IE\Dev\6.8\6.8.2\ConduitToolbar\Release\tbedrs.pdb

Imports

comctl32

ord17
CreateToolbarEx
InitCommonControlsEx
CreatePropertySheetPageW
PropertySheetW
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_Create

wininet

InternetSetOptionW
InternetOpenUrlW
InternetReadFile
InternetOpenW
InternetOpenA
GetUrlCacheEntryInfoW
InternetGetConnectedState
InternetQueryOptionA
InternetCrackUrlA
InternetSetCookieW
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetGetCookieW
InternetSetOptionA
InternetCloseHandle
HttpOpenRequestA
InternetSetOptionExA
HttpSendRequestA
HttpQueryInfoA
InternetGetLastResponseInfoA
InternetConnectA
InternetCanonicalizeUrlA

shlwapi

StrCpyW
PathFileExistsW
PathFindFileNameW
SHDeleteKeyA
UrlEscapeW

wsock32

socket
WSACleanup
WSAStartup
closesocket
gethostbyname
WSAGetLastError
setsockopt
WSASetLastError
ioctlsocket
htons
connect
send
recv
select

msimg32

GradientFill

urlmon

ObtainUserAgentString
URLDownloadToFileW

crypt32

CryptMsgClose
CertCloseStore
CryptMsgGetParam
CryptUnprotectData
CryptProtectData
CertFreeCertificateContext
CertGetNameStringW
CertGetNameStringA
CertFindCertificateInStore
CryptQueryObject

winmm

PlaySoundA
sndPlaySoundW
PlaySoundW
timeGetTime

kernel32

ReleaseMutex
Sleep
GetCurrentProcessId
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
InterlockedExchange
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
LCMapStringA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetModuleFileNameA
GetStdHandle
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
ExitProcess
TlsFree
RtlUnwind
RaiseException
GetFileType
GetConsoleMode
GetConsoleCP
MoveFileW
GetDateFormatA
CloseHandle
GetCommandLineA
HeapReAlloc
HeapAlloc
CreateRemoteThread
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitThread
GetProcessHeap
HeapFree
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
TlsGetValue
TlsSetValue
TlsAlloc
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
GetOverlappedResult
WriteFile
SetNamedPipeHandleState
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetThreadPriority
GetCurrentThread
MoveFileExW
FindClose
FindNextFileW
RemoveDirectoryW
FindFirstFileW
GetFileTime
GetSystemTimeAsFileTime
GetComputerNameW
SetFileAttributesW
Process32Next
Process32First
DeleteFileW
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GetExitCodeProcess
LocalAlloc
ReadFile
GlobalLock
GlobalAlloc
GetFileSize
CreateFileW
LoadLibraryA
GlobalFree
GlobalUnlock
SizeofResource
MulDiv
SetLastError
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
LoadLibraryW
FreeLibrary
TerminateThread
lstrlenW
GetModuleHandleA
InterlockedDecrement
OutputDebugStringW
GetVersionExA
GetShortPathNameW
GetUserDefaultLCID
GetLongPathNameW
CreateDirectoryW
WaitForMultipleObjects
CreateEventA
SetEvent
CreateThread
VirtualProtect
FlushInstructionCache
GetCurrentProcess
CreateProcessW
ExpandEnvironmentStringsW
GetLocaleInfoW
GetTempPathW
Beep
GetTimeFormatW
GetDateFormatW
GetLocalTime
SystemTimeToFileTime
FreeResource
LockResource
LoadResource
FindResourceW
GetTimeFormatA
GetFileAttributesW
GetProcAddress
GetModuleHandleW
VirtualAllocEx
CopyFileW
WaitForSingleObject
CreateEventW
LocalFree
lstrcpyA
lstrcpyW
InterlockedIncrement
CreateMutexW
OpenProcess
GetModuleFileNameW
GetTickCount
GetLastError
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
VirtualFreeEx
IsDebuggerPresent
WriteProcessMemory

user32

SendMessageA
SetWindowTextW
SetWindowTextA
MoveWindow
ShowWindow
SetWindowLongW
wsprintfW
SetDlgItemTextW
GetClientRect
GetWindowRect
GetDlgCtrlID
GetWindowLongW
IsWindow
ClientToScreen
InvalidateRect
CallWindowProcA
PostMessageA
DefWindowProcW
DefWindowProcA
CreateWindowExW
SetWindowPos
FindWindowExW
GetMessageA
TranslateMessage
LoadCursorW
GetMessageW
PeekMessageW
IsRectEmpty
RegisterClassExW
GetClassInfoExW
SetClassLongA
CharUpperW
CopyRect
GetDlgItem
GetParent
GetMenuItemInfoA
InflateRect
SetLayeredWindowAttributes
LoadImageW
GetWindowRgn
MessageBeep
GetActiveWindow
IsDialogMessageW
IsDialogMessageA
MessageBoxW
MessageBoxA
DialogBoxParamW
DialogBoxParamA
CreateDialogParamA
CreateDialogParamW
TrackPopupMenuEx
SetDlgItemInt
GetKeyState
SetForegroundWindow
GetDlgItemTextA
SetClassLongW
FrameRect
DrawFrameControl
AllowSetForegroundWindow
DeferWindowPos
DrawEdge
MsgWaitForMultipleObjects
PeekMessageA
PostThreadMessageA
SetParent
GetDlgItemTextW
GetScrollInfo
GetMenuItemRect
GetMenuState
GetMenuItemInfoW
SetMenuItemInfoW
CheckMenuItem
EnableMenuItem
DeleteMenu
TrackPopupMenu
InsertMenuItemA
GetMenuItemCount
CreatePopupMenu
DestroyMenu
GetMenuItemID
SetMenuInfo
GetMenuInfo
IsMenu
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
CharLowerBuffA
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetUpdateRect
GetCapture
ReleaseCapture
SetCapture
SetActiveWindow
EndPaint
BeginPaint
SetRect
OffsetRect
DrawIconEx
GetIconInfo
DestroyIcon
GetSystemMetrics
FillRect
UnregisterClassA
GetForegroundWindow
GetWindowTextLengthW
EnumWindows
EndDialog
GetWindowTextW
GetAsyncKeyState
SendMessageW
SetWindowRgn
RegisterWindowMessageA
GetClassNameW
SetWindowLongA
GetWindowLongA
GetDesktopWindow
IsChild
GetFocus
GetSysColor
CallWindowProcW
IsWindowUnicode
DispatchMessageW
GetWindowThreadProcessId
PostMessageW
SetFocus
PtInRect
ScreenToClient
GetCursorPos
IsWindowVisible
SetRectEmpty
SetCursor
ReleaseDC
DrawTextW
GetDC
KillTimer
SetTimer
FindWindowW
UnregisterClassW
RegisterClassW
LoadCursorA
GetClassInfoW
DestroyWindow
DispatchMessageA
SystemParametersInfoW
DrawFocusRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClassNameA
EnumChildWindows
SendMessageTimeoutA
SendInput
IsIconic
GetLastInputInfo
RegisterWindowMessageW
MonitorFromRect
GetMonitorInfoA

gdi32

StretchBlt
SetStretchBltMode
GetStretchBltMode
GetObjectW
FrameRgn
OffsetRgn
SetRectRgn
ExcludeClipRect
TextOutW
SetTextAlign
GetPixel
CombineRgn
BitBlt
CreateCompatibleBitmap
Polygon
GdiFlush
SetPixel
GetObjectA
GetTextAlign
GetLayout
GetTextExtentPoint32W
Rectangle
DeleteDC
CreateCompatibleDC
SetBkColor
CreateSolidBrush
CreateFontIndirectW
CreateRectRgn
DeleteObject
LineTo
MoveToEx
SelectObject
CreatePen
SetWindowOrgEx
GetWindowOrgEx
SetTextColor
SetBkMode
GetStockObject
RoundRect
GetDeviceCaps
PtInRegion
GetTextColor
GetDIBits
CreateDCW
GetBkColor
GetBkMode
PlgBlt
RealizePalette
SelectPalette
SetLayout

comdlg32

GetOpenFileNameW

advapi32

OpenProcessToken
RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExA
RegDeleteKeyA
RegSetValueA
RegSetValueW
DeleteAce
LookupAccountSidW
GetAce
GetNamedSecurityInfoW
SetEntriesInAclA
SetNamedSecurityInfoW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
DuplicateTokenEx
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExW

shell32

ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW

ole32

CoTaskMemFree
IIDFromString
CoCreateGuid
CoUninitialize
CoGetMalloc
CoInitializeEx
CreateStreamOnHGlobal
CoCreateInstance
StringFromIID
CoInitialize
StringFromGUID2
CLSIDFromString

oleaut32

SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocString
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
CreateDispTypeInfo
VariantCopy
OleLoadPicture
VariantClear
VariantChangeType
SysAllocStringByteLen
SysStringLen
VarBstrCmp
SysAllocStringLen
SysStringByteLen
VariantInit

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses
GetProcessMemoryInfo
GetModuleFileNameExW
GetProcessImageFileNameW

dnsapi

DnsQuery_A

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Exports

Exports

DLLOnUninstallEraseAll
DllBrowserSearchProtectorRevert
DllCanUnloadNow
DllCleanEnableExtensionDoing
DllConnectToIE
DllDeleteOldName
DllEnableExtension
DllExpireSocialCookies
DllGetClassObject
DllGetInstallFileNameExt
DllGetInstallFileNameExtW
DllHomePageProtectorRevert
DllModifySearchEngine
DllOnUninstall
DllOnUpdateFinish
DllProxyRegisterEngineEmbeddedUpdate
DllProxyRegisterServer
DllProxyUnregisterServer
DllRegisterEngineEmbeddedUpdate
DllRegisterServer
DllRunIEMediumIntegrity
DllRunNonSilentInstall
DllSendAutoUpdateRevertLog
DllSendInstallationUsage
DllShowUninstallDialog
DllSingleComponentInstall
DllUpdate
DllVerifyEnableExtension
DllWriteSocialCookies

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 711KB - Virtual size: 710KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_117_/$_117_/$_122_
.dll regsvr32 windows:5 windows x86 arch:x86

90e03e8777b94714012c80a85d64013c

Code Sign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Conduit\RnD\Client\IE\Dev\5.4\SingleComponent\Alert\Release\Alert.pdb

Imports

winmm

timeGetTime

user32

GetCapture
ReleaseCapture
GetIconInfo
CopyRect
CharLowerBuffA
SetWindowTextW
SetWindowRgn
CreateDialogParamW
DialogBoxParamW
EnableWindow
EndDialog
SetLayeredWindowAttributes
GetSysColor
SystemParametersInfoW
EnumChildWindows
GetClassNameW
SetCapture
GetMonitorInfoA
RegisterWindowMessageW
DrawFocusRect
GetDC
ReleaseDC
SetDlgItemTextW
IsWindow
GetDlgItem
PostMessageA
SetTimer
KillTimer
PostThreadMessageA
DestroyWindow
DefWindowProcA
GetWindowLongA
SendMessageA
FindWindowW
MonitorFromRect
GetWindowTextW
InflateRect
GetAsyncKeyState
IsWindowUnicode
GetSystemMetrics
IsChild
SetWindowLongW
CreateWindowExA
DrawIconEx
DispatchMessageW
GetMessageA
MsgWaitForMultipleObjects
DispatchMessageA
TranslateMessage
GetLastInputInfo
SendMessageW
PeekMessageA
GetDesktopWindow
ShowWindow
FindWindowExW
PostMessageW
GetWindowRect
GetClientRect
SetForegroundWindow
SetFocus
TrackPopupMenu
GetMenuItemCount
InsertMenuItemW
CreatePopupMenu
DestroyMenu
FindWindowExA
LoadImageW
DestroyIcon
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
GetClassInfoW
RegisterClassW
GetWindowRgn
SetWindowLongA
CallWindowProcA
GetParent
BeginPaint
EndPaint
SetParent
MoveWindow
IsWindowVisible
CreateWindowExW
GetWindowLongW
DefWindowProcW
CallWindowProcW
FillRect
LoadCursorA
SetCursor
GetCursorPos
ClientToScreen
ScreenToClient
OffsetRect
PtInRect
DrawTextW
InvalidateRect
SetWindowPos
wsprintfW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

urlmon

URLDownloadToFileW
ObtainUserAgentString

kernel32

GetExitCodeThread
CreateThread
GetModuleFileNameW
GetModuleHandleW
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentThreadId
TerminateThread
CreateMutexW
GetLastError
ReleaseMutex
CloseHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
CreateFileA
ReadFile
FindClose
InterlockedExchange
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringA
CreateFileW
GetFileSize
VirtualAlloc
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FindFirstFileW
CopyFileW
RemoveDirectoryW
MoveFileExW
FindNextFileW
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
SetLastError
InterlockedIncrement
TlsFree
GetFileType
GetConsoleMode
GetConsoleCP
MoveFileW
HeapReAlloc
HeapAlloc
GetCommandLineA
ResumeThread
ExitThread
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetProcessHeap
HeapFree
GetLocalTime
WriteFile
CreateDirectoryW
SystemTimeToFileTime
SetFilePointer
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
GlobalAlloc
GlobalLock
LoadLibraryA
GlobalUnlock
GetSystemTimeAsFileTime
SizeofResource
SetThreadPriority
GetCurrentThread
GetLongPathNameW
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringW
LockResource
LoadResource
FindResourceW
LocalFree
LocalAlloc
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetVersionExA
DeleteFileW
SetFileAttributesW
GetFileAttributesW
TerminateProcess
MulDiv
lstrcpyW
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetComputerNameW
GlobalFree

gdi32

CreateRectRgn
GetBkMode
GetBkColor
GetPixel
SetPixel
PlgBlt
SelectPalette
RealizePalette
GdiFlush
OffsetRgn
GetObjectA
CombineRgn
SetLayout
GetDeviceCaps
CreateFontIndirectW
GetWindowOrgEx
SetWindowOrgEx
MoveToEx
LineTo
FrameRgn
GetTextColor
GetLayout
SetTextColor
SetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
ExcludeClipRect
Rectangle
BitBlt
DeleteDC
CreateSolidBrush
CreatePen
SelectObject
RoundRect
DeleteObject
SetBkMode
GetStockObject

shell32

SHGetFolderPathW
ShellExecuteW
SHCreateDirectoryExW
Shell_NotifyIconW

ole32

IIDFromString
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoCreateGuid
StringFromGUID2
CoInitialize
CoUninitialize
CLSIDFromString

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString
SysStringLen
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
OleLoadPicture

psapi

GetProcessMemoryInfo

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent
ord17

wininet

InternetCrackUrlW
InternetOpenW
InternetSetOptionW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetCanonicalizeUrlA

crypt32

CryptQueryObject
CertCloseStore
CryptMsgClose
CertFreeCertificateContext
CertGetNameStringW
CertGetNameStringA
CertFindCertificateInStore
CryptMsgGetParam

advapi32

RegDeleteValueW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyW
RegEnumValueW
RegEnumKeyExW
SetSecurityDescriptorSacl
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllOnUpdateFinish
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_62_/$_67_
.exe windows:5 windows x86 arch:x86

99e6114cbd01a2f3bb7611da1b2ecb2a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\RnD\Client\IE\Dev\6.0.3\ToolbarHelper2003\Release\ToolbarHelper.pdb

Imports

kernel32

Sleep
FreeLibrary
GetProcAddress
LoadLibraryA
RtlUnwind
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RaiseException
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
HeapSize
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_63_
.dll regsvr32 windows:5 windows x86 arch:x86

5f83a11830f9697bf47fa51dd15b8062

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.4KillEngine\ConduitProxy\Release\prxtbedrs.pdb

Imports

kernel32

GetVersionExA
DeleteFileW
GetModuleHandleW
GetLongPathNameW
GetSystemTimeAsFileTime
GetFileSize
CreateFileW
ReadFile
CopyFileW
GetCurrentThreadId
OutputDebugStringW
GetComputerNameW
InterlockedDecrement
TlsAlloc
TlsSetValue
TlsGetValue
SetFilePointer
WriteFile
GetTickCount
GetLocalTime
InterlockedIncrement
HeapFree
GetProcessHeap
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
GetFileType
RaiseException
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsFree
SetLastError
LCMapStringW
Sleep
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
LCMapStringA
GetStringTypeA
GetStringTypeW
VirtualAlloc
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
CreateFileA
GetCurrentProcess
FreeLibrary
LoadLibraryW
TerminateProcess
GetLastError
OpenProcess
GetCurrentProcessId
LocalFree
LocalAlloc
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
LoadLibraryA
GetModuleFileNameW

shlwapi

PathFileExistsW
PathFindFileNameW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

user32

IsWindow
SendMessageA
IsWindowVisible
RegisterWindowMessageW
wsprintfW
PostMessageA

advapi32

RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
RegCreateKeyExW
RegCloseKey
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
OpenProcessToken

shell32

SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllDeleteOldName
DllGetClassObject
DllGetInstallFileNameExt
DllIsDowngradeVersion
DllIsDowngradeVersionW
DllOnUninstall
DllOnUninstallEraseAll
DllOnUpdateFinish
DllRegisterEngineEmbeddedUpdate
DllRegisterServer
DllShowToolbarUninstallDialog
DllShowUninstallDialog
DllSingleComponentInstall
DllUnregisterServer

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_71_
.dll windows:5 windows x86 arch:x86

4fc68cdebc48e39282197294cdc1b359

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\RnD\Client\IE\Dev\6.6\ConduitLoader\Release\ldrtbedrs.pdb

Imports

wsock32

gethostbyname

kernel32

GetLongPathNameW
LoadLibraryW
GetModuleHandleW
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
GetCurrentProcessId
OutputDebugStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
GetVersionExA
GetCurrentProcess
GetComputerNameW
LocalAlloc
LocalFree
OpenProcess
GetLastError
TerminateProcess
GetTickCount
GetSystemTimeAsFileTime
CreateFileW
ReadFile
InterlockedDecrement
TlsAlloc
TlsSetValue
TlsGetValue
SetFilePointer
WriteFile
LoadLibraryA
WaitForMultipleObjects
WaitForSingleObject
TerminateThread
GetCurrentThread
SetThreadPriority
CreateEventW
SetEvent
GetLocalTime
InterlockedIncrement
HeapFree
GetProcessHeap
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
GetFileType
RaiseException
RtlUnwind
TlsFree
lstrcpyW
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
LCMapStringA
GetStringTypeA
GetStringTypeW
VirtualAlloc
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
CreateFileA
GetCurrentThreadId
GetModuleFileNameW
GetProcAddress
Sleep
SetLastError

user32

DefWindowProcA
IsWindowUnicode
CallWindowProcW
CallWindowProcA
SetCursor
GetAsyncKeyState
ScreenToClient
SendMessageA
GetSysColor
GetParent
LoadCursorA
RegisterWindowMessageW
GetWindowRect
ReleaseDC
DrawTextW
GetDC
IsWindowVisible
ShowWindow
GetClientRect
RegisterClassW
LoadCursorW
GetClassInfoW
PostMessageA
SetTimer
SetFocus
GetFocus
IsChild
CreateWindowExW
IsWindow
DestroyWindow
InsertMenuW
GetClassNameW
MoveWindow
KillTimer
DefWindowProcW
SetWindowLongW
SendMessageW

gdi32

SetWindowOrgEx
GetWindowOrgEx
DeleteDC
BitBlt
SetLayout
CreateCompatibleBitmap
CreateCompatibleDC
GetLayout
Rectangle
CreateSolidBrush
DeleteObject
SetBkMode
SetTextColor
CreatePen
GetStockObject
SelectObject

ole32

CLSIDFromString
StringFromGUID2
CoTaskMemFree

comctl32

ord17

shlwapi

PathFindFileNameW
PathFileExistsW

advapi32

GetSidSubAuthorityCount
RegCloseKey
RegCreateKeyExW
GetUserNameW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
RegEnumKeyExW
RegEnumValueW

shell32

SHGetFolderPathW
SHCreateDirectoryExW

Exports

Exports

DllCanUnloadNow
DllDeleteOldName
DllGetClassObject
DllGetInstallFileNameExt
DllOnUninstall
DllOnUninstallEraseAll
DllOnUpdateFinish
DllProxyRegisterEngineEmbeddedUpdate
DllProxyRegisterServer
DllProxyUnregisterServer
DllShowToolbarUninstallDialog
DllShowUninstallDialog
DllSingleComponentInstall

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_83_
.dll regsvr32 windows:5 windows x86 arch:x86

bc01c9c9fecf22ab8caa8bede8a64cb5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Conduit\RnD\Client\IE\Dev\6.8\6.8.2\ConduitToolbar\Release\tbedrs.pdb

Imports

comctl32

ord17
CreateToolbarEx
InitCommonControlsEx
CreatePropertySheetPageW
PropertySheetW
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_Create

wininet

InternetSetOptionW
InternetOpenUrlW
InternetReadFile
InternetOpenW
InternetOpenA
GetUrlCacheEntryInfoW
InternetGetConnectedState
InternetQueryOptionA
InternetCrackUrlA
InternetSetCookieW
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetGetCookieW
InternetSetOptionA
InternetCloseHandle
HttpOpenRequestA
InternetSetOptionExA
HttpSendRequestA
HttpQueryInfoA
InternetGetLastResponseInfoA
InternetConnectA
InternetCanonicalizeUrlA

shlwapi

StrCpyW
PathFileExistsW
PathFindFileNameW
SHDeleteKeyA
UrlEscapeW

wsock32

socket
WSACleanup
WSAStartup
closesocket
gethostbyname
WSAGetLastError
setsockopt
WSASetLastError
ioctlsocket
htons
connect
send
recv
select

msimg32

GradientFill

urlmon

ObtainUserAgentString
URLDownloadToFileW

crypt32

CryptMsgClose
CertCloseStore
CryptMsgGetParam
CryptUnprotectData
CryptProtectData
CertFreeCertificateContext
CertGetNameStringW
CertGetNameStringA
CertFindCertificateInStore
CryptQueryObject

winmm

PlaySoundA
sndPlaySoundW
PlaySoundW
timeGetTime

kernel32

ReleaseMutex
Sleep
GetCurrentProcessId
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
InterlockedExchange
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
LCMapStringA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetModuleFileNameA
GetStdHandle
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
ExitProcess
TlsFree
RtlUnwind
RaiseException
GetFileType
GetConsoleMode
GetConsoleCP
MoveFileW
GetDateFormatA
CloseHandle
GetCommandLineA
HeapReAlloc
HeapAlloc
CreateRemoteThread
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitThread
GetProcessHeap
HeapFree
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
TlsGetValue
TlsSetValue
TlsAlloc
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
GetOverlappedResult
WriteFile
SetNamedPipeHandleState
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetThreadPriority
GetCurrentThread
MoveFileExW
FindClose
FindNextFileW
RemoveDirectoryW
FindFirstFileW
GetFileTime
GetSystemTimeAsFileTime
GetComputerNameW
SetFileAttributesW
Process32Next
Process32First
DeleteFileW
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GetExitCodeProcess
LocalAlloc
ReadFile
GlobalLock
GlobalAlloc
GetFileSize
CreateFileW
LoadLibraryA
GlobalFree
GlobalUnlock
SizeofResource
MulDiv
SetLastError
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
LoadLibraryW
FreeLibrary
TerminateThread
lstrlenW
GetModuleHandleA
InterlockedDecrement
OutputDebugStringW
GetVersionExA
GetShortPathNameW
GetUserDefaultLCID
GetLongPathNameW
CreateDirectoryW
WaitForMultipleObjects
CreateEventA
SetEvent
CreateThread
VirtualProtect
FlushInstructionCache
GetCurrentProcess
CreateProcessW
ExpandEnvironmentStringsW
GetLocaleInfoW
GetTempPathW
Beep
GetTimeFormatW
GetDateFormatW
GetLocalTime
SystemTimeToFileTime
FreeResource
LockResource
LoadResource
FindResourceW
GetTimeFormatA
GetFileAttributesW
GetProcAddress
GetModuleHandleW
VirtualAllocEx
CopyFileW
WaitForSingleObject
CreateEventW
LocalFree
lstrcpyA
lstrcpyW
InterlockedIncrement
CreateMutexW
OpenProcess
GetModuleFileNameW
GetTickCount
GetLastError
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
VirtualFreeEx
IsDebuggerPresent
WriteProcessMemory

user32

SendMessageA
SetWindowTextW
SetWindowTextA
MoveWindow
ShowWindow
SetWindowLongW
wsprintfW
SetDlgItemTextW
GetClientRect
GetWindowRect
GetDlgCtrlID
GetWindowLongW
IsWindow
ClientToScreen
InvalidateRect
CallWindowProcA
PostMessageA
DefWindowProcW
DefWindowProcA
CreateWindowExW
SetWindowPos
FindWindowExW
GetMessageA
TranslateMessage
LoadCursorW
GetMessageW
PeekMessageW
IsRectEmpty
RegisterClassExW
GetClassInfoExW
SetClassLongA
CharUpperW
CopyRect
GetDlgItem
GetParent
GetMenuItemInfoA
InflateRect
SetLayeredWindowAttributes
LoadImageW
GetWindowRgn
MessageBeep
GetActiveWindow
IsDialogMessageW
IsDialogMessageA
MessageBoxW
MessageBoxA
DialogBoxParamW
DialogBoxParamA
CreateDialogParamA
CreateDialogParamW
TrackPopupMenuEx
SetDlgItemInt
GetKeyState
SetForegroundWindow
GetDlgItemTextA
SetClassLongW
FrameRect
DrawFrameControl
AllowSetForegroundWindow
DeferWindowPos
DrawEdge
MsgWaitForMultipleObjects
PeekMessageA
PostThreadMessageA
SetParent
GetDlgItemTextW
GetScrollInfo
GetMenuItemRect
GetMenuState
GetMenuItemInfoW
SetMenuItemInfoW
CheckMenuItem
EnableMenuItem
DeleteMenu
TrackPopupMenu
InsertMenuItemA
GetMenuItemCount
CreatePopupMenu
DestroyMenu
GetMenuItemID
SetMenuInfo
GetMenuInfo
IsMenu
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
CharLowerBuffA
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetUpdateRect
GetCapture
ReleaseCapture
SetCapture
SetActiveWindow
EndPaint
BeginPaint
SetRect
OffsetRect
DrawIconEx
GetIconInfo
DestroyIcon
GetSystemMetrics
FillRect
UnregisterClassA
GetForegroundWindow
GetWindowTextLengthW
EnumWindows
EndDialog
GetWindowTextW
GetAsyncKeyState
SendMessageW
SetWindowRgn
RegisterWindowMessageA
GetClassNameW
SetWindowLongA
GetWindowLongA
GetDesktopWindow
IsChild
GetFocus
GetSysColor
CallWindowProcW
IsWindowUnicode
DispatchMessageW
GetWindowThreadProcessId
PostMessageW
SetFocus
PtInRect
ScreenToClient
GetCursorPos
IsWindowVisible
SetRectEmpty
SetCursor
ReleaseDC
DrawTextW
GetDC
KillTimer
SetTimer
FindWindowW
UnregisterClassW
RegisterClassW
LoadCursorA
GetClassInfoW
DestroyWindow
DispatchMessageA
SystemParametersInfoW
DrawFocusRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClassNameA
EnumChildWindows
SendMessageTimeoutA
SendInput
IsIconic
GetLastInputInfo
RegisterWindowMessageW
MonitorFromRect
GetMonitorInfoA

gdi32

StretchBlt
SetStretchBltMode
GetStretchBltMode
GetObjectW
FrameRgn
OffsetRgn
SetRectRgn
ExcludeClipRect
TextOutW
SetTextAlign
GetPixel
CombineRgn
BitBlt
CreateCompatibleBitmap
Polygon
GdiFlush
SetPixel
GetObjectA
GetTextAlign
GetLayout
GetTextExtentPoint32W
Rectangle
DeleteDC
CreateCompatibleDC
SetBkColor
CreateSolidBrush
CreateFontIndirectW
CreateRectRgn
DeleteObject
LineTo
MoveToEx
SelectObject
CreatePen
SetWindowOrgEx
GetWindowOrgEx
SetTextColor
SetBkMode
GetStockObject
RoundRect
GetDeviceCaps
PtInRegion
GetTextColor
GetDIBits
CreateDCW
GetBkColor
GetBkMode
PlgBlt
RealizePalette
SelectPalette
SetLayout

comdlg32

GetOpenFileNameW

advapi32

OpenProcessToken
RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExA
RegDeleteKeyA
RegSetValueA
RegSetValueW
DeleteAce
LookupAccountSidW
GetAce
GetNamedSecurityInfoW
SetEntriesInAclA
SetNamedSecurityInfoW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
DuplicateTokenEx
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExW

shell32

ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW

ole32

CoTaskMemFree
IIDFromString
CoCreateGuid
CoUninitialize
CoGetMalloc
CoInitializeEx
CreateStreamOnHGlobal
CoCreateInstance
StringFromIID
CoInitialize
StringFromGUID2
CLSIDFromString

oleaut32

SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocString
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
CreateDispTypeInfo
VariantCopy
OleLoadPicture
VariantClear
VariantChangeType
SysAllocStringByteLen
SysStringLen
VarBstrCmp
SysAllocStringLen
SysStringByteLen
VariantInit

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses
GetProcessMemoryInfo
GetModuleFileNameExW
GetProcessImageFileNameW

dnsapi

DnsQuery_A

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Exports

Exports

DLLOnUninstallEraseAll
DllBrowserSearchProtectorRevert
DllCanUnloadNow
DllCleanEnableExtensionDoing
DllConnectToIE
DllDeleteOldName
DllEnableExtension
DllExpireSocialCookies
DllGetClassObject
DllGetInstallFileNameExt
DllGetInstallFileNameExtW
DllHomePageProtectorRevert
DllModifySearchEngine
DllOnUninstall
DllOnUpdateFinish
DllProxyRegisterEngineEmbeddedUpdate
DllProxyRegisterServer
DllProxyUnregisterServer
DllRegisterEngineEmbeddedUpdate
DllRegisterServer
DllRunIEMediumIntegrity
DllRunNonSilentInstall
DllSendAutoUpdateRevertLog
DllSendInstallationUsage
DllShowUninstallDialog
DllSingleComponentInstall
DllUpdate
DllVerifyEnableExtension
DllWriteSocialCookies

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 711KB - Virtual size: 710KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_84_
.exe windows:5 windows x86 arch:x86

99e6114cbd01a2f3bb7611da1b2ecb2a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\RnD\Client\IE\Dev\6.0.3\ToolbarHelper2003\Release\ToolbarHelper.pdb

Imports

kernel32

Sleep
FreeLibrary
GetProcAddress
LoadLibraryA
RtlUnwind
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RaiseException
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
HeapSize
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GottenAppsContextMenu.xml
OtherAppsContextMenu.xml
SharedAppsContextMenu.xml
ToolbarContextMenu.xml
toolbar.cfg
uninstall.exe
.exe windows:5 windows x86 arch:x86

f7815c4e48e19725e1dad1de86546d65

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Conduit\RnD\Client\IE\Dev\6.5-ConduitHelper\Setup\NSIS-SetupSource\uninstall.pdb

Imports

kernel32

LeaveCriticalSection
MultiByteToWideChar
EnterCriticalSection
GetModuleHandleA
DeleteCriticalSection
GetFileSize
FindFirstFileW
GetSystemTimeAsFileTime
WideCharToMultiByte
CreateFileW
GetLastError
FindClose
CloseHandle
GetShortPathNameW
GetProcAddress
GetLongPathNameW
GetModuleFileNameW
LoadLibraryW
WaitForSingleObject
CreateProcessW
FreeLibrary
ReadFile
GetCurrentProcess
CreateFileA
SetStdHandle
SetFilePointer
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
Sleep
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RaiseException
HeapCreate
VirtualFree
VirtualAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:ddCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 3.1MB

.rsrc Size: 3KB - Virtual size: 3KB

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 899B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 574B

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 48B

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 590B

bc01c9c9fecf22ab8caa8bede8a64cb5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:ddCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 3.1MB

.rsrc
Size: 3KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 899B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 574B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 711KB - Virtual size: 710KB

.data
Size: 35KB - Virtual size: 53KB

SHARED
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 472KB - Virtual size: 471KB

.reloc
Size: 225KB - Virtual size: 224KB

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 410KB - Virtual size: 409KB

.rdata
Size: 122KB - Virtual size: 121KB

.data
Size: 10KB - Virtual size: 20KB

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 41KB - Virtual size: 41KB