80510faa1fb3eb8e172ec220d6e44bc1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

80510faa1fb3eb8e172ec220d6e44bc1_JaffaCakes118
Size

1.5MB
MD5

80510faa1fb3eb8e172ec220d6e44bc1
SHA1

0a93aefafae337c4a02afeac80f54c39ff2303ae
SHA256

e942816e2aef907540afe4de7ca68193fdefec0e735546986cb161d3920271a9
SHA512

30f9ecd198373d17410a3fbc7cc8f769239b2be3593c6eb79371ad6d7908215cad569c8d0200661a3eff255cb6f2d38e22f490fc581403b689c9e9b5a2bd220a
SSDEEP

24576:8rTrmForsAw54L0dLnSK9tIiih6kCTFxEZaPo6HFNpMLHN+uKhgiqJDhalxMr3H6:OQorjcxVH5xESBMLtlRbVwxMrXaz

Score

1^/10

Malware Config

Signatures

Files

80510faa1fb3eb8e172ec220d6e44bc1_JaffaCakes118
.cab
McVulAP.dll
.dll regsvr32 windows:6 windows x64 arch:x64

cc204c8cf10077ea71ac0aeb0a088e05

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-03-2014 00:00

Not After

04-03-2017 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:28:b0:ea:c2:f4:63:48:6d:7f:ce:87:2c:84:bc:8e:ea:74:d3:de
Signer

Actual PE Digest

2e:28:b0:ea:c2:f4:63:48:6d:7f:ce:87:2c:84:bc:8e:ea:74:d3:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\BuildEngineSpace\Temp\9890f3d4-aa17-43ab-aee6-8d851825576e\build\x64\Release\McVulAP.pdb

Imports

wintrust

WinVerifyTrust

kernel32

FindResourceW
GetThreadLocale
SetThreadLocale
FindResourceExW
LockResource
SystemTimeToTzSpecificLocalTime
GetDateFormatW
CreateFileW
WriteFile
OutputDebugStringW
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
SetLastError
Sleep
SwitchToThread
lstrcmpiW
SystemTimeToFileTime
OpenProcess
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetModuleInformation
GetVersionExW
LoadLibraryW
GetEnvironmentVariableW
FlushFileBuffers
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
RaiseException
LCMapStringW
WriteConsoleW
DecodePointer
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
IsBadReadPtr
IsDebuggerPresent
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
IsProcessorFeaturePresent
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW

user32

LoadImageW
LoadIconW
LoadBitmapW
LoadStringW
CharNextW

advapi32

RegEnumValueW
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey

shell32

SHGetFolderPathW

ole32

CoGetClassObject
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoTaskMemFree

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
SysFreeString

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertGetSubjectCertificateFromStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptDecodeObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McVulAdmAgnt.exe
.exe windows:6 windows x64 arch:x64

e8b5da4ee4488b048b9693209f0c7b39

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-03-2014 00:00

Not After

04-03-2017 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f5:7c:5e:77:de:c3:46:48:86:ab:e1:a9:d0:d2:a4:cf:5c:e0:dc:fe
Signer

Actual PE Digest

f5:7c:5e:77:de:c3:46:48:86:ab:e1:a9:d0:d2:a4:cf:5c:e0:dc:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\BuildEngineSpace\Temp\9890f3d4-aa17-43ab-aee6-8d851825576e\build\x64\Release\McVulAdmAgnt.pdb

Imports

wintrust

WinVerifyTrust

kernel32

HeapFree
HeapSize
GetProcessHeap
SwitchToThread
CreateProcessW
InitializeCriticalSectionAndSpinCount
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesW
SetFilePointer
WriteFile
OutputDebugStringW
ReleaseMutex
CreateMutexW
GetLocalTime
FindResourceExW
LockResource
IsBadReadPtr
SystemTimeToFileTime
OpenProcess
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetModuleInformation
GetVersionExW
LoadLibraryW
WideCharToMultiByte
FormatMessageW
WritePrivateProfileStringW
WritePrivateProfileStructW
GetCurrentDirectoryW
CreateDirectoryW
HeapReAlloc
SetEndOfFile
ReadConsoleW
ReadFile
FlushFileBuffers
SetStdHandle
SetFilePointerEx
GetConsoleMode
HeapAlloc
HeapDestroy
MultiByteToWideChar
FindResourceW
lstrcmpiW
FormatMessageA
LocalFree
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
FreeLibrary
VirtualQuery
GetTickCount
GetCurrentThreadId
CreateThread
GetCurrentProcessId
Sleep
CreateEventW
WaitForSingleObject
SetEvent
GetLocaleInfoW
LCMapStringW
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStdHandle
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetLastError
GetLastError
RaiseException
CloseHandle
DecodePointer
GetCommandLineW
WriteConsoleW
IsDebuggerPresent
GetStringTypeW
EncodePointer
IsProcessorFeaturePresent
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemInfo
VirtualAlloc
VirtualProtect
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsValidLocale

user32

CharUpperW
CharNextW
GetMessageW
PostThreadMessageW
TranslateMessage
DispatchMessageW

advapi32

RegisterTraceGuidsW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
TraceEvent
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegSetValueExA
RegQueryValueExA
RegQueryValueExW
RegCloseKey

shell32

SHGetFolderPathW

ole32

CoAddRefServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoReleaseServerProcess

oleaut32

LoadRegTypeLi
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString

shlwapi

SHDeleteKeyW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertGetSubjectCertificateFromStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptDecodeObject

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 361KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McVulAlert.exe
.exe windows:6 windows x64 arch:x64

50ec65b9bdfed9d1aeeb5655d22b32f8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-03-2014 00:00

Not After

04-03-2017 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:6f:b1:1f:48:57:c8:a0:f8:27:b1:99:b1:95:9a:98:18:ae:ef:33
Signer

Actual PE Digest

17:6f:b1:1f:48:57:c8:a0:f8:27:b1:99:b1:95:9a:98:18:ae:ef:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\BuildEngineSpace\Temp\9890f3d4-aa17-43ab-aee6-8d851825576e\build\x64\Release\McVulAlert.pdb

Imports

wintrust

WinVerifyTrust

kernel32

CreateThread
GetCurrentThreadId
LoadLibraryW
SwitchToThread
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesW
SetFilePointer
WriteFile
OutputDebugStringW
ReleaseMutex
CreateMutexW
GetLocalTime
InitializeCriticalSectionAndSpinCount
SetLastError
VirtualQuery
WideCharToMultiByte
FormatMessageW
WritePrivateProfileStringW
WritePrivateProfileStructW
GetCurrentDirectoryW
CreateDirectoryW
GetVersionExW
IsBadReadPtr
SystemTimeToFileTime
OpenProcess
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetModuleInformation
LCMapStringW
Sleep
CreateEventW
WaitForSingleObject
SetEvent
CloseHandle
GetCommandLineW
MultiByteToWideChar
FindResourceW
lstrlenW
lstrcmpiW
SizeofResource
LockResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
FindResourceExW
ProcessIdToSessionId
CreateProcessW
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
WriteConsoleW
SetEndOfFile
GetStringTypeW
ReadConsoleW
ReadFile
FlushFileBuffers
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
GetStdHandle
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
IsDebuggerPresent
EncodePointer
IsProcessorFeaturePresent
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
GetModuleHandleExW

user32

DispatchMessageW
CharNextW
GetMessageW
TranslateMessage
CharUpperW
PostThreadMessageW

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
TraceEvent
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
RegSetValueExA
RegQueryValueExA
GetTraceEnableFlags
GetTraceEnableLevel
RegCloseKey

shell32

SHGetFolderPathW

ole32

StringFromGUID2
CoCreateInstance
CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeEx

oleaut32

SysAllocString
SysFreeString
SysStringLen
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantCopy
VariantClear
SafeArrayGetVartype
SafeArrayCopy
SafeArrayUnlock
SafeArrayLock

shlwapi

SHDeleteKeyW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertGetSubjectCertificateFromStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptDecodeObject

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McVulCon.exe
.exe windows:6 windows x64 arch:x64

8883d7cb88f3aa1eb668bbb3f39cf1b5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-03-2014 00:00

Not After

04-03-2017 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:a9:39:c4:d9:01:a5:25:b1:e7:d4:0a:21:f9:cd:03:5e:81:f7:6b
Signer

Actual PE Digest

45:a9:39:c4:d9:01:a5:25:b1:e7:d4:0a:21:f9:cd:03:5e:81:f7:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\BuildEngineSpace\Temp\9890f3d4-aa17-43ab-aee6-8d851825576e\build\x64\Release\McVulCon.pdb

Imports

wintrust

WinVerifyTrust

kernel32

FindResourceExW
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
FindResourceW
InitializeCriticalSectionAndSpinCount
SetLastError
EnterCriticalSection
LeaveCriticalSection
VirtualQuery
LocalFree
DeleteFileW
FormatMessageW
WritePrivateProfileStringW
WritePrivateProfileStructW
GetCurrentDirectoryW
CreateDirectoryW
FreeLibrary
LoadLibraryExW
IsBadReadPtr
SystemTimeToFileTime
OpenProcess
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetModuleInformation
GetLocalTime
ReadFile
FlushFileBuffers
GetCurrentThreadId
GetCurrentProcessId
CreateMutexW
WaitForSingleObject
ReleaseMutex
CloseHandle
OutputDebugStringW
WriteFile
SetFilePointer
GetFileAttributesW
FindFirstFileW
FindClose
CreateFileW
SwitchToThread
Sleep
DecodePointer
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetModuleHandleW
SetStdHandle
GetConsoleCP
WriteConsoleW
SetEndOfFile
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
LCMapStringW
SetFilePointerEx
GetACP
GetLocaleInfoA
GetThreadLocale
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
GetVersionExW
RaiseException
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
ReadConsoleW
LoadLibraryW
IsDebuggerPresent
EncodePointer
GetSystemInfo
VirtualAlloc
VirtualProtect
GetSystemTimeAsFileTime
GetCommandLineW
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
GetStdHandle
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsValidCodePage
GetOEMCP
GetCPInfo
GetConsoleMode

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
TraceEvent
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegEnumKeyExW
ConvertStringSidToSidW
RegSetValueExA
RegSetValueExW
RegOpenKeyExA

shell32

SHGetFolderPathW

ole32

CoGetClassObject
OleRun
CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SysStringByteLen
SysAllocStringByteLen
VariantClear
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreate
VariantInit
SysAllocString
SysFreeString

shlwapi

SHDeleteKeyW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertGetSubjectCertificateFromStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptDecodeObject

Sections

.text
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McVulCtr.exe
.exe windows:6 windows x64 arch:x64

9f97e7565e753873499da2b5b4e36f69

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-03-2014 00:00

Not After

04-03-2017 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:40:3f:ed:58:70:21:b7:ee:84:62:5a:99:a3:57:ca:7b:43:c0:70
Signer

Actual PE Digest

2e:40:3f:ed:58:70:21:b7:ee:84:62:5a:99:a3:57:ca:7b:43:c0:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\BuildEngineSpace\Temp\9890f3d4-aa17-43ab-aee6-8d851825576e\build\x64\Release\McVulCtr.pdb

Imports

wintrust

WinVerifyTrust

kernel32

IsBadReadPtr
WTSGetActiveConsoleSessionId
GetSystemInfo
IsBadWritePtr
GetSystemDefaultLCID
CreateProcessW
IsBadStringPtrW
IsBadCodePtr
ResetEvent
WaitForMultipleObjects
CreateFileW
GetFileAttributesW
GetFileSize
SetFilePointer
WriteFile
OutputDebugStringW
ReleaseMutex
CreateMutexW
GetCurrentProcessId
GetLocalTime
GetEnvironmentVariableW
DeleteFileW
SystemTimeToFileTime
OpenProcess
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetModuleInformation
VerSetConditionMask
VerifyVersionInfoW
FormatMessageW
WritePrivateProfileStringW
WritePrivateProfileStructW
GetCurrentDirectoryW
SetFileAttributesW
IsDebuggerPresent
GetModuleHandleA
VirtualQuery
GetCurrentThreadId
CreateThread
Sleep
CreateEventW
WaitForSingleObject
SetEvent
SetLastError
GetCommandLineW
lstrcmpiW
LoadLibraryExW
CloseHandle
GetTickCount
GetModuleFileNameW
LoadLibraryW
lstrlenW
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetShortPathNameW
GetThreadLocale
GetLocaleInfoA
GetACP
LocalAlloc
GetProcAddress
GetModuleHandleW
GetVersionExW
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetEnvironmentVariableA
WriteConsoleW
SetEndOfFile
ReadConsoleW
ReadFile
FlushFileBuffers
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetCurrentThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetExitCodeProcess
ResumeThread
OpenThread
GetExitCodeThread
CreateSemaphoreW
ReleaseSemaphore
TerminateThread
IsBadStringPtrA
lstrlenA
EncodePointer
GetStringTypeW
GlobalFree
GlobalAlloc
GetSystemDirectoryW
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
FindNextFileW
FindFirstFileW
FindClose
CreateDirectoryW
SwitchToThread
FormatMessageA
WideCharToMultiByte
LocalFree
GetCPInfo
RtlCaptureContext
QueryPerformanceCounter
GetFileType
GetOEMCP
IsValidCodePage
GetStdHandle
GetModuleHandleExW
ExitProcess
ExitThread
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind

user32

GetMessageW
LoadImageW
LoadIconW
LoadBitmapW
LoadStringW
wsprintfW
KillTimer
SetTimer
CharUpperW
PostThreadMessageW
DispatchMessageW
TranslateMessage
CharNextW

advapi32

GetTraceLoggerHandle
DuplicateToken
CheckTokenMembership
ConvertStringSidToSidW
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW
TraceEvent
InitiateSystemShutdownW
RegSetValueExA
RegEnumKeyExA
RegCreateKeyExA
LookupPrivilegeValueW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCloseKey
CopySid
GetLengthSid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
LookupAccountSidW
CreateProcessAsUserW
RevertToSelf
ImpersonateLoggedOnUser
OpenThreadToken

ole32

CoTaskMemAlloc
CreateBindCtx
StringFromGUID2
CoCreateInstance
CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoRevokeClassObject
CoTaskMemRealloc
CoAddRefServerProcess
CoReleaseServerProcess
CoInitializeSecurity
CoSetProxyBlanket
OleRun
CoGetClassObject
CoTaskMemFree
CoInitializeEx
CoResumeClassObjects
CoRegisterClassObject
CoCreateFreeThreadedMarshaler

shell32

SHGetFolderPathW

oleaut32

SafeArrayRedim
SafeArrayPutElement
VarBstrFromDec
VarBstrFromDate
VarBstrFromCy
VarBstrCmp
DispInvoke
DispGetIDsOfNames
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantCopy
VariantCopyInd
VariantClear
SafeArrayDestroy
SafeArrayCreate
SysAllocString
LoadRegTypeLi
LoadTypeLi
SysStringLen
VariantInit
SysFreeString
SafeArrayGetVartype
SafeArrayCopy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound

shlwapi

SHDeleteKeyW
PathFileExistsW
PathMatchSpecW

userenv

LoadUserProfileW
UnloadUserProfile
CreateEnvironmentBlock
DestroyEnvironmentBlock

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

urlmon

MkParseDisplayNameEx

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

winhttp

WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetOption
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryDataAvailable
WinHttpReadData

crypt32

CryptDecodeObject
CryptMsgGetParam
CertCloseStore
CertGetSubjectCertificateFromStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptMsgClose

Sections

.text
Size: 735KB - Virtual size: 734KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McVulDBU.dll
.dll regsvr32 windows:6 windows x64 arch:x64

54fc3802945f0baf7d2eeec4f80f26ea

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-03-2014 00:00

Not After

04-03-2017 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

87:4f:b4:33:31:c4:96:53:48:1a:da:a6:27:28:c5:b4:5f:db:89:5a
Signer

Actual PE Digest

87:4f:b4:33:31:c4:96:53:48:1a:da:a6:27:28:c5:b4:5f:db:89:5a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\BuildEngineSpace\Temp\9890f3d4-aa17-43ab-aee6-8d851825576e\build\x64\Release\McVulDBU.pdb

Imports

wintrust

WinVerifyTrust

kernel32

CopyFileW
Sleep
SwitchToThread
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileSize
SetFilePointer
WriteFile
OutputDebugStringW
WaitForSingleObject
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
InitializeCriticalSectionAndSpinCount
SetLastError
VirtualQuery
GetVersionExW
LocalFree
GetLocaleInfoA
GetACP
IsBadReadPtr
SystemTimeToFileTime
OpenProcess
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetModuleInformation
CreateFileA
DeleteFileA
FlushFileBuffers
GetFileAttributesA
GetFullPathNameA
LockFile
LockFileEx
ReadFile
SetEndOfFile
UnlockFile
InitializeCriticalSection
GetSystemTime
GetSystemTimeAsFileTime
GetVersionExA
GetTempPathA
LoadLibraryW
WritePrivateProfileStringW
WritePrivateProfileStructW
GetCurrentDirectoryW
ReadConsoleW
GetTimeZoneInformation
SetStdHandle
RemoveDirectoryW
DeleteFileW
CreateDirectoryW
SetThreadLocale
GetThreadLocale
lstrcmpiW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
RaiseException
DecodePointer
FindResourceW
SizeofResource
LockResource
SetEnvironmentVariableA
LoadResource
FindResourceExW
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
CompareStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetFullPathNameW
PeekNamedPipe
GetFileType
GetFileInformationByHandle
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
IsValidCodePage
GetStdHandle
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetLastError
WaitForMultipleObjects
CreateMutexW
ReleaseMutex
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
CloseHandle
WriteConsoleW
FormatMessageW
IsDebuggerPresent
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
IsProcessorFeaturePresent
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetCommandLineA
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetStringTypeW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess

user32

CharNextW

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
TraceEvent
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
RegSetValueExA
ConvertStringSidToSidW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
GetTraceEnableFlags
RegCloseKey

shell32

SHGetFolderPathW

ole32

CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

oleaut32

SysStringLen
SysAllocString
VariantInit
SysAllocStringLen
SysFreeString
VariantClear
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreate
LoadRegTypeLi

shlwapi

SHDeleteKeyW
PathRemoveFileSpecW
PathRemoveExtensionW
PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertGetSubjectCertificateFromStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptDecodeObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 403KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McVulIns.dll
.dll windows:6 windows x86 arch:x86

138c65d00e884340d39758462807e16d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-03-2014 00:00

Not After

04-03-2017 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e1:cf:29:b6:e2:97:19:e6:a6:a7:48:01:ae:43:c5:e6:09:36:5a:7c
Signer

Actual PE Digest

e1:cf:29:b6:e2:97:19:e6:a6:a7:48:01:ae:43:c5:e6:09:36:5a:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\BuildEngineSpace\Temp\9890f3d4-aa17-43ab-aee6-8d851825576e\build\Win32\Release\McVulIns.pdb

Imports

kernel32

SetFilePointer
WriteFile
OutputDebugStringW
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
FindResourceExW
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
FindResourceW
InitializeCriticalSectionAndSpinCount
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
FormatMessageW
WritePrivateProfileStringW
WritePrivateProfileStructW
GetCurrentDirectoryW
CreateDirectoryW
LoadLibraryExW
WriteConsoleW
FindFirstFileW
FindClose
CreateFileW
SwitchToThread
Sleep
GetSystemTime
GetDateFormatW
GetModuleHandleW
GetProcAddress
MoveFileExW
DeleteFileW
GetNativeSystemInfo
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
RaiseException
InitializeCriticalSectionEx
HeapReAlloc
HeapDestroy
GetProcessHeap
HeapFree
HeapAlloc
VirtualQuery
SetEndOfFile
ReadConsoleW
ReadFile
FlushFileBuffers
SetStdHandle
LCMapStringW
IsDebuggerPresent
EncodePointer
GetCommandLineA
RtlUnwind
GetSystemInfo
VirtualAlloc
VirtualProtect
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetFilePointerEx

advapi32

RegSetValueExA
RegQueryValueExA
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
TraceEvent
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetFolderPathW

shlwapi

PathFileExistsW
SHDeleteKeyW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DllPostInstall

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McVulODS.dll
.dll regsvr32 windows:6 windows x64 arch:x64

bd7a856857dbc753841fd35b72e1ded8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-03-2014 00:00

Not After

04-03-2017 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:08:cb:f4:eb:99:e4:3f:db:af:b8:0e:d9:7b:bb:67:a6:9b:ef:fc
Signer

Actual PE Digest

6f:08:cb:f4:eb:99:e4:3f:db:af:b8:0e:d9:7b:bb:67:a6:9b:ef:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\BuildEngineSpace\Temp\9890f3d4-aa17-43ab-aee6-8d851825576e\build\x64\Release\McVulODS.pdb

Imports

wintrust

WinVerifyTrust

kernel32

GetLocalTime
FreeLibrary
GetModuleFileNameW
GetProcAddress
lstrlenW
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
WaitForMultipleObjects
GetExitCodeThread
RaiseException
InitializeCriticalSectionEx
GetModuleHandleW
LoadLibraryExW
lstrcmpiW
DecodePointer
EncodePointer
GetThreadLocale
SetThreadLocale
SetEvent
ResetEvent
CreateEventW
Sleep
SwitchToThread
GetDateFormatW
GetSystemTime
GetFileSize
InitializeCriticalSectionAndSpinCount
SetLastError
VirtualQuery
GetVersionExW
LocalFree
GetLocaleInfoA
GetACP
FormatMessageW
WritePrivateProfileStringW
WritePrivateProfileStructW
IsBadReadPtr
SystemTimeToFileTime
OpenProcess
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetModuleInformation
ExitThread
CreateThread
GetNativeSystemInfo
GetCurrentThreadId
ReadFile
GetLongPathNameW
GetFullPathNameA
WriteConsoleW
SetEnvironmentVariableW
GetCurrentProcessId
CreateMutexW
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
CloseHandle
OutputDebugStringW
WriteFile
SetFilePointer
GetShortPathNameW
GetFileAttributesW
FindNextFileW
CreateFileA
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
SetEndOfFile
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetTempPathA
GetTimeZoneInformation
GetVersionExA
UnlockFile
LockFileEx
LockFile
GetFileAttributesA
DeleteFileA
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
GetCPInfo
GetOEMCP
IsValidCodePage
GetStdHandle
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
ReadConsoleW
FlushFileBuffers
SetStdHandle
LCMapStringW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetEnvironmentVariableA
GetBinaryTypeW
IsDebuggerPresent
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
IsProcessorFeaturePresent
GetSystemInfo
VirtualAlloc
VirtualProtect
GetCommandLineA
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleHandleExW
AreFileApisANSI
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
CompareStringW

user32

CharNextW

advapi32

RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
TraceEvent
RegisterTraceGuidsW
RegSetValueExA
ConvertStringSidToSidW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegCloseKey

shell32

SHGetFolderPathW

ole32

OleRun
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2

oleaut32

VarBstrCat
SysAllocStringLen
SafeArrayPutElement
VariantCopyInd
VariantClear
SafeArrayGetVartype
SafeArrayCopy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayRedim
SafeArrayDestroy
SafeArrayCreate
SysAllocStringByteLen
SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
VariantInit

shlwapi

SHDeleteKeyW
PathMatchSpecW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertGetSubjectCertificateFromStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptDecodeObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 587KB - Virtual size: 587KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McVulRes.dll
.dll windows:6 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-03-2014 00:00

Not After

04-03-2017 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

84:09:67:40:81:57:a5:8b:0f:95:f2:6b:90:49:c0:ba:a4:54:e9:7d
Signer

Actual PE Digest

84:09:67:40:81:57:a5:8b:0f:95:f2:6b:90:49:c0:ba:a4:54:e9:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\BuildEngineSpace\Temp\9890f3d4-aa17-43ab-aee6-8d851825576e\build\x64\Release\McVulRes.pdb

Sections

.rdata
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 601KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
McVulSI.dll
.dll regsvr32 windows:6 windows x64 arch:x64

f93ae850b0e510024db1c649847a4278

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-03-2014 00:00

Not After

04-03-2017 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:16:db:37:2a:54:24:a5:14:b4:b5:93:db:d6:f3:4b:94:94:90:f5
Signer

Actual PE Digest

71:16:db:37:2a:54:24:a5:14:b4:b5:93:db:d6:f3:4b:94:94:90:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\BuildEngineSpace\Temp\9890f3d4-aa17-43ab-aee6-8d851825576e\build\x64\Release\McVulSI.pdb

Imports

kernel32

lstrlenW
EncodePointer
GetThreadLocale
SetThreadLocale
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesW
SetFilePointer
WriteFile
OutputDebugStringW
ReleaseMutex
CreateMutexW
GetCurrentThreadId
GetLocalTime
InitializeCriticalSectionAndSpinCount
SetLastError
VirtualQuery
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventW
VerSetConditionMask
GetCurrentProcess
VerifyVersionInfoW
FormatMessageW
WritePrivateProfileStringW
WritePrivateProfileStructW
GetCurrentDirectoryW
CreateDirectoryW
SetThreadPriority
GetThreadPriority
SuspendThread
ResumeThread
GetEnvironmentVariableW
LoadLibraryW
lstrcmpiW
IsDebuggerPresent
WriteConsoleW
SetEndOfFile
ReadConsoleW
ReadFile
FlushFileBuffers
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
LoadLibraryExW
GetModuleFileNameW
GetTickCount
CreateProcessW
InitializeCriticalSectionEx
RaiseException
DecodePointer
GetProcAddress
GetModuleHandleW
CreateThread
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
WTSGetActiveConsoleSessionId
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
ProcessIdToSessionId
SwitchToThread
GetCurrentProcessId
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
IsProcessorFeaturePresent
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess

user32

SetWindowRgn
MessageBoxW
GetDoubleClickTime
CreateWindowExW
CharNextW
DefWindowProcW
RegisterClassW
UnregisterClassW
DestroyWindow
LoadIconW
DestroyIcon
PostThreadMessageW
LoadImageW
LoadBitmapW
LoadStringW
ShowWindow

advapi32

TraceEvent
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegisterTraceGuidsW
UnregisterTraceGuids
RegSetValueExA
RegNotifyChangeKeyValue
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegCloseKey

ole32

CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree
CoCreateInstance

shell32

SHGetFolderPathW

oleaut32

UnRegisterTypeLi
SysFreeString
SysAllocString
SysStringLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi

shlwapi

SHDeleteKeyW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McVulShm.dll
.dll regsvr32 windows:6 windows x64 arch:x64

82907b6307ff77cba8a919f1796eca4a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-03-2014 00:00

Not After

04-03-2017 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:ac:f3:f3:b8:93:f7:cc:51:d1:eb:79:62:5e:49:e5:ae:cf:df:c3
Signer

Actual PE Digest

3e:ac:f3:f3:b8:93:f7:cc:51:d1:eb:79:62:5e:49:e5:ae:cf:df:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\BuildEngineSpace\Temp\9890f3d4-aa17-43ab-aee6-8d851825576e\build\x64\Release\McVulShm.pdb

Imports

wintrust

WinVerifyTrust

kernel32

ProcessIdToSessionId
WaitForMultipleObjects
Sleep
SwitchToThread
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesW
SetFilePointer
WriteFile
OutputDebugStringW
ReleaseMutex
CreateMutexW
GetCurrentThreadId
GetLocalTime
InitializeCriticalSectionAndSpinCount
SetLastError
VirtualQuery
IsBadReadPtr
SystemTimeToFileTime
OpenProcess
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetModuleInformation
GetVersionExW
LoadLibraryW
WideCharToMultiByte
FormatMessageW
WritePrivateProfileStringW
WritePrivateProfileStructW
GetCurrentDirectoryW
CreateDirectoryW
IsDebuggerPresent
GetCurrentProcessId
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSection
SetThreadLocale
GetThreadLocale
EncodePointer
DecodePointer
MultiByteToWideChar
FindResourceW
lstrcmpiW
SizeofResource
LockResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
FindResourceExW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
WriteConsoleW
SetEndOfFile
ReadConsoleW
ReadFile
FlushFileBuffers
SetStdHandle
SetFilePointerEx
LCMapStringW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStdHandle
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
GetExitCodeThread
WaitForSingleObject
GetLastError
CloseHandle
GetConsoleCP
CreateThread
ExitThread
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
IsProcessorFeaturePresent
GetCommandLineA
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
GetModuleHandleExW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
GetConsoleMode

user32

CharNextW

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
TraceEvent
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
GetTraceEnableFlags
GetTraceEnableLevel

ole32

CoGetClassObject
CoInitializeEx
CoUninitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

shell32

SHGetFolderPathW

oleaut32

SysAllocString
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate
UnRegisterTypeLi
RegisterTypeLi
VariantCopyInd
VariantInit
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantCopy
VariantClear
SafeArrayGetVartype
SafeArrayCopy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayRedim
SafeArrayDestroy

shlwapi

SHDeleteKeyW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

crypt32

CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertGetSubjectCertificateFromStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McVulUsrAgnt.exe
.exe windows:6 windows x64 arch:x64

daf652fc0c0947d16450700c569c4e63

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-03-2014 00:00

Not After

04-03-2017 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ee:9e:4b:dc:48:f6:cd:cb:ce:1f:0a:59:f5:60:58:bb:ad:fd:8e:3a
Signer

Actual PE Digest

ee:9e:4b:dc:48:f6:cd:cb:ce:1f:0a:59:f5:60:58:bb:ad:fd:8e:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\BuildEngineSpace\Temp\9890f3d4-aa17-43ab-aee6-8d851825576e\build\x64\Release\McVulUsrAgnt.pdb

Imports

urlmon

MkParseDisplayNameEx

wintrust

WinVerifyTrust

kernel32

SetLastError
GetCurrentProcessId
CreateProcessW
GetTickCount
GetModuleHandleA
LocalFree
FormatMessageA
InitializeCriticalSectionAndSpinCount
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesW
SetFilePointer
WriteFile
OutputDebugStringW
ReleaseMutex
CreateMutexW
GetLocalTime
FindResourceExW
LockResource
IsBadReadPtr
SystemTimeToFileTime
OpenProcess
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetModuleInformation
GetVersionExW
LoadLibraryW
WideCharToMultiByte
FormatMessageW
WritePrivateProfileStringW
WritePrivateProfileStructW
GetCurrentDirectoryW
CreateDirectoryW
VirtualQuery
ReadConsoleW
ReadFile
FlushFileBuffers
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SwitchToThread
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
MultiByteToWideChar
FindResourceW
lstrcmpiW
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetCurrentThreadId
CreateThread
Sleep
CreateEventW
WaitForSingleObject
SetEvent
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
GetStdHandle
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
CloseHandle
DecodePointer
GetCommandLineW
SetEndOfFile
WriteConsoleW
IsDebuggerPresent
GetStringTypeW
EncodePointer
IsProcessorFeaturePresent
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemInfo
VirtualAlloc
VirtualProtect
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringW

user32

CharUpperW
CharNextW
GetMessageW
PostThreadMessageW
TranslateMessage
DispatchMessageW

advapi32

RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
TraceEvent
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegSetValueExA
RegQueryValueExA
RegQueryValueExW
RegCloseKey

shell32

SHGetFolderPathW

ole32

CoAddRefServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoUninitialize
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CreateBindCtx
CoReleaseServerProcess

oleaut32

LoadRegTypeLi
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString

shlwapi

SHDeleteKeyW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertGetSubjectCertificateFromStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptDecodeObject

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 361KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McVulVer.dll
.dll regsvr32 windows:6 windows x64 arch:x64

a61bc9b7e71b06f56f06d417743d8ef5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-03-2014 00:00

Not After

04-03-2017 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:56:ed:32:4a:90:35:16:ae:cd:0c:d9:29:6e:c6:fc:47:23:ec:8c
Signer

Actual PE Digest

25:56:ed:32:4a:90:35:16:ae:cd:0c:d9:29:6e:c6:fc:47:23:ec:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\BuildEngineSpace\Temp\9890f3d4-aa17-43ab-aee6-8d851825576e\build\x64\Release\McVulVer.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wintrust

WinVerifyTrust

kernel32

EncodePointer
EnterCriticalSection
LeaveCriticalSection
GetThreadLocale
SetThreadLocale
WideCharToMultiByte
CreateFileA
DeleteFileA
WriteFile
CloseHandle
FindResourceA
GetTempPathA
GetTempFileNameA
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
GetSystemDirectoryA
LocalAlloc
LocalFree
GetPrivateProfileSectionA
SetLastError
Sleep
SwitchToThread
IsBadReadPtr
SystemTimeToFileTime
GetCurrentProcessId
DecodePointer
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetModuleInformation
GetVersionExW
LoadLibraryW
LCMapStringW
MultiByteToWideChar
FindResourceW
lstrcmpiW
SizeofResource
LockResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
FindResourceExW
DeleteCriticalSection
VerifyVersionInfoW
InitializeCriticalSectionEx
GetProcessHeap
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
CreateFileW
VerSetConditionMask
OpenProcess
IsDebuggerPresent
OutputDebugStringW
IsProcessorFeaturePresent
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetCommandLineA
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW

user32

CharNextW

advapi32

QueryServiceConfigA
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
CloseServiceHandle
OpenSCManagerA
OpenServiceA
RegQueryValueExW
RegCloseKey

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysStringLen
SysAllocString
SysFreeString
VarUI4FromStr

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertGetSubjectCertificateFromStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptDecodeObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
McWinUpd.dll
.dll regsvr32 windows:6 windows x64 arch:x64

46d59504afa95b6cc86ebc8e6cbefa34

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-03-2014 00:00

Not After

04-03-2017 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bd:08:81:f2:2d:95:55:5f:54:a8:74:72:49:90:d2:1d:26:e9:4e:2b
Signer

Actual PE Digest

bd:08:81:f2:2d:95:55:5f:54:a8:74:72:49:90:d2:1d:26:e9:4e:2b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\BuildEngineSpace\Temp\9890f3d4-aa17-43ab-aee6-8d851825576e\build\x64\Release\McWinUpd.pdb

Imports

wintrust

WinVerifyTrust

kernel32

SwitchToThread
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesW
SetFilePointer
WriteFile
OutputDebugStringW
ReleaseMutex
CreateMutexW
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
InitializeCriticalSectionAndSpinCount
SetLastError
VirtualQuery
GetVersionExW
LocalFree
WideCharToMultiByte
GetLocaleInfoA
GetACP
IsBadReadPtr
SystemTimeToFileTime
OpenProcess
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetModuleInformation
LoadLibraryW
FormatMessageW
WritePrivateProfileStringW
WritePrivateProfileStructW
GetCurrentDirectoryW
CreateDirectoryW
SetStdHandle
Sleep
GetConsoleMode
WaitForMultipleObjects
ResetEvent
InitializeCriticalSection
SetThreadLocale
GetThreadLocale
EncodePointer
DecodePointer
CreateEventW
MultiByteToWideChar
FindResourceW
lstrcmpiW
SizeofResource
LockResource
LoadResource
LoadLibraryExW
FreeLibrary
FindResourceExW
RaiseException
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetConsoleCP
ReadFile
WriteConsoleW
SetEndOfFile
ReadConsoleW
LCMapStringW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
GetCPInfo
GetOEMCP
IsValidCodePage
GetStdHandle
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetExitCodeThread
WaitForSingleObject
GetLastError
CloseHandle
FlushFileBuffers
SetFilePointerEx
IsDebuggerPresent
CreateThread
ExitThread
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
IsProcessorFeaturePresent
GetCommandLineA
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
GetModuleHandleExW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter

user32

CharNextW

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
TraceEvent
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
RegSetValueExA
RegCloseKey
ConvertStringSidToSidW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
GetTraceEnableFlags
GetTraceEnableLevel

shell32

SHGetFolderPathW

ole32

StringFromGUID2
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

SafeArrayRedim
SysAllocString
SysFreeString
SysStringLen
SafeArrayPutElement
VariantInit
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantCopyInd
VariantClear
SafeArrayGetVartype
SafeArrayCopy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayCreate
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
LoadTypeLi

shlwapi

SHDeleteKeyW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

crypt32

CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertGetSubjectCertificateFromStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VulJsRes.dll
.dll .js windows:6 windows x64 arch:x64 polyglot

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05-03-2014 00:00

Not After

04-03-2017 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e7:07:f5:b7:f4:8f:85:86:eb:df:11:29:c7:66:43:23:91:1d:5a:cb
Signer

Actual PE Digest

e7:07:f5:b7:f4:8f:85:86:eb:df:11:29:c7:66:43:23:91:1d:5a:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\BuildEngineSpace\Temp\9890f3d4-aa17-43ab-aee6-8d851825576e\build\x64\Release\McVulJsRes.pdb

Sections

.rdata
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vulcore.inf
vuldb.inf

Sharing

General

Malware Config

Signatures

Files

cc204c8cf10077ea71ac0aeb0a088e05

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

2e:28:b0:ea:c2:f4:63:48:6d:7f:ce:87:2c:84:bc:8e:ea:74:d3:deSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wintrust

kernel32

user32

advapi32

shell32

ole32

oleaut32

crypt32

Exports

Exports

Sections

.text Size: 127KB - Virtual size: 126KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 11KB - Virtual size: 22KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 3KB - Virtual size: 2KB

e8b5da4ee4488b048b9693209f0c7b39

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f5:7c:5e:77:de:c3:46:48:86:ab:e1:a9:d0:d2:a4:cf:5c:e0:dc:feSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wintrust

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

crypt32

Sections

.text Size: 232KB - Virtual size: 232KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 12KB - Virtual size: 23KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2e:28:b0:ea:c2:f4:63:48:6d:7f:ce:87:2c:84:bc:8e:ea:74:d3:de
Signer

.text
Size: 127KB - Virtual size: 126KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 11KB - Virtual size: 22KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 3KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f5:7c:5e:77:de:c3:46:48:86:ab:e1:a9:d0:d2:a4:cf:5c:e0:dc:fe
Signer

.text
Size: 232KB - Virtual size: 232KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 12KB - Virtual size: 23KB

.pdata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 361KB - Virtual size: 360KB

.reloc
Size: 3KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

17:6f:b1:1f:48:57:c8:a0:f8:27:b1:99:b1:95:9a:98:18:ae:ef:33
Signer

.text
Size: 178KB - Virtual size: 178KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 10KB - Virtual size: 20KB

.pdata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 361KB - Virtual size: 361KB

.reloc
Size: 3KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

45:a9:39:c4:d9:01:a5:25:b1:e7:d4:0a:21:f9:cd:03:5e:81:f7:6b
Signer