841f1f807b7195869775a652bdd62cc1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

841f1f807b7195869775a652bdd62cc1_JaffaCakes118
Size

3.0MB
MD5

841f1f807b7195869775a652bdd62cc1
SHA1

ce045b4a3261ecb3c8b421f812b5507fd7ef520d
SHA256

4f9dc80ff187808f19a5b365614e34fa707a500b59f52042d12a8540434f03e3
SHA512

0d3d1a335f2023615b9c21858dcb0b5234cfeb838bd2a7557f8f431a9c2e28e727fc9fabb531575b88b33c3abe1c517a92c0a49f9d44fa7f4d1de213af0a1f82
SSDEEP

98304:K5g8QKkN5ZpbkMve6YH4VLnYkwgtT0Vckp:K5gukNRve9ELYkwXt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Proxifier PE/Keymaker-ZWT/keygen.exe

Files

841f1f807b7195869775a652bdd62cc1_JaffaCakes118
.zip
Proxifier PE/Helper64.exe
.exe windows:5 windows x64 arch:x64

097bec7dac3d9aac7ec8bc389c193ee6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:85:d7:00:22:0b:87:12:b8:d6:f9:1a:a5:fa:74:78
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/04/2016, 00:00

Not After

07/04/2019, 23:59

Subject

CN=Initex\, OOO,O=Initex\, OOO,POSTALCODE=197183,STREET=Litera A\,pom. 10H\, 17 Savushkina ul.,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:2a:41:c4:04:98:a2:b2:51:3d:ae:97:ec:93:d6:94
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/03/2016, 00:00

Not After

28/03/2018, 23:59

Subject

CN=Initex\, OOO,O=Initex\, OOO,POSTALCODE=197183,STREET=Litera A\,pom. 10H\, 17 Savushkina ul.,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ea:3a:09:94:df:44:9f:78:d5:8a:8e:82:68:d4:19:95:05:81:77:c9:e2:16:98:f6:ec:73:a2:d9:83:50:1e:21
Signer

Actual PE Digest

ea:3a:09:94:df:44:9f:78:d5:8a:8e:82:68:d4:19:95:05:81:77:c9:e2:16:98:f6:ec:73:a2:d9:83:50:1e:21

Digest Algorithm

sha256

PE Digest Matches

true

99:d1:6d:5b:c6:4a:7b:48:29:bd:f6:40:47:f0:72:90:ae:54:a2:34
Signer

Actual PE Digest

99:d1:6d:5b:c6:4a:7b:48:29:bd:f6:40:47:f0:72:90:ae:54:a2:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\Proxifier\Program\Repo\ProxifierWin\Helper64\x64\Release\Helper64.pdb

Imports

kernel32

GetModuleFileNameW
LoadLibraryW
GetLastError
GetProcAddress
FreeLibrary
OpenProcess
OpenSemaphoreW
CloseHandle
ReleaseSemaphore
WaitForMultipleObjects
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetStringTypeW
SetLastError
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
OutputDebugStringW
HeapAlloc
HeapReAlloc
HeapSize
LCMapStringW
CreateFileW

user32

RegisterWindowMessageW
UnhookWindowsHookEx
wsprintfW
MessageBoxW
PostMessageW

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Proxifier PE/Keymaker-ZWT/file_id.diz
Proxifier PE/Keymaker-ZWT/keygen.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

iwnslssf
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

owein23
Size: 203KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Proxifier PE/Keymaker-ZWT/zwt.nfo
Proxifier PE/Profiles/Default.ppx
.xml
Proxifier PE/Profiles/rutracker.ppx
.xml
Proxifier PE/Proxifier.exe
.exe windows:5 windows x86 arch:x86

d64c25b9df22f52c4d7bb94cf56f2d87

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:85:d7:00:22:0b:87:12:b8:d6:f9:1a:a5:fa:74:78
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/04/2016, 00:00

Not After

07/04/2019, 23:59

Subject

CN=Initex\, OOO,O=Initex\, OOO,POSTALCODE=197183,STREET=Litera A\,pom. 10H\, 17 Savushkina ul.,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:2a:41:c4:04:98:a2:b2:51:3d:ae:97:ec:93:d6:94
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/03/2016, 00:00

Not After

28/03/2018, 23:59

Subject

CN=Initex\, OOO,O=Initex\, OOO,POSTALCODE=197183,STREET=Litera A\,pom. 10H\, 17 Savushkina ul.,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4b:a3:b8:21:43:20:b5:82:47:a9:3c:0b:b5:65:2c:ab:c4:ad:79:e5:06:07:2c:84:7a:8a:5c:91:a7:73:08:5d
Signer

Actual PE Digest

4b:a3:b8:21:43:20:b5:82:47:a9:3c:0b:b5:65:2c:ab:c4:ad:79:e5:06:07:2c:84:7a:8a:5c:91:a7:73:08:5d

Digest Algorithm

sha256

PE Digest Matches

true

8a:68:67:a1:3c:b1:9f:ad:2a:d4:ab:cd:20:52:62:af:a5:52:52:8a
Signer

Actual PE Digest

8a:68:67:a1:3c:b1:9f:ad:2a:d4:ab:cd:20:52:62:af:a5:52:52:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\Proxifier\Program\Repo\ProxifierWin\Proxifier\Portable Release\Proxifier.pdb

Imports

kernel32

GetDriveTypeW
SetEnvironmentVariableA
HeapAlloc
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
VirtualFree
FreeLibraryAndExitThread
GetThreadTimes
WriteConsoleW
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
OutputDebugStringW
SetFilePointerEx
ReadConsoleW
UnregisterWait
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
RaiseException
GetLastError
HeapSize
EnterCriticalSection
DecodePointer
DeleteCriticalSection
GetTickCount
GetCurrentThreadId
CloseHandle
SizeofResource
LockResource
LoadResource
FindResourceW
Sleep
ReadFile
WriteFile
FlushFileBuffers
GetProcAddress
GetModuleHandleW
LocalFree
ResumeThread
CreateFileW
WaitForSingleObject
CreateNamedPipeW
ConnectNamedPipe
InitializeCriticalSection
CreateEventW
GetModuleFileNameW
MultiByteToWideChar
GetVersionExW
GetCurrentProcess
ResetEvent
SetEvent
OpenMutexW
GetExitCodeProcess
GetCurrentProcessId
CreateMutexW
GetFileAttributesW
SuspendThread
OpenProcess
GetPrivateProfileSectionW
CreateDirectoryW
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
ExpandEnvironmentStringsW
SetLastError
GetComputerNameA
GetPrivateProfileStringW
LoadLibraryW
FreeLibrary
CreateSemaphoreW
CreateProcessW
WaitForMultipleObjects
ReleaseSemaphore
SetUnhandledExceptionFilter
GetTempPathW
GetCurrentThread
GetComputerNameW
GetSystemTime
LoadLibraryA
GetSystemDirectoryA
TerminateProcess
FormatMessageW
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
CopyFileW
FreeResource
SetThreadPriority
OutputDebugStringA
EncodePointer
GetSystemDirectoryW
GetModuleHandleA
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
lstrcmpA
CompareStringA
lstrcpyW
FileTimeToLocalFileTime
FindClose
FindFirstFileW
FindNextFileW
FileTimeToSystemTime
GetPrivateProfileIntW
WritePrivateProfileStringW
lstrcmpiW
DeleteFileW
GetFileSize
GetFullPathNameW
GetShortPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
SetFilePointer
UnlockFile
DuplicateHandle
MoveFileW
GetStringTypeExW
GetThreadLocale
GetDiskFreeSpaceW
GetFileTime
GetTempFileNameW
SetFileTime
ReplaceFileW
SystemTimeToFileTime
GetUserDefaultLCID
LocalAlloc
GlobalGetAtomNameW
GetCurrentDirectoryW
GlobalReAlloc
VerSetConditionMask
VerifyVersionInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalHandle
LocalReAlloc
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetProfileIntW
SearchPathW
GetFileAttributesExW
GetFileSizeEx
LocalFileTimeToFileTime
SetErrorMode
GetWindowsDirectoryW
VirtualProtect
FindResourceExW
GetCommandLineW
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
RtlUnwind
CreateThread
ExitThread
ExitProcess
GetModuleHandleExW
GetSystemInfo
VirtualAlloc
VirtualQuery
HeapQueryInformation
SetStdHandle
GetFileType
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetStringTypeW
HeapReAlloc

user32

DrawTextW
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
MonitorFromPoint
SetWindowRgn
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
GetWindowThreadProcessId
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckRadioButton
CheckDlgButton
SetDlgItemTextW
MoveWindow
ShowWindow
SystemParametersInfoW
IsZoomed
PostQuitMessage
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetWindow
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
GetWindowLongW
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
CallWindowProcW
GetMessageTime
GetMessagePos
CallNextHookEx
GetNextDlgGroupItem
GetMenuItemInfoW
UnregisterClassW
DrawTextExW
DefWindowProcW
LoadIconW
LoadCursorW
SetWindowsHookExW
ValidateRect
GetKeyState
GetActiveWindow
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
DestroyMenu
LoadAcceleratorsW
GetClassInfoW
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringW
IsRectEmpty
DrawFrameControl
ReleaseCapture
WindowFromPoint
SetCapture
OffsetRect
GrayStringW
TabbedTextOutW
GetWindowDC
BeginPaint
EndPaint
PostThreadMessageW
WaitMessage
TrackMouseEvent
CharUpperW
GetAsyncKeyState
SetCursor
IntersectRect
NotifyWinEvent
SetParent
ShowOwnedPopups
CountClipboardFormats
IsClipboardFormatAvailable
SetRect
KillTimer
EnableMenuItem
GetSystemMenu
MessageBeep
HideCaret
IsChild
PtInRect
IsWindowVisible
InflateRect
FillRect
GetFocus
SetMenuDefaultItem
AppendMenuW
InSendMessage
BringWindowToTop
GetUpdateRect
LockWindowUpdate
UnionRect
GetSysColorBrush
SetClassLongW
CreatePopupMenu
GetKeyNameTextW
FindWindowW
SendMessageW
IsIconic
GetLastActivePopup
SetForegroundWindow
UpdateWindow
MessageBoxW
SetMenuItemInfoW
InsertMenuItemW
wsprintfW
UnhookWindowsHookEx
RegisterWindowMessageW
EnableWindow
SetRectEmpty
InvalidateRect
ClientToScreen
GetCursorPos
ScreenToClient
GetSysColor
DestroyIcon
GetParent
GetClientRect
LoadMenuW
GetSubMenu
SetTimer
LoadImageW
GetSystemMetrics
GetDC
ReleaseDC
CopyImage
GetIconInfo
UpdateLayeredWindow
CharNextW
EnableScrollBar
CreateIconIndirect
RedrawWindow
GetWindowRect
GetDesktopWindow
DeleteMenu
MapVirtualKeyW
DestroyAcceleratorTable
TranslateAcceleratorW
UnpackDDElParam
ReuseDDElParam
PostMessageW
IsMenu
GetMenuDefaultItem
DrawIconEx
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFocusRect
ModifyMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
SendDlgItemMessageA
SendNotifyMessageW
CopyAcceleratorTableW
RealChildWindowFromPoint
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
EnumChildWindows
GetTabbedTextExtentW
InvertRect
GetWindowRgn
MapVirtualKeyExW
IsCharLowerW
DrawIcon
DestroyCursor
GetDoubleClickTime
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetComboBoxInfo
SubtractRect
CreateMenu
FrameRect
CopyIcon
SetCursorPos
InvalidateRgn
CharUpperBuffW

gdi32

SetPixelV
EnumFontFamiliesExW
GetTextFaceW
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetBkMode
GetROP2
GetSystemPaletteEntries
GetNearestPaletteIndex
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
GetTextAlign
SetPaletteEntries
ExtFloodFill
LPtoDP
GetViewportOrgEx
GetPaletteEntries
CreatePalette
GetWindowOrgEx
GetCharWidthW
OffsetRgn
GetRgnBox
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
SetRectRgn
GetMapMode
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
RoundRect
Polyline
Polygon
CreatePolygonRgn
GetBkColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
StretchBlt
RealizePalette
GetDIBits
CombineRgn
CreateDIBSection
PatBlt
CreateRectRgnIndirect
DPtoLP
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
StartDocW
SetTextAlign
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
CreateRoundRectRgn
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
CreateDCW
CopyMetaFileW
SetPixel
CreatePen
CreateFontIndirectW
GetObjectW
CreateFontW
GetStockObject
GetTextExtentPoint32W
GetTextColor
GetTextMetricsW
Rectangle
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter
GetJobW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
FreeSid
RegCreateKeyExW
RegSetValueExW
GetLengthSid
CopySid
OpenThreadToken
OpenProcessToken
GetTokenInformation
LookupAccountSidW
EqualSid
RegEnumValueW
SetFileSecurityW
GetFileSecurityW
RegQueryValueW
RegEnumKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegSetValueW
IsValidSid

shell32

DragAcceptFiles
ShellExecuteW
SHGetSpecialFolderPathW
ExtractIconExW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
DragQueryFileW
DragFinish
SHGetFileInfoW
SHAppBarMessage
ExtractIconW
SHAddToRecentDocs
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder

comctl32

ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_Draw
ImageList_AddMasked
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DragLeave
ImageList_EndDrag
InitCommonControlsEx

shlwapi

PathStripToRootW
SHCreateStreamOnFileW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
UrlUnescapeW
PathRemoveFileSpecW
StrFormatKBSizeW

uxtheme

GetWindowTheme
DrawThemeParentBackground
IsAppThemed
DrawThemeText
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
OpenThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetThemeSysColor
CloseThemeData

ole32

CreateItemMoniker
CoLockObjectExternal
CreateILockBytesOnHGlobal
RevokeDragDrop
CreateFileMoniker
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage
CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize
StgCreateDocfile
OleRegEnumVerbs
OleRegGetMiscStatus
CoDisconnectObject
GetRunningObjectTable
OleRun
OleIsRunning
CreateStreamOnHGlobal
CoInitializeEx
OleSetMenuDescriptor
OleLockRunning
CoInitialize
CoGetClassObject
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
DoDragDrop
OleGetClipboard
CreateGenericComposite
WriteClassStm
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
GetHGlobalFromILockBytes
CoFreeUnusedLibraries
CoCreateGuid
CoUninitialize
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
RegisterDragDrop
CLSIDFromProgID

oleaut32

VariantClear
VariantChangeType
SysAllocString
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantInit
VariantCopy
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
SysAllocStringLen
SysFreeString

oledlg

OleUIBusyW
OleUIObjectPropertiesW
OleUIEditLinksW
OleUIPasteSpecialW
OleUIInsertObjectW
OleUIAddVerbMenuW

gdiplus

GdipBitmapLockBits
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdiplusShutdown
GdipCreateBitmapFromScan0

secur32

CompleteAuthToken
InitializeSecurityContextA
FreeContextBuffer
QuerySecurityPackageInfoA
AcquireCredentialsHandleA
FreeCredentialsHandle
DeleteSecurityContext

crypt32

CryptUnprotectData
CryptProtectData

iphlpapi

NotifyAddrChange

xmllite

CreateXmlWriter
CreateXmlReader

ws2_32

getservbyname
htonl
getservbyport
gethostbyaddr
ioctlsocket
__WSAFDIsSet
WSAAccept
connect
getsockname
getsockopt
setsockopt
WSASocketW
WSASetLastError
WSAEnumProtocolsW
select
WSAAddressToStringW
WSAStringToAddressW
inet_addr
WSAStartup
accept
listen
bind
htons
recv
send
closesocket
ntohl
inet_ntoa
gethostbyname
WSACreateEvent
ntohs
WSAGetLastError
socket

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

wininet

HttpQueryInfoW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 528KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Proxifier PE/ProxyChecker.exe
.exe windows:5 windows x86 arch:x86

89d53cf2db9e17217dbff70fcf54241e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:85:d7:00:22:0b:87:12:b8:d6:f9:1a:a5:fa:74:78
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/04/2016, 00:00

Not After

07/04/2019, 23:59

Subject

CN=Initex\, OOO,O=Initex\, OOO,POSTALCODE=197183,STREET=Litera A\,pom. 10H\, 17 Savushkina ul.,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:2a:41:c4:04:98:a2:b2:51:3d:ae:97:ec:93:d6:94
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/03/2016, 00:00

Not After

28/03/2018, 23:59

Subject

CN=Initex\, OOO,O=Initex\, OOO,POSTALCODE=197183,STREET=Litera A\,pom. 10H\, 17 Savushkina ul.,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9f:c1:45:d4:9f:73:61:d9:19:5b:65:20:bb:37:49:1e:2a:ab:57:f8:af:5c:58:bc:08:3f:82:eb:4c:6c:a1:92
Signer

Actual PE Digest

9f:c1:45:d4:9f:73:61:d9:19:5b:65:20:bb:37:49:1e:2a:ab:57:f8:af:5c:58:bc:08:3f:82:eb:4c:6c:a1:92

Digest Algorithm

sha256

PE Digest Matches

true

39:77:df:38:c3:eb:52:23:03:a7:7a:ce:43:31:cc:46:f2:b2:7d:2f
Signer

Actual PE Digest

39:77:df:38:c3:eb:52:23:03:a7:7a:ce:43:31:cc:46:f2:b2:7d:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\Proxifier\Program\Repo\ProxifierWin\ProxyChecker\Release\ProxyChecker.pdb

Imports

kernel32

GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
RtlUnwind
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
HeapQueryInformation
SetStdHandle
GetFileType
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetTickCount
Sleep
TerminateProcess
IsValidCodePage
GetOEMCP
GetCPInfo
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
OutputDebugStringW
WriteConsoleW
SetEnvironmentVariableA
SetErrorMode
ExpandEnvironmentStringsA
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
DeleteFileW
GetThreadLocale
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalFlags
FileTimeToSystemTime
LocalAlloc
FileTimeToLocalFileTime
SuspendThread
SetThreadPriority
CreateEventW
WaitForSingleObject
SetEvent
CloseHandle
GetCurrentProcessId
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetCurrentThread
FormatMessageW
LocalFree
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
LeaveCriticalSection
EnterCriticalSection
EncodePointer
MulDiv
GlobalUnlock
GlobalLock
FreeResource
GetModuleHandleW
GetModuleHandleA
OutputDebugStringA
GetACP
ResumeThread
DeleteCriticalSection
DecodePointer
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GetLastError
GetCurrentThreadId
GetModuleFileNameW
LoadLibraryW
GlobalFree
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExW
GetComputerNameA
SetLastError
FindResourceW
LoadResource
LockResource
SetUnhandledExceptionFilter
SizeofResource

user32

RegisterClipboardFormatW
PostThreadMessageW
GetMonitorInfoW
MonitorFromWindow
WinHelpW
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
EqualRect
CopyRect
MapWindowPoints
MessageBoxW
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ValidateRect
SetForegroundWindow
GetForegroundWindow
UpdateWindow
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
IsWindowVisible
InvalidateRgn
SetWindowPos
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetDesktopWindow
GetWindowLongW
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetParent
SendDlgItemMessageA
EnableWindow
LoadImageW
CopyAcceleratorTableW
OffsetRect
CharNextW
UnregisterClassW
LoadCursorW
SetCursor
GetSysColorBrush
RedrawWindow
GetSubMenu
LoadMenuW
PtInRect
GetWindowRect
DrawIcon
GetSystemMetrics
IsIconic
SetTimer
GetClientRect
SendMessageW
CharUpperW
AppendMenuW
GetSystemMenu
MessageBeep
GetNextDlgGroupItem
IsRectEmpty
SetRect
InvalidateRect
KillTimer
ReleaseCapture
SetCapture
CheckMenuItem
IntersectRect
RealChildWindowFromPoint
DestroyMenu
GetCursorPos
TranslateMessage
GetMessageW
GetWindowThreadProcessId
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
IsDialogMessageW
SetWindowTextW
IsDlgButtonChecked
CheckRadioButton
MoveWindow
ShowWindow
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem

gdi32

GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
RestoreDC
SaveDC
ExtSelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetMapMode
SetTextColor
GetObjectW
TextOutW
ExtTextOutW
GetDeviceCaps
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
GetClipBox
Escape
DeleteObject
DeleteDC
CreateBitmap
CreateFontW
GetStockObject

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegOpenKeyExA
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExA

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
UrlUnescapeW
PathIsUNCW
PathStripToRootW
PathFindExtensionW

ole32

CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoRegisterMessageFilter
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

SysAllocString
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantChangeType
VariantCopy
OleCreateFontIndirect
VariantClear
VariantInit
SysFreeString
SysAllocStringLen

oledlg

OleUIBusyW

ws2_32

closesocket
gethostbyname
WSAStartup
htons
connect
send
WSAGetLastError
recv
inet_ntoa
socket
inet_addr

oleacc

LresultFromObject
CreateStdAccessibleObject

wininet

InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
HttpQueryInfoW
InternetCrackUrlW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW

Sections

.text
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Proxifier PE/PrxDrvPE.dll
.dll windows:5 windows x86 arch:x86

7d72d8c947aae5fb944f71275444c817

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:85:d7:00:22:0b:87:12:b8:d6:f9:1a:a5:fa:74:78
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/04/2016, 00:00

Not After

07/04/2019, 23:59

Subject

CN=Initex\, OOO,O=Initex\, OOO,POSTALCODE=197183,STREET=Litera A\,pom. 10H\, 17 Savushkina ul.,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:2a:41:c4:04:98:a2:b2:51:3d:ae:97:ec:93:d6:94
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/03/2016, 00:00

Not After

28/03/2018, 23:59

Subject

CN=Initex\, OOO,O=Initex\, OOO,POSTALCODE=197183,STREET=Litera A\,pom. 10H\, 17 Savushkina ul.,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:33:fd:be:1e:da:93:8d:f2:70:d3:51:af:0c:b8:2d:2d:cb:d8:f8:bc:60:fe:c6:ed:06:6d:10:29:79:c9:b8
Signer

Actual PE Digest

02:33:fd:be:1e:da:93:8d:f2:70:d3:51:af:0c:b8:2d:2d:cb:d8:f8:bc:60:fe:c6:ed:06:6d:10:29:79:c9:b8

Digest Algorithm

sha256

PE Digest Matches

true

16:d3:a1:6e:6d:b9:9b:5c:0c:b5:d1:84:06:3f:bd:42:7a:46:87:a8
Signer

Actual PE Digest

16:d3:a1:6e:6d:b9:9b:5c:0c:b5:d1:84:06:3f:bd:42:7a:46:87:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\Proxifier\Program\Repo\ProxifierWin\PrxDrvPE\Release\PrxDrvPE.pdb

Imports

kernel32

GetVersionExW
GetProcAddress
ExpandEnvironmentStringsW
FreeLibrary
CreateToolhelp32Snapshot
GetCurrentProcessId
Module32FirstW
Module32NextW
CloseHandle
VirtualProtect
GetModuleFileNameW
GetCurrentThread
VirtualAlloc
GetCurrentProcess
CallNamedPipeW
OpenMutexW
HeapCreate
HeapAlloc
HeapFree
FlushFileBuffers
LoadLibraryW
InterlockedIncrement
InitializeCriticalSection
LeaveCriticalSection
GetLastError
EnterCriticalSection
LCMapStringW
HeapSize
OutputDebugStringW
GetStringTypeW
WriteConsoleW
SetStdHandle
HeapReAlloc
RtlUnwind
LoadLibraryExW
GetCPInfo
GetOEMCP
GetACP
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
RaiseException
SetLastError
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
IsValidCodePage
CreateFileW

user32

CallNextHookEx
wsprintfW
MessageBoxW
SetWindowsHookExW

advapi32

GetLengthSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
CopySid

ws2_32

WSALookupServiceEnd
WSALookupServiceNextW
WSALookupServiceBeginW
WSAIoctl
getpeername
WSCEnumProtocols
connect
WSAConnect
closesocket
WSASocketW
htons
WSCGetProviderPath
WSAStartup
WSASetLastError
WSAGetLastError
getsockname

Exports

Exports

InitFilter3

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Proxifier PE/PrxDrvPE64.dll
.dll windows:5 windows x64 arch:x64

bf2ec15a2a6be98150542b9a3d661e5f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:85:d7:00:22:0b:87:12:b8:d6:f9:1a:a5:fa:74:78
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/04/2016, 00:00

Not After

07/04/2019, 23:59

Subject

CN=Initex\, OOO,O=Initex\, OOO,POSTALCODE=197183,STREET=Litera A\,pom. 10H\, 17 Savushkina ul.,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:2a:41:c4:04:98:a2:b2:51:3d:ae:97:ec:93:d6:94
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/03/2016, 00:00

Not After

28/03/2018, 23:59

Subject

CN=Initex\, OOO,O=Initex\, OOO,POSTALCODE=197183,STREET=Litera A\,pom. 10H\, 17 Savushkina ul.,L=Saint Petersburg,ST=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1b:25:a5:98:aa:e3:f9:84:5c:11:c6:ff:50:16:63:6d:1a:1b:4a:04:c0:0b:85:f6:9f:c4:37:37:1f:bf:9b:9d
Signer

Actual PE Digest

1b:25:a5:98:aa:e3:f9:84:5c:11:c6:ff:50:16:63:6d:1a:1b:4a:04:c0:0b:85:f6:9f:c4:37:37:1f:bf:9b:9d

Digest Algorithm

sha256

PE Digest Matches

true

e8:36:a2:0b:90:a8:54:bf:5a:28:4f:a4:4e:57:2e:67:58:81:70:12
Signer

Actual PE Digest

e8:36:a2:0b:90:a8:54:bf:5a:28:4f:a4:4e:57:2e:67:58:81:70:12

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\Proxifier\Program\Repo\ProxifierWin\PrxDrvPE\x64\Release\PrxDrvPE64.pdb

Imports

kernel32

GetProcAddress
ExpandEnvironmentStringsW
FreeLibrary
CreateToolhelp32Snapshot
GetCurrentProcessId
Module32FirstW
Module32NextW
CloseHandle
VirtualProtect
GetModuleFileNameW
GetCurrentThread
GetLastError
GetVersionExW
CallNamedPipeW
OpenMutexW
HeapCreate
HeapAlloc
HeapFree
FlushFileBuffers
VirtualAlloc
LoadLibraryW
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcess
EnterCriticalSection
LCMapStringW
HeapSize
OutputDebugStringW
GetStringTypeW
WriteConsoleW
SetStdHandle
HeapReAlloc
LoadLibraryExW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
SetLastError
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwindEx
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW

user32

CallNextHookEx
wsprintfW
MessageBoxW
SetWindowsHookExW

advapi32

GetLengthSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
CopySid

ws2_32

WSALookupServiceEnd
WSALookupServiceNextW
WSALookupServiceBeginW
WSAIoctl
getpeername
WSCEnumProtocols
connect
WSAConnect
closesocket
WSASocketW
htons
WSCGetProviderPath
WSAStartup
WSASetLastError
WSAGetLastError
getsockname

Exports

Exports

InitFilter3

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Proxifier PE/Settings.ini

Sharing

General

Malware Config

Signatures

Files

097bec7dac3d9aac7ec8bc389c193ee6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

7e:85:d7:00:22:0b:87:12:b8:d6:f9:1a:a5:fa:74:78Certificate

Extended Key Usages

Key Usages

38:2a:41:c4:04:98:a2:b2:51:3d:ae:97:ec:93:d6:94Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

ea:3a:09:94:df:44:9f:78:d5:8a:8e:82:68:d4:19:95:05:81:77:c9:e2:16:98:f6:ec:73:a2:d9:83:50:1e:21Signer

99:d1:6d:5b:c6:4a:7b:48:29:bd:f6:40:47:f0:72:90:ae:54:a2:34Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 5KB - Virtual size: 14KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

Headers

File Characteristics

Sections

iwnslssf Size: - Virtual size: 40KB

owein23 Size: 203KB - Virtual size: 204KB

.rsrc Size: 3KB - Virtual size: 4KB

d64c25b9df22f52c4d7bb94cf56f2d87

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

7e:85:d7:00:22:0b:87:12:b8:d6:f9:1a:a5:fa:74:78Certificate

Extended Key Usages

Key Usages

38:2a:41:c4:04:98:a2:b2:51:3d:ae:97:ec:93:d6:94Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

7e:85:d7:00:22:0b:87:12:b8:d6:f9:1a:a5:fa:74:78
Certificate

38:2a:41:c4:04:98:a2:b2:51:3d:ae:97:ec:93:d6:94
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

ea:3a:09:94:df:44:9f:78:d5:8a:8e:82:68:d4:19:95:05:81:77:c9:e2:16:98:f6:ec:73:a2:d9:83:50:1e:21
Signer

99:d1:6d:5b:c6:4a:7b:48:29:bd:f6:40:47:f0:72:90:ae:54:a2:34
Signer

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 14KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

iwnslssf
Size: - Virtual size: 40KB

owein23
Size: 203KB - Virtual size: 204KB

.rsrc
Size: 3KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

7e:85:d7:00:22:0b:87:12:b8:d6:f9:1a:a5:fa:74:78
Certificate

38:2a:41:c4:04:98:a2:b2:51:3d:ae:97:ec:93:d6:94
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

4b:a3:b8:21:43:20:b5:82:47:a9:3c:0b:b5:65:2c:ab:c4:ad:79:e5:06:07:2c:84:7a:8a:5c:91:a7:73:08:5d
Signer

8a:68:67:a1:3c:b1:9f:ad:2a:d4:ab:cd:20:52:62:af:a5:52:52:8a
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 528KB - Virtual size: 528KB

.data
Size: 37KB - Virtual size: 125KB

.tls
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 174KB - Virtual size: 173KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

7e:85:d7:00:22:0b:87:12:b8:d6:f9:1a:a5:fa:74:78
Certificate

38:2a:41:c4:04:98:a2:b2:51:3d:ae:97:ec:93:d6:94
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

9f:c1:45:d4:9f:73:61:d9:19:5b:65:20:bb:37:49:1e:2a:ab:57:f8:af:5c:58:bc:08:3f:82:eb:4c:6c:a1:92
Signer