849b78dab5dd6e0673c14be797335f34_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

849b78dab5dd6e0673c14be797335f34_JaffaCakes118
Size

7.8MB
MD5

849b78dab5dd6e0673c14be797335f34
SHA1

254f6f7be2d6ca0f53af1b35dcdea7560043c70f
SHA256

7962b846a813ebb3a7488767095fc0873273681679c4b400fd58b0dd781e3754
SHA512

17500e5aea87641c0f21ece35588cec019b17d93a77ec88d2ad09458bc576cc2341da0e4039945a0b14687dafe9738ccc00853c6dc5390eb4821a37b9f2ef9eb
SSDEEP

196608:FgXpbebyqolTk2e/1wJnggTpx2Gk6J2lHoKM:Fkpbebwlg4BTknlHU

Score

10^/10

upx

Malware Config

Signatures

Nirsoft 2 IoCs

resource	yara_rule
static1/unpack002/out.upx	Nirsoft
static1/unpack001/wol.exe	Nirsoft

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/nircmd.exe	upx
static1/unpack001/unzip.exe	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PortQry.exe
unpack001/diruse.exe
unpack001/nircmd.exe
unpack002/out.upx
unpack001/unzip.exe
unpack003/out.upx

Files

849b78dab5dd6e0673c14be797335f34_JaffaCakes118
.zip
DesktopInfo.exe
.exe windows:1 windows x86 arch:x86

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

32:cb:58:b9:3f:8d:5f:63:6a:25:db:ba:ea:9d:de:73
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/03/2018, 00:00

Not After

07/03/2019, 23:59

Subject

CN=Mr Glenn Stuart Delahoy,O=Mr Glenn Stuart Delahoy,POSTALCODE=3311,STREET=63 Robertson Street,L=Casterton,ST=Victoria,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:9f:f3:55:ab:45:34:c7:f7:f4:27:b4:68:40:35:46:42:91:dd:30:ab:ae:7d:f7:19:d8:9e:e6:5d:c8:d4:36
Signer

Actual PE Digest

52:9f:f3:55:ab:45:34:c7:f7:f4:27:b4:68:40:35:46:42:91:dd:30:ab:ae:7d:f7:19:d8:9e:e6:5d:c8:d4:36

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 503KB - Virtual size: 502KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PortQry.exe
.exe windows:4 windows x86 arch:x86

2faf3ec96381d74feaa1eb3851b607b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadReadPtr
LocalFree
LocalAlloc
HeapFree
GetProcessHeap
LoadLibraryA
OpenProcess
GetLastError
Sleep
CompareStringW
CompareStringA
GetProcAddress
GetModuleHandleA
CloseHandle
GetComputerNameA
ReadFile
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
FlushFileBuffers
SetStdHandle
WriteFile
RtlUnwind
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
WriteConsoleA
CreateFileA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetVersion
GetCommandLineA
HeapAlloc
GetCurrentProcess
TerminateProcess
ExitProcess
SetEnvironmentVariableA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
GetLocalTime
GetSystemTime
GetTimeZoneInformation

user32

GetAsyncKeyState

advapi32

EnumServicesStatusExA
CloseServiceHandle
OpenSCManagerA

ws2_32

inet_ntoa
ntohs
sendto
recvfrom
gethostbyname
inet_addr
gethostbyaddr
socket
bind
connect
closesocket
setsockopt
recv
send
WSACleanup
WSAStartup
htons
getservbyport
WSAGetLastError

wldap32

ord32
ord34
ord33
ord37
ord38
ord200
ord17
ord143
ord88
ord60
ord50
ord41
ord46
ord26
ord27

rpcrt4

RpcMgmtEpEltInqDone
RpcStringBindingComposeA
RpcBindingFree
RpcBindingFromStringBindingA
RpcMgmtEpEltInqBegin
RpcMgmtEpEltInqNextA
UuidToStringA
RpcBindingToStringBindingA
RpcStringFreeA

netapi32

Netbios

iphlpapi

GetUdpTable
GetTcpTable

psapi

GetModuleFileNameExA
EnumProcesses
EnumProcessModules

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PsExec.exe
.exe windows:5 windows x86 arch:x86

7d320143a97f5ff2b2c22306359754be

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/04/2014, 17:39

Not After

22/07/2015, 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3b:19:53:33:1a:c1:34:4e:cc:b3:ab:fe:6c:2d:2e:9d:23:ea:3a:fc
Signer

Actual PE Digest

3b:19:53:33:1a:c1:34:4e:cc:b3:ab:fe:6c:2d:2e:9d:23:ea:3a:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Pstools\psexec\EXE\Release\psexec.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

NetApiBufferFree
NetServerEnum

ws2_32

WSAStartup
gethostname
inet_ntoa
gethostbyname

mpr

WNetAddConnection2W
WNetCancelConnection2W

kernel32

SetConsoleTitleW
DuplicateHandle
GetCurrentProcessId
TransactNamedPipe
SetNamedPipeHandleState
SetConsoleCtrlHandler
CreateEventW
GetExitCodeProcess
ResumeThread
SetProcessAffinityMask
GetEnvironmentVariableW
WaitForMultipleObjects
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeA
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
CopyFileW
SetFileAttributesW
WaitNamedPipeW
GetFileTime
ReadConsoleW
GetFileAttributesW
DisconnectNamedPipe
SetEvent
ConnectNamedPipe
GetModuleFileNameW
GetVersion
GetCurrentProcess
MultiByteToWideChar
GetComputerNameW
GetSystemDirectoryW
DeleteFileW
FindResourceW
LoadResource
SizeofResource
LockResource
GetConsoleScreenBufferInfo
LoadLibraryExW
FormatMessageA
GetStdHandle
FreeLibrary
SetEnvironmentVariableA
CreateFileW
GetTickCount
Sleep
SetLastError
GetCurrentThread
GetLastError
WaitForSingleObject
CloseHandle
GetCommandLineW
LocalAlloc
GetModuleHandleW
WriteFile
ReadFile
LocalFree
SetPriorityClass
LoadLibraryW
GetProcAddress
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
GetFullPathNameW
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetCurrentThreadId
CreateThread
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ExitProcess
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetFileType
GetStartupInfoA
WideCharToMultiByte
GetConsoleCP
RtlUnwind
CreateFileA
FlushFileBuffers
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeW
LCMapStringA

user32

LoadCursorW
SetCursor
SetWindowTextW
SendMessageW
EndDialog
GetSysColorBrush
GetDlgItem
DialogBoxIndirectParamW
InflateRect

gdi32

SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgW

advapi32

CryptDestroyKey
CreateProcessAsUserW
OpenProcessToken
AdjustTokenPrivileges
LogonUserW
ImpersonateLoggedOnUser
RegConnectRegistryW
DeleteService
ControlService
OpenSCManagerW
OpenServiceW
StartServiceW
QueryServiceStatus
CreateServiceW
CloseServiceHandle
ImpersonateNamedPipeClient
OpenThreadToken
RevertToSelf
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptGenKey
CryptExportKey
CryptImportKey
CryptEncrypt
CryptDecrypt
CryptAcquireContextW
CryptReleaseContext
AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
SetTokenInformation
GetSecurityInfo
InitializeAcl
GetAce
AddAce
AddAccessAllowedAce
SetSecurityInfo
FreeSid
LsaOpenPolicy
LsaEnumerateAccountRights
LookupPrivilegeValueW
LsaFreeMemory
LsaClose

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Sysmon.exe
.exe windows:5 windows x86 arch:x86

99d9920f81355d14d898a62304b93503

Code Sign

33:00:00:00:e2:9a:b8:8c:86:e2:c2:84:42:00:00:00:00:00:e2
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

31/01/2018, 19:03

Not After

07/09/2018, 19:03

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:179E-4BB0-8246,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:11

Not After

11/08/2018, 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

09/05/2001, 23:19

Not After

09/05/2021, 23:28

Subject

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:20

Not After

11/08/2018, 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c1:c4:6c:ce:79:7b:ae:b5:dd:6f:7a:62:75:6f:90:4c:43:98:1b:54:e7:4c:cf:38:17:1f:80:87:5e:4d:24:0b
Signer

Actual PE Digest

c1:c4:6c:ce:79:7b:ae:b5:dd:6f:7a:62:75:6f:90:4c:43:98:1b:54:e7:4c:cf:38:17:1f:80:87:5e:4d:24:0b

Digest Algorithm

sha256

PE Digest Matches

true

3d:dd:a4:e3:a2:04:55:7c:12:68:d2:59:ce:62:10:93:9d:ab:4d:69
Signer

Actual PE Digest

3d:dd:a4:e3:a2:04:55:7c:12:68:d2:59:ce:62:10:93:9d:ab:4d:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\agent\_work\8\s\svc\Public_Release\Sysmon.pdb

Imports

userenv

ExpandEnvironmentStringsForUserW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

NetServerEnum
NetApiBufferFree

ws2_32

WSAStartup
htons
getnameinfo
ntohs
gethostname
inet_ntoa
gethostbyname

mpr

WNetAddConnection2W
WNetCancelConnection2W

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationW

ole32

IIDFromString
StringFromGUID2
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance

kernel32

Sleep
SizeofResource
FormatMessageW
GetExitCodeProcess
GetFileAttributesW
CreateFileW
MultiByteToWideChar
lstrlenW
GetTempPathW
GetLastError
SetLastError
Process32FirstW
GetConsoleScreenBufferInfo
LockResource
RemoveDirectoryW
GetSystemInfo
Process32NextW
CreateToolhelp32Snapshot
GetVersion
DeleteFileW
ExitProcess
CopyFileW
ProcessIdToSessionId
DeviceIoControl
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
GetCurrentThread
GetOverlappedResult
SetThreadPriority
GetFileSizeEx
CreateFileMappingW
SetConsoleCtrlHandler
CreateEventW
WaitForMultipleObjects
GetFullPathNameW
GetTempFileNameW
SystemTimeToFileTime
GetLogicalDriveStringsW
WriteFile
OpenProcess
GetVersionExW
FileTimeToSystemTime
GetSystemDirectoryW
K32EnumProcesses
Module32FirstW
K32GetMappedFileNameW
GetWindowsDirectoryW
GetSystemTime
InterlockedDecrement
QueryPerformanceCounter
ResetEvent
QueryPerformanceFrequency
DeleteCriticalSection
InterlockedIncrement
CreateThread
FindFirstFileW
FindClose
FindNextFileW
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
TerminateProcess
GetProcessHeap
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
ResumeThread
IsProcessorFeaturePresent
IsDebuggerPresent
ExitThread
GetCurrentThreadId
WideCharToMultiByte
GetSystemTimeAsFileTime
SetEnvironmentVariableA
GetTickCount
ConnectNamedPipe
SetEvent
GetComputerNameW
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
LoadLibraryExW
CreateProcessW
LoadResource
FreeLibrary
FindResourceW
InterlockedExchange
ExpandEnvironmentStringsW
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LocalFree
LocalAlloc
GetProcAddress
GetStdHandle
LoadLibraryW
GetModuleHandleW
GetCommandLineW
GetFileType
GetModuleFileNameW
FatalAppExitA
ReadFile
FlushFileBuffers
GetConsoleCP
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateSemaphoreW
HeapSize
RtlUnwind
GetStringTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
OutputDebugStringW
SetFilePointerEx
ReadConsoleW
AreFileApisANSI
GetModuleHandleExW
EncodePointer
SetConsoleMode
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetConsoleMode
HeapFree
SetStdHandle
HeapAlloc
WriteConsoleW
SetEndOfFile
lstrlenA
GetTimeZoneInformation
QueryDosDeviceW

user32

GetSysColorBrush
SendMessageW
SetWindowTextW
EndDialog
GetDlgItem
UnregisterClassW
DialogBoxIndirectParamW
SetCursor
MessageBoxW
LoadCursorW
InflateRect

gdi32

EndPage
StartPage
GetDeviceCaps
SetMapMode
EndDoc
StartDocW

comdlg32

PrintDlgW

advapi32

StartServiceCtrlDispatcherW
RegCloseKey
RegCreateKeyW
RegQueryValueExW
RegOpenKeyW
LookupAccountSidW
GetSecurityDescriptorLength
ConvertSidToStringSidW
GetLengthSid
ReportEventW
DeregisterEventSource
CopySid
GetSidSubAuthorityCount
GetSidSubAuthority
RegisterEventSourceW
RegNotifyChangeKeyValue
QueryServiceConfigW
SetEntriesInAclW
SetServiceStatus
RegDeleteValueW
ChangeServiceConfig2W
SetSecurityDescriptorDacl
RegDeleteKeyW
InitializeSecurityDescriptor
RegCreateKeyExW
RegisterServiceCtrlHandlerExW
RegSetValueExW
AdjustTokenPrivileges
ControlService
FreeSid
RevertToSelf
AllocateAndInitializeSid
RegConnectRegistryW
ImpersonateLoggedOnUser
QueryServiceStatus
StartServiceW
LookupPrivilegeValueW
EqualSid
GetTokenInformation
OpenServiceW
LogonUserW
OpenSCManagerW
DeleteService
OpenProcessToken
CloseServiceHandle
CreateServiceW
RegOpenKeyExW

oleaut32

VariantChangeType
SafeArrayGetElement
SafeArrayUnaccessData
VariantInit
SafeArrayDestroy
SafeArrayGetUBound
VariantClear
SafeArrayGetLBound
SysFreeString
SysStringByteLen
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
SysAllocString
VarBstrCmp
SafeArrayAccessData
GetErrorInfo
SetErrorInfo
CreateErrorInfo

crypt32

CertDuplicateCertificateContext
CertGetCertificateChain
CertGetNameStringW
CryptFindOIDInfo

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer

Sections

.text
Size: 572KB - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
accesschk.exe
.exe windows:5 windows x86 arch:x86

e325756a1c6d9df5a7076a74f05ee8d6

Code Sign

33:00:00:00:c2:a0:09:c5:37:76:e9:f6:cd:00:00:00:00:00:c2
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=Thales TSS ESN:C3B0-0F6A-4111,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:11

Not After

11/08/2018, 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:20

Not After

11/08/2018, 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e9:07:fa:b7:5e:b7:dc:6f:15:f8:18:b8:b0:19:79:28:b4:ed:f5:25:fe:a4:02:b5:63:8d:ae:56:c1:b1:35:29
Signer

Actual PE Digest

e9:07:fa:b7:5e:b7:dc:6f:15:f8:18:b8:b0:19:79:28:b4:ed:f5:25:fe:a4:02:b5:63:8d:ae:56:c1:b1:35:29

Digest Algorithm

sha256

PE Digest Matches

true

c5:9e:89:06:b3:05:41:3c:01:e4:be:35:ee:4d:d1:cf:79:de:04:d5
Signer

Actual PE Digest

c5:9e:89:06:b3:05:41:3c:01:e4:be:35:ee:4d:d1:cf:79:de:04:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetApiBufferFree
NetShareEnum
NetShareGetInfo
NetUserGetLocalGroups

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
Thread32Next
Thread32First
OpenThread
FindNextFileW
FindFirstFileW
GetFileAttributesW
FindClose
GetProcessHeap
HeapAlloc
CreateFileW
GetStringTypeW
Process32FirstW
CreateToolhelp32Snapshot
GetFullPathNameW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
FormatMessageW
CloseHandle
SetLastError
GetLastError
GetCurrentThread
GetCurrentProcess
OpenProcess
GetVersion
GetModuleFileNameW
GetCommandLineW
GetModuleHandleW
LoadLibraryW
GetStdHandle
GetFileType
LocalFree
LocalAlloc
GetProcAddress
LCMapStringW
OutputDebugStringW
SetFilePointerEx
WriteConsoleW
ReadConsoleW
Process32NextW
RtlUnwind
HeapSize
ReadFile
GetConsoleCP
FlushFileBuffers
LoadLibraryExW
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThreadId
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
WriteFile

user32

SendMessageW
LoadCursorW
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW

gdi32

StartPage
GetDeviceCaps
EndDoc
StartDocW
SetMapMode
EndPage

comdlg32

PrintDlgW

advapi32

SetEntriesInAclW
QueryServiceObjectSecurity
OpenServiceW
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
GetSecurityInfo
DeleteAce
RegGetKeySecurity
RegEnumKeyW
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetKernelObjectSecurity
LsaNtStatusToWinError
LsaEnumerateAccountRights
LsaEnumerateAccountsWithUserRight
LsaOpenPolicy
LsaClose
LsaFreeMemory
LookupPrivilegeDisplayNameW
LookupPrivilegeNameW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetEffectiveRightsFromAclW
DuplicateTokenEx
ImpersonateLoggedOnUser
LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
InitializeSecurityDescriptor
GetAce
CopySid
GetLengthSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
AllocateAndInitializeSid
EqualSid
IsValidSid
IsWellKnownSid
AdjustTokenPrivileges
GetTokenInformation
OpenThreadToken
OpenProcessToken
RevertToSelf
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

wevtapi

EvtClose
EvtOpenChannelEnum
EvtNextChannelPath
EvtOpenChannelConfig
EvtGetChannelConfigProperty

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
choco.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:b0:11:5b:b5:f0:90:d3:f0:da:0e:62:2c:62:7d:58
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28/03/2017, 00:00

Not After

03/04/2018, 12:00

Subject

CN=Chocolatey Software\, Inc.,O=Chocolatey Software\, Inc.,L=Topeka,ST=Kansas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

58:9a:9e:b6:5b:d7:6f:7d:40:1b:20:d0:a5:af:db:8f:66:5b:b7:e4
Signer

Actual PE Digest

58:9a:9e:b6:5b:d7:6f:7d:40:1b:20:d0:a5:af:db:8f:66:5b:b7:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

PDB Paths

C:\codelocal\chocolatey2\code_drop\merge\choco.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
desktopinfo.ini
diruse.exe
.exe windows:5 windows x86 arch:x86

69a4dc6c1a34a56ff7230040d5dcaf31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperBuffW

netapi32

NetAlertRaiseEx

msvcrt

__setusermatherr
_initterm
__getmainargs
__p__fmode
__p___initenv
_XcptFilter
exit
_controlfp
wprintf
fwprintf
fflush
fclose
_exit
swprintf
_ftol
fopen
wcsncpy
swscanf
_iob
wcscpy
wcslen
wcscat
wcscmp
_except_handler3
_adjust_fdiv
__p__commode
__set_app_type

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

kernel32

FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
CloseHandle
GetCurrentProcessId
HeapAlloc
HeapReAlloc
FindFirstFileW
GetCompressedFileSizeW
FindNextFileW
FindClose
GetLastError
GetUserDefaultLCID
GetLocaleInfoW
GetCommandLineW
GetProcessHeap
OpenProcess
GetStdHandle
HeapFree

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
nircmd.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pl.ini
plink.exe
.exe windows:6 windows x64 arch:x64

b666dfcec182ccb8ce10310587a4ab90

Code Sign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ed:72:df:71:20:8f:78:36:d0:ab:00:9f:ca:97:e0:1f
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

22/12/2014, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO SHA-256 Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6c:d2:82:a2:d9:a2:c1:58:50:5b:17:8d:59:51:8b:7b
Certificate

Issuer

CN=COMODO SHA-256 Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

10/12/2015, 00:00

Not After

01/12/2018, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ed:72:df:71:20:8f:78:36:d0:ab:00:9f:ca:97:e0:1f
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

22/12/2014, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO SHA-256 Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6c:d2:82:a2:d9:a2:c1:58:50:5b:17:8d:59:51:8b:7b
Certificate

Issuer

CN=COMODO SHA-256 Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

10/12/2015, 00:00

Not After

01/12/2018, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1f:9d:29:4c:ec:11:af:3b:e3:fe:91:c0:29:3a:60:46:5b:2d:59:b6:a7:41:bd:13:a3:9a:18:70:14:d5:1d:a6
Signer

Actual PE Digest

1f:9d:29:4c:ec:11:af:3b:e3:fe:91:c0:29:3a:60:46:5b:2d:59:b6:a7:41:bd:13:a3:9a:18:70:14:d5:1d:a6

Digest Algorithm

sha256

PE Digest Matches

true

0a:6b:45:a7:0c:e5:df:21:b9:35:5c:26:43:5c:b4:55:86:5e:ec:cb
Signer

Actual PE Digest

0a:6b:45:a7:0c:e5:df:21:b9:35:5c:26:43:5c:b4:55:86:5e:ec:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AllocateAndInitializeSid
CopySid
EqualSid
GetLengthSid
GetUserNameA
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner

user32

FindWindowA
GetCapture
GetClipboardOwner
GetCursorPos
GetForegroundWindow
GetQueueStatus
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA

kernel32

ClearCommBreak
CloseHandle
CompareStringW
ConnectNamedPipe
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileW
CreateMutexA
CreateNamedPipeA
CreatePipe
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindFirstFileExA
FindNextFileA
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommState
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessTimes
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetWindowsDirectoryA
GlobalMemoryStatus
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LocalAlloc
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenProcess
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ReleaseMutex
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetCommBreak
SetCommState
SetCommTimeouts
SetConsoleMode
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFilePointerEx
SetHandleInformation
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeA
WideCharToMultiByte
WriteConsoleW
WriteFile

Sections

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
unzip.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 448KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 241KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 549KB - Virtual size: 549KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wget.exe
.exe windows:4 windows x86 arch:x86

6c83c796e9451331dab6bccffe120dee

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:1c:e8:45:cc:a9:7a:ae:1e:ad:8b:64:64:f9:c7:b6
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/03/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Jernej Simončič,O=Jernej Simončič,POSTALCODE=1000,STREET=Herbersteinova 29,L=Ljubljana,ST=-,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:71:45:5b:05:17:ad:b7:7e:cc:60:1c:24:f2:a9:73
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/03/2016, 00:00

Not After

25/03/2021, 23:59

Subject

CN=Jernej Simončič,O=Jernej Simončič,POSTALCODE=1000,STREET=Herbersteinova 29,L=Ljubljana,ST=-,C=SI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:51:26:28:98:80:34:83:4c:6c:8c:ea:17:74:38:57:67:1e:b2:58:d4:0a:05:97:3a:c4:27:ec:f7:08:be:c2
Signer

Actual PE Digest

6e:51:26:28:98:80:34:83:4c:6c:8c:ea:17:74:38:57:67:1e:b2:58:d4:0a:05:97:3a:c4:27:ec:f7:08:be:c2

Digest Algorithm

sha256

PE Digest Matches

true

90:71:64:b5:4a:ce:ec:4f:72:90:39:bb:40:78:08:d3:77:6a:29:2b
Signer

Actual PE Digest

90:71:64:b5:4a:ce:ec:4f:72:90:39:bb:40:78:08:d3:77:6a:29:2b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextA
CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptEnumProvidersW
CryptExportKey
CryptGenRandom
CryptGetProvParam
CryptGetUserKey
CryptReleaseContext
CryptSetHashParam
CryptSignHashW
DeregisterEventSource
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegisterEventSourceW
ReportEventW

crypt32

CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

kernel32

AddVectoredExceptionHandler
CloseHandle
ConvertFiberToThread
ConvertThreadToFiber
CreateDirectoryA
CreateEventA
CreateFiber
CreateFileA
CreateFileMappingA
CreateFileW
CreatePipe
CreateProcessA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeleteFiber
DeleteFileA
DuplicateHandle
EnterCriticalSection
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindFirstFileW
FindFirstVolumeW
FindNextFileW
FindNextVolumeW
FindVolumeClose
FormatMessageA
FormatMessageW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetEnvironmentVariableW
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileType
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNamedPipeInfo
GetNumberOfConsoleInputEvents
GetPriorityClass
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetThreadContext
GetThreadLocale
GetThreadPriority
GetTickCount
GetVersion
GetVolumeInformationW
GlobalMemoryStatus
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidCodePage
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFree
LockFileEx
MapViewOfFile
MultiByteToWideChar
OpenFileMappingA
OutputDebugStringA
PeekConsoleInputA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleA
ReadConsoleW
ReadFile
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleTitleA
SetEndOfFile
SetEvent
SetFilePointer
SetFilePointerEx
SetFileTime
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepEx
SuspendThread
SwitchToFiber
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

___mb_cur_max_func
__argv
__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__p__acmdln
__p__fmode
__pioinfo
__set_app_type
__setusermatherr
_access
_amsg_exit
_beginthreadex
_cexit
_chmod
_chmod
_close
_close
_dup
_dup2
_endthreadex
_environ
_errno
_exit
_fdopen
_filelengthi64
_fileno
_fileno
_fstat
_get_osfhandle
_getch
_getmaxstdio
_getmbcp
_getpid
_initterm
_iob
_isctype
_isatty
_lock
_lseek
_lseeki64
_mkdir
_onexit
_open_osfhandle
_open
_pipe
_putenv
_read
_setjmp3
_setmaxstdio
_setmode
_setmode
_snwprintf
_stat
_strdup
_stricmp
_strnicmp
_sys_errlist
_sys_nerr
_telli64
_ultoa
_unlink
_unlock
_tzset
_vsnprintf
_vsnwprintf
_wfopen
_wopen
_write
_write
abort
atoi
bsearch
clearerr
clock
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
gmtime
fseek
fsetpos
ftell
fwprintf
fwrite
getc
getenv
gmtime
isalnum
isalpha
iscntrl
isgraph
islower
isprint
ispunct
isspace
isupper
iswctype
isxdigit
localeconv
localtime
localtime
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
puts
qsort
raise
rand
realloc
rename
rewind
setbuf
setlocale
setvbuf
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strrchr
strpbrk
strspn
strstr
strtok
strtol
strtoul
time
time
tmpfile
tolower
toupper
towlower
towupper
ungetc
vfprintf
wcscat
wcscmp
wcscpy
wcslen
wcsstr
wcstombs

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

shell32

SHGetSpecialFolderPathA

user32

DispatchMessageA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage

ws2_32

WSAAddressToStringA
WSACleanup
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSASetLastError
WSASocketA
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
inet_addr
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 836KB - Virtual size: 836KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wol.exe
.exe windows:4 windows x64 arch:x64

20453887af8754c7021500155cf3e5b7

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7b:a7:65:f8:87:75:34:ce:36:8d:7e:1c:c4:97:27:43:bd:30:8a:ca:6c:3e:a5:16:98:59:87:c4:5e:56:68:81
Signer

Actual PE Digest

7b:a7:65:f8:87:75:34:ce:36:8d:7e:1c:c4:97:27:43:bd:30:8a:ca:6c:3e:a5:16:98:59:87:c4:5e:56:68:81

Digest Algorithm

sha256

PE Digest Matches

true

22:c4:ce:b7:9e:f5:22:a5:5a:9a:51:b1:45:67:60:10:29:b2:c7:06
Signer

Actual PE Digest

22:c4:ce:b7:9e:f5:22:a5:5a:9a:51:b1:45:67:60:10:29:b2:c7:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\WakeMeOnLan\x64\Release\WakeMeOnLan.pdb

Imports

msvcrt

__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
_wcslwr
strcmp
atoi
__C_specific_handler
wcstoul
_initterm
strlen
malloc
_memicmp
free
modf
wcslen
_ultow
_itow
??3@YAXPEAX@Z
_purecall
_wtoi
memcmp
__setusermatherr
_commode
_fmode
__set_app_type
wcscmp
wcsrchr
wcsncmp
_wcsicmp
wcschr
memcpy
??2@YAPEAX_K@Z
wcscpy
memset
wcscat
_snwprintf
_onexit
__dllonexit
wcsncat
strtoul
strncpy
strcpy
qsort

comctl32

ord17
ImageList_AddMasked
ImageList_SetImageCount
ImageList_Create
CreateStatusWindowW
CreateToolbarEx
ImageList_ReplaceIcon

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

connect
recvfrom
WSAGetLastError
WSASetLastError
WSACleanup
WSAAsyncSelect
inet_addr
socket
htonl
closesocket
gethostbyname
htons
setsockopt
sendto
bind
gethostbyaddr
WSAStartup

kernel32

GetCurrentProcessId
ExitProcess
ReadProcessMemory
SetErrorMode
DeleteFileW
CreateThread
ResumeThread
Sleep
GetStdHandle
GetPrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileIntW
CreateFileW
FindResourceW
GetModuleFileNameW
GetCurrentProcess
OpenProcess
EnumResourceTypesW
GetStartupInfoW
WriteFile
ReadFile
FindClose
GetFileAttributesW
FindNextFileW
GetModuleHandleW
FindFirstFileW
GetVersionExW
GetLastError
FormatMessageW
GetFileSize
SizeofResource
GlobalLock
GetTempFileNameW
GetTempPathW
GlobalUnlock
lstrcpyW
LockResource
ExpandEnvironmentStringsW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
DeleteCriticalSection
LoadLibraryW
GetProcAddress
FreeLibrary
LoadResource
CloseHandle
LoadLibraryExW
GetWindowsDirectoryW
GlobalAlloc
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
LocalFree

user32

SetForegroundWindow
KillTimer
SetTimer
DrawTextExW
TranslateMessage
DispatchMessageW
IsDialogMessageW
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
DestroyWindow
SetWindowPos
LoadStringW
EnumChildWindows
CreateDialogParamW
DialogBoxParamW
DestroyMenu
GetDlgCtrlID
GetMenuItemInfoW
ModifyMenuW
LoadMenuW
GetWindowTextW
MapWindowPoints
GetSysColor
EnableWindow
SetClipboardData
GetMenuStringW
GetCursorPos
CheckMenuRadioItem
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
GetDlgItemInt
InvalidateRect
GetWindow
EndPaint
DrawFrameControl
SetWindowTextW
SetDlgItemInt
UpdateWindow
SetDlgItemTextW
GetDlgItemTextW
BeginPaint
SetWindowLongPtrW
GetClientRect
GetSystemMetrics
DeferWindowPos
DefWindowProcW
PostMessageW
SendMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetWindowPlacement
SetMenu
GetWindowPlacement
LoadAcceleratorsW
LoadIconW
LoadImageW
GetWindowLongW
SetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
CloseClipboard
GetMenu
GetParent
EmptyClipboard
GetDC
EnableMenuItem
ReleaseDC
OpenClipboard
GetClassNameW
MoveWindow
GetSubMenu
GetMenuItemCount
CheckMenuItem

gdi32

SetBkColor
GetTextExtentPoint32W
GetDeviceCaps
SelectObject
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject
GetStockObject

comdlg32

FindTextW
GetSaveFileNameW
ChooseFontW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

Shell_NotifyIconW
SHGetFileInfoW
ShellExecuteW

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 740KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

32:cb:58:b9:3f:8d:5f:63:6a:25:db:ba:ea:9d:de:73Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

52:9f:f3:55:ab:45:34:c7:f7:f4:27:b4:68:40:35:46:42:91:dd:30:ab:ae:7d:f7:19:d8:9e:e6:5d:c8:d4:36Signer

Headers

File Characteristics

Sections

CODE Size: 503KB - Virtual size: 502KB

DATA Size: 22KB - Virtual size: 22KB

BSS Size: - Virtual size: 3KB

.idata Size: 10KB - Virtual size: 10KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 45B

.reloc Size: 30KB - Virtual size: 30KB

.rsrc Size: 36KB - Virtual size: 36KB

2faf3ec96381d74feaa1eb3851b607b9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

wldap32

rpcrt4

netapi32

iphlpapi

psapi

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 36KB - Virtual size: 38KB

7d320143a97f5ff2b2c22306359754be

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34Certificate

Extended Key Usages

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:caCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

3b:19:53:33:1a:c1:34:4e:cc:b3:ab:fe:6c:2d:2e:9d:23:ea:3a:fcSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

netapi32

ws2_32

mpr

kernel32

user32

gdi32

comdlg32

advapi32

Sections

.text Size: 149KB - Virtual size: 148KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 8KB - Virtual size: 182KB

.rsrc Size: 187KB - Virtual size: 186KB

99d9920f81355d14d898a62304b93503

Code Sign

33:00:00:00:e2:9a:b8:8c:86:e2:c2:84:42:00:00:00:00:00:e2Certificate

Extended Key Usages

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

32:cb:58:b9:3f:8d:5f:63:6a:25:db:ba:ea:9d:de:73
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

52:9f:f3:55:ab:45:34:c7:f7:f4:27:b4:68:40:35:46:42:91:dd:30:ab:ae:7d:f7:19:d8:9e:e6:5d:c8:d4:36
Signer

CODE
Size: 503KB - Virtual size: 502KB

DATA
Size: 22KB - Virtual size: 22KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 45B

.reloc
Size: 30KB - Virtual size: 30KB

.rsrc
Size: 36KB - Virtual size: 36KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 36KB - Virtual size: 38KB

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

3b:19:53:33:1a:c1:34:4e:cc:b3:ab:fe:6c:2d:2e:9d:23:ea:3a:fc
Signer

.text
Size: 149KB - Virtual size: 148KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 8KB - Virtual size: 182KB

.rsrc
Size: 187KB - Virtual size: 186KB

33:00:00:00:e2:9a:b8:8c:86:e2:c2:84:42:00:00:00:00:00:e2
Certificate

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

c1:c4:6c:ce:79:7b:ae:b5:dd:6f:7a:62:75:6f:90:4c:43:98:1b:54:e7:4c:cf:38:17:1f:80:87:5e:4d:24:0b
Signer

3d:dd:a4:e3:a2:04:55:7c:12:68:d2:59:ce:62:10:93:9d:ab:4d:69
Signer

.text
Size: 572KB - Virtual size: 572KB

.rdata
Size: 207KB - Virtual size: 206KB

.data
Size: 20KB - Virtual size: 30KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 30KB - Virtual size: 29KB

33:00:00:00:c2:a0:09:c5:37:76:e9:f6:cd:00:00:00:00:00:c2
Certificate

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

e9:07:fa:b7:5e:b7:dc:6f:15:f8:18:b8:b0:19:79:28:b4:ed:f5:25:fe:a4:02:b5:63:8d:ae:56:c1:b1:35:29
Signer

c5:9e:89:06:b3:05:41:3c:01:e4:be:35:ee:4d:d1:cf:79:de:04:d5
Signer