8d760359b549d03a8abd29b814c3e42c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8d760359b549d03a8abd29b814c3e42c_JaffaCakes118
Size

1.3MB
MD5

8d760359b549d03a8abd29b814c3e42c
SHA1

1ff189782371467c707f9bf1a9102788002e1fa3
SHA256

bd94bc0c1bf818e397f17b3d0ec201bc26baceaf2bb264de5348fc1e2b763c56
SHA512

4cbda28c954a9598d29107ffcb09a7d3437012e87bc880e3c7c7e2cc45ea0665126d8e6542e0cd406f97e11037fb0695a0cdf9da7f740dbbfbeebe5b2171d9f2
SSDEEP

24576:VbyZSFoZw4FVZ46teudv2jn9iqTLjOpRofVr7r9YliO1aNx8UhdhHP8pNABsc:FyUo64fZLeudv2jnsajOpR8VrX9YvgXj

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/SelfDel.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/SelfDel.dll	upx

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
8d760359b549d03a8abd29b814c3e42c_JaffaCakes118
unpack001/$PLUGINSDIR/Math.dll
unpack001/$PLUGINSDIR/SelfDel.dll
unpack002/out.upx
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack001/$PLUGINSDIR/nsisdl.dll
unpack001/$TEMP/7za.dll
unpack001/$TEMP/7za.exe
unpack001/$TEMP/blat.dll
unpack001/$TEMP/blat.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

8d760359b549d03a8abd29b814c3e42c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3abe302b6d9a1256e6a915429af4ffd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
GetTickCount
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GetWindowsDirectoryA
SetCurrentDirectoryA
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
CreateThread
GlobalLock
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Math.dll
.dll windows:4 windows x86 arch:x86

6a7dba1ca35af83a9a3593fbf002fb1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
lstrcmpA
lstrlenA
GlobalFree
lstrcatA
GlobalAlloc
lstrcpynA
MultiByteToWideChar
WideCharToMultiByte
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetCommandLineA
GetVersion
RaiseException
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
lstrcpyA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetLastError
SetFilePointer
HeapAlloc
VirtualAlloc
HeapReAlloc
LCMapStringA
GetStringTypeW
GetOEMCP
LoadLibraryA
GetStringTypeA
FlushFileBuffers
CloseHandle
LCMapStringW
SetStdHandle
RtlUnwind

Exports

Exports

Script

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SelfDel.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Del

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

46f8b6973f33717335c0f6d8087de67b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrlenA
GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
lstrcpynA
ReadFile
PeekNamedPipe
GetTickCount
lstrcpyA
CreateProcessA
GetStartupInfoA
GetProcAddress
GetVersion
DeleteFileA
lstrcmpiA
GetCurrentProcess
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
CreatePipe
GlobalLock
lstrcatA

user32

SendMessageA
OemToCharBuffA
FindWindowExA
CharNextA
wsprintfA
CharPrevA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 458B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:5 windows x86 arch:x86

a49b0342971aa199fc6349725b90146d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
OpenProcess
lstrcpynA
lstrlenA
LoadLibraryA
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
GetVersionExA
GlobalFree
GlobalAlloc

user32

GetWindowThreadProcessId
EnumWindows
wsprintfA
PostMessageA

Exports

Exports

_CloseProcess
_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisdl.dll
.dll windows:4 windows x86 arch:x86

35098e8775f91723e90a28745ef6495b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
MulDiv
WaitForSingleObject
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
CloseHandle
CreateThread

user32

SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CharPrevA
GetWindowRect
SetDlgItemTextA
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
wsprintfA
SendMessageA
SetWindowTextA
CreateWindowExA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

wsock32

__WSAFDIsSet
ioctlsocket
inet_ntoa
htons
socket
closesocket
shutdown
connect
gethostbyname
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/7za.dll
.dll windows:4 windows x86 arch:x86

d81b60eda1cab1fb301cbc5030fb0921

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantCopy
SysAllocStringLen
SysAllocStringByteLen

user32

CharUpperW

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
realloc
strlen
wcscmp
memcpy
memmove
free
_CxxThrowException
malloc
memcmp
_purecall
__CxxFrameHandler

kernel32

GetProcAddress
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
VirtualFree
VirtualAlloc
QueryPerformanceCounter
DeleteCriticalSection
GetVersionExW
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetSystemInfo
WriteFile
ReadFile
GetModuleHandleA
FindFirstFileW
FindClose
GetCurrentThreadId
GetTickCount
CloseHandle
CreateFileW
SetFileAttributesW
CreateDirectoryW
GetLastError
DeleteFileW
SetLastError
GetTempPathW
GetCurrentProcessId

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetLargePageMode

Sections

.text
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/7za.exe
.exe windows:4 windows x86 arch:x86

bd912273bbf29e21ff00a414f95c84bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantCopy
SysAllocStringLen

user32

CharPrevExA
CharUpperW

advapi32

SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetFileSecurityW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_beginthreadex
wcslen
realloc
strlen
memset
wcscmp
strcmp
memmove
fputs
fputc
fflush
fgetc
fclose
_iob
free
_CxxThrowException
malloc
memcmp
_purecall
memcpy
__CxxFrameHandler
_isatty
_fileno

kernel32

ResetEvent
CreateSemaphoreW
CreateEventW
WaitForSingleObject
ReleaseSemaphore
InitializeCriticalSection
VirtualAlloc
SetEvent
SetFileAttributesW
QueryPerformanceCounter
LocalFileTimeToFileTime
GetConsoleMode
SetConsoleMode
GetVersionExW
SetFileApisToOEM
GetCommandLineW
SetConsoleCtrlHandler
FileTimeToLocalFileTime
DeleteCriticalSection
GetProcessTimes
OpenEventW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatus
GetSystemInfo
FileTimeToSystemTime
CompareFileTime
GetCurrentProcess
GetDiskFreeSpaceW
GetFileInformationByHandle
SetEndOfFile
WriteFile
ReadFile
DeviceIoControl
SetFilePointer
GetFileSize
GetLogicalDriveStringsW
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
CloseHandle
SetFileTime
CreateFileW
FindNextFileW
RemoveDirectoryW
MoveFileW
GetProcAddress
GetModuleHandleW
GetLastError
CreateDirectoryW
DeleteFileW
SetLastError
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
VirtualFree

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/Actualizaciones.vbs
.vbs
$TEMP/AnsiToUtf8.vbs
.vbs
$TEMP/AutoUpdate.vbs
.vbs
$TEMP/CStore.vbs
.vbs
$TEMP/CStoreMini.vbs
.vbs
$TEMP/GetIP.vbs
.vbs
$TEMP/Log.sql
$TEMP/LogParser.7z
.7z
LogParser.dll
.dll regsvr32 windows:5 windows x86 arch:x86

2e2b691177bb4205fc4f5eb9fbd1a8d6

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

77:02:6a:1f:b9:95:c3:57:19:2f:be:52:52:3c:fb:71:fe:ed:4e:3b
Signer

Actual PE Digest

77:02:6a:1f:b9:95:c3:57:19:2f:be:52:52:3c:fb:71:fe:ed:4e:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\enlistments\nt_dnsrv\iistest\tools\logparser\main_com\obj\i386\LogParser.pdb

Imports

mfc42u

ord559
ord2057
ord812
ord6140
ord6139
ord942
ord940
ord2810
ord540
ord541
ord801
ord858
ord6379
ord5436
ord6390
ord5446
ord539
ord538
ord922
ord800
ord3648
ord350
ord3608
ord3126
ord5647
ord3658
ord6874
ord5857
ord535
ord823
ord861
ord5858
ord2058
ord925
ord927
ord6136
ord5854
ord5599
ord2606
ord941
ord654
ord4273
ord341
ord5929
ord3050
ord537
ord4272
ord859
ord4124
ord4197
ord825

msvcrt

_wtoi
_snwprintf
wcscat
wcschr
wcslen
wcsncmp
_wcsnicmp
wcsncat
_itow
_wsetlocale
mbtowc
strncmp
wprintf
time
srand
rand
_wtol
isalpha
memmove
_finite
iswctype
modf
wcsrchr
iswprint
iswalnum
towupper
strchr
wcsncpy
wcsstr
floor
_CIexp
_CIpow
_purecall
iswspace
wcscspn
_vsnwprintf
puts
printf
towlower
wcscpy
swprintf
iswalpha
isdigit
_except_handler3
?terminate@@YAXXZ
realloc
malloc
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
free
strstr
_CIfmod
wcscmp
_CxxThrowException
swscanf
_wcsicmp
__CxxFrameHandler
wcstombs
strncpy
localtime
_snprintf
iswdigit

advapi32

OpenBackupEventLogW
RegQueryValueExW
OpenEventLogW
CloseEventLog
IsValidSid
ControlTraceW
CloseTrace
ProcessTrace
OpenTraceW
RegQueryInfoKeyW
ConvertSidToStringSidW
ConvertStringSidToSidW
GetNumberOfEventLogRecords
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegDeleteKeyA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyW
RegEnumKeyExW
LookupAccountSidW
RegEnumValueW
CryptAcquireContextW
CryptReleaseContext
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegConnectRegistryW
IsTextUnicode
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
ReadEventLogW

oleaut32

LoadTypeLibEx
OleLoadPicturePath
SysFreeString
SysStringLen
GetErrorInfo
DispGetIDsOfNames
DispInvoke
SetErrorInfo
SysAllocString
CreateErrorInfo
LoadRegTypeLi
SystemTimeToVariantTime
VariantInit
SafeArrayCreateVector
SafeArrayCreate
VariantTimeToSystemTime
SysAllocStringLen
VariantClear
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
UnRegisterTypeLi
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayDestroy

kernel32

DeleteFileW
CreateThread
CreateDirectoryW
SetFilePointerEx
GetACP
WideCharToMultiByte
WaitForSingleObject
GetExitCodeThread
FormatMessageW
LocalFree
GetModuleHandleW
GetProcAddress
WriteFile
WaitForMultipleObjects
ReadConsoleInputW
InterlockedCompareExchange
SetEvent
GetOverlappedResult
CreateEventW
GetComputerNameW
GetFileSizeEx
GetDiskFreeSpaceW
GetStdHandle
SetFilePointer
SystemTimeToFileTime
FindFirstFileW
FindNextFileW
FindClose
ResetEvent
TerminateProcess
GlobalLock
GlobalUnlock
GlobalFree
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetSystemDefaultLangID
GetSystemDefaultLCID
FileTimeToSystemTime
SignalObjectAndWait
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedDecrement
InterlockedIncrement
GetLastError
GetModuleHandleA
GetShortPathNameA
GetModuleFileNameA
MultiByteToWideChar
MulDiv
GetProcessAffinityMask
GetCurrentProcess
UnhandledExceptionFilter
Sleep
GetCPInfo
SetUnhandledExceptionFilter
GetVersionExW
LocalAlloc
GetPrivateProfileStringW
EnumSystemLocalesW
LoadLibraryExW
FreeLibrary
SetLastError
GetCalendarInfoW
GetLocaleInfoW
GetTimeZoneInformation
GetSystemTime
EnterCriticalSection
LeaveCriticalSection
GetFullPathNameW
ExpandEnvironmentStringsW
CloseHandle
CreateFileW
VirtualFree
ReadFile
VirtualAlloc
GetFileSize
GetFileTime
SetFileTime
GetEnvironmentVariableW
InitializeCriticalSection
DeleteCriticalSection
GlobalAlloc

ole32

StringFromCLSID
CoWaitForMultipleHandles
CLSIDFromString
CoCreateInstance
CLSIDFromProgID
CoSetProxyBlanket
CoCreateInstanceEx
CoTaskMemFree

user32

DestroyMenu
TrackPopupMenu
GetSubMenu
LoadMenuW
SetWindowTextW
ShowWindow
SetPropW
CreateDialogParamW
LoadAcceleratorsW
FillRect
DrawTextExW
InvalidateRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MessageBoxW
PostQuitMessage
IsWindowEnabled
EnableMenuItem
CheckMenuItem
EnableWindow
ScreenToClient
MoveWindow
GetClientRect
GetPropW
DestroyWindow
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
GetDlgItem
SendMessageW
PostMessageW
GetWindowRect
SystemParametersInfoW
SetTimer
LoadStringW
wsprintfW
ReleaseDC
LoadIconW
SetFocus
GetDC

ws2_32

ntohl
socket
bind
connect
closesocket
send
WSAGetLastError
htons
gethostbyaddr
htonl
ntohs
WSAStartup
inet_addr
gethostbyname

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

activeds

ord3
ord9

odbc32

ord4
ord111
ord127
ord176
ord78
ord29
ord13
ord18
ord43
ord24
ord75
ord139
ord141
ord119
ord12
ord136
ord31
ord9

gdi32

BitBlt
DeleteObject
SelectObject
GetStockObject
GetObjectW
CreateFontIndirectW
GetDeviceCaps
GetTextExtentPoint32W
GetTextMetricsW
CreateCompatibleDC
CreateCompatibleBitmap
SetBkColor
SetTextColor
CreateSolidBrush
DeleteDC

comdlg32

ChooseFontW

wininet

HttpQueryInfoW
InternetGetLastResponseInfoW
InternetOpenUrlW
InternetOpenW
InternetReadFile
InternetCloseHandle

netapi32

NetMessageBufferSend

msimg32

GradientFill

crypt32

CryptProtectData
CryptUnprotectData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 903KB - Virtual size: 902KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LogParser.exe
.exe windows:5 windows x86 arch:x86

f20708e1690d12a2c8e19cfda66baa85

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

be:bd:26:68:5b:b2:a7:db:c9:da:16:93:31:62:b3:45:a1:42:99:19
Signer

Actual PE Digest

be:bd:26:68:5b:b2:a7:db:c9:da:16:93:31:62:b3:45:a1:42:99:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\enlistments\nt_dnsrv\iistest\tools\logparser\main_cmdline\obj\i386\LogParser.pdb

Imports

mfc42u

ord6140
ord5858
ord6139
ord535
ord1165
ord861
ord5647
ord5857
ord6874
ord3658
ord825
ord800
ord2810
ord540
ord537
ord801
ord4272
ord3648
ord350
ord3608
ord3126
ord812
ord559
ord942
ord922
ord940
ord925
ord927
ord538
ord541
ord858
ord539
ord4124
ord4197
ord859
ord3050
ord5929
ord341
ord4273
ord654
ord941
ord2606
ord5599
ord5854
ord6136
ord2058
ord2057
ord6279
ord5446
ord6390
ord5436
ord6379
ord6278
ord2385
ord823

msvcrt

_c_exit
_exit
_XcptFilter
_cexit
exit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
__dllonexit
_onexit
wcscpy
?terminate@@YAXXZ
strncpy
malloc
puts
_CxxThrowException
realloc
iswspace
_wcsnicmp
wprintf
_getch
towlower
clock
_CIfmod
fwprintf
_wtoi
wcschr
rand
srand
time
wcsstr
memmove
_purecall
iswdigit
swscanf
isdigit
iswalpha
_CIpow
_CIexp
floor
wcsncmp
free
_vsnwprintf
wcslen
_iob
__CxxFrameHandler
tolower
_wcsicmp
wcscmp
_snwprintf
printf
modf
_finite
_controlfp
swprintf
wcsncpy
strchr
towupper
iswalnum
localtime
isalpha
_wtol
iswprint
wcscat
wcscspn
wcsrchr
wcsncat
_itow
_wsetlocale
mbtowc
strncmp

kernel32

SignalObjectAndWait
GetSystemTimeAdjustment
GetVersionExW
LocalAlloc
GetSystemDefaultLangID
GetSystemDefaultLCID
FileTimeToSystemTime
GetPrivateProfileStringW
GetCalendarInfoW
GetLocaleInfoW
FormatMessageW
LocalFree
GetProcAddress
WaitForMultipleObjects
ReadConsoleInputW
InterlockedCompareExchange
Sleep
SetFilePointer
GetOverlappedResult
CreateEventW
GetComputerNameW
DeleteCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
SetFileTime
GetFileTime
GetFileSize
SetConsoleCtrlHandler
VirtualFree
GetModuleHandleW
CloseHandle
GetLastError
WideCharToMultiByte
WriteFile
GetExitCodeThread
GetStdHandle
SetConsoleCursorInfo
CreateConsoleScreenBuffer
GetConsoleScreenBufferInfo
WriteConsoleW
SetConsoleCursorPosition
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReadFile
CreateFileW
ExpandEnvironmentStringsW
GetFullPathNameW
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
VirtualAlloc
GetTimeZoneInformation
GetSystemTime
GetCPInfo
GetDiskFreeSpaceW
GetFileSizeEx
GetProcessAffinityMask
FindClose
FindNextFileW
FindFirstFileW
SystemTimeToFileTime
WaitForSingleObject
SetLastError
CreateThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetACP
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ResetEvent
SetFilePointerEx
CreateDirectoryW
GetConsoleOutputCP
MulDiv
FreeLibrary
LoadLibraryExW
EnumSystemLocalesW
DeleteFileW
SetEvent

ole32

CLSIDFromProgID
CoInitialize
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoCreateInstanceEx
CLSIDFromString
CoWaitForMultipleHandles

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
IsTextUnicode
CloseEventLog
OpenEventLogW
OpenBackupEventLogW
GetNumberOfEventLogRecords
ReadEventLogW
RegConnectRegistryW
GetSidSubAuthority
RegQueryInfoKeyW
GetSidIdentifierAuthority
CryptReleaseContext
CryptAcquireContextW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
LookupAccountSidW
ConvertStringSidToSidW
ConvertSidToStringSidW
GetSidSubAuthorityCount
RegCloseKey
ControlTraceW
CloseTrace
ProcessTrace
OpenTraceW
IsValidSid

oleaut32

SafeArrayCreate
VariantTimeToSystemTime
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SysAllocString
VariantInit
VariantClear
SysAllocStringLen
GetErrorInfo
SysStringLen
SysFreeString
OleLoadPicturePath
SafeArrayCreateVector

user32

InvalidateRect
DrawTextExW
FillRect
wsprintfW
LoadAcceleratorsW
CreateDialogParamW
EnableMenuItem
IsWindowEnabled
PostQuitMessage
MessageBoxW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
DestroyMenu
TrackPopupMenu
GetSubMenu
LoadMenuW
SetWindowTextW
ShowWindow
SetTimer
SetPropW
CheckMenuItem
EnableWindow
ScreenToClient
MoveWindow
GetClientRect
LoadStringW
ReleaseDC
LoadIconW
SetFocus
SystemParametersInfoW
GetWindowRect
PostMessageW
SendMessageW
GetDlgItem
GetDC
DispatchMessageW
TranslateMessage
IsDialogMessageW
TranslateAcceleratorW
GetMessageW
DestroyWindow
GetPropW

activeds

ord9
ord3

odbc32

ord24
ord111
ord127
ord176
ord78
ord4
ord31
ord9
ord136
ord139
ord75
ord12
ord18
ord119
ord29
ord43
ord13
ord141

ws2_32

socket
bind
closesocket
send
WSAGetLastError
htons
ntohl
htonl
WSAStartup
inet_addr
gethostbyaddr
ntohs
gethostbyname
connect

gdi32

GetDeviceCaps
GetTextMetricsW
CreateCompatibleDC
CreateCompatibleBitmap
SetBkColor
SetTextColor
CreateSolidBrush
BitBlt
DeleteDC
DeleteObject
SelectObject
GetStockObject
GetObjectW
CreateFontIndirectW
GetTextExtentPoint32W

comdlg32

ChooseFontW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetGetLastResponseInfoW
InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle
HttpQueryInfoW

netapi32

NetMessageBufferSend

msimg32

GradientFill

crypt32

CryptProtectData
CryptUnprotectData

Sections

.text
Size: 912KB - Virtual size: 912KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/LogParser.bat
$TEMP/SerialNumber.bat
.bat .vbs
$TEMP/blat.dll
.dll windows:4 windows x86 arch:x86

0f2e58e30316ca2f77100c6ebc4cafae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

ntohl
htonl
WSACleanup
WSAStartup
gethostname
closesocket
send
select
recv
htons
getservbyname
ioctlsocket
gethostbyname
socket
setsockopt
connect
WSAGetLastError
inet_ntoa
getsockopt

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetStringTypeW
GetStringTypeA
LoadLibraryA
WriteFile
ReadFile
GetStdHandle
CloseHandle
GetLastError
CreateFileW
GetVersionExW
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetEnvironmentVariableW
GetVersion
GetFileType
GetFileSize
MultiByteToWideChar
WideCharToMultiByte
Sleep
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
lstrcmpiW
GetComputerNameW
GetProcAddress
LoadLibraryW
FreeLibrary
GetModuleHandleW
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetSystemTime
GetCommandLineA
HeapReAlloc
RaiseException
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
VirtualAlloc
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStartupInfoA
FlushFileBuffers
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetStdHandle
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP

advapi32

RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW

Exports

Exports

Blat
BlatA
BlatW
Send
SendA
SendW
SetPrintFunc
SetPrintFuncA
SetPrintFuncW
SetProcessDataProc
SetProcessDataProcW
cSend
cSendA
cSendW

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/blat.exe
.exe windows:4 windows x86 arch:x86

7c62a5893c00ccbedb9fbe141080d3b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

ntohl
htonl
WSACleanup
WSAStartup
gethostname
closesocket
send
select
recv
htons
getservbyname
ioctlsocket
gethostbyname
socket
setsockopt
connect
WSAGetLastError
inet_ntoa
getsockopt

kernel32

SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
CompareStringA
SetEndOfFile
GetStringTypeW
WriteFile
ReadFile
GetStdHandle
CloseHandle
GetLastError
CreateFileW
GetVersionExW
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetEnvironmentVariableW
GetVersion
GetFileType
GetFileSize
Sleep
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
lstrcmpiW
GetComputerNameW
GetProcAddress
LoadLibraryW
FreeLibrary
GetModuleHandleW
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetSystemTime
WideCharToMultiByte
HeapReAlloc
RaiseException
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
VirtualAlloc
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
SetHandleCount
GetStartupInfoA
FlushFileBuffers
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetStdHandle
IsBadReadPtr
IsBadCodePtr
GetCPInfo
LoadLibraryA
GetStringTypeA

advapi32

RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/capicom.dll
.dll regsvr32 windows:6 windows x86 arch:x86

817acf67b593a3bed6b4a50e83400d47

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ae:dc:60:ea:8c:a7:8d:66:7d:61:97:0e:c8:08:83:13:b2:18:c8:4d
Signer

Actual PE Digest

ae:dc:60:ea:8c:a7:8d:66:7d:61:97:0e:c8:08:83:13:b2:18:c8:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\ntsrc\lhsecurity.obj.x86fre\ds\security\cryptoapi\pki\activex\capicom\objfre\i386\capicom.pdb

Imports

mssign32

SignerTimeStamp

advapi32

CryptGetKeyParam
CryptContextAddRef
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
CryptReleaseContext
CryptDestroyHash
RegEnumKeyExA
RegQueryValueExA
CryptGetProvParam
CryptAcquireContextA
CryptDestroyKey
CryptSetKeyParam
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptGenRandom
CryptEncrypt
CryptDecrypt
CryptGetHashParam
CryptGetUserKey

crypt32

CertOpenStore
CertDeleteCertificateFromStore
CertFreeCertificateContext
CertFreeCertificateChain
CertCloseStore
CertAddEncodedCertificateToStore
CertFindExtension
CertGetEnhancedKeyUsage
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertDuplicateStore
CertComparePublicKeyInfo
CryptExportPublicKeyInfo
CertGetNameStringW
CertAddCertificateContextToStore
CertGetCertificateContextProperty
PFXImportCertStore
CryptQueryObject
CertSetCertificateContextProperty
CertVerifyTimeValidity
CertFindCertificateInStore
CertGetValidUsages
CertGetIntendedKeyUsage
CryptFindOIDInfo
CertFindChainInStore
CertAddCertificateLinkToStore
CertSaveStore
CertCreateCertificateContext
CryptMsgGetParam
CertDuplicateCertificateChain
CryptEncodeObject
CryptDecodeObject
CryptAcquireCertificatePrivateKey
CryptFormatObject
CryptMsgOpenToEncode
CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CryptMsgControl
CertGetSubjectCertificateFromStore
CertEnumCertificateContextProperties
CertCompareIntegerBlob
CertCompareCertificateName
PFXExportCertStoreEx
CertGetPublicKeyLength
CertFindAttribute
CertControlStore

kernel32

lstrcmpA
CreateFileW
GetVersionExA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetLastError
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenA
IsDBCSLeadByte
lstrcmpiA
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DisableThreadLibraryCalls
lstrcatA
lstrcpynA
lstrcpyA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
LocalFree
LocalAlloc
FormatMessageA
FileTimeToSystemTime
SetLastError
FileTimeToLocalFileTime
UnmapViewOfFile
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
ExpandEnvironmentStringsW
CloseHandle
GetFileType
MapViewOfFile
CreateFileMappingA
GetFileSize
WriteFile
GetACP
OutputDebugStringA
GetCommandLineA
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
RaiseException
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCPInfo
GetOEMCP
HeapSize
GetModuleHandleW
Sleep
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

ole32

ProgIDFromCLSID
CoCreateInstance
CoTreatAsClass
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SafeArrayCreate
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysAllocString
SysFreeString
SysStringLen
VariantClear
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
VariantCopy
SysAllocStringLen
SetErrorInfo
CreateErrorInfo
VariantChangeType
SystemTimeToVariantTime
SysStringByteLen
VariantTimeToSystemTime
SysAllocStringByteLen
VariantInit

rpcrt4

UuidFromStringA

user32

IsDlgButtonChecked
DialogBoxParamA
SetWindowLongA
GetDlgItem
SetFocus
EndDialog
GetWindowLongA
LoadStringA
CharNextA
CharPrevA
SetWindowPos
GetSystemMetrics
GetWindowRect

wininet

InternetCanonicalizeUrlW
InternetCrackUrlW

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvCertFromChain

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 287KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/dump.bat
$TEMP/obtenerRed.vbs
.vbs

Sharing

General

Malware Config

Signatures

Files

3abe302b6d9a1256e6a915429af4ffd2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 149KB

.ndata Size: - Virtual size: 100KB

.rsrc Size: 3KB - Virtual size: 2KB

6a7dba1ca35af83a9a3593fbf002fb1e

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 40KB

.reloc Size: 3KB - Virtual size: 2KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 24KB

UPX1 Size: 2KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: - Virtual size: 12B

.rsrc Size: 1024B - Virtual size: 864B

.reloc Size: 512B - Virtual size: 250B

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 851B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 608B

46f8b6973f33717335c0f6d8087de67b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 149KB

.ndata
Size: - Virtual size: 100KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 40KB

.reloc
Size: 3KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 24KB

UPX1
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 12B

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 512B - Virtual size: 250B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 608B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 458B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 910B

.data
Size: - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 250B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 880B

.text
Size: 182KB - Virtual size: 181KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 3KB - Virtual size: 21KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 512KB - Virtual size: 512KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 18KB - Virtual size: 44KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 1024B - Virtual size: 824B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate