9bf35e455a1747da95a9ca3ed47811ab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9bf35e455a1747da95a9ca3ed47811ab_JaffaCakes118
Size

4.3MB
MD5

9bf35e455a1747da95a9ca3ed47811ab
SHA1

66f9a4022515f411b45b6adf93ea5143a80f3f66
SHA256

a64eedceb601350d43c240b2a3b2e4bfd5a6a71ca72818554c812b5ad8b23f05
SHA512

a267cd9671fae21e9b418c752dd339447dcd1838645d790137fdafd8350c6f577c96199e88675751c23528e62104e45f7b4cb64f693612b3a3ee778a484dc828
SSDEEP

98304:5BtZdQzSQrSpS2XYTi2oI5b38goTDT7UkYuEN7I:JcuQO0SYmSogy7Ms

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/usbhdd.exe	upx

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/INetC.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/OpenHardwareMonitor/Aga.Controls.dll
unpack001/OpenHardwareMonitor/OpenHardwareMonitor.exe
unpack001/OpenHardwareMonitor/OpenHardwareMonitorLib.dll
unpack001/OpenHardwareMonitor/OxyPlot.WindowsForms.dll
unpack001/OpenHardwareMonitor/OxyPlot.dll
unpack001/VirusTotalUpload.exe
unpack002/out.upx

Files

9bf35e455a1747da95a9ca3ed47811ab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1f23f452093b5c1ff091a2f9fb4fa3e9

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/09/2014, 00:00

Not After

08/09/2019, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=Altayskaya 29,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/09/2014, 00:00

Not After

08/09/2019, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=Altayskaya 29,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c0:1d:55:83:74:57:4f:83:3c:50:27:8a:00:87:84:d9:a9:e4:c7:5e:a9:be:89:33:20:5f:e3:4c:65:f8:91:9a
Signer

Actual PE Digest

c0:1d:55:83:74:57:4f:83:3c:50:27:8a:00:87:84:d9:a9:e4:c7:5e:a9:be:89:33:20:5f:e3:4c:65:f8:91:9a

Digest Algorithm

sha256

PE Digest Matches

true

e0:1c:68:1c:c1:bb:60:71:be:11:63:48:ee:71:31:00:00:98:27:b3
Signer

Actual PE Digest

e0:1c:68:1c:c1:bb:60:71:be:11:63:48:ee:71:31:00:00:98:27:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
SetCurrentDirectoryW
GetFileAttributesW
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
CopyFileW
GetShortPathNameW
GlobalLock
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
MoveFileW
GetFullPathNameW
SetFileTime
SearchPathW
CompareFileTime
lstrcmpW
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalUnlock
GetDiskFreeSpaceW
GlobalAlloc
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
lstrlenA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
GetDC
SetTimer
SetWindowTextW
LoadImageW
SetForegroundWindow
ShowWindow
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
EndPaint
CreateDialogParamW
SendMessageTimeoutW
wsprintfW
PostQuitMessage

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 136KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/INetC.dll
.dll windows:4 windows x86 arch:x86

735e27ae3d7df8c0487e4353d04f6f28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LocalFree
WideCharToMultiByte
TerminateThread
lstrcpyW
LoadLibraryA
CreateThread
WaitForSingleObject
LocalAlloc
lstrcpynW
SleepEx
MulDiv
GetModuleHandleW
ReadFile
GetLastError
CreateFileW
lstrcmpiW
CreateFileA
lstrcatW
GetFileSize
SetFilePointer
lstrcmpW
MultiByteToWideChar
lstrlenA
WriteFile
lstrlenW
CloseHandle
GlobalAlloc
GlobalFree
GetTickCount
DeleteFileW

user32

GetDlgItem
DestroyWindow
GetClientRect
MessageBoxW
wsprintfA
SystemParametersInfoW
GetWindowTextW
GetWindowLongW
FindWindowExW
IsWindow
CreateDialogParamW
GetParent
ShowWindow
KillTimer
DispatchMessageW
LoadIconW
PostMessageW
IsDialogMessageW
GetMessageW
SetWindowPos
SendDlgItemMessageW
SetWindowTextW
TranslateMessage
GetWindowRect
RedrawWindow
SetTimer
EnableWindow
UpdateWindow
SetWindowLongW
wsprintfW
SendMessageW
SetDlgItemTextW
IsWindowVisible

comctl32

ord17

wininet

InternetConnectW
HttpOpenRequestW
InternetQueryOptionW
InternetErrorDlg
HttpSendRequestExW
InternetWriteFile
HttpSendRequestW
InternetSetFilePointer
HttpAddRequestHeadersA
FtpCreateDirectoryW
InternetCrackUrlW
FtpOpenFileW
InternetSetOptionW
InternetOpenW
InternetGetLastResponseInfoW
HttpEndRequestW
InternetReadFile
HttpAddRequestHeadersW
InternetCloseHandle
HttpQueryInfoW

Exports

Exports

get
head
post
put

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/AnVir.exe
.exe windows:5 windows x86 arch:x86

2d28403b552b912394027c4cfbf87474

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/09/2014, 00:00

Not After

08/09/2019, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=Altayskaya 29,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/09/2014, 00:00

Not After

08/09/2019, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=Altayskaya 29,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a8:47:a8:f1:63:b7:25:33:c2:37:f1:95:32:a5:d3:d4:36:a4:41:e7:fe:bf:f6:c4:5e:e0:b5:a4:a3:e9:bd:7e
Signer

Actual PE Digest

a8:47:a8:f1:63:b7:25:33:c2:37:f1:95:32:a5:d3:d4:36:a4:41:e7:fe:bf:f6:c4:5e:e0:b5:a4:a3:e9:bd:7e

Digest Algorithm

sha256

PE Digest Matches

true

f8:fc:ba:19:57:ad:4c:06:a2:20:1c:ac:c2:5b:21:8e:98:4c:f3:b8
Signer

Actual PE Digest

f8:fc:ba:19:57:ad:4c:06:a2:20:1c:ac:c2:5b:21:8e:98:4c:f3:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ord155
ord18
Shell_NotifyIconA
SHOpenFolderAndSelectItems
SHGetDesktopFolder
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
DuplicateIcon
ExtractIconExA
SHGetFileInfoA
SHGetSpecialFolderPathA
ShellExecuteExA
ord680
ShellExecuteA

version

VerQueryValueA
GetFileVersionInfoA

shlwapi

ord9
ord8
StrFormatByteSizeW
PathFindOnPathA
ord10
PathCanonicalizeA

msi

ord172
ord216

kernel32

GetPrivateProfileIntA
WritePrivateProfileStructA
GetPrivateProfileStructA
GetPrivateProfileStringA
FormatMessageA
GetFileAttributesA
SetFileAttributesA
GetSystemDirectoryA
GetWindowsDirectoryA
GetSystemWow64DirectoryA
GetEnvironmentVariableA
GetTempPathA
SetErrorMode
GetDriveTypeA
GetLocaleInfoA
GetDateFormatA
FileTimeToLocalFileTime
FileTimeToSystemTime
LoadLibraryA
CreateProcessA
GlobalAlloc
GlobalLock
GlobalUnlock
GetUserDefaultUILanguage
GetVolumeInformationA
LocalFree
GetCurrentProcess
GetStdHandle
TlsAlloc
TlsGetValue
TlsSetValue
GetFileSize
SetFilePointer
MulDiv
IsBadStringPtrA
GlobalMemoryStatusEx
SetProcessAffinityMask
GetProcessAffinityMask
GlobalFree
lstrlenW
GlobalReAlloc
FindFirstFileA
FindNextFileA
FindClose
CopyFileA
MoveFileA
SetFileTime
CreateDirectoryA
GetProcessTimes
GetPriorityClass
SetPriorityClass
SuspendThread
SetProcessWorkingSetSize
VirtualAlloc
VirtualFree
DuplicateHandle
GetFileType
VirtualAllocEx
VirtualFreeEx
RemoveDirectoryA
GetLogicalDrives
GetDiskFreeSpaceExA
DeviceIoControl
GetExitCodeProcess
SystemTimeToFileTime
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
LCMapStringW
GetACP
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualProtect
GetSystemInfo
LoadLibraryExW
TlsFree
RtlUnwind
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
CompareStringA
GetSystemTime
IsBadWritePtr
VirtualQuery
ReadFile
SetEndOfFile
GetFileTime
ExpandEnvironmentStringsA
lstrcatA
GetLocalTime
GetVersionExA
lstrcpyA
MapViewOfFile
CreateFileMappingA
TerminateThread
SetEvent
GetLongPathNameA
lstrcpynA
QueryDosDeviceA
GetLogicalDriveStringsA
GetCurrentProcessId
OpenProcess
lstrcmpA
CreateFileA
WriteFile
ResumeThread
SetThreadPriority
GetExitCodeThread
DeleteFileA
SetLastError
DecodePointer
GetCurrentThreadId
SetUnhandledExceptionFilter
Sleep
WaitForSingleObject
PulseEvent
OpenEventA
CreateEventA
OpenMutexA
CloseHandle
CreateMutexA
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
LoadLibraryExA
FindResourceA
GetLastError
RaiseException
IsDBCSLeadByte
MultiByteToWideChar
lstrcmpiA
GetModuleHandleA
GetProcAddress
FreeLibrary
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
lstrlenA
LeaveCriticalSection
EnterCriticalSection
GetTickCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WritePrivateProfileStringA
SetStdHandle
CreateFileW
SetFilePointerEx
WriteConsoleW
ReadConsoleW
GetSystemPowerStatus

user32

DrawAnimatedRects
DialogBoxIndirectParamA
GetDialogBaseUnits
ChildWindowFromPoint
SendDlgItemMessageA
CreateIconIndirect
GetGuiResources
FindWindowExA
EnumThreadWindows
SetScrollPos
SetScrollInfo
SetClassLongA
GetScrollRange
ScrollWindowEx
FlashWindow
WaitForInputIdle
wvsprintfA
GetMenuStringA
GetNextDlgTabItem
GetScrollPos
IntersectRect
GetAsyncKeyState
DragDetect
AdjustWindowRectEx
EqualRect
GetDesktopWindow
LockWindowUpdate
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
ClientToScreen
SetParent
IsChild
SetRect
IsRectEmpty
LoadBitmapA
DrawStateA
AppendMenuA
CharLowerA
FrameRect
WindowFromPoint
GetMessagePos
DestroyIcon
DrawFrameControl
TranslateAcceleratorA
PostQuitMessage
LoadStringW
DrawEdge
LockWorkStation
ExitWindowsEx
GetLayeredWindowAttributes
RegisterHotKey
UnregisterHotKey
IsZoomed
IsIconic
SetWindowsHookExA
CallNextHookEx
MonitorFromPoint
UnhookWindowsHookEx
ModifyMenuA
GetMenuItemID
MonitorFromRect
CopyRect
SetMenu
GetMenu
SetMenuDefaultItem
CheckMenuRadioItem
RegisterWindowMessageA
DrawIconEx
GetWindowDC
GetDCEx
GetSysColorBrush
IsCharAlphaNumericA
CharUpperBuffA
InflateRect
SetMenuItemInfoA
GetMenuItemInfoA
IsMenu
MoveWindow
GetKeyState
RedrawWindow
InsertMenuA
RemoveMenu
InsertMenuItemA
GetSubMenu
CreateDialogParamA
GetMenuItemCount
BringWindowToTop
IsDialogMessageA
GetKeyboardLayoutList
GetWindowThreadProcessId
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
DestroyMenu
TrackPopupMenu
TrackPopupMenuEx
CreatePopupMenu
GetClassLongA
SendMessageTimeoutA
CharLowerBuffA
SetLayeredWindowAttributes
GetTopWindow
GetWindowPlacement
GetMenuState
DeleteMenu
GetForegroundWindow
GetDlgItemTextA
LoadIconA
CharUpperA
SetDlgItemInt
GetDlgItemInt
MessageBeep
EnableWindow
IsWindowEnabled
GetFocus
DrawFocusRect
TrackMouseEvent
SetCapture
GetCapture
ReleaseCapture
GetDlgCtrlID
GetCursorPos
ScreenToClient
PtInRect
UpdateWindow
InvalidateRect
EndPaint
BeginPaint
SetRectEmpty
SystemParametersInfoA
GetWindowTextLengthA
CallWindowProcA
DefWindowProcA
SetFocus
CharNextA
PostMessageA
SetCursor
EndDialog
OffsetRect
GetSysColor
FillRect
GetShellWindow
ReleaseDC
GetDC
GetClassNameA
GetWindow
MonitorFromWindow
GetMonitorInfoA
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
EnumChildWindows
GetWindowTextA
DialogBoxParamA
GetActiveWindow
DrawTextA
EnumWindows
ShowWindowAsync
wsprintfA
IsWindowVisible
MessageBoxA
KillTimer
SetDlgItemTextA
SetTimer
IsDlgButtonChecked
CheckDlgButton
SetWindowTextA
SetWindowPos
GetWindowLongA
SendMessageA
GetDlgItem
SetWindowLongA
CreateWindowExA
UnregisterClassA
GetClassInfoExA
LoadImageA
GetSystemMetrics
RegisterClassExA
LoadAcceleratorsA
LoadMenuA
LoadStringA
DestroyWindow
SetForegroundWindow
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
FindWindowA
ShowWindow
IsWindow
LoadCursorA

gdi32

RoundRect
CreateDCA
SetViewportOrgEx
ExcludeClipRect
ExtTextOutA
CreateDIBSection
SetBrushOrgEx
PatBlt
TextOutW
CreatePatternBrush
CreateBitmap
GetClipBox
SetWindowOrgEx
DPtoLP
LPtoDP
RectVisible
LineTo
MoveToEx
CreatePen
RestoreDC
SaveDC
BitBlt
CreateCompatibleBitmap
GetStockObject
CreateFontIndirectA
GetObjectA
SetTextColor
SetBkColor
SetBkMode
CreateSolidBrush
GetDeviceCaps
Polygon
SelectObject
CreateCompatibleDC
DeleteObject
DeleteDC
GetTextMetricsA
Rectangle
GetTextExtentPoint32A
GetCurrentObject

comdlg32

FindTextA
GetSaveFileNameA
GetOpenFileNameA

advapi32

DuplicateTokenEx
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
QueryServiceStatusEx
ControlService
StartServiceA
DeleteService
ChangeServiceConfig2A
CreateServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
LookupAccountSidA
GetSecurityInfo
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
QueryServiceConfigA
SetSecurityInfo
GetSecurityDescriptorSacl
RegEnumValueA
RegQueryInfoKeyA
QueryServiceConfig2A
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExA
GetServiceDisplayNameA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree

oleaut32

VarUI4FromStr
VariantInit
VariantClear
SysAllocString
SysFreeString
VariantChangeType
SysAllocStringLen

comctl32

ord17
CreatePropertySheetPageA
ImageList_AddMasked
_TrackMouseEvent
InitCommonControlsEx
ImageList_Remove
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
ImageList_LoadImageA
ImageList_GetIconSize
ImageList_Draw
ImageList_DrawEx
PropertySheetA
DestroyPropertySheetPage
ImageList_GetImageCount
ImageList_GetIcon
ImageList_DrawIndirect

uxtheme

IsAppThemed
SetWindowTheme

psapi

GetModuleFileNameExA

crypt32

CertFindRDNAttr
CertFreeCertificateContext
CryptDecodeObjectEx

rpcrt4

UuidFromStringA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AnVir.exe
.exe windows:5 windows x86 arch:x86

2d28403b552b912394027c4cfbf87474

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/09/2014, 00:00

Not After

08/09/2019, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=Altayskaya 29,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/09/2014, 00:00

Not After

08/09/2019, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=Altayskaya 29,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a8:47:a8:f1:63:b7:25:33:c2:37:f1:95:32:a5:d3:d4:36:a4:41:e7:fe:bf:f6:c4:5e:e0:b5:a4:a3:e9:bd:7e
Signer

Actual PE Digest

a8:47:a8:f1:63:b7:25:33:c2:37:f1:95:32:a5:d3:d4:36:a4:41:e7:fe:bf:f6:c4:5e:e0:b5:a4:a3:e9:bd:7e

Digest Algorithm

sha256

PE Digest Matches

true

f8:fc:ba:19:57:ad:4c:06:a2:20:1c:ac:c2:5b:21:8e:98:4c:f3:b8
Signer

Actual PE Digest

f8:fc:ba:19:57:ad:4c:06:a2:20:1c:ac:c2:5b:21:8e:98:4c:f3:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ord155
ord18
Shell_NotifyIconA
SHOpenFolderAndSelectItems
SHGetDesktopFolder
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
DuplicateIcon
ExtractIconExA
SHGetFileInfoA
SHGetSpecialFolderPathA
ShellExecuteExA
ord680
ShellExecuteA

version

VerQueryValueA
GetFileVersionInfoA

shlwapi

ord9
ord8
StrFormatByteSizeW
PathFindOnPathA
ord10
PathCanonicalizeA

msi

ord172
ord216

kernel32

GetPrivateProfileIntA
WritePrivateProfileStructA
GetPrivateProfileStructA
GetPrivateProfileStringA
FormatMessageA
GetFileAttributesA
SetFileAttributesA
GetSystemDirectoryA
GetWindowsDirectoryA
GetSystemWow64DirectoryA
GetEnvironmentVariableA
GetTempPathA
SetErrorMode
GetDriveTypeA
GetLocaleInfoA
GetDateFormatA
FileTimeToLocalFileTime
FileTimeToSystemTime
LoadLibraryA
CreateProcessA
GlobalAlloc
GlobalLock
GlobalUnlock
GetUserDefaultUILanguage
GetVolumeInformationA
LocalFree
GetCurrentProcess
GetStdHandle
TlsAlloc
TlsGetValue
TlsSetValue
GetFileSize
SetFilePointer
MulDiv
IsBadStringPtrA
GlobalMemoryStatusEx
SetProcessAffinityMask
GetProcessAffinityMask
GlobalFree
lstrlenW
GlobalReAlloc
FindFirstFileA
FindNextFileA
FindClose
CopyFileA
MoveFileA
SetFileTime
CreateDirectoryA
GetProcessTimes
GetPriorityClass
SetPriorityClass
SuspendThread
SetProcessWorkingSetSize
VirtualAlloc
VirtualFree
DuplicateHandle
GetFileType
VirtualAllocEx
VirtualFreeEx
RemoveDirectoryA
GetLogicalDrives
GetDiskFreeSpaceExA
DeviceIoControl
GetExitCodeProcess
SystemTimeToFileTime
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
LCMapStringW
GetACP
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualProtect
GetSystemInfo
LoadLibraryExW
TlsFree
RtlUnwind
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
CompareStringA
GetSystemTime
IsBadWritePtr
VirtualQuery
ReadFile
SetEndOfFile
GetFileTime
ExpandEnvironmentStringsA
lstrcatA
GetLocalTime
GetVersionExA
lstrcpyA
MapViewOfFile
CreateFileMappingA
TerminateThread
SetEvent
GetLongPathNameA
lstrcpynA
QueryDosDeviceA
GetLogicalDriveStringsA
GetCurrentProcessId
OpenProcess
lstrcmpA
CreateFileA
WriteFile
ResumeThread
SetThreadPriority
GetExitCodeThread
DeleteFileA
SetLastError
DecodePointer
GetCurrentThreadId
SetUnhandledExceptionFilter
Sleep
WaitForSingleObject
PulseEvent
OpenEventA
CreateEventA
OpenMutexA
CloseHandle
CreateMutexA
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
LoadLibraryExA
FindResourceA
GetLastError
RaiseException
IsDBCSLeadByte
MultiByteToWideChar
lstrcmpiA
GetModuleHandleA
GetProcAddress
FreeLibrary
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
lstrlenA
LeaveCriticalSection
EnterCriticalSection
GetTickCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WritePrivateProfileStringA
SetStdHandle
CreateFileW
SetFilePointerEx
WriteConsoleW
ReadConsoleW
GetSystemPowerStatus

user32

DrawAnimatedRects
DialogBoxIndirectParamA
GetDialogBaseUnits
ChildWindowFromPoint
SendDlgItemMessageA
CreateIconIndirect
GetGuiResources
FindWindowExA
EnumThreadWindows
SetScrollPos
SetScrollInfo
SetClassLongA
GetScrollRange
ScrollWindowEx
FlashWindow
WaitForInputIdle
wvsprintfA
GetMenuStringA
GetNextDlgTabItem
GetScrollPos
IntersectRect
GetAsyncKeyState
DragDetect
AdjustWindowRectEx
EqualRect
GetDesktopWindow
LockWindowUpdate
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
ClientToScreen
SetParent
IsChild
SetRect
IsRectEmpty
LoadBitmapA
DrawStateA
AppendMenuA
CharLowerA
FrameRect
WindowFromPoint
GetMessagePos
DestroyIcon
DrawFrameControl
TranslateAcceleratorA
PostQuitMessage
LoadStringW
DrawEdge
LockWorkStation
ExitWindowsEx
GetLayeredWindowAttributes
RegisterHotKey
UnregisterHotKey
IsZoomed
IsIconic
SetWindowsHookExA
CallNextHookEx
MonitorFromPoint
UnhookWindowsHookEx
ModifyMenuA
GetMenuItemID
MonitorFromRect
CopyRect
SetMenu
GetMenu
SetMenuDefaultItem
CheckMenuRadioItem
RegisterWindowMessageA
DrawIconEx
GetWindowDC
GetDCEx
GetSysColorBrush
IsCharAlphaNumericA
CharUpperBuffA
InflateRect
SetMenuItemInfoA
GetMenuItemInfoA
IsMenu
MoveWindow
GetKeyState
RedrawWindow
InsertMenuA
RemoveMenu
InsertMenuItemA
GetSubMenu
CreateDialogParamA
GetMenuItemCount
BringWindowToTop
IsDialogMessageA
GetKeyboardLayoutList
GetWindowThreadProcessId
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
DestroyMenu
TrackPopupMenu
TrackPopupMenuEx
CreatePopupMenu
GetClassLongA
SendMessageTimeoutA
CharLowerBuffA
SetLayeredWindowAttributes
GetTopWindow
GetWindowPlacement
GetMenuState
DeleteMenu
GetForegroundWindow
GetDlgItemTextA
LoadIconA
CharUpperA
SetDlgItemInt
GetDlgItemInt
MessageBeep
EnableWindow
IsWindowEnabled
GetFocus
DrawFocusRect
TrackMouseEvent
SetCapture
GetCapture
ReleaseCapture
GetDlgCtrlID
GetCursorPos
ScreenToClient
PtInRect
UpdateWindow
InvalidateRect
EndPaint
BeginPaint
SetRectEmpty
SystemParametersInfoA
GetWindowTextLengthA
CallWindowProcA
DefWindowProcA
SetFocus
CharNextA
PostMessageA
SetCursor
EndDialog
OffsetRect
GetSysColor
FillRect
GetShellWindow
ReleaseDC
GetDC
GetClassNameA
GetWindow
MonitorFromWindow
GetMonitorInfoA
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
EnumChildWindows
GetWindowTextA
DialogBoxParamA
GetActiveWindow
DrawTextA
EnumWindows
ShowWindowAsync
wsprintfA
IsWindowVisible
MessageBoxA
KillTimer
SetDlgItemTextA
SetTimer
IsDlgButtonChecked
CheckDlgButton
SetWindowTextA
SetWindowPos
GetWindowLongA
SendMessageA
GetDlgItem
SetWindowLongA
CreateWindowExA
UnregisterClassA
GetClassInfoExA
LoadImageA
GetSystemMetrics
RegisterClassExA
LoadAcceleratorsA
LoadMenuA
LoadStringA
DestroyWindow
SetForegroundWindow
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
FindWindowA
ShowWindow
IsWindow
LoadCursorA

gdi32

RoundRect
CreateDCA
SetViewportOrgEx
ExcludeClipRect
ExtTextOutA
CreateDIBSection
SetBrushOrgEx
PatBlt
TextOutW
CreatePatternBrush
CreateBitmap
GetClipBox
SetWindowOrgEx
DPtoLP
LPtoDP
RectVisible
LineTo
MoveToEx
CreatePen
RestoreDC
SaveDC
BitBlt
CreateCompatibleBitmap
GetStockObject
CreateFontIndirectA
GetObjectA
SetTextColor
SetBkColor
SetBkMode
CreateSolidBrush
GetDeviceCaps
Polygon
SelectObject
CreateCompatibleDC
DeleteObject
DeleteDC
GetTextMetricsA
Rectangle
GetTextExtentPoint32A
GetCurrentObject

comdlg32

FindTextA
GetSaveFileNameA
GetOpenFileNameA

advapi32

DuplicateTokenEx
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
QueryServiceStatusEx
ControlService
StartServiceA
DeleteService
ChangeServiceConfig2A
CreateServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
LookupAccountSidA
GetSecurityInfo
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
QueryServiceConfigA
SetSecurityInfo
GetSecurityDescriptorSacl
RegEnumValueA
RegQueryInfoKeyA
QueryServiceConfig2A
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExA
GetServiceDisplayNameA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree

oleaut32

VarUI4FromStr
VariantInit
VariantClear
SysAllocString
SysFreeString
VariantChangeType
SysAllocStringLen

comctl32

ord17
CreatePropertySheetPageA
ImageList_AddMasked
_TrackMouseEvent
InitCommonControlsEx
ImageList_Remove
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
ImageList_LoadImageA
ImageList_GetIconSize
ImageList_Draw
ImageList_DrawEx
PropertySheetA
DestroyPropertySheetPage
ImageList_GetImageCount
ImageList_GetIcon
ImageList_DrawIndirect

uxtheme

IsAppThemed
SetWindowTheme

psapi

GetModuleFileNameExA

crypt32

CertFindRDNAttr
CertFreeCertificateContext
CryptDecodeObjectEx

rpcrt4

UuidFromStringA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AnvirHook8.dll
.dll windows:5 windows x86 arch:x86

4d3d5cda99c0f7e0bc7e72dc64b6e178

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/09/2014, 00:00

Not After

08/09/2019, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=Altayskaya 29,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/09/2014, 00:00

Not After

08/09/2019, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=Altayskaya 29,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b5:aa:12:5a:32:7c:78:04:4a:62:e8:6f:20:28:db:5e:b6:ec:a2:5b:cc:f4:88:5f:61:c0:de:d1:61:20:08:bf
Signer

Actual PE Digest

b5:aa:12:5a:32:7c:78:04:4a:62:e8:6f:20:28:db:5e:b6:ec:a2:5b:cc:f4:88:5f:61:c0:de:d1:61:20:08:bf

Digest Algorithm

sha256

PE Digest Matches

true

32:63:28:d0:68:41:9a:3a:26:79:66:ea:aa:77:93:a4:fb:2b:4c:a2
Signer

Actual PE Digest

32:63:28:d0:68:41:9a:3a:26:79:66:ea:aa:77:93:a4:fb:2b:4c:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_ReplaceIcon

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetDesktopFolder

msimg32

TransparentBlt

kernel32

GetVersionExA
RaiseException
lstrcmpA
GetCurrentDirectoryA
MultiByteToWideChar
GetProcAddress
lstrlenW
WideCharToMultiByte
OpenProcess
SetPriorityClass
GetPriorityClass
GetFileAttributesA
LoadLibraryW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
SetLastError
TlsFree
TlsSetValue
GetTickCount
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
HeapSize
IsProcessorFeaturePresent
HeapDestroy
HeapCreate
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCommandLineA
GetCurrentThreadId
HeapReAlloc
DecodePointer
EncodePointer
HeapFree
HeapAlloc
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
lstrcatA
Sleep
GetCurrentProcessId
LoadLibraryA
GetModuleFileNameA
UnmapViewOfFile
CloseHandle
MapViewOfFile
lstrlenA
lstrcpyA
OpenFileMappingA
RtlUnwind
LCMapStringW
GetStringTypeW
TlsGetValue

user32

GetMenuItemInfoA
SetMenuItemInfoA
RemoveMenu
GetMenuState
IsMenu
DeleteMenu
GetMenuItemID
CheckMenuItem
GetKeyState
SendInput
GetSystemMetrics
InsertMenuA
InsertMenuItemA
CheckMenuRadioItem
AppendMenuA
TrackPopupMenuEx
SetActiveWindow
RedrawWindow
GetWindowTextA
GetWindowPlacement
GetLayeredWindowAttributes
InflateRect
DrawFrameControl
DrawIconEx
GetSystemMenu
LoadBitmapA
PostMessageA
SendMessageTimeoutA
IsWindow
RegisterClassA
GetWindowDC
ReleaseDC
ClientToScreen
SetWindowTextA
LoadImageA
LoadIconA
wsprintfA
GetWindowTextLengthA
GetDlgCtrlID
FindWindowExA
GetClassNameA
GetDlgItem
SendMessageA
EnumWindows
SetTimer
KillTimer
DefWindowProcA
FillRect
GetClientRect
EndPaint
BeginPaint
ShowWindowAsync
SetWindowPos
SetCapture
IsWindowVisible
SetLayeredWindowAttributes
ShowWindow
CreateWindowExA
GetCursorPos
UpdateWindow
InvalidateRect
CallWindowProcA
CallWindowProcW
SetWindowLongA
SetWindowLongW
IsWindowUnicode
DestroyMenu
TrackPopupMenu
CreatePopupMenu
DestroyWindow
GetParent
ScreenToClient
OffsetRect
ReleaseCapture
PtInRect
GetWindowLongA
GetWindowRect
GetDC

gdi32

SetWindowOrgEx
DPtoLP
SelectObject
DeleteObject
CreateCompatibleBitmap
LPtoDP
CreateCompatibleDC
GetClipBox
BitBlt
CreateSolidBrush
GetStockObject
GetObjectA
StretchBlt
GetPixel
Polyline
CreatePen
DeleteDC

ole32

CoTaskMemFree

uxtheme

IsAppThemed
GetThemeEnumValue
GetThemeInt
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
GetThemeFilename
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeMargins

Exports

Exports

AddTitleIcons
ExtendSaveDialogs
ExtendSystemMenu

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AnvirHook8_64.dll
.dll windows:5 windows x64 arch:x64

3c77569552017b41c37267fe86b374b6

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/09/2014, 00:00

Not After

08/09/2019, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=Altayskaya 29,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/09/2014, 00:00

Not After

08/09/2019, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=Altayskaya 29,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ac:af:c8:07:f0:35:19:21:ad:22:11:27:99:e3:76:0d:35:d2:ed:0c:16:20:59:2a:6b:4b:c8:23:ce:13:5a:12
Signer

Actual PE Digest

ac:af:c8:07:f0:35:19:21:ad:22:11:27:99:e3:76:0d:35:d2:ed:0c:16:20:59:2a:6b:4b:c8:23:ce:13:5a:12

Digest Algorithm

sha256

PE Digest Matches

true

48:00:fc:f7:aa:21:40:8b:fa:c6:43:e1:2d:c1:ff:16:a9:48:5f:ce
Signer

Actual PE Digest

48:00:fc:f7:aa:21:40:8b:fa:c6:43:e1:2d:c1:ff:16:a9:48:5f:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_ReplaceIcon

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetDesktopFolder

msimg32

TransparentBlt

kernel32

GetVersionExA
RaiseException
lstrcmpA
GetCurrentDirectoryA
MultiByteToWideChar
GetProcAddress
lstrlenW
WideCharToMultiByte
OpenProcess
SetPriorityClass
GetPriorityClass
GetFileAttributesA
LoadLibraryW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
FlsAlloc
SetLastError
FlsFree
FlsGetValue
IsValidCodePage
GetTickCount
GetACP
GetCPInfo
RtlUnwindEx
HeapSize
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCommandLineA
FlsSetValue
GetCurrentThreadId
HeapReAlloc
DecodePointer
EncodePointer
HeapFree
HeapAlloc
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
lstrcatA
Sleep
GetCurrentProcessId
LoadLibraryA
GetModuleFileNameA
UnmapViewOfFile
CloseHandle
MapViewOfFile
lstrlenA
lstrcpyA
OpenFileMappingA
LCMapStringW
GetStringTypeW
GetOEMCP
RtlPcToFileHeader

user32

GetMenuItemInfoA
SetMenuItemInfoA
GetDC
RemoveMenu
GetMenuState
IsMenu
DeleteMenu
GetMenuItemID
GetSystemMenu
GetKeyState
SendInput
GetSystemMetrics
InsertMenuA
InsertMenuItemA
CheckMenuRadioItem
AppendMenuA
TrackPopupMenuEx
SetActiveWindow
RedrawWindow
GetWindowPlacement
GetLayeredWindowAttributes
SetWindowLongA
InflateRect
DrawFrameControl
CheckMenuItem
DrawIconEx
PostMessageA
SendMessageTimeoutA
IsWindow
RegisterClassA
GetWindowDC
ReleaseDC
ClientToScreen
GetWindowTextA
SetWindowTextA
LoadImageA
LoadIconA
wsprintfA
GetWindowTextLengthA
GetDlgCtrlID
FindWindowExA
GetClassNameA
GetDlgItem
SendMessageA
EnumWindows
SetTimer
KillTimer
DefWindowProcA
FillRect
GetClientRect
EndPaint
BeginPaint
GetWindowLongPtrA
ShowWindowAsync
SetWindowPos
SetCapture
IsWindowVisible
SetLayeredWindowAttributes
ShowWindow
CreateWindowExA
GetCursorPos
UpdateWindow
InvalidateRect
CallWindowProcA
CallWindowProcW
SetWindowLongPtrA
SetWindowLongPtrW
IsWindowUnicode
DestroyMenu
TrackPopupMenu
CreatePopupMenu
DestroyWindow
GetParent
ScreenToClient
OffsetRect
ReleaseCapture
PtInRect
GetWindowLongA
GetWindowRect
LoadBitmapA

gdi32

SetWindowOrgEx
DPtoLP
SelectObject
DeleteObject
CreateCompatibleBitmap
LPtoDP
CreateCompatibleDC
GetClipBox
BitBlt
CreateSolidBrush
GetStockObject
GetObjectA
StretchBlt
GetPixel
Polyline
CreatePen
DeleteDC

ole32

CoTaskMemFree

uxtheme

IsAppThemed
GetThemeEnumValue
GetThemeInt
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
GetThemeFilename
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeMargins

Exports

Exports

AddTitleIcons
ExtendSaveDialogs
ExtendSystemMenu

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Languages/anvir_Croatian.txt
Languages/anvir_Czech.txt
Languages/anvir_Danish.txt
Languages/anvir_Dutch.txt
Languages/anvir_Finnish.txt
Languages/anvir_French.txt
Languages/anvir_German.txt
Languages/anvir_Greek.txt
Languages/anvir_Italian.txt
Languages/anvir_Japanese.txt
Languages/anvir_Korean.txt
Languages/anvir_Norwegian.txt
Languages/anvir_Polish.txt
Languages/anvir_Portuguese.txt
Languages/anvir_Slovenian.txt
Languages/anvir_Spanish.txt
Languages/anvir_Vietnamese.txt
Languages/anvir_swedish.txt
OpenHardwareMonitor/Aga.Controls.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\projects\VIR\OpenHardwareMonitor\LibreHardwareMonitor-master\External\Aga.Controls\obj\Release\Aga.Controls.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenHardwareMonitor/License.html
OpenHardwareMonitor/OpenHardwareMonitor.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\projects\VIR\OpenHardwareMonitor\LibreHardwareMonitor-master\obj\Release\OpenHardwareMonitor.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 460KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenHardwareMonitor/OpenHardwareMonitor.exe.config
OpenHardwareMonitor/OpenHardwareMonitorLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\projects\VIR\OpenHardwareMonitor\LibreHardwareMonitor-master\obj\Release\OpenHardwareMonitorLib.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenHardwareMonitor/OxyPlot.WindowsForms.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\projects\VIR\OpenHardwareMonitor\LibreHardwareMonitor-master\External\OxyPlot\OxyPlot.WindowsForms\obj\Release\NET40\OxyPlot.WindowsForms.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenHardwareMonitor/OxyPlot.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\projects\VIR\OpenHardwareMonitor\LibreHardwareMonitor-master\External\OxyPlot\OxyPlot\obj\Release\OxyPlot.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VirusTotalUpload.exe
.exe windows:5 windows x86 arch:x86

1c06186a7f0367e14a6db68fa3b0c6b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetCrackUrlW
InternetConnectW
InternetOpenW
HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
HttpSendRequestW

comctl32

InitCommonControlsEx

psapi

GetProcessImageFileNameW

kernel32

LocalAlloc
QueryDosDeviceW
OpenProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CreateThread
GetFullPathNameW
GetTickCount
Sleep
GetFileAttributesW
ReadFile
GetFileSizeEx
GetCurrentProcess
GetModuleFileNameW
GetSystemDirectoryW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcessId
QueryPerformanceCounter
DeleteCriticalSection
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
HeapCreate
WideCharToMultiByte
ExitProcess
GetCurrentThread
LocalFree
GetProcAddress
CloseHandle
GetLastError
GetTempPathW
CreateFileW
WriteFile
GetTempFileNameW
HeapReAlloc
GetStringTypeW
GetModuleHandleW
LoadLibraryW
SetStdHandle
SetEndOfFile
GetProcessHeap
GetTimeZoneInformation
FlushFileBuffers
SetEnvironmentVariableA
WriteConsoleW
CompareStringW
GetCurrentDirectoryW
GetFileType
PeekNamedPipe
GetFileInformationByHandle
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
HeapSize
LCMapStringW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileExW
MultiByteToWideChar
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

user32

SendMessageW
MessageBoxW
SendDlgItemMessageW
SetWindowTextW
CheckDlgButton
IsDlgButtonChecked
EnableWindow
SetTimer
SetForegroundWindow
DialogBoxParamW
GetDlgItem
EndDialog
wsprintfW
ShowWindow
GetDlgItemTextW
SetDlgItemTextW
LoadImageW
GetSysColor

gdi32

SetBkMode
CreateSolidBrush
SetTextColor

comdlg32

GetOpenFileNameW
CommDlgExtendedError

advapi32

CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextW
CryptGetHashParam
AdjustTokenPrivileges
GetLengthSid
IsValidSecurityDescriptor
FreeSid
AddAccessAllowedAce
SetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
LookupPrivilegeValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DuplicateToken
AccessCheck
SetSecurityDescriptorGroup
OpenThreadToken
OpenProcessToken

shell32

ShellExecuteW
DragQueryFileW
SHGetPathFromIDListW
SHBrowseForFolderW
DragFinish
CommandLineToArgvW

ole32

CoInitialize
CoTaskMemFree
CoUninitialize

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
anvir64.exe
.exe windows:5 windows x64 arch:x64

07a5d0d57bb63b2e4727581da8d89483

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/09/2014, 00:00

Not After

08/09/2019, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=Altayskaya 29,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/09/2014, 00:00

Not After

08/09/2019, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=Altayskaya 29,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

48:e2:c3:b1:61:70:a7:34:33:95:72:a6:d2:34:29:42:10:1e:84:11:c3:5a:6c:6d:a2:72:e9:62:6d:e9:ad:1f
Signer

Actual PE Digest

48:e2:c3:b1:61:70:a7:34:33:95:72:a6:d2:34:29:42:10:1e:84:11:c3:5a:6c:6d:a2:72:e9:62:6d:e9:ad:1f

Digest Algorithm

sha256

PE Digest Matches

true

9f:b6:fb:0c:00:52:f3:a1:1a:1b:53:a7:5b:7d:4b:ee:6f:03:f0:a6
Signer

Actual PE Digest

9f:b6:fb:0c:00:52:f3:a1:1a:1b:53:a7:5b:7d:4b:ee:6f:03:f0:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteCriticalSection
SetThreadPriority
ResumeThread
LoadLibraryExA
FreeLibrary
GetWindowsDirectoryA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetVersionExA
GetVolumeInformationA
GetModuleHandleA
GetCurrentProcess
GetStdHandle
TlsAlloc
TlsGetValue
TlsSetValue
WriteFile
lstrcmpiA
IsDBCSLeadByte
RaiseException
SizeofResource
LoadResource
FindResourceA
CreateMutexA
DecodePointer
SetLastError
OpenFileMappingA
MapViewOfFile
InitializeCriticalSectionAndSpinCount
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
LCMapStringW
CloseHandle
LeaveCriticalSection
EnterCriticalSection
GetLastError
Sleep
GetProcAddress
GetCurrentThreadId
lstrcpynA
GetModuleFileNameA
VirtualQuery
GetSystemTime
GetTickCount
lstrcpyA
lstrcatA
GetACP
ExitProcess
VirtualProtect
GetSystemInfo
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
RtlPcToFileHeader
RtlUnwindEx
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
lstrlenA
OpenMutexA
IsDebuggerPresent
OutputDebugStringW
EncodePointer
HeapAlloc
HeapFree
GetProcessHeap
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SetEvent
CreateFileW

user32

wsprintfA
LoadStringA
PostQuitMessage
SetTimer
SetWindowTextA
IsDialogMessageA
CharNextA
CreateDialogParamA
UnregisterClassA
DestroyWindow
DefWindowProcA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
SetWindowLongPtrA

advapi32

RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyA

shell32

ord680

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
anvirlauncher.exe
.exe windows:6 windows x86 arch:x86

27cef9d26747652e0d11e3c14bb6154f

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/09/2014, 00:00

Not After

08/09/2019, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=Altayskaya 29,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/09/2014, 00:00

Not After

08/09/2019, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=Altayskaya 29,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8e:34:88:b8:69:22:76:3c:8a:b9:f9:0a:67:c2:8a:86:74:5c:9a:0b:16:2e:24:9c:b4:03:df:dc:1b:40:d1:1d
Signer

Actual PE Digest

8e:34:88:b8:69:22:76:3c:8a:b9:f9:0a:67:c2:8a:86:74:5c:9a:0b:16:2e:24:9c:b4:03:df:dc:1b:40:d1:1d

Digest Algorithm

sha256

PE Digest Matches

true

dc:05:83:f2:a4:df:4a:d0:3b:17:ec:eb:b7:ff:3a:c1:5a:5c:96:74
Signer

Actual PE Digest

dc:05:83:f2:a4:df:4a:d0:3b:17:ec:eb:b7:ff:3a:c1:5a:5c:96:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
ReadFile
WriteFile
CloseHandle
SetHandleInformation
CreatePipe
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
CreateProcessA
GetVersionExA
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
CreateMutexA
CreateEventA
OpenEventA
PulseEvent
WaitForMultipleObjects
DecodePointer
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
CreateFileW
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
FindNextFileA
FindFirstFileExA
FindClose
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetStdHandle
lstrlenA
lstrcpyA
IsValidCodePage
GetLastError
LCMapStringW
HeapReAlloc
HeapSize
GetFileType
GetStringTypeW
HeapAlloc
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsFree
LoadLibraryExW
GetModuleFileNameW
SetLastError
EncodePointer
ExitProcess
GetModuleHandleExW
GetACP
HeapFree

user32

CharToOemA
wsprintfA
LoadStringA

advapi32

SystemFunction036

shell32

ord680
ShellExecuteA

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
portable.txt
usbhdd.exe
.exe windows:4 windows x86 arch:x86

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/09/2014, 00:00

Not After

08/09/2019, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=Altayskaya 29,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/09/2014, 00:00

Not After

08/09/2019, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=Altayskaya 29,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b1:fa:52:79:67:4d:89:4f:4f:91:6d:67:84:4e:cc:7a:71:ed:51:eb:7d:e6:de:b4:33:e2:27:27:2e:76:0e:e3
Signer

Actual PE Digest

b1:fa:52:79:67:4d:89:4f:4f:91:6d:67:84:4e:cc:7a:71:ed:51:eb:7d:e6:de:b4:33:e2:27:27:2e:76:0e:e3

Digest Algorithm

sha256

PE Digest Matches

true

03:a6:e7:20:de:97:3d:d6:84:a2:93:e7:b4:bb:20:30:41:d2:c7:ed
Signer

Actual PE Digest

03:a6:e7:20:de:97:3d:d6:84:a2:93:e7:b4:bb:20:30:41:d2:c7:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 80KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f23f452093b5c1ff091a2f9fb4fa3e9

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bcCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bcCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

c0:1d:55:83:74:57:4f:83:3c:50:27:8a:00:87:84:d9:a9:e4:c7:5e:a9:be:89:33:20:5f:e3:4c:65:f8:91:9aSigner

e0:1c:68:1c:c1:bb:60:71:be:11:63:48:ee:71:31:00:00:98:27:b3Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 136KB

.rsrc Size: 26KB - Virtual size: 26KB

735e27ae3d7df8c0487e4353d04f6f28

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

wininet

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 3KB - Virtual size: 21KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

fc0224e99e736751432961db63a41b76

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 851B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 608B

2d28403b552b912394027c4cfbf87474

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bcCertificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

c0:1d:55:83:74:57:4f:83:3c:50:27:8a:00:87:84:d9:a9:e4:c7:5e:a9:be:89:33:20:5f:e3:4c:65:f8:91:9a
Signer

e0:1c:68:1c:c1:bb:60:71:be:11:63:48:ee:71:31:00:00:98:27:b3
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 136KB

.rsrc
Size: 26KB - Virtual size: 26KB

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 3KB - Virtual size: 21KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 608B

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

a8:47:a8:f1:63:b7:25:33:c2:37:f1:95:32:a5:d3:d4:36:a4:41:e7:fe:bf:f6:c4:5e:e0:b5:a4:a3:e9:bd:7e
Signer

f8:fc:ba:19:57:ad:4c:06:a2:20:1c:ac:c2:5b:21:8e:98:4c:f3:b8
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 5.6MB - Virtual size: 5.6MB

.data
Size: 2.6MB - Virtual size: 2.6MB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

6f:85:c8:a0:36:46:b0:43:6c:69:f0:b5:e0:18:ef:bc
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

a8:47:a8:f1:63:b7:25:33:c2:37:f1:95:32:a5:d3:d4:36:a4:41:e7:fe:bf:f6:c4:5e:e0:b5:a4:a3:e9:bd:7e
Signer

f8:fc:ba:19:57:ad:4c:06:a2:20:1c:ac:c2:5b:21:8e:98:4c:f3:b8
Signer