a41e0e73b739cb8eb928454cf6b5fcad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a41e0e73b739cb8eb928454cf6b5fcad_JaffaCakes118
Size

3.5MB
MD5

a41e0e73b739cb8eb928454cf6b5fcad
SHA1

5a9dfe16035c0756b38a335a2b3ca961ee2fd0ad
SHA256

fec6e1cbc689a87cd17e7e9249cb310ba128d092197d9b7a1d688a835495de87
SHA512

4a9361f860343b6a633baba70fbfb4b783de8c6a053b72501f88e6635a3d93fc7993bb1627bd392577026a06705100eaa349faa5147d807edc6b070dadb53ef2
SSDEEP

98304:nR21PtFqER3k9HqlW2B+a/RFt8B351MFf+xwkWBOBS:nR25nRa+B+cPt8BJgPkWBOBS

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
a41e0e73b739cb8eb928454cf6b5fcad_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$TEMP/DSDINST.EXE
unpack001/DSDINST.exe
unpack001/Soa/DSDFTP.EXE
unpack001/Soa/DSDhttp.exe
unpack001/Soa/libeay32.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

a41e0e73b739cb8eb928454cf6b5fcad_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3abe302b6d9a1256e6a915429af4ffd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
GetTickCount
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GetWindowsDirectoryA
SetCurrentDirectoryA
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
CreateThread
GlobalLock
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$TEMP/DSDINST.EXE
.exe windows:4 windows x86 arch:x86

44399507566a8003a52bbde4cba163ae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
WideCharToMultiByte
GetCurrentThreadId
MultiByteToWideChar
lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrcmpiA
IsDBCSLeadByte
SetLastError
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
WaitForSingleObject
CloseHandle
CreateFileA
ReadFile
ResumeThread
CreateThread
CreateProcessA
InterlockedExchange
TerminateProcess
HeapCreate
RtlUnwind
FlushInstructionCache
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetOEMCP
GetCPInfo
Sleep
TlsFree
TlsSetValue
GetStartupInfoA
TlsAlloc
TlsGetValue
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
LocalFree
HeapSize
HeapReAlloc
HeapDestroy
GetStdHandle
WriteFile
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
RaiseException
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
UnhandledExceptionFilter

user32

DialogBoxParamA
UnregisterClassA
MessageBoxA
SetWindowLongA
CharNextA
DestroyWindow
GetSystemMetrics
LoadImageA
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
SetDlgItemTextA
PostMessageA
GetWindowLongA
SendMessageA
EndDialog
DefWindowProcA
GetActiveWindow
GetDesktopWindow

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA

shell32

SHGetSpecialFolderPathA

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemAlloc

oleaut32

SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysStringLen
VarUI4FromStr
SysFreeString
SysAllocString
GetErrorInfo

shlwapi

PathAppendA
PathAddBackslashA
PathCommonPrefixA
PathFileExistsA

comctl32

InitCommonControlsEx

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
234_uninstall/T01/IT/IT0CTL.T01
234_uninstall/T01/IT/IT0PAL.T01
234_uninstall/T01/IT/IT0RUN.T01
234_uninstall/T01/IT/IT_ClassEnhancement.T01
234_uninstall/T01/IT/IT_Context.T01
234_uninstall/T01/IT/IT_DeveloperManifest.T01
234_uninstall/T01/IT/IT_Enhancement.T01
234_uninstall/T01/IT/IT_Menu.T01
234_uninstall/T01/IT/IT_Message.T01
234_uninstall/T01/IT/IT_PopupItem.T01
234_uninstall/T01/IT/IT_PopupMenu.T01
234_uninstall/T01/IT/IT_PopupMenuItem.T01
234_uninstall/T01/IT/IT_PopupXRef.T01
234_uninstall/T01/IT/IT_Task.T01
234_uninstall/T01/IT/T01_providex.dde
234_uninstall/T01/IT/T01_providex.ddf
234_uninstall/T01/T01_FilesToDelete.txt
AR/AR_LEVELCONVERSION_234.PVC
AR/AR_SALESPERSONLISTING_RPT_234.PVC
AR/AR_SALESPERSON_BUS_234.PVC
AR/AR_SALESPERSON_UI_234.PVC
AUTORUN.INF
DSD.ico
DSDINST.exe
.exe windows:4 windows x86 arch:x86

44399507566a8003a52bbde4cba163ae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
WideCharToMultiByte
GetCurrentThreadId
MultiByteToWideChar
lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrcmpiA
IsDBCSLeadByte
SetLastError
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
WaitForSingleObject
CloseHandle
CreateFileA
ReadFile
ResumeThread
CreateThread
CreateProcessA
InterlockedExchange
TerminateProcess
HeapCreate
RtlUnwind
FlushInstructionCache
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetOEMCP
GetCPInfo
Sleep
TlsFree
TlsSetValue
GetStartupInfoA
TlsAlloc
TlsGetValue
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
LocalFree
HeapSize
HeapReAlloc
HeapDestroy
GetStdHandle
WriteFile
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
RaiseException
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
UnhandledExceptionFilter

user32

DialogBoxParamA
UnregisterClassA
MessageBoxA
SetWindowLongA
CharNextA
DestroyWindow
GetSystemMetrics
LoadImageA
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
SetDlgItemTextA
PostMessageA
GetWindowLongA
SendMessageA
EndDialog
DefWindowProcA
GetActiveWindow
GetDesktopWindow

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA

shell32

SHGetSpecialFolderPathA

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemAlloc

oleaut32

SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysStringLen
VarUI4FromStr
SysFreeString
SysAllocString
GetErrorInfo

shlwapi

PathAppendA
PathAddBackslashA
PathCommonPrefixA
PathFileExistsA

comctl32

InitCommonControlsEx

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DSD_Header.bmp
DSD_Welcome.bmp
HOME/wget.exe
.exe windows:4 windows x86 arch:x86

fe8f0bebf787f35580b2866a83df1c53

Code Sign

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:58

Not After

03/03/2024, 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:ab:3b:73:82:e2:5b:5d:63:ad:77:35:03:d9:63:b1
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

04/08/2015, 06:00

Not After

03/08/2016, 06:00

Subject

CN=Open Source Developer\, Jernej Simončič,O=Open Source Developer,C=SI,1.2.840.113549.1.9.1=#0c1e6a65726e656a7c732d6f7340657465726e616c6c79626f7265642e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:ab:3b:73:82:e2:5b:5d:63:ad:77:35:03:d9:63:b1
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

04/08/2015, 06:00

Not After

03/08/2016, 06:00

Subject

CN=Open Source Developer\, Jernej Simončič,O=Open Source Developer,C=SI,1.2.840.113549.1.9.1=#0c1e6a65726e656a7c732d6f7340657465726e616c6c79626f7265642e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:58

Not After

03/03/2024, 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

fd:4f:80:9e:04:f4:c3:26:c6:d8:74:2a:0d:9e:c2:23:5d:55:34:55:7a:e4:83:87:ff:e7:68:4b:75:49:25:3c
Signer

Actual PE Digest

fd:4f:80:9e:04:f4:c3:26:c6:d8:74:2a:0d:9e:c2:23:5d:55:34:55:7a:e4:83:87:ff:e7:68:4b:75:49:25:3c

Digest Algorithm

sha256

PE Digest Matches

true

7c:a6:9f:ac:21:56:df:ac:be:d3:3e:8e:62:c4:48:43:2e:09:57:e2
Signer

Actual PE Digest

7c:a6:9f:ac:21:56:df:ac:be:d3:3e:8e:62:c4:48:43:2e:09:57:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptEnumProvidersA
CryptExportKey
CryptGetProvParam
CryptGetUserKey
CryptReleaseContext
CryptSetHashParam
CryptSignHashA
DeregisterEventSource
RegisterEventSourceA
ReportEventA

crypt32

CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

gdi32

CreateCompatibleBitmap
DeleteObject
GetDIBits
GetDeviceCaps
GetObjectA

kernel32

CloseHandle
CreateEventA
CreateFileMappingA
CreateProcessA
CreateThread
DeleteCriticalSection
EnterCriticalSection
FindClose
FindFirstFileA
FindFirstVolumeW
FindNextFileA
FindNextVolumeW
FindVolumeClose
FormatMessageW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumberOfConsoleInputEvents
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVolumeInformationW
GlobalMemoryStatus
InitializeCriticalSection
IsDBCSLeadByteEx
IsValidCodePage
LeaveCriticalSection
LoadLibraryA
LockFileEx
MapViewOfFile
MultiByteToWideChar
OpenFileMappingA
PeekConsoleInputA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ResumeThread
SetConsoleCtrlHandler
SetConsoleTitleA
SetEndOfFile
SetEvent
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsGetValue
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__dllonexit
__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_chmod
_close
_errno
_exit
_fdopen
_filelengthi64
_fileno
_fmode
_fstati64
_get_osfhandle
_getch
_getpid
_initterm
_iob
_isctype
_lock
_lseeki64
_mkdir
_onexit
_open
_open_osfhandle
_setmode
_snwprintf
_stat
time
localtime
gmtime
_stati64
_stricmp
_strnicmp
_telli64
calloc
clearerr
clock
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwprintf
fwrite
getc
getenv
gmtime
isalnum
isalpha
iscntrl
isgraph
islower
isprint
ispunct
isspace
isupper
iswctype
isxdigit
localeconv
localtime
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
puts
qsort
raise
rand
realloc
rename
rewind
setlocale
setvbuf
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
_unlock
_wfopen
_wopen
_write
abort
atoi
time
tmpfile
tolower
toupper
towlower
towupper
ungetc
vfprintf
wcscat
wcscpy
wcslen
wcsstr
wcstombs
_snprintf
_vsnprintf
_write
_utime
_unlink
_strdup
_read
_open
_isatty
_getpid
_fileno
_fdopen
_dup
_close
_chmod

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

user32

DispatchMessageA
GetDC
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
PeekMessageA
ReleaseDC
TranslateMessage

ws2_32

WSAAddressToStringA
WSACleanup
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSASetLastError
WSASocketA
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
htons
ioctlsocket
listen
ntohs
recv
select
send
setsockopt
shutdown

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 649KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
INST_ID.TXT
IT/IT00_SWKREMV
IT/IT0CTL.T01
IT/IT0PAL.T01
IT/IT0RUN.T01
IT/ITW_SA_234.M4P
IT/ITZ_00
IT/IT_1000.LIB
IT/IT_1000_234.PVC
IT/IT_ClassEnhancement.T01
IT/IT_Context.T01
IT/IT_DeveloperManifest.T01
IT/IT_EBMUSERIDLISTING_RPT_234.PVC
IT/IT_EBMUSERIDLISTING_UI_234.PVC
IT/IT_EBUSINESSMANAGERUSERID.M4L
IT/IT_EBUSINESSMANAGERUSERID_BUS_234.PVC
IT/IT_EBUSINESSMANAGERUSERID_UI_234.PVC
IT/IT_Enhancement.T01
IT/IT_Installation.pvc
IT/IT_LEVELCONVERSION_234.PVC
IT/IT_Menu.T01
IT/IT_Message.T01
IT/IT_PeriodEndProcessing_ui_234.pvc
IT/IT_PopupItem.T01
IT/IT_PopupMenu.T01
IT/IT_PopupMenuItem.T01
IT/IT_PopupXRef.T01
IT/IT_SHOPPINGCARTDETAIL_BUS.PVC
IT/IT_SHOPPINGCARTDETAIL_BUS_234.PVC
IT/IT_SHOPPINGCART_BUS.PVC
IT/IT_SHOPPINGCART_BUS_234.PVC
IT/IT_SHOPPINGCART_UPD_234.PVC
IT/IT_Task.T01
IT/IT_UIDCUSTOMERCHANGE_BUS_234.PVC
IT/IT_WEBMENU_BUS_234.PVC
IT/IT_WEBMENU_UI_234.PVC
IT/providex.dde
IT/providex.ddf
IW/IT1000_CUST.HTM
.js
IW/IT1000_SELECT.HTM
.js
IW/ITEM.HTM
.js
IW/IW_1000_234.M4P
IW/IW_COMMON.M4P
IW/IW_COMMON_234.M4P
IW/IW_MENU.M4P
IW/IW_MENU_234.M4P
IW/IW_PRODUCTS.M4P
IW/IW_PRODUCTS_234.M4P
IW/IW_SHOPPINGCARTORDER.M4P
IW/IW_SHOPPINGCARTORDER_234.M4P
IW/IW_TEMPLATE_SVC.PVC
IW/IW_TEMPLATE_SVC_234.M4P
IW/IW_USER.M4P
LMUM_Hlp/Thumbs.db
LMUM_Hlp/lmum.gif
.gif
LMUM_Hlp/lmum.htm
.html
Links/AR_LEVELCONVERSION.PVC
Links/AR_SALESPERSONLISTING_RPT.PVC
Links/AR_SALESPERSON_BUS.PVC
Links/AR_SALESPERSON_UI.PVC
Links/IT_EBMUSERIDLISTING_RPT.PVC
Links/IT_EBMUSERIDLISTING_UI.PVC
Links/IT_EBUSINESSMANAGERUSERID_BUS.PVC
Links/IT_EBUSINESSMANAGERUSERID_UI.PVC
Links/IT_LEVELCONVERSION.PVC
Links/IT_PERIODENDPROCESSING_UI.PVC
Links/IT_SHOPPINGCARTDETAIL_BUS.PVC
Links/IT_SHOPPINGCART_BUS.PVC
Links/IT_SHOPPINGCART_UPD.PVC
Links/IT_UIDCUSTOMERCHANGE_BUS.PVC
Links/IT_WEBMENU_BUS.PVC
Links/IT_WEBMENU_UI.PVC
Links/SY_COMPANYCONVERSION_UI.pvc
Links/SY_EXTENDEDSOLUTIONSCONVERSION.pvc
SY/SY234_LMUM_COMPANYCONVERSION_UI.PVC
SY/SY234_LMUM_EXTENDEDSOLUTIONSCONVERSION.PVC
SY/SY_CALL
SY/SY_CNV
SY/SY_DAT
SY/SY_DCT_234
SY/SY_FIL
SY/SY_FMP
SY/SY_FMU
SY/SY_FOR
SY/SY_FRM
SY/SY_FUNCTIONS_001.PVC
SY/SY_IDX
SY/SY_IEX
SY/SY_INI
SY/SY_INS
SY/SY_MNU
SY/SY_MON
SY/SY_MOREBUTTON_UI_234.PVC
SY/SY_OPN
SY/SY_PRM_234
SY/SY_PTH
SY/SY_PUB
SY/SY_SESSION_001.PVC
SY/SY_SET
SY/SY_SOI
SY/SY_SSS
SY/SY_TMF
SY/SY_TRG
SY/SY_UDF
SY/SY_UNT
SY/SY_VER_234
SY/SY_WDX
SY/SY_XND
SY/SY_XT
Soa/DSDCAA
Soa/DSDCAA.LIB
Soa/DSDCHK
Soa/DSDFTP
Soa/DSDFTP.EXE
.exe windows:4 windows x86 arch:x86

7370eb6f2d0568be1ac366cd9a13842e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
FtpDeleteFileA
FtpPutFileA
FtpGetFileA
InternetConnectA
InternetOpenA
InternetReadFile
InternetSetStatusCallback
FtpFindFirstFileA
FtpOpenFileA
InternetGetLastResponseInfoA

kernel32

FlushFileBuffers
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
SetCurrentDirectoryA
GetCurrentDirectoryA
UnmapViewOfFile
GetModuleFileNameA
WideCharToMultiByte
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
lstrlenA
GetLastError
lstrlenW
FreeLibrary
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
MapViewOfFile
CreateFileMappingA
GetFileInformationByHandle
CreateFileA
GetFullPathNameA
GetFileAttributesA
WaitForSingleObject
ReadFile
WriteFile
DeleteFileA
GetTickCount
ResumeThread
CreateThread
SetFilePointer
FindFirstFileA
CompareStringA
CompareStringW
GetStdHandle
TerminateProcess
GetProcAddress
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
UnhandledExceptionFilter
QueryPerformanceCounter
TlsAlloc
TlsGetValue
TlsSetValue
SetLastError
TlsFree
GetOEMCP
GetStringTypeW
GetStringTypeA
GetDateFormatA
GetTimeFormatA
LCMapStringW
LCMapStringA
GetCPInfo
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
VirtualProtect
GetSystemInfo
VirtualQuery
GetTimeZoneInformation
LoadLibraryA
SetStdHandle
GetLocaleInfoW
SetEnvironmentVariableA
RtlUnwind
RaiseException
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetFileType
ExitProcess
HeapSize
FindClose
FreeEnvironmentStringsA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
HeapDestroy
HeapReAlloc

user32

GetSystemMetrics
LoadImageA
UnregisterClassA
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
SetDlgItemTextA
SetWindowTextA
PostMessageA
GetWindowLongA
EndDialog
DefWindowProcA
GetActiveWindow
GetDesktopWindow
wsprintfA
MessageBoxA
CharNextA
DialogBoxParamA
DestroyWindow
SetWindowLongA
SendMessageA
GetParent

advapi32

RegOpenKeyExA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA

shell32

SHGetFileInfoA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Soa/DSDIEC
Soa/DSDIEI
Soa/DSDIEI.LIB
Soa/DSDLIC.TXT
Soa/DSDLOGO.BMP
Soa/DSDLOGO.GIF
.gif
Soa/DSDMD0.T01
Soa/DSDNEXT.bmp
Soa/DSDPAA
Soa/DSDT01.PVC
Soa/DSD_InternetTest
Soa/DSDhttp.exe
.exe windows:5 windows x86 arch:x86

b978b3a8c136c916d7e89391fd94e5cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetLastError
SetLastError
CloseHandle
GetCurrentThreadId
RaiseException
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
lstrlenA
MultiByteToWideChar
lstrlenW
InitializeCriticalSection
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
ResumeThread
CreateThread
FindClose
FindFirstFileA
DeleteFileA
Sleep
GetTickCount
WaitForSingleObject
LockResource
FindResourceExA
WriteFile
SetFilePointer
SetEndOfFile
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
HeapCreate
GetStdHandle
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
GetCommandLineA
WideCharToMultiByte
CreateFileA
GetFileInformationByHandle
CreateFileMappingA
MapViewOfFile
SetCurrentDirectoryA
GetFileAttributesA
GetFullPathNameA
UnmapViewOfFile
VirtualQuery
GetSystemInfo
SetStdHandle
GetModuleHandleW
WriteConsoleW
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentDirectoryA
SetHandleCount
ReadFile
FlushFileBuffers
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
GetConsoleMode

user32

GetParent
GetWindow
GetWindowRect
GetWindowLongA
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
UnregisterClassA
SetWindowTextA
PostMessageA
SendMessageA
EndDialog
EnableWindow
GetSystemMetrics
LoadImageA
CharNextA
SetWindowLongA
DestroyWindow
DialogBoxParamA
DefWindowProcA
wsprintfA
MessageBoxA
GetActiveWindow
SetDlgItemTextA

advapi32

RegEnumKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA

shell32

SHGetFileInfoA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemRealloc

oleaut32

VarUI4FromStr

wininet

InternetCloseHandle
InternetOpenA
InternetSetStatusCallback
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetSetOptionA
InternetErrorDlg

comctl32

InitCommonControlsEx

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Soa/EMD.BMP
Soa/IN0CTL.MUM
Soa/INMENURMV.MUM
Soa/IN_ClassEnhancement.MUM
Soa/IN_Enhancement.MUM
Soa/IN_GridDefinition.MUM
Soa/IN_Installation.pvc
Soa/IN_Menu.MUM
Soa/IN_Task.MUM
Soa/MDINST
Soa/SUMDI4
Soa/SUMDI5
Soa/SUMDI5.LIB
Soa/SUMDI6
Soa/SUMDI7
Soa/SUMDI7.LIB
Soa/SUMDIN
Soa/SUMDMN
Soa/SUMDN2
Soa/SUUFIX
Soa/SUUFIX.LIB
Soa/SVDSDE
Soa/SVDSDE.HTM
.html
Soa/SVDSDE.LIB
Soa/SVDSDE_Convert_Selection.M4L
Soa/SVDSDE_Convert_ui.pvc
Soa/SVPIPR
Soa/SW_DIR
Soa/SW_DIR.LIB
Soa/SW_FMG
Soa/SW_FMG.LIB
Soa/SW_FMU
Soa/SW_FMU.LIB
Soa/SW_FOR
Soa/SW_FOR.LIB
Soa/SW_KEY
Soa/SW_LST
Soa/SW_MSG
Soa/SW_SET
Soa/SW_SET.LIB
Soa/SW_SET_234
Soa/SW_SET_234.LIB
Soa/SW_SQL
Soa/SW_UDC
Soa/SYDPAT
Soa/Thumbs.db
Soa/dsdpatch.m4p
Soa/libeay32.dll
.dll windows:5 windows x86 arch:x86

0cebee292d8de46c915195e4608514a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

recvfrom
sendto
bind
listen
accept
ntohl
inet_ntoa
WSACancelBlockingCall
WSACleanup
WSAStartup
gethostbyname
getsockopt
getservbyname
ntohs
htons
htonl
socket
setsockopt
connect
send
WSASetLastError
recv
WSAGetLastError
shutdown
closesocket

gdi32

CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetObjectA
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
CreateDCA

advapi32

ReportEventA
DeregisterEventSource
RegisterEventSourceA

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW

msvcr90

getenv
wcsstr
_vsnprintf
vfprintf
__iob_func
abort
free
realloc
malloc
memcpy
memchr
_localtime64
_time64
memset
_gmtime64
strtoul
strncpy
_errno
memmove
_read
_write
isxdigit
isdigit
fprintf
strstr
fputs
fclose
ferror
fread
fwrite
fflush
fopen
_setmode
_fileno
ftell
feof
fseek
fgets
atoi
perror
qsort
strcmp
_stat64i32
_chmod
strchr
strerror
isalnum
isspace
strncmp
tolower
isupper
strrchr
sscanf
exit
strtol
signal
_getch
printf
_getpid
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
sprintf

kernel32

QueryPerformanceCounter
GetTickCount
SetLastError
LoadLibraryA
FreeLibrary
GetCurrentProcessId
FindFirstFileA
FindNextFileA
GetThreadTimes
GetCurrentThread
GetStdHandle
GlobalMemoryStatus
CloseHandle
GetVersionExA
FlushConsoleInputBuffer
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
FindClose
GetFileType
GetVersion
GetLastError
GetCurrentThreadId
GetModuleHandleA
ExitProcess
GetProcAddress

Exports

Exports

ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_it
ACCESS_DESCRIPTION_new
AES_bi_ige_encrypt
AES_cbc_encrypt
AES_cfb128_encrypt
AES_cfb1_encrypt
AES_cfb8_encrypt
AES_cfbr_encrypt_block
AES_ctr128_encrypt
AES_decrypt
AES_ecb_encrypt
AES_encrypt
AES_ige_encrypt
AES_ofb128_encrypt
AES_options
AES_set_decrypt_key
AES_set_encrypt_key
AES_unwrap_key
AES_wrap_key
ASN1_ANY_it
ASN1_BIT_STRING_asn1_meth
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_it
ASN1_BIT_STRING_name_print
ASN1_BIT_STRING_new
ASN1_BIT_STRING_num_asc
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_asc
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_it
ASN1_BMPSTRING_new
ASN1_BOOLEAN_it
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_it
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_to_BN
ASN1_FBOOLEAN_it
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_it
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_GENERALSTRING_free
ASN1_GENERALSTRING_it
ASN1_GENERALSTRING_new
ASN1_HEADER_free
ASN1_HEADER_new
ASN1_IA5STRING_asn1_meth
ASN1_IA5STRING_free
ASN1_IA5STRING_it
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_it
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_to_BN
ASN1_NULL_free
ASN1_NULL_it
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_it
ASN1_OBJECT_new
ASN1_OCTET_STRING_NDEF_it
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_it
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_it
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_free
ASN1_PRINTABLE_it
ASN1_PRINTABLE_new
ASN1_PRINTABLE_type
ASN1_SEQUENCE_it
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_cmp
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_encode
ASN1_STRING_free
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set0
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_it
ASN1_T61STRING_new
ASN1_TBOOLEAN_it
ASN1_TIME_check
ASN1_TIME_free
ASN1_TIME_it
ASN1_TIME_new
ASN1_TIME_print
ASN1_TIME_set
ASN1_TIME_to_generalizedtime
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_get_int_octetstring
ASN1_TYPE_get_octetstring
ASN1_TYPE_new
ASN1_TYPE_set
ASN1_TYPE_set1
ASN1_TYPE_set_int_octetstring
ASN1_TYPE_set_octetstring
ASN1_UNIVERSALSTRING_free
ASN1_UNIVERSALSTRING_it
ASN1_UNIVERSALSTRING_new
ASN1_UNIVERSALSTRING_to_string
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_free
ASN1_UTCTIME_it
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_it
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_it
ASN1_VISIBLESTRING_new
ASN1_add_oid_module
ASN1_check_infinite_end
ASN1_const_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_digest
ASN1_dup
ASN1_generate_nconf
ASN1_generate_v3
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_item_d2i
ASN1_item_d2i_bio
ASN1_item_d2i_fp
ASN1_item_digest
ASN1_item_dup
ASN1_item_ex_d2i
ASN1_item_ex_free
ASN1_item_ex_i2d
ASN1_item_ex_new
ASN1_item_free
ASN1_item_i2d
ASN1_item_i2d_bio
ASN1_item_i2d_fp
ASN1_item_ndef_i2d
ASN1_item_new
ASN1_item_pack
ASN1_item_sign
ASN1_item_unpack
ASN1_item_verify
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_pack_string
ASN1_parse
ASN1_parse_dump
ASN1_primitive_free
ASN1_primitive_new
ASN1_put_eoc
ASN1_put_object
ASN1_seq_pack
ASN1_seq_unpack
ASN1_sign
ASN1_tag2bit
ASN1_tag2str
ASN1_template_d2i
ASN1_template_free
ASN1_template_i2d
ASN1_template_new
ASN1_unpack_string
ASN1_verify
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_it
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_it
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_it
BASIC_CONSTRAINTS_new
BF_cbc_encrypt
BF_cfb64_encrypt
BF_decrypt
BF_ecb_encrypt
BF_encrypt
BF_ofb64_encrypt
BF_options
BF_set_key
BIGNUM_it
BIO_accept
BIO_callback_ctrl
BIO_clear_flags
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_get_read_request
BIO_ctrl_get_write_guarantee
BIO_ctrl_pending
BIO_ctrl_reset_read_request
BIO_ctrl_wpending
BIO_debug_callback
BIO_dgram_non_fatal_error
BIO_dump
BIO_dump_cb
BIO_dump_fp
BIO_dump_indent
BIO_dump_indent_cb
BIO_dump_indent_fp
BIO_dup_chain
BIO_f_base64
BIO_f_buffer
BIO_f_cipher
BIO_f_md
BIO_f_nbio_test
BIO_f_null
BIO_f_reliable
BIO_fd_non_fatal_error
BIO_fd_should_retry
BIO_find_type
BIO_free
BIO_free_all
BIO_get_accept_socket
BIO_get_callback
BIO_get_callback_arg
BIO_get_ex_data
BIO_get_ex_new_index
BIO_get_host_ip
BIO_get_port
BIO_get_retry_BIO
BIO_get_retry_reason
BIO_gethostbyname
BIO_gets
BIO_indent
BIO_int_ctrl
BIO_method_name
BIO_method_type
BIO_new
BIO_new_accept
BIO_new_bio_pair
BIO_new_connect
BIO_new_dgram
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_nread
BIO_nread0
BIO_number_read
BIO_number_written
BIO_nwrite
BIO_nwrite0
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_s_accept
BIO_s_bio
BIO_s_connect
BIO_s_datagram
BIO_s_fd
BIO_s_file
BIO_s_mem
BIO_s_null
BIO_s_socket
BIO_set
BIO_set_callback
BIO_set_callback_arg
BIO_set_cipher
BIO_set_ex_data
BIO_set_flags
BIO_set_tcp_ndelay
BIO_snprintf
BIO_sock_cleanup
BIO_sock_error
BIO_sock_init
BIO_sock_non_fatal_error
BIO_sock_should_retry
BIO_socket_ioctl
BIO_socket_nbio
BIO_test_flags
BIO_vfree
BIO_vprintf
BIO_vsnprintf
BIO_write
BN_BLINDING_convert
BN_BLINDING_convert_ex
BN_BLINDING_create_param
BN_BLINDING_free
BN_BLINDING_get_flags
BN_BLINDING_get_thread_id
BN_BLINDING_invert
BN_BLINDING_invert_ex
BN_BLINDING_new
BN_BLINDING_set_flags
BN_BLINDING_set_thread_id
BN_BLINDING_update
BN_CTX_end
BN_CTX_free
BN_CTX_get
BN_CTX_init
BN_CTX_new
BN_CTX_start
BN_GENCB_call
BN_GF2m_add
BN_GF2m_arr2poly
BN_GF2m_mod
BN_GF2m_mod_arr
BN_GF2m_mod_div
BN_GF2m_mod_div_arr
BN_GF2m_mod_exp
BN_GF2m_mod_exp_arr
BN_GF2m_mod_inv
BN_GF2m_mod_inv_arr
BN_GF2m_mod_mul
BN_GF2m_mod_mul_arr
BN_GF2m_mod_solve_quad
BN_GF2m_mod_solve_quad_arr
BN_GF2m_mod_sqr
BN_GF2m_mod_sqr_arr
BN_GF2m_mod_sqrt
BN_GF2m_mod_sqrt_arr
BN_GF2m_poly2arr
BN_MONT_CTX_copy
BN_MONT_CTX_free
BN_MONT_CTX_init
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_MONT_CTX_set_locked
BN_RECP_CTX_free
BN_RECP_CTX_init
BN_RECP_CTX_new
BN_RECP_CTX_set
BN_X931_derive_prime_ex
BN_X931_generate_Xpq
BN_X931_generate_prime_ex
BN_add
BN_add_word
BN_bin2bn
BN_bn2bin
BN_bn2dec
BN_bn2hex
BN_bn2mpi
BN_bntest_rand
BN_clear
BN_clear_bit
BN_clear_free
BN_cmp
BN_copy
BN_dec2bn
BN_div
BN_div_recp
BN_div_word
BN_dup
BN_exp
BN_free
BN_from_montgomery
BN_gcd
BN_generate_prime
BN_generate_prime_ex
BN_get0_nist_prime_192
BN_get0_nist_prime_224
BN_get0_nist_prime_256
BN_get0_nist_prime_384
BN_get0_nist_prime_521
BN_get_params
BN_get_word
BN_hex2bn
BN_init
BN_is_bit_set
BN_is_prime
BN_is_prime_ex
BN_is_prime_fasttest
BN_is_prime_fasttest_ex
BN_kronecker
BN_lshift
BN_lshift1
BN_mask_bits
BN_mod_add
BN_mod_add_quick
BN_mod_exp
BN_mod_exp2_mont
BN_mod_exp_mont
BN_mod_exp_mont_consttime
BN_mod_exp_mont_word
BN_mod_exp_recp
BN_mod_exp_simple
BN_mod_inverse
BN_mod_lshift
BN_mod_lshift1
BN_mod_lshift1_quick
BN_mod_lshift_quick
BN_mod_mul
BN_mod_mul_montgomery
BN_mod_mul_reciprocal
BN_mod_sqr
BN_mod_sqrt
BN_mod_sub
BN_mod_sub_quick
BN_mod_word
BN_mpi2bn
BN_mul
BN_mul_word
BN_new
BN_nist_mod_192
BN_nist_mod_224
BN_nist_mod_256
BN_nist_mod_384
BN_nist_mod_521
BN_nnmod
BN_num_bits
BN_num_bits_word
BN_options
BN_print
BN_print_fp
BN_pseudo_rand
BN_pseudo_rand_range
BN_rand
BN_rand_range
BN_reciprocal
BN_rshift
BN_rshift1
BN_set_bit
BN_set_negative
BN_set_params
BN_set_word
BN_sqr
BN_sub
BN_sub_word
BN_swap
BN_to_ASN1_ENUMERATED
BN_to_ASN1_INTEGER
BN_uadd
BN_ucmp
BN_usub
BN_value_one
BUF_MEM_free
BUF_MEM_grow
BUF_MEM_grow_clean
BUF_MEM_new
BUF_memdup
BUF_strdup
BUF_strlcat
BUF_strlcpy
BUF_strndup
CAST_cbc_encrypt
CAST_cfb64_encrypt
CAST_decrypt
CAST_ecb_encrypt
CAST_encrypt
CAST_ofb64_encrypt
CAST_set_key
CBIGNUM_it
CERTIFICATEPOLICIES_free
CERTIFICATEPOLICIES_it
CERTIFICATEPOLICIES_new
COMP_CTX_free
COMP_CTX_new
COMP_compress_block
COMP_expand_block
COMP_rle
COMP_zlib
COMP_zlib_cleanup
CONF_dump_bio
CONF_dump_fp
CONF_free
CONF_get1_default_config_file
CONF_get_number

Sections

.text
Size: 642KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Soa/openssl.cfg
Soa/openssl.exe
.exe windows:5 windows x86 arch:x86

29abc37f75b3a4e8bb98bf1b4dfc5069

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:fd:2d:09:02:6b:ee:d8:fc:78:85:bc:23:78:c4:9b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/07/2012, 00:00

Not After

13/10/2015, 23:59

Subject

CN=Sage Software\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Sage Software\, Inc.,L=Norcross,ST=Georgia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fa:50:92:71:6a:54:18:06:ae:4d:2d:65:f4:d1:c4:fb:fd:cc:fe:0e
Signer

Actual PE Digest

fa:50:92:71:6a:54:18:06:ae:4d:2d:65:f4:d1:c4:fb:fd:cc:fe:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ssleay32

ord171
ord290
ord291
ord45
ord180
ord150
ord49
ord6
ord130
ord127
ord65
ord61
ord120
ord154
ord157
ord35
ord162
ord33
ord129
ord55
ord108
ord79
ord122
ord52
ord2
ord32
ord98
ord38
ord40
ord28
ord22
ord30
ord24
ord5
ord43
ord110
ord113
ord116
ord172
ord268
ord293
ord119
ord90
ord31
ord86
ord59
ord96
ord60
ord56
ord272
ord274
ord271
ord292
ord112
ord115
ord118
ord74
ord275
ord183
ord12
ord264
ord145
ord286
ord141
ord142
ord177
ord15
ord21
ord231
ord73
ord16
ord8
ord243
ord42
ord164
ord77
ord125
ord94
ord72
ord166
ord78
ord48
ord249
ord121
ord75
ord244
ord189
ord83
ord82
ord63
ord267
ord58

libeay32

ord638
ord4070
ord2164
ord2161
ord189
ord197
ord198
ord2708
ord890
ord3189
ord298
ord2949
ord2604
ord254
ord224
ord190
ord892
ord891
ord897
ord1001
ord3503
ord2874
ord2935
ord2981
ord2738
ord3023
ord2561
ord2598
ord3164
ord2899
ord3048
ord3047
ord3158
ord3077
ord3101
ord3028
ord2938
ord3123
ord2960
ord2866
ord2686
ord2897
ord2838
ord80
ord2551
ord3924
ord3923
ord3921
ord2648
ord79
ord3244
ord2713
ord2971
ord2647
ord1158
ord2844
ord2662
ord2921
ord2492
ord2504
ord2485
ord2489
ord2520
ord2480
ord2491
ord2529
ord2816
ord2475
ord2478
ord251
ord464
ord959
ord325
ord1103
ord2146
ord2155
ord2143
ord2151
ord2145
ord641
ord250
ord1969
ord679
ord2064
ord2452
ord623
ord2596
ord2033
ord66
ord905
ord549
ord910
ord912
ord1654
ord378
ord82
ord86
ord2411
ord222
ord680
ord585
ord657
ord558
ord909
ord626
ord3527
ord2105
ord2011
ord1915
ord2067
ord555
ord625
ord556
ord3676
ord52
ord78
ord93
ord246
ord629
ord21
ord168
ord827
ord2281
ord3488
ord2280
ord2276
ord2279
ord355
ord167
ord67
ord2427
ord109
ord916
ord723
ord1653
ord89
ord87
ord57
ord169
ord997
ord577
ord606
ord2217
ord576
ord1912
ord1914
ord3241
ord3243
ord2209
ord2704
ord2292
ord366
ord605
ord607
ord2286
ord421
ord877
ord423
ord2250
ord872
ord154
ord3237
ord2544
ord2117
ord610
ord608
ord2627
ord674
ord670
ord601
ord672
ord658
ord667
ord656
ord671
ord673
ord664
ord602
ord3724
ord313
ord403
ord769
ord248
ord419
ord3550
ord210
ord484
ord129
ord279
ord3686
ord161
ord150
ord486
ord283
ord1960
ord2832
ord2695
ord1508
ord316
ord1509
ord3570
ord3575
ord2877
ord3512
ord209
ord181
ord2111
ord600
ord3729
ord3422
ord3408
ord3663
ord151
ord281
ord31
ord835
ord732
ord654
ord401
ord397
ord304
ord333
ord76
ord2784
ord965
ord289
ord290
ord2572
ord2747
ord3245
ord363
ord3883
ord285
ord83
ord3820
ord3903
ord54
ord60
ord323
ord188
ord202
ord415
ord33
ord830
ord120
ord200
ord207
ord395
ord28
ord205
ord727
ord3713
ord1871
ord3687
ord213
ord2202
ord2203
ord3019
ord2915
ord4059
ord59
ord3836
ord255
ord2206
ord3823
ord330
ord361
ord3877
ord2743
ord315
ord2821
ord2936
ord269
ord3109
ord2630
ord2249
ord2291
ord896
ord899
ord894
ord230
ord665
ord24
ord513
ord1988
ord2060
ord1160
ord11
ord1167
ord88
ord816
ord1908
ord2126
ord1080
ord170
ord514
ord280
ord282
ord25
ord541
ord8
ord2131
ord164
ord119
ord573
ord579
ord565
ord571
ord14
ord580
ord362
ord575
ord584
ord13
ord23
ord364
ord567
ord566
ord578
ord349
ord352
ord1900
ord562
ord1901
ord171
ord173
ord175
ord9
ord1954
ord2027
ord3087
ord1205
ord2052
ord2608
ord3516
ord603
ord677
ord678
ord529
ord422
ord536
ord2823
ord2834
ord3031
ord2607
ord3004
ord2543
ord117
ord619
ord2798
ord2837
ord1973
ord2742
ord535
ord116
ord516
ord636
ord642
ord418
ord849
ord1229
ord444
ord398
ord746
ord438
ord445
ord402
ord760
ord622
ord863
ord3837
ord2391
ord1161
ord583
ord815
ord2009
ord537
ord588
ord627
ord1961
ord420
ord2406
ord1985
ord854
ord227
ord253
ord1869
ord488
ord2034
ord55
ord490
ord493
ord491
ord492
ord497
ord3212
ord1968
ord416
ord2014
ord832
ord214
ord1935
ord417
ord220
ord3481
ord3424
ord3456
ord3585
ord3452
ord3473
ord3742
ord3400
ord3443
ord3714
ord3519
ord3556
ord3707
ord2683
ord2701
ord3379
ord3405
ord2693
ord2985
ord3528
ord2568
ord3555
ord3607
ord3494
ord3475
ord3617
ord3749
ord365
ord3711
ord3447
ord2150
ord652
ord1020
ord1017
ord1015
ord1016
ord284
ord2051
ord1997
ord820
ord634
ord2066
ord2446
ord2405
ord3920
ord2404
ord2790
ord639
ord869
ord866
ord857
ord662
ord676
ord2074
ord653
ord2082
ord2140
ord2184
ord1928
ord1933
ord357
ord630
ord4054
ord2254
ord2996
ord3155
ord2927
ord318
ord299
ord118
ord2749
ord2682
ord2710
ord3113
ord2966
ord3034
ord3173
ord2827
ord2726
ord2902
ord370
ord107
ord3866
ord915
ord84
ord53
ord108
ord58
ord3330
ord3353
ord96
ord1010
ord2426
ord3020
ord85
ord368

wsock32

closesocket
shutdown
__WSAFDIsSet
select
accept
gethostbyaddr
gethostbyname
getservbyname
ntohs
bind
listen
htons
htonl
socket
setsockopt
connect
WSAStartup
WSACancelBlockingCall
WSACleanup
getsockname
WSAGetLastError

msvcr90

_fileno
_setmode
_close
_lseek
_write
_read
_open
fflush
ftell
fseek
fopen
fclose
fwrite
fread
fgets
fprintf
printf
abort
perror
atoi
strncmp
sscanf
islower
memset
setvbuf
strncat
_wassert
strchr
_stat64i32
toupper
memcpy
_stricmp
getenv
atol
exit
_time64
strstr
_ftime64
fputc
rename
_errno
remove
signal
isdigit
strspn
qsort
fputs
malloc
realloc
free
_fmode
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_access
_kbhit
clearerr
ferror
feof
__iob_func

kernel32

IsDebuggerPresent
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Soa/wget.exe
.exe windows:4 windows x86 arch:x86

fe8f0bebf787f35580b2866a83df1c53

Code Sign

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:58

Not After

03/03/2024, 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:ab:3b:73:82:e2:5b:5d:63:ad:77:35:03:d9:63:b1
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

04/08/2015, 06:00

Not After

03/08/2016, 06:00

Subject

CN=Open Source Developer\, Jernej Simončič,O=Open Source Developer,C=SI,1.2.840.113549.1.9.1=#0c1e6a65726e656a7c732d6f7340657465726e616c6c79626f7265642e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:ab:3b:73:82:e2:5b:5d:63:ad:77:35:03:d9:63:b1
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

04/08/2015, 06:00

Not After

03/08/2016, 06:00

Subject

CN=Open Source Developer\, Jernej Simončič,O=Open Source Developer,C=SI,1.2.840.113549.1.9.1=#0c1e6a65726e656a7c732d6f7340657465726e616c6c79626f7265642e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:58

Not After

03/03/2024, 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

fd:4f:80:9e:04:f4:c3:26:c6:d8:74:2a:0d:9e:c2:23:5d:55:34:55:7a:e4:83:87:ff:e7:68:4b:75:49:25:3c
Signer

Actual PE Digest

fd:4f:80:9e:04:f4:c3:26:c6:d8:74:2a:0d:9e:c2:23:5d:55:34:55:7a:e4:83:87:ff:e7:68:4b:75:49:25:3c

Digest Algorithm

sha256

PE Digest Matches

true

7c:a6:9f:ac:21:56:df:ac:be:d3:3e:8e:62:c4:48:43:2e:09:57:e2
Signer

Actual PE Digest

7c:a6:9f:ac:21:56:df:ac:be:d3:3e:8e:62:c4:48:43:2e:09:57:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptEnumProvidersA
CryptExportKey
CryptGetProvParam
CryptGetUserKey
CryptReleaseContext
CryptSetHashParam
CryptSignHashA
DeregisterEventSource
RegisterEventSourceA
ReportEventA

crypt32

CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

gdi32

CreateCompatibleBitmap
DeleteObject
GetDIBits
GetDeviceCaps
GetObjectA

kernel32

CloseHandle
CreateEventA
CreateFileMappingA
CreateProcessA
CreateThread
DeleteCriticalSection
EnterCriticalSection
FindClose
FindFirstFileA
FindFirstVolumeW
FindNextFileA
FindNextVolumeW
FindVolumeClose
FormatMessageW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumberOfConsoleInputEvents
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVolumeInformationW
GlobalMemoryStatus
InitializeCriticalSection
IsDBCSLeadByteEx
IsValidCodePage
LeaveCriticalSection
LoadLibraryA
LockFileEx
MapViewOfFile
MultiByteToWideChar
OpenFileMappingA
PeekConsoleInputA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ResumeThread
SetConsoleCtrlHandler
SetConsoleTitleA
SetEndOfFile
SetEvent
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsGetValue
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__dllonexit
__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_chmod
_close
_errno
_exit
_fdopen
_filelengthi64
_fileno
_fmode
_fstati64
_get_osfhandle
_getch
_getpid
_initterm
_iob
_isctype
_lock
_lseeki64
_mkdir
_onexit
_open
_open_osfhandle
_setmode
_snwprintf
_stat
time
localtime
gmtime
_stati64
_stricmp
_strnicmp
_telli64
calloc
clearerr
clock
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwprintf
fwrite
getc
getenv
gmtime
isalnum
isalpha
iscntrl
isgraph
islower
isprint
ispunct
isspace
isupper
iswctype
isxdigit
localeconv
localtime
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
puts
qsort
raise
rand
realloc
rename
rewind
setlocale
setvbuf
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
_unlock
_wfopen
_wopen
_write
abort
atoi
time
tmpfile
tolower
toupper
towlower
towupper
ungetc
vfprintf
wcscat
wcscpy
wcslen
wcsstr
wcstombs
_snprintf
_vsnprintf
_write
_utime
_unlink
_strdup
_read
_open
_isatty
_getpid
_fileno
_fdopen
_dup
_close
_chmod

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

user32

DispatchMessageA
GetDC
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
PeekMessageA
ReleaseDC
TranslateMessage

ws2_32

WSAAddressToStringA
WSACleanup
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSASetLastError
WSASocketA
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
htons
ioctlsocket
listen
ntohs
recv
select
send
setsockopt
shutdown

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 649KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Thumbs.db
VERSIONS.HTM
.html
VERSIONS.TXT
_DSD_DistributionFiles.htm
.html
aboutdsd.htm
.html
dsd.nsh
dsdlogo.gif
.gif
install.htm
.html
license.htm
.html
license_files/colorschememapping.xml
.xml
license_files/filelist.xml
license_files/themedata.thmx
.thmx office2007
readme.htm
.html
support.htm
.html

Sharing

General

Malware Config

Signatures

Files

3abe302b6d9a1256e6a915429af4ffd2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 149KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 116KB - Virtual size: 116KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

44399507566a8003a52bbde4cba163ae

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 40KB - Virtual size: 39KB

44399507566a8003a52bbde4cba163ae

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 40KB - Virtual size: 39KB

fe8f0bebf787f35580b2866a83df1c53

Code Sign

04:7a:55Certificate

Extended Key Usages

04:7a:53Certificate

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 149KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 116KB - Virtual size: 116KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 40KB - Virtual size: 39KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 40KB - Virtual size: 39KB

04:7a:55
Certificate

04:7a:53
Certificate

62:ab:3b:73:82:e2:5b:5d:63:ad:77:35:03:d9:63:b1
Certificate

04:7a:53
Certificate

62:ab:3b:73:82:e2:5b:5d:63:ad:77:35:03:d9:63:b1
Certificate

04:7a:55
Certificate

fd:4f:80:9e:04:f4:c3:26:c6:d8:74:2a:0d:9e:c2:23:5d:55:34:55:7a:e4:83:87:ff:e7:68:4b:75:49:25:3c
Signer

7c:a6:9f:ac:21:56:df:ac:be:d3:3e:8e:62:c4:48:43:2e:09:57:e2
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 60KB - Virtual size: 59KB

.rdata
Size: 649KB - Virtual size: 648KB

.bss
Size: - Virtual size: 41KB

.idata
Size: 8KB - Virtual size: 8KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

/4
Size: 512B - Virtual size: 20B

.text
Size: 172KB - Virtual size: 170KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 20KB - Virtual size: 19KB

.text
Size: 186KB - Virtual size: 186KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 20KB - Virtual size: 19KB