ab1b8dbdb9e4413afb6bc19c0057fcff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ab1b8dbdb9e4413afb6bc19c0057fcff_JaffaCakes118
Size

8.9MB
MD5

ab1b8dbdb9e4413afb6bc19c0057fcff
SHA1

44f34b498af2a0eb3beae254d5ed553604064e15
SHA256

e04d47f441952f4aab26b7c929a670e68382341b35113116bdd8fcde4c339175
SHA512

1724c6efa76b09722f3a41023c01c188acebe5ee2f9c5d37ba5c0b5698f048f557bbd7804a4631781ab9f47c52d9ab5720ff60811da6000d1ee984c9600e4976
SSDEEP

196608:YbLqKFX2skcMeo/swuT+T70gmCMVLt3SJ6T02gLBIsVdeB:YbuE2s1MeM5uylmCEG6TbDB

Score

7^/10

aspackv2 upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/无线路由器密码破解 V1.0/路由器密码破解器_（5秒极速破解）简单版1.0/msimg32.dll	acprotect

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/无线路由器密码破解 V1.0/Setup（路由器快速破解密码）.exe	aspack_v212_v242

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/Easy WIFI Radar 1.0.5v Installer.exe	upx
static1/unpack001/无线路由器密码破解 V1.0/路由器密码破解器_（5秒极速破解）简单版1.0/msimg32.dll	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/无线路由器密码破解 V1.0/Setup（路由器快速破解密码）.exe
unpack001/无线路由器密码破解 V1.0/TpLink密码破解工具/TpLinkPass.exe
unpack002/Easy WIFI Radar 1.0.5v Installer.exe
unpack003/out.upx
unpack001/无线路由器密码破解 V1.0/注册机.exe
unpack001/无线路由器密码破解 V1.0/路由器密码破解器_（5秒极速破解）简单版1.0/msimg32.dll
unpack005/out.upx

Files

ab1b8dbdb9e4413afb6bc19c0057fcff_JaffaCakes118
.rar
无线路由器密码破解 V1.0/Setup（路由器快速破解密码）.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 416KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
无线路由器密码破解 V1.0/TpLink密码破解工具/AboutDlg.h
无线路由器密码破解 V1.0/TpLink密码破解工具/MainDlg.h
.vbs
无线路由器密码破解 V1.0/TpLink密码破解工具/TpLinkPass.aps
无线路由器密码破解 V1.0/TpLink密码破解工具/TpLinkPass.cpp
无线路由器密码破解 V1.0/TpLink密码破解工具/TpLinkPass.exe
.exe windows:4 windows x86 arch:x86

1dfb6da0c31d04a734da63f1e92680aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiW
SetLastError
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
CreateThread
CreateFileA
CloseHandle
SetStdHandle
SetFilePointer
InterlockedDecrement
IsValidCodePage
GetOEMCP
GetCPInfo
GetLastError
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
Sleep
ReadFile
WideCharToMultiByte
InterlockedIncrement
lstrlenW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
OutputDebugStringW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ExitProcess
HeapSize
RaiseException
SetEndOfFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
GetStringTypeW
HeapCreate
GetStringTypeA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapReAlloc
RtlUnwind
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy

user32

GetDlgItemTextA
MessageBoxW
DefWindowProcW
GetSystemMetrics
LoadImageW
CreateDialogParamW
PostQuitMessage
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
IsDialogMessageW
GetDlgItem
SetDlgItemTextW
GetWindowLongW
SendMessageW
DestroyWindow
CharNextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
ShowWindow
SetWindowLongW
UnregisterClassA

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

ws2_32

WSAStartup
htons
socket
WSACleanup
connect
closesocket
send
recv
inet_addr

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
无线路由器密码破解 V1.0/TpLink密码破解工具/TpLinkPass.h
无线路由器密码破解 V1.0/TpLink密码破解工具/TpLinkPass.rc
无线路由器密码破解 V1.0/TpLink密码破解工具/TpLinkPass.vcproj
.xml
无线路由器密码破解 V1.0/TpLink密码破解工具/res/TpLinkPass.ico
无线路由器密码破解 V1.0/TpLink密码破解工具/res/飘荡软件.url
.url
无线路由器密码破解 V1.0/TpLink密码破解工具/resource.h
无线路由器密码破解 V1.0/TpLink密码破解工具/stdafx.cpp
无线路由器密码破解 V1.0/TpLink密码破解工具/stdafx.h
无线路由器密码破解 V1.0/WIFI+Radar（无敌蹭网小软件）.rar
.rar
Easy WIFI Radar 1.0.5v Installer.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
无线路由器密码破解 V1.0/无线路由器补丁.dll
.dll regsvr32 windows:4 windows x86 arch:x86

7a1a55969b65001e4721de3519a962cb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:7e:d5:0d:04:5c:25:02:bb:75:f1:c1:c2:a4:4d:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2008, 00:00

Not After

03/07/2009, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Administrative management department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=ShangHai,ST=ShangHai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\PPStream-Vod-Work\XSearchNew\ppsvod\HOOKFILE\Release\mydll.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WideCharToMultiByte
lstrlenA
GetTickCount
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
GetPrivateProfileIntA
CreateDirectoryA
RemoveDirectoryA
FindClose
GetLastError
FindNextFileA
FindFirstFileA
WritePrivateProfileStringA
DeleteFileA
OutputDebugStringA
CreateMutexA
OpenMutexA
SuspendThread
GetExitCodeThread
SetLastError
TerminateThread
WaitForSingleObject
SetEvent
ResetEvent
LocalAlloc
LocalFree
lstrcpyA
ResumeThread
CreateThread
GetFileAttributesA
SetEndOfFile
SetFilePointer
GetFileSize
ReadFile
UnlockFile
LoadLibraryExW
LockFile
GetModuleFileNameA
CreateFileA
MoveFileA
PostQueuedCompletionStatus
_llseek
Sleep
GetCurrentThreadId
MultiByteToWideChar
HeapAlloc
GetProcessHeap
lstrcpynA
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetPrivateProfileStringA
CreateEventA
OpenEventA
GetFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersionExA
GetLocalTime
HeapFree
GetSystemTime
FileTimeToSystemTime
CompareStringW
CompareStringA
GetLocaleInfoW
SetEnvironmentVariableA
FlushFileBuffers
SetConsoleCtrlHandler
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
LoadLibraryExA
LoadLibraryW
LoadLibraryA
lstrcmpiA
GetCurrentProcess
VirtualProtectEx
WriteProcessMemory
VirtualQuery
Module32Next
Module32First
CreateToolhelp32Snapshot
CloseHandle
GetCurrentProcessId
GetProcAddress
GetSystemInfo
WriteFile
GetModuleHandleA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
RtlUnwind
ExitProcess
RaiseException
GetSystemTimeAsFileTime
ExitThread
TerminateProcess
GetFileType
GetTimeFormatA
GetDateFormatA
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
FatalAppExitA
TlsAlloc
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
HeapReAlloc
HeapSize
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
GetStartupInfoA
SetStdHandle
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetTimeZoneInformation
VirtualProtect
FreeEnvironmentStringsA

user32

wsprintfA
MsgWaitForMultipleObjects
DispatchMessageA
PeekMessageA
PostMessageA
IsWindow
TranslateMessage
MessageBoxA
GetParent
GetMessageA
PostThreadMessageA

advapi32

CryptReleaseContext
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
CryptAcquireContextA

imagehlp

ImageDirectoryEntryToData

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

CFA
CFW
CH
DllRegisterServer
DllUnregisterServer
GFS
GOR
GetDelayTmCnt
InitialRootDir
OF
RF
RFE
RegMessageRecv
SFP
SFPE
SetQuitFlag
Uninitial
WF
WFE

Sections

.text
Size: 268KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
无线路由器密码破解 V1.0/无线雷达扫描工具(蹭网专用)绿色版.rar
.rar
WirelessMon.exe
.exe windows:4 windows x86 arch:x86

dc072b97ab69d9cf474e33b457c157dd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:04:d2:56:fa:7f:1b:bb:6b:94:13:72:01:34:2e:db
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/10/2007, 00:00

Not After

19/10/2009, 23:59

Subject

CN=PassMark Software Pty Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PassMark Software Pty Ltd,ST=NSW,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

14:a7:90:44:76:7b:89:48:3c:e0:1a:45:64:ab:78:53:b3:9d:d9:62
Signer

Actual PE Digest

14:a7:90:44:76:7b:89:48:3c:e0:1a:45:64:ab:78:53:b3:9d:d9:62

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GetModuleHandleA
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
FreeConsole
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
GetProcAddress
GetLastError
LoadLibraryA
SetLastError
SetThreadPriority
GetCurrentThread
CreateProcessA
GetCommandLineA
GetStartupInfoA
SetEnvironmentVariableA
ReleaseMutex
WaitForSingleObject
CreateMutexA
OpenMutexA
GetCurrentThreadId
CreateFileA
FindClose
FindFirstFileA
FindFirstFileW
VirtualQueryEx
GetExitCodeProcess
ReadProcessMemory
UnmapViewOfFile
ContinueDebugEvent
SetThreadContext
GetThreadContext
WaitForDebugEvent
SuspendThread
DebugActiveProcess
ResumeThread
CreateProcessW
GetCommandLineW
GetStartupInfoW
CloseHandle
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
VirtualProtectEx
WriteProcessMemory
ExitProcess
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
HeapReAlloc
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwind
DeleteCriticalSection
GetStdHandle
WriteFile
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
Sleep
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameW
GetShortPathNameW
GetModuleFileNameA
MapViewOfFile
GetShortPathNameA
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage

user32

GetDesktopWindow
MoveWindow
SetPropA
EnumThreadWindows
GetPropA
GetMessageA
GetSystemMetrics
SetTimer
GetAsyncKeyState
KillTimer
BeginPaint
EndPaint
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
LoadStringA
LoadStringW
FindWindowA
WaitForInputIdle
MessageBoxA
InSendMessage
UnpackDDElParam
FreeDDElParam
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateWindowExA
GetWindowThreadProcessId
SendMessageW
SendMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
DestroyWindow

gdi32

CreateDCA
CreateDIBitmap
CreateCompatibleDC
SelectObject
SelectPalette
RealizePalette
BitBlt
DeleteDC
DeleteObject
CreatePalette

Sections

.text
Size: - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 272KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 44KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 728KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
defaultpalette.wmsp
green_yellow_red.wmsp
sn.txt
注册 WirelessMon.bat
无线路由器密码破解 V1.0/注册机.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.Upack
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
无线路由器密码破解 V1.0/路由器密码演试 WEP 视频演示.swf
无线路由器密码破解 V1.0/路由器密码破解器_（5秒极速破解）简单版1.0/EWSA.chm
.chm
无线路由器密码破解 V1.0/路由器密码破解器_（5秒极速破解）简单版1.0/english.dic
无线路由器密码破解 V1.0/路由器密码破解器_（5秒极速破解）简单版1.0/ewsaserv.dll
.dll windows:5 windows x86 arch:x86

ff90b0dc7a1fb3ab0681c9ccb2d93feb

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:ca
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

22/09/2009, 00:00

Not After

21/09/2012, 23:59

Subject

CN=ElcomSoft Co.Ltd.,O=ElcomSoft Co.Ltd.,POSTALCODE=115035,STREET=Ovchinnikovskaya naberezhnaya 6-2,L=Moscow,ST=N/A,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

43:08:f0:ce:4e:2f:f8:3b:01:50:5d:06:cb:a2:1c:61:f5:d3:8c:5c
Signer

Actual PE Digest

43:08:f0:ce:4e:2f:f8:3b:01:50:5d:06:cb:a2:1c:61:f5:d3:8c:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
WaitNamedPipeA
CreateFileA
FlushFileBuffers
WriteFile
HeapAlloc
HeapFree
LocalFree
OpenProcess
GetModuleHandleA
GetProcAddress
SetLastError
OpenEventA
ResetEvent
SetEvent
lstrlenA
lstrcatA
ReleaseMutex
CreateMutexA
WaitForSingleObject
MapViewOfFile
UnmapViewOfFile
CloseHandle
OpenFileMappingA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetLastError
LoadLibraryExA
FormatMessageA
FreeLibrary
lstrcpyA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
Sleep
HeapSize
ExitProcess
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle

user32

wsprintfA
IsCharAlphaNumericA

advapi32

RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegFlushKey
GetSecurityDescriptorDacl
DeleteAce
RegOpenKeyExA
RegSetKeySecurity
RegCloseKey
LookupAccountSidA
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
LookupAccountNameA
AllocateAndInitializeSid
FreeSid
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

EnterMessageLoop
LsaDecryptData
LsaUnprotectData

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
无线路由器密码破解 V1.0/路由器密码破解器_（5秒极速破解）简单版1.0/ewsaserv.exe
.exe windows:4 windows x86 arch:x86

915507198ccc5d6dae19d8305670a14b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:ca
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

22/09/2009, 00:00

Not After

21/09/2012, 23:59

Subject

CN=ElcomSoft Co.Ltd.,O=ElcomSoft Co.Ltd.,POSTALCODE=115035,STREET=Ovchinnikovskaya naberezhnaya 6-2,L=Moscow,ST=N/A,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b1:32:45:ba:03:b0:c2:15:5b:88:30:d1:b1:80:01:62:60:7e:a8:f7
Signer

Actual PE Digest

b1:32:45:ba:03:b0:c2:15:5b:88:30:d1:b1:80:01:62:60:7e:a8:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
lstrlenA
OpenProcess
GetLastError
GetModuleFileNameA
lstrcpyA
lstrcpynA
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
ResumeThread
WaitForSingleObject
GetExitCodeThread
LoadLibraryA
FreeLibrary
GetCurrentThread
CloseHandle
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
InitializeCriticalSection
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

wsprintfA

advapi32

RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegFlushKey
RegCloseKey
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
无线路由器密码破解 V1.0/路由器密码破解器_（5秒极速破解）简单版1.0/ewsaserv64.dll
.dll windows:5 windows x64 arch:x64

954d243f7df5d87554f8680e1840c203

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:ca
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

22/09/2009, 00:00

Not After

21/09/2012, 23:59

Subject

CN=ElcomSoft Co.Ltd.,O=ElcomSoft Co.Ltd.,POSTALCODE=115035,STREET=Ovchinnikovskaya naberezhnaya 6-2,L=Moscow,ST=N/A,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fc:95:b4:a3:39:4a:e6:18:7e:14:7b:85:db:1e:df:2e:cc:15:8e:d4
Signer

Actual PE Digest

fc:95:b4:a3:39:4a:e6:18:7e:14:7b:85:db:1e:df:2e:cc:15:8e:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
WaitNamedPipeA
CreateFileA
FlushFileBuffers
WriteFile
HeapAlloc
HeapFree
LocalFree
OpenProcess
GetModuleHandleA
GetProcAddress
SetLastError
OpenEventA
ResetEvent
SetEvent
lstrlenA
lstrcatA
ReleaseMutex
CreateMutexA
WaitForSingleObject
MapViewOfFile
UnmapViewOfFile
CloseHandle
OpenFileMappingA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetLastError
LoadLibraryExA
FormatMessageA
FreeLibrary
lstrcpyA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
RtlLookupFunctionEntry
RtlUnwindEx
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
RaiseException
RtlPcToFileHeader
Sleep
HeapSize
GetModuleHandleW
ExitProcess
HeapSetInformation
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle

user32

wsprintfA
IsCharAlphaNumericA

advapi32

RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegFlushKey
GetSecurityDescriptorDacl
DeleteAce
RegOpenKeyExA
RegSetKeySecurity
RegCloseKey
LookupAccountSidA
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
LookupAccountNameA
AllocateAndInitializeSid
FreeSid
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

EnterMessageLoop
LsaDecryptData
LsaUnprotectData

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
无线路由器密码破解 V1.0/路由器密码破解器_（5秒极速破解）简单版1.0/ewsaserv64.exe
.exe windows:4 windows x64 arch:x64

6e3bc43ea0f96b9d65488cd204125cdc

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:ca
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

22/09/2009, 00:00

Not After

21/09/2012, 23:59

Subject

CN=ElcomSoft Co.Ltd.,O=ElcomSoft Co.Ltd.,POSTALCODE=115035,STREET=Ovchinnikovskaya naberezhnaya 6-2,L=Moscow,ST=N/A,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

53:e0:ff:76:2c:e2:a8:3a:63:c0:de:9a:5d:65:c2:b6:f3:40:ca:57
Signer

Actual PE Digest

53:e0:ff:76:2c:e2:a8:3a:63:c0:de:9a:5d:65:c2:b6:f3:40:ca:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrlenA
SetLastError
OpenProcess
GetLastError
GetModuleFileNameA
lstrcpyA
lstrcpynA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
ResumeThread
WaitForSingleObject
GetExitCodeThread
VirtualFreeEx
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThread
GetCurrentProcess
CloseHandle
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlPcToFileHeader
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleA
FlsGetValue
FlsSetValue
TlsFree
FlsFree
GetCurrentThreadId
FlsAlloc
Sleep
HeapSize
ExitProcess
RtlUnwindEx
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
InitializeCriticalSection
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

wsprintfA

advapi32

RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegFlushKey
RegCloseKey
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
无线路由器密码破解 V1.0/路由器密码破解器_（5秒极速破解）简单版1.0/msimg32.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 416KB - Virtual size: 1.1MB

DATA Size: 5KB - Virtual size: 16KB

BSS Size: - Virtual size: 12KB

.idata Size: 4KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 80KB

.rsrc Size: 34KB - Virtual size: 140KB

.aspack Size: 9KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

1dfb6da0c31d04a734da63f1e92680aa

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

ole32

oleaut32

comctl32

ws2_32

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 8KB - Virtual size: 7KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 100KB

UPX1 Size: 62KB - Virtual size: 64KB

.rsrc Size: 8KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 92KB - Virtual size: 92KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 5KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 30KB - Virtual size: 30KB

7a1a55969b65001e4721de3519a962cb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

0b:7e:d5:0d:04:5c:25:02:bb:75:f1:c1:c2:a4:4d:9dCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

imagehlp

version

Exports

Exports

Sections

.text Size: 268KB - Virtual size: 264KB

.rdata Size: 40KB - Virtual size: 38KB

CODE
Size: 416KB - Virtual size: 1.1MB

DATA
Size: 5KB - Virtual size: 16KB

BSS
Size: - Virtual size: 12KB

.idata
Size: 4KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 80KB

.rsrc
Size: 34KB - Virtual size: 140KB

.aspack
Size: 9KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 8KB - Virtual size: 7KB

UPX0
Size: - Virtual size: 100KB

UPX1
Size: 62KB - Virtual size: 64KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 92KB - Virtual size: 92KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 5KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 30KB - Virtual size: 30KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

0b:7e:d5:0d:04:5c:25:02:bb:75:f1:c1:c2:a4:4d:9d
Certificate

.text
Size: 268KB - Virtual size: 264KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 800B

.reloc
Size: 16KB - Virtual size: 12KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

62:04:d2:56:fa:7f:1b:bb:6b:94:13:72:01:34:2e:db
Certificate

14:a7:90:44:76:7b:89:48:3c:e0:1a:45:64:ab:78:53:b3:9d:d9:62
Signer

.text
Size: - Virtual size: 812KB

.rdata
Size: - Virtual size: 196KB

.data
Size: - Virtual size: 110KB

.idata
Size: - Virtual size: 10KB

.didat
Size: - Virtual size: 1KB

.text1
Size: 272KB - Virtual size: 320KB

.adata
Size: 52KB - Virtual size: 64KB

.data1
Size: 44KB - Virtual size: 128KB

.pdata
Size: 728KB - Virtual size: 768KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.Upack
Size: - Virtual size: 28KB

.rsrc
Size: 8KB - Virtual size: 40KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

09:c0:cd:ce:ea:00:76:b3:8c:76:21:0a:92:ad:35:ca
Certificate

43:08:f0:ce:4e:2f:f8:3b:01:50:5d:06:cb:a2:1c:61:f5:d3:8c:5c
Signer

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate