b63011344e0542e4796555f5ad907b93_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b63011344e0542e4796555f5ad907b93_JaffaCakes118
Size

6.1MB
MD5

b63011344e0542e4796555f5ad907b93
SHA1

46f18e65bbd1bb5e385aa573038963fa5c5dd25b
SHA256

245096a133a88e223640156d90f1d031be49a87d9f14da0210729c6a263db95f
SHA512

c93a41d8f6fc858eb03ea92f799ac905e273f8ce949559e1bc6d402c79bf8cda9b4cf0cefb4a9d89614eb2bfabce488b8ee44c4ce52ca9b99008a304a52cfa40
SSDEEP

98304:osHUppqWoKzeAVJsDta+pa0MP4p9Wkl6CNKHaT3dNgLUejNjFh+zPJdF:os0ZzfUyXuWkldaYNgLUej7hUPrF

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/SPtool.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$_37_
unpack001/$PLUGINSDIR/SPtool.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$_37_

Files

b63011344e0542e4796555f5ad907b93_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:80:e6:4c:86:7d:c6:bc:b4:f3:72:85:a4:88:e4:6a:8e:f0:56:5b
Signer

Actual PE Digest

6c:80:e6:4c:86:7d:c6:bc:b4:f3:72:85:a4:88:e4:6a:8e:f0:56:5b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/$R0/EULA.txt
$PLUGINSDIR/$R1/CltMngSvc.exe
.exe windows:5 windows x86 arch:x86

806cb4e62b61a7b238cc1e9dcacd5384

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

93:56:73:eb:8f:49:cc:37:d0:37:e6:76:c1:98:32:55:b2:fd:08:4f
Signer

Actual PE Digest

93:56:73:eb:8f:49:cc:37:d0:37:e6:76:c1:98:32:55:b2:fd:08:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\builds\75\Search Protector\SP-2.12.20-Production\Sources\SearchProtector\Dev\2.12.20\Output\Release_32\CltMngSvc.pdb

Imports

wtsapi32

WTSEnumerateSessionsW
WTSRegisterSessionNotification
WTSCloseServer
WTSUnRegisterSessionNotification
WTSOpenServerW
WTSFreeMemory
WTSEnumerateProcessesW
WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

SetLastError
DuplicateHandle
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
TerminateProcess
GetExitCodeProcess
Sleep
GetCurrentProcess
GetTickCount
OpenProcess
LocalFree
LocalAlloc
lstrlenW
FormatMessageW
GetCommandLineW
CreateEventW
GetLastError
CloseHandle
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
CreateEventA
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
TryEnterCriticalSection
InterlockedDecrement
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
DeleteFileA
GetTempPathA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
HeapValidate
HeapCreate
GetFileAttributesA
LockFile
UnlockFile
GetFullPathNameA
HeapDestroy
DeviceIoControl
GetFullPathNameW
DeleteFileW
SetEnvironmentVariableA
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableW
OutputDebugStringW
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
GetStdHandle
HeapSize
QueryPerformanceCounter
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
FlushConsoleInputBuffer
GetVersion
CreateFileMappingA
ReadConsoleInputA
GetFileAttributesExW
GetDateFormatW
CreateSemaphoreW
GetStartupInfoW
UnhandledExceptionFilter
AreFileApisANSI
ExitProcess
GetCPInfo
LoadLibraryExW
HeapReAlloc
IsProcessorFeaturePresent
RtlUnwind
FormatMessageA
GetCurrentThread
ProcessIdToSessionId
InterlockedCompareExchange
GetSystemTime
GetCurrentThreadId
GetModuleFileNameW
LoadLibraryW
ResetEvent
GetModuleHandleW
GetProcAddress
MapViewOfFile
UnmapViewOfFile
CreateThread
CreateFileW
CreateFileMappingW
TerminateThread
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
CreateProcessW
LoadLibraryA
CreateMutexW
FreeLibrary
GetModuleHandleExW
GetUserDefaultLCID
GetLocaleInfoW
GetProcessHeap
HeapAlloc
HeapFree
GetSystemInfo
GetVersionExA
TlsSetValue
TlsGetValue
SetConsoleMode
SetFilePointer
WriteFile
ReleaseMutex
GetSystemTimeAsFileTime
GetFileSize
ReadFile
GetFileAttributesW
GetDiskFreeSpaceExW
GetTempPathW
CreateDirectoryW
lstrcpynA
lstrcpyA
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetModuleFileNameA
CreateFileA
GetFileTime
VirtualQuery
GetModuleHandleA
OutputDebugStringA
GlobalMemoryStatus
GetLocalTime
SetUnhandledExceptionFilter
QueueUserWorkItem
GetModuleHandleExA
ExitThread
RaiseException
IsDebuggerPresent
LockFileEx
UnlockFileEx
SystemTimeToFileTime
InterlockedIncrement
GetStringTypeW
EncodePointer
DecodePointer
OpenEventA
ReleaseSemaphore
SetWaitableTimer
ResumeThread
TlsAlloc
TlsFree
CreateWaitableTimerA

user32

PostMessageW
TranslateMessage
RegisterClassExW
GetWindowLongW
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
SetWindowLongW
CreateWindowExW
DefWindowProcW
DispatchMessageW
UnregisterClassW
PostQuitMessage
wsprintfW
LoadStringW
GetMessageW
KillTimer
SetTimer
RegisterClassW
GetSystemMetrics
GetDesktopWindow
DestroyWindow
PostThreadMessageW

advapi32

RegisterEventSourceA
ReportEventA
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegisterServiceCtrlHandlerExW
OpenThreadToken
FreeSid
CheckTokenMembership
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenSCManagerW
OpenServiceW
CreateServiceW
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
StartServiceW
DeleteService
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
DeregisterEventSource
RegNotifyChangeKeyValue
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
CryptDestroyHash
ConvertSidToStringSidW
GetLengthSid
AllocateAndInitializeSid
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
GetTokenInformation
OpenProcessToken
StartServiceCtrlDispatcherW
ReportEventW
SetServiceStatus
RegisterEventSourceW

shell32

CommandLineToArgvW
SHGetFolderPathW

ole32

StringFromGUID2
CoCreateGuid
CoCreateInstance
CoInitialize
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString

rpcrt4

RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingInqObject
RpcEpResolveBinding
RpcBindingFree
RpcStringFreeW
RpcObjectSetType
RpcBindingSetObject
NdrServerCall2
RpcServerUseProtseqEpW
I_RpcBindingInqLocalClientPID
I_RpcBindingInqTransportType
RpcRevertToSelfEx
RpcObjectInqType
RpcImpersonateClient
NdrClientCall2
RpcServerRegisterIfEx
RpcServerUnregisterIfEx

psapi

GetModuleBaseNameW

version

VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW

wininet

InternetSetOptionW
InternetOpenA
InternetCheckConnectionW
InternetReadFile
HttpQueryInfoA
InternetQueryOptionW
InternetConnectA
InternetAttemptConnect
HttpOpenRequestA
HttpAddRequestHeadersA
InternetSetCookieA
HttpSendRequestW
HttpSendRequestA
HttpSendRequestExW
HttpEndRequestW
InternetWriteFile
InternetCloseHandle

crypt32

CryptMsgClose
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 490KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/$R1/SPTool.dll
.dll windows:5 windows x86 arch:x86

9a4acc558732f5ae7e900bac53cbd98a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f3:0d:49:d7:39:76:6d:5b:56:08:b1:cb:5b:18:82:7c:e5:49:ad:36
Signer

Actual PE Digest

f3:0d:49:d7:39:76:6d:5b:56:08:b1:cb:5b:18:82:7c:e5:49:ad:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\builds\75\Search Protector\SP-2.12.20-Production\Sources\SearchProtector\Dev\2.12.20\Output\Release_32\SPtool.pdb

Imports

kernel32

FindNextFileW
FindClose
GetDiskFreeSpaceExW
GetLongPathNameW
GetModuleFileNameW
CreateEventW
GetSystemTime
GetTempPathW
CreateDirectoryW
GetTempFileNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
OpenProcess
TerminateProcess
CreateProcessW
LoadLibraryA
GetVersionExW
DeleteFileW
LoadLibraryW
FreeLibrary
GetModuleFileNameA
ExitThread
GetModuleHandleExW
GetUserDefaultLCID
GetModuleHandleW
GetLocaleInfoW
GetProcessHeap
HeapAlloc
GetCurrentProcess
HeapFree
InitializeCriticalSection
TryEnterCriticalSection
lstrlenW
ProcessIdToSessionId
LocalAlloc
GetSystemInfo
DeleteCriticalSection
GetVersionExA
LocalFree
FormatMessageW
LockFileEx
UnlockFileEx
ExpandEnvironmentStringsW
WaitForMultipleObjects
lstrcpynA
lstrcpyA
lstrlenA
FileTimeToLocalFileTime
FileTimeToDosDateTime
CreateFileA
GetFileTime
VirtualQuery
GetModuleHandleA
OutputDebugStringA
GlobalMemoryStatus
GetLocalTime
TlsSetValue
IsDebuggerPresent
GetCurrentThread
SetLastError
GetSystemWindowsDirectoryW
GetTickCount
MoveFileW
OpenEventW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
InterlockedIncrement
FindFirstFileW
GetStringTypeW
EncodePointer
DecodePointer
SetFilePointer
GetCommandLineA
LoadLibraryExW
HeapReAlloc
GetCPInfo
IsProcessorFeaturePresent
ExitProcess
AreFileApisANSI
RaiseException
RtlUnwind
UnhandledExceptionFilter
TlsAlloc
TlsFree
GetStartupInfoW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
HeapSize
GetStdHandle
GetFileType
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
SetConsoleCtrlHandler
GetTimeZoneInformation
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetEnvironmentVariableW
SetStdHandle
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableA
OpenEventA
ResetEvent
SystemTimeToFileTime
FormatMessageA
GetCurrentDirectoryW
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
DeviceIoControl
InterlockedCompareExchange
GetFileAttributesW
ReadFile
GetFileSize
DeleteFileA
GetTempPathA
GetDiskFreeSpaceA
CreateFileMappingA
GetDiskFreeSpaceW
HeapValidate
HeapCreate
GetFileAttributesA
LockFile
UnlockFile
HeapDestroy
FlushConsoleInputBuffer
GetVersion
ReadConsoleW
GetFullPathNameA
LeaveCriticalSection
Sleep
EnterCriticalSection
GetCurrentThreadId
GetSystemTimeAsFileTime
ReleaseMutex
InterlockedDecrement
WriteFile
QueueUserWorkItem
ReadConsoleInputA
SetConsoleMode
CreateFileW
MoveFileExW
GetFileAttributesExW
WaitForSingleObject
GetLastError
CreateMutexW
TlsGetValue
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
lstrcpynW
lstrcpyW
GlobalFree
CloseHandle
GetProcAddress
SetEvent
CreateEventA
CopyFileW
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetDriveTypeW
FindResourceExW
LockResource
SizeofResource
LoadResource
FindResourceW

user32

wsprintfW
LoadStringW
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics

crypt32

CryptMsgClose
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptQueryObject

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleFileNameExW
GetModuleBaseNameW

dbghelp

MiniDumpWriteDump

advapi32

CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
CryptDestroyHash
ControlService
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
CheckTokenMembership
FreeSid
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
AllocateAndInitializeSid
OpenThreadToken
RegCloseKey
ConvertSidToStringSidW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
DeleteService
GetTokenInformation
GetUserNameW
OpenProcessToken
CryptGetHashParam

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
StringFromGUID2
CoInitializeSecurity
CoSetProxyBlanket

oleaut32

VariantInit
VariantClear
SysAllocString
SysStringLen
VariantChangeType
SysFreeString

rpcrt4

I_RpcBindingInqTransportType
RpcRevertToSelfEx
RpcObjectInqType
RpcImpersonateClient
RpcBindingInqObject
RpcObjectSetType
RpcServerUnregisterIfEx
RpcServerRegisterIfEx
NdrClientCall2
RpcStringFreeW
RpcBindingFree
RpcEpResolveBinding
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetObject
I_RpcBindingInqLocalClientPID
NdrServerCall2
RpcServerUseProtseqEpW

wininet

InternetSetOptionW
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetAttemptConnect
HttpOpenRequestA
HttpAddRequestHeadersA
InternetQueryOptionW
HttpSendRequestW
HttpSendRequestA
HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
HttpQueryInfoA
InternetReadFile
InternetSetCookieA

Exports

Exports

Invoke

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/$R1/SPTool64.exe
.exe windows:5 windows x64 arch:x64

1d8bd6cf2251ba10190600a3c7f59580

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cc:2a:90:15:b5:6a:eb:c1:92:50:0e:78:1d:77:6e:5d:ee:c6:7c:3e
Signer

Actual PE Digest

cc:2a:90:15:b5:6a:eb:c1:92:50:0e:78:1d:77:6e:5d:ee:c6:7c:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\builds\75\Search Protector\SP-2.12.20-Production\Sources\SearchProtector\Dev\2.12.20\Output\Release_64\SPtool64.pdb

Imports

psapi

GetModuleBaseNameW
EnumProcessModules

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject

kernel32

DeleteCriticalSection
SetLastError
TlsSetValue
TlsGetValue
GetLastError
CreateFileW
SetFilePointer
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
GetCurrentThreadId
Sleep
ReadFile
GetFileAttributesW
GetModuleFileNameW
MultiByteToWideChar
FreeLibrary
GetModuleHandleExW
GetUserDefaultLCID
LoadLibraryW
GetLocaleInfoW
GetProcessHeap
HeapAlloc
GetCurrentProcess
HeapFree
GetVersionExW
LocalAlloc
GetSystemInfo
GetCurrentProcessId
LocalFree
TerminateProcess
GetTickCount
IsDebuggerPresent
EnterCriticalSection
GetModuleHandleA
SetUnhandledExceptionFilter
GetStringTypeW
EncodePointer
DecodePointer
GetCommandLineW
HeapReAlloc
LoadLibraryExW
GetCPInfo
IsProcessorFeaturePresent
SetConsoleMode
AreFileApisANSI
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
TlsAlloc
TlsFree
GetStartupInfoW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
HeapSize
GetStdHandle
GetFileType
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
SetConsoleCtrlHandler
GetTimeZoneInformation
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableA
SetEndOfFile
DeviceIoControl
FormatMessageA
GlobalMemoryStatus
FlushConsoleInputBuffer
TryEnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateProcessW
CloseHandle
VirtualFreeEx
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
GetProcAddress
GetModuleHandleW
WriteProcessMemory
VirtualAllocEx
OpenProcess
InitializeCriticalSectionAndSpinCount
ReadConsoleW
GetVersion
ReadConsoleInputA
LoadLibraryA
ExitProcess

user32

MessageBoxW
LoadStringW
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegOpenKeyExW
RegCloseKey
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegQueryValueExW

shell32

SHGetFolderPathW

Sections

.text
Size: 936KB - Virtual size: 935KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/$R1/SPVC32.dll
.dll windows:5 windows x86 arch:x86

1c4ffbfcedcd097d3c0107ac9ad19f38

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

82:c4:3e:9b:9a:89:11:a6:c8:28:aa:61:68:01:f0:25:0d:03:8c:7b
Signer

Actual PE Digest

82:c4:3e:9b:9a:89:11:a6:c8:28:aa:61:68:01:f0:25:0d:03:8c:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\builds\75\Search Protector\SP-2.12.20-Production\Sources\SearchProtector\Dev\2.12.20\Output\Release_32\SPVC32.pdb

Imports

kernel32

CreateFileMappingA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
HeapValidate
HeapCreate
GetFileAttributesA
LockFile
UnlockFile
LoadLibraryW
GetSystemTime
InitializeCriticalSectionAndSpinCount
SetLastError
TlsSetValue
TlsGetValue
CreateMutexW
GetFileAttributesExW
CreateFileW
SetFilePointer
WideCharToMultiByte
WriteFile
ReleaseMutex
GetSystemTimeAsFileTime
GetCurrentThreadId
FormatMessageW
MultiByteToWideChar
LocalFree
FreeLibrary
GetModuleHandleExA
GetModuleFileNameA
ExitThread
GetFileSize
ReadFile
GetFileAttributesW
GetDiskFreeSpaceExW
GetModuleFileNameW
CreateEventW
CreateIoCompletionPort
ReadDirectoryChangesW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetTempPathW
CreateDirectoryW
ExpandEnvironmentStringsW
WaitForMultipleObjects
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
Thread32First
Thread32Next
TerminateProcess
LoadLibraryA
GetVersionExW
FindResourceW
LoadResource
SizeofResource
LockResource
lstrcpynA
lstrcpyA
lstrlenA
FileTimeToLocalFileTime
FileTimeToDosDateTime
CreateFileA
GetFileTime
GetSystemInfo
VirtualQuery
GetVersionExA
GetModuleHandleA
OutputDebugStringA
GlobalMemoryStatus
GetLocalTime
GetCurrentProcess
SetUnhandledExceptionFilter
LockFileEx
UnlockFileEx
GetModuleHandleExW
GetUserDefaultLCID
GetLocaleInfoW
GetProcessHeap
HeapAlloc
HeapFree
OpenThread
ProcessIdToSessionId
GetTempPathA
GetThreadTimes
GetCurrentThread
IsDebuggerPresent
GetCommandLineW
InterlockedDecrement
TlsFree
TlsAlloc
VirtualProtect
DuplicateHandle
GetTickCount
GetStringTypeW
EncodePointer
DecodePointer
InterlockedExchange
FormatMessageA
DeleteFileW
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
DeviceIoControl
AreFileApisANSI
InterlockedCompareExchange
LCMapStringW
GetCommandLineA
HeapReAlloc
LoadLibraryExW
GetCPInfo
IsProcessorFeaturePresent
RaiseException
RtlUnwind
UnhandledExceptionFilter
GetStartupInfoW
CreateSemaphoreW
GetDateFormatW
GetTimeFormatW
CompareStringW
IsValidLocale
EnumSystemLocalesW
HeapSize
GetStdHandle
GetFileType
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
SetConsoleCtrlHandler
GetTimeZoneInformation
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetEnvironmentVariableW
SetStdHandle
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableA
GetThreadContext
SetThreadPriority
FlushInstructionCache
VirtualProtectEx
GetThreadPriority
SuspendThread
ResumeThread
HeapDestroy
FlushConsoleInputBuffer
GetVersion
ReadConsoleW
GetFullPathNameA
SystemTimeToFileTime
CreateWaitableTimerA
SetWaitableTimer
OpenEventA
FindResourceExW
Module32NextW
Module32FirstW
TerminateThread
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
ResetEvent
ReleaseSemaphore
ReadConsoleInputA
SetConsoleMode
CreateThread
GetCurrentProcessId
CloseHandle
DeleteCriticalSection
OpenEventW
EnterCriticalSection
VirtualAlloc
GetProcAddress
GetLastError
FreeLibraryAndExitThread
LeaveCriticalSection
DeleteFileA
LoadLibraryExA
Sleep
SetEvent
WaitForSingleObject
CreateEventA
InitializeCriticalSection
VirtualFree
GetModuleHandleW
InterlockedIncrement
TryEnterCriticalSection
ExitProcess

user32

GetWindowThreadProcessId
EnumWindows
GetClassNameW
LoadStringW
wsprintfW
IsWindow
DefWindowProcW
SetPropW
SendNotifyMessageW
PostThreadMessageW
SetWindowLongW
KillTimer
SetTimer
GetMessageW
TranslateMessage
DispatchMessageW
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
RemovePropW
GetWindowLongW
GetClassWord
EnumChildWindows
RegisterWindowMessageW
PostMessageW
FindWindowW
GetPropW
SendMessageTimeoutW
RegisterClassW
UnregisterClassW
CreateWindowExW
DestroyWindow
GetAncestor
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetSystemMetrics

version

GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueA
VerQueryValueW

psapi

GetModuleFileNameExW
GetModuleInformation
EnumProcessModules

dbghelp

MiniDumpWriteDump

shlwapi

UrlEscapeW

advapi32

CheckTokenMembership
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
GetUserNameW
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
AllocateAndInitializeSid
OpenThreadToken
ConvertSidToStringSidW
DeregisterEventSource
RegisterEventSourceA
ReportEventA

shell32

SHGetFolderPathW

ole32

StringFromGUID2
CoCreateGuid

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

rpcrt4

RpcServerUseProtseqEpW
NdrServerCall2
RpcServerUnregisterIfEx
RpcServerRegisterIfEx
NdrClientCall2
RpcStringFreeW
RpcBindingFree
RpcEpResolveBinding
RpcBindingSetObject
RpcStringBindingComposeW
RpcObjectSetType
RpcBindingInqObject
RpcImpersonateClient
RpcObjectInqType
RpcRevertToSelfEx
I_RpcBindingInqTransportType
I_RpcBindingInqLocalClientPID
RpcBindingFromStringBindingW

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 317KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/$R1/SPVC32Loader.dll
.dll windows:5 windows x86 arch:x86

b0b1274ffe9f8aa96ba3a6eec871a41f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:c9:c5:66:fe:a9:8d:c3:4b:9e:49:6f:9f:e6:eb:ce:19:13:61:1a
Signer

Actual PE Digest

1e:c9:c5:66:fe:a9:8d:c3:4b:9e:49:6f:9f:e6:eb:ce:19:13:61:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\builds\75\Search Protector\SP-2.12.20-Production\Sources\SearchProtector\Dev\2.12.20\Output\Release_32\SPVC32Loader.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

CreateThread
FindResourceExW
FindResourceW
LoadResource
InitializeCriticalSectionAndSpinCount
SizeofResource
CreateEventA
SetEvent
LockResource
SetConsoleMode
ReadConsoleInputA
GetCurrentProcessId
CloseHandle
OpenEventW
VirtualProtect
GetProcAddress
GetLastError
HeapFree
HeapAlloc
EncodePointer
DecodePointer
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
InterlockedDecrement
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetStdHandle
WriteFile
InterlockedIncrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
HeapSize
Sleep
RaiseException
DeleteCriticalSection
FreeLibraryAndExitThread
GetStringTypeW
GetFileType
GetStartupInfoW
GetModuleFileNameA
SetEnvironmentVariableA
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
OutputDebugStringW
CompareStringW
LCMapStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
SetEndOfFile
ReadConsoleW
GetModuleHandleA
GetVersion
GetTickCount
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
HeapDestroy
OpenEventA
WaitForSingleObject
ResetEvent
LocalFree
FormatMessageA
CreateFileW
GetModuleFileNameW
ReadFile
LoadLibraryW
GetModuleHandleW
SleepEx
GetFileSize
SetFilePointer
RtlUnwind
QueryPerformanceCounter

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
LoadStringW
RegisterWindowMessageW
PostMessageW
FindWindowW

advapi32

RegisterEventSourceA
RegOpenKeyExW
RegCloseKey
ReportEventA
DeregisterEventSource
RegQueryValueExW

Sections

.text
Size: 591KB - Virtual size: 591KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/$R1/SPVC64.dll
.dll windows:5 windows x64 arch:x64

13386ff144ee7c833601b7d090c7329b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:0e:27:01:53:d1:81:a7:be:bf:b6:15:2c:e0:91:1d:e6:75:6e:ed
Signer

Actual PE Digest

51:0e:27:01:53:d1:81:a7:be:bf:b6:15:2c:e0:91:1d:e6:75:6e:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\builds\75\Search Protector\SP-2.12.20-Production\Sources\SearchProtector\Dev\2.12.20\Output\Release_64\SPVC64.pdb

Imports

kernel32

GlobalMemoryStatus
GetVersion
ReadConsoleW
LoadLibraryW
InitializeCriticalSectionAndSpinCount
SetLastError
TlsSetValue
TlsGetValue
CreateMutexW
CreateFileW
SetFilePointer
WideCharToMultiByte
WriteFile
ReleaseMutex
GetSystemTimeAsFileTime
GetCurrentThreadId
MultiByteToWideChar
LocalFree
FreeLibrary
GetModuleHandleExA
GetModuleFileNameA
ExitThread
GetFileSize
ReadFile
GetFileAttributesW
GetDiskFreeSpaceExW
GetModuleFileNameW
CreateEventW
CreateDirectoryW
WaitForMultipleObjects
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
LoadLibraryA
GetVersionExW
lstrcpynA
lstrcpyA
lstrlenA
FileTimeToLocalFileTime
FileTimeToDosDateTime
CreateFileA
GetFileTime
GetSystemInfo
VirtualQuery
GetModuleHandleA
OutputDebugStringA
GetLocalTime
GetCurrentProcess
DuplicateHandle
LockFileEx
UnlockFileEx
GetModuleHandleExW
GetUserDefaultLCID
GetLocaleInfoW
GetProcessHeap
HeapAlloc
HeapFree
OpenThread
FlushConsoleInputBuffer
GetCurrentThread
IsDebuggerPresent
GetCommandLineW
TlsAlloc
TlsFree
GetStringTypeW
EncodePointer
DecodePointer
FormatMessageA
SetEndOfFile
SetFilePointerEx
DeviceIoControl
AreFileApisANSI
LCMapStringW
GetCommandLineA
HeapReAlloc
LoadLibraryExW
GetCPInfo
IsProcessorFeaturePresent
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
GetStartupInfoW
CreateSemaphoreW
GetDateFormatW
GetTimeFormatW
CompareStringW
IsValidLocale
EnumSystemLocalesW
HeapSize
GetStdHandle
GetFileType
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
SetConsoleCtrlHandler
GetTimeZoneInformation
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetEnvironmentVariableW
SetStdHandle
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableA
GetThreadContext
SetThreadPriority
FlushInstructionCache
VirtualProtectEx
GetThreadPriority
SuspendThread
ResumeThread
SystemTimeToFileTime
CreateWaitableTimerA
SetWaitableTimer
OpenEventA
Module32NextW
Module32FirstW
TerminateThread
ResetEvent
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
ReleaseSemaphore
GetTickCount
ReadConsoleInputA
SetConsoleMode
CreateThread
GetCurrentProcessId
CloseHandle
DeleteCriticalSection
OpenEventW
EnterCriticalSection
VirtualAlloc
GetProcAddress
GetLastError
FreeLibraryAndExitThread
LeaveCriticalSection
Sleep
HeapDestroy
ProcessIdToSessionId
SetEvent
WaitForSingleObject
CreateEventA
InitializeCriticalSection
VirtualFree
GetModuleHandleW
TryEnterCriticalSection
SetUnhandledExceptionFilter
ExitProcess

user32

IsWindow
MessageBoxW
GetWindowThreadProcessId
EnumWindows
GetClassNameW
LoadStringW
RegisterWindowMessageW
SendNotifyMessageW
PostThreadMessageW
SetWindowLongPtrW
KillTimer
SetTimer
GetMessageW
TranslateMessage
DispatchMessageW
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
PostMessageW
FindWindowW
SetPropW
GetClassWord
RemovePropW
GetPropW
GetWindowLongPtrW
DefWindowProcW
EnumChildWindows
DestroyWindow
GetAncestor
CreateWindowExW
SendMessageTimeoutW
RegisterClassW
UnregisterClassW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

dbghelp

MiniDumpWriteDump

shlwapi

UrlEscapeW

advapi32

CheckTokenMembership
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetTokenInformation
FreeSid
AllocateAndInitializeSid
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW

shell32

SHGetFolderPathW

ole32

StringFromGUID2
CoCreateGuid

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

rpcrt4

RpcBindingInqObject
RpcObjectInqType
RpcRevertToSelfEx
I_RpcBindingInqTransportType
I_RpcBindingInqLocalClientPID
RpcServerUseProtseqEpW
NdrServerCall2
RpcObjectSetType
RpcServerUnregisterIfEx
RpcBindingSetObject
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcEpResolveBinding
RpcBindingFree
RpcStringFreeW
NdrClientCall2
RpcImpersonateClient
RpcServerRegisterIfEx

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 719KB - Virtual size: 719KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 399KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/$R1/SPVC64Loader.dll
.dll windows:5 windows x64 arch:x64

87c78a70358df148fbc648f683c5bb77

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:bf:51:a9:88:c2:8f:bd:84:bc:b7:50:11:67:d1:8c:9c:7e:5e:e9
Signer

Actual PE Digest

65:bf:51:a9:88:c2:8f:bd:84:bc:b7:50:11:67:d1:8c:9c:7e:5e:e9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\builds\75\Search Protector\SP-2.12.20-Production\Sources\SearchProtector\Dev\2.12.20\Output\Release_64\SPVC64Loader.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

CreateThread
FindResourceExW
FindResourceW
LoadResource
InitializeCriticalSectionAndSpinCount
SizeofResource
CreateEventA
SetEvent
LockResource
SetConsoleMode
ReadConsoleInputA
GetCurrentProcessId
CloseHandle
OpenEventW
VirtualProtect
GetProcAddress
GetLastError
HeapFree
HeapAlloc
EncodePointer
DecodePointer
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetStdHandle
WriteFile
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
HeapSize
Sleep
RtlUnwindEx
RtlPcToFileHeader
RaiseException
DeleteCriticalSection
FreeLibraryAndExitThread
GetStringTypeW
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
SetEnvironmentVariableA
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
OutputDebugStringW
CompareStringW
LCMapStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
SetEndOfFile
ReadConsoleW
GetVersion
GetTickCount
GlobalMemoryStatus
FlushConsoleInputBuffer
LoadLibraryA
HeapDestroy
OpenEventA
WaitForSingleObject
ResetEvent
LocalFree
FormatMessageA
CreateFileW
GetModuleFileNameW
ReadFile
GetVersionExW
LoadLibraryW
GetModuleHandleW
SleepEx
GetFileSize
SetFilePointer
GetSystemTimeAsFileTime

user32

MessageBoxW
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
LoadStringW
RegisterWindowMessageW
PostMessageW
FindWindowW

advapi32

RegisterEventSourceW
RegOpenKeyExW
RegCloseKey
ReportEventW
DeregisterEventSource
RegQueryValueExW

Sections

.text
Size: 728KB - Virtual size: 728KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/$R1/cltmng.exe
.exe windows:5 windows x86 arch:x86

1ed85a065f2914d5a60925c15489d473

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

63:da:83:7d:af:c3:6c:7e:7b:d1:51:7f:67:bf:a3:02:19:d6:fc:ee
Signer

Actual PE Digest

63:da:83:7d:af:c3:6c:7e:7b:d1:51:7f:67:bf:a3:02:19:d6:fc:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\builds\75\Search Protector\SP-2.12.20-Production\Sources\SearchProtector\Dev\2.12.20\Output\Release_32\cltmng.pdb

Imports

kernel32

DuplicateHandle
VirtualAllocEx
CreateRemoteThread
VirtualFreeEx
LocalFileTimeToFileTime
FileTimeToSystemTime
GetDriveTypeW
GetVersion
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleMode
CloseHandle
CreateEventW
LocalAlloc
SetLastError
GetLastError
lstrlenW
HeapCreate
SetEvent
CreateEventA
FormatMessageW
WriteProcessMemory
DeleteFileA
GetSystemTime
InitializeCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
LoadLibraryW
GetModuleHandleW
GetProcAddress
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateThread
WaitForSingleObject
GetExitCodeThread
CreateFileW
GetFileSizeEx
CreateFileMappingW
GetModuleFileNameW
lstrcpynA
lstrcpyA
lstrlenA
WriteFile
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetModuleFileNameA
CreateFileA
GetFileSize
GetFileTime
GetSystemInfo
VirtualQuery
GetVersionExA
GetModuleHandleA
OutputDebugStringA
GetSystemTimeAsFileTime
GlobalMemoryStatus
GetLocalTime
GetCurrentProcessId
GetCurrentProcess
SetUnhandledExceptionFilter
WideCharToMultiByte
MultiByteToWideChar
LocalFree
GetModuleHandleExA
ExitThread
CreateMutexW
FreeLibrary
CreateProcessW
GetModuleHandleExW
GetUserDefaultLCID
OpenProcess
GetLocaleInfoW
GetProcessHeap
HeapAlloc
HeapFree
GetVersionExW
ProcessIdToSessionId
CreateToolhelp32Snapshot
TlsSetValue
TlsGetValue
GetFileAttributesExW
MoveFileExW
SetFilePointer
ReleaseMutex
Sleep
HeapReAlloc
QueueUserWorkItem
ReadFile
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
GetDiskFreeSpaceExW
GetLongPathNameW
CreateIoCompletionPort
ReadDirectoryChangesW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetFileInformationByHandle
GetTempPathW
CreateDirectoryW
GetTempFileNameW
ExpandEnvironmentStringsW
WaitForMultipleObjects
Process32FirstW
Process32NextW
TerminateProcess
LoadLibraryA
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
RaiseException
TerminateThread
GetCurrentThread
IsDebuggerPresent
LockFileEx
UnlockFileEx
ResetEvent
GetExitCodeProcess
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
EncodePointer
DecodePointer
InterlockedExchange
GetCurrentDirectoryW
DeleteFileW
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
SetFileTime
DeviceIoControl
CopyFileW
AreFileApisANSI
FormatMessageA
GetStringTypeExW
LCMapStringW
LCMapStringA
GetStringTypeExA
InterlockedCompareExchange
ExitProcess
GetCommandLineW
IsProcessorFeaturePresent
LoadLibraryExW
GetCPInfo
RtlUnwind
UnhandledExceptionFilter
TlsAlloc
TlsFree
GetStartupInfoW
CreateSemaphoreW
GetDateFormatW
GetTimeFormatW
CompareStringW
IsValidLocale
EnumSystemLocalesW
HeapSize
GetStdHandle
SetConsoleCtrlHandler
IsValidCodePage
GetACP
GetOEMCP
GetFileType
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
OutputDebugStringW
SetEnvironmentVariableW
SetStdHandle
FlushFileBuffers
WriteConsoleW
SetEnvironmentVariableA
OpenEventA
ReleaseSemaphore
GetTickCount
SetWaitableTimer
ResumeThread
CreateWaitableTimerA
SystemTimeToFileTime
HeapDestroy
GetFullPathNameA
UnlockFile
LockFile
GetFileAttributesA
HeapValidate
GetDiskFreeSpaceW
CreateFileMappingA
GetDiskFreeSpaceA
GetTempPathA
InitializeCriticalSectionAndSpinCount

user32

RegisterClassW
CreateWindowExW
SetWindowLongW
PeekMessageW
DispatchMessageW
DefWindowProcW
LoadStringA
GetMessageW
wsprintfW
LoadStringW
SendNotifyMessageW
GetSystemMetrics
TranslateMessage
MsgWaitForMultipleObjects
SetTimer
PostThreadMessageW
PostMessageW
RegisterWindowMessageW
DestroyWindow
KillTimer
GetDesktopWindow
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
GetWindowLongW

version

GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueA

psapi

GetModuleBaseNameW
EnumProcessModules
GetProcessImageFileNameW
EnumProcesses

wininet

InternetCrackUrlW
InternetSetOptionW
InternetOpenA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
InternetConnectA
InternetAttemptConnect
HttpOpenRequestA
HttpAddRequestHeadersA
InternetSetCookieA
HttpSendRequestW
HttpSendRequestA
InternetQueryOptionW

dbghelp

MiniDumpWriteDump

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject

shlwapi

UrlUnescapeW

advapi32

CheckTokenMembership
ConvertSidToStringSidW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegNotifyChangeKeyValue
FreeSid
AllocateAndInitializeSid
OpenThreadToken
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
RegisterEventSourceA
ReportEventA
DeregisterEventSource
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
GetUserNameW

shell32

SHGetFolderPathW

ole32

CoSetProxyBlanket
CoWaitForMultipleHandles
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoInitialize
StringFromGUID2
CoCreateGuid

oleaut32

SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayDestroy
SysFreeString
SysStringLen
SysAllocString
VariantClear
VariantInit

rpcrt4

RpcServerRegisterIfEx
RpcServerUnregisterIfEx
RpcObjectSetType
RpcBindingInqObject
RpcImpersonateClient
RpcObjectInqType
RpcRevertToSelfEx
I_RpcBindingInqTransportType
I_RpcBindingInqLocalClientPID
RpcServerUseProtseqEpW
RpcBindingSetObject
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall2
NdrServerCall2
RpcStringFreeW
RpcBindingFree
RpcEpResolveBinding

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 894KB - Virtual size: 894KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/$R1/uninstall.exe
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:99:b4:e8:cc:b4:89:53:de:23:c7:3f:83:2e:ee:09:45:b0:5c:6e
Signer

Actual PE Digest

4a:99:b4:e8:cc:b4:89:53:de:23:c7:3f:83:2e:ee:09:45:b0:5c:6e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SPtool.dll
.dll windows:5 windows x86 arch:x86

9a4acc558732f5ae7e900bac53cbd98a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\builds\75\Search Protector\SP-2.12.20-Production\Sources\SearchProtector\Dev\2.12.20\Output\Release_32\SPtool.pdb

Imports

kernel32

FindNextFileW
FindClose
GetDiskFreeSpaceExW
GetLongPathNameW
GetModuleFileNameW
CreateEventW
GetSystemTime
GetTempPathW
CreateDirectoryW
GetTempFileNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
OpenProcess
TerminateProcess
CreateProcessW
LoadLibraryA
GetVersionExW
DeleteFileW
LoadLibraryW
FreeLibrary
GetModuleFileNameA
ExitThread
GetModuleHandleExW
GetUserDefaultLCID
GetModuleHandleW
GetLocaleInfoW
GetProcessHeap
HeapAlloc
GetCurrentProcess
HeapFree
InitializeCriticalSection
TryEnterCriticalSection
lstrlenW
ProcessIdToSessionId
LocalAlloc
GetSystemInfo
DeleteCriticalSection
GetVersionExA
LocalFree
FormatMessageW
LockFileEx
UnlockFileEx
ExpandEnvironmentStringsW
WaitForMultipleObjects
lstrcpynA
lstrcpyA
lstrlenA
FileTimeToLocalFileTime
FileTimeToDosDateTime
CreateFileA
GetFileTime
VirtualQuery
GetModuleHandleA
OutputDebugStringA
GlobalMemoryStatus
GetLocalTime
TlsSetValue
IsDebuggerPresent
GetCurrentThread
SetLastError
GetSystemWindowsDirectoryW
GetTickCount
MoveFileW
OpenEventW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
InterlockedIncrement
FindFirstFileW
GetStringTypeW
EncodePointer
DecodePointer
SetFilePointer
GetCommandLineA
LoadLibraryExW
HeapReAlloc
GetCPInfo
IsProcessorFeaturePresent
ExitProcess
AreFileApisANSI
RaiseException
RtlUnwind
UnhandledExceptionFilter
TlsAlloc
TlsFree
GetStartupInfoW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
HeapSize
GetStdHandle
GetFileType
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
SetConsoleCtrlHandler
GetTimeZoneInformation
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetEnvironmentVariableW
SetStdHandle
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableA
OpenEventA
ResetEvent
SystemTimeToFileTime
FormatMessageA
GetCurrentDirectoryW
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
DeviceIoControl
InterlockedCompareExchange
GetFileAttributesW
ReadFile
GetFileSize
DeleteFileA
GetTempPathA
GetDiskFreeSpaceA
CreateFileMappingA
GetDiskFreeSpaceW
HeapValidate
HeapCreate
GetFileAttributesA
LockFile
UnlockFile
HeapDestroy
FlushConsoleInputBuffer
GetVersion
ReadConsoleW
GetFullPathNameA
LeaveCriticalSection
Sleep
EnterCriticalSection
GetCurrentThreadId
GetSystemTimeAsFileTime
ReleaseMutex
InterlockedDecrement
WriteFile
QueueUserWorkItem
ReadConsoleInputA
SetConsoleMode
CreateFileW
MoveFileExW
GetFileAttributesExW
WaitForSingleObject
GetLastError
CreateMutexW
TlsGetValue
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
lstrcpynW
lstrcpyW
GlobalFree
CloseHandle
GetProcAddress
SetEvent
CreateEventA
CopyFileW
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetDriveTypeW
FindResourceExW
LockResource
SizeofResource
LoadResource
FindResourceW

user32

wsprintfW
LoadStringW
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics

crypt32

CryptMsgClose
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptQueryObject

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleFileNameExW
GetModuleBaseNameW

dbghelp

MiniDumpWriteDump

advapi32

CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
CryptDestroyHash
ControlService
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
CheckTokenMembership
FreeSid
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
AllocateAndInitializeSid
OpenThreadToken
RegCloseKey
ConvertSidToStringSidW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
DeleteService
GetTokenInformation
GetUserNameW
OpenProcessToken
CryptGetHashParam

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
StringFromGUID2
CoInitializeSecurity
CoSetProxyBlanket

oleaut32

VariantInit
VariantClear
SysAllocString
SysStringLen
VariantChangeType
SysFreeString

rpcrt4

I_RpcBindingInqTransportType
RpcRevertToSelfEx
RpcObjectInqType
RpcImpersonateClient
RpcBindingInqObject
RpcObjectSetType
RpcServerUnregisterIfEx
RpcServerRegisterIfEx
NdrClientCall2
RpcStringFreeW
RpcBindingFree
RpcEpResolveBinding
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetObject
I_RpcBindingInqLocalClientPID
NdrServerCall2
RpcServerUseProtseqEpW

wininet

InternetSetOptionW
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetAttemptConnect
HttpOpenRequestA
HttpAddRequestHeadersA
InternetQueryOptionW
HttpSendRequestW
HttpSendRequestA
HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
HttpQueryInfoA
InternetReadFile
InternetSetCookieA

Exports

Exports

Invoke

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

917ae9b9adb269abd5543f5bf5676bac

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:cc:a5:24:8b:f6:3f:d7:e8:f0:66:8a:50:51:b3:bc:7c:15:da:0f
Signer

Actual PE Digest

25:cc:a5:24:8b:f6:3f:d7:e8:f0:66:8a:50:51:b3:bc:7c:15:da:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
wcsrchr
wcstoul
memset
wcsstr
wcstol

kernel32

DeleteFileW
WideCharToMultiByte
CreateFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleW
MulDiv
lstrcpyW
GlobalAlloc
LoadLibraryW
GetProcAddress
lstrcmpiW
lstrlenW
WriteFile
ReadFile
lstrcmpW
lstrcpynW
GetLastError
CreateFileW
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatW
GetFileSize

user32

MessageBoxW
GetParent
ShowWindow
SetWindowLongW
IsWindow
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
PostMessageW
GetWindowTextW
SendMessageW
SetDlgItemTextW
SetWindowPos
SystemParametersInfoW
GetClientRect
GetWindowRect
SetTimer
LoadIconW
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
IsWindowVisible
EnableWindow
CreateDialogParamW
FindWindowExW
wsprintfA
wsprintfW
GetWindowLongW

wininet

HttpSendRequestW
HttpSendRequestExW
HttpQueryInfoW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestW
HttpAddRequestHeadersW
HttpEndRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_37_
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

917ae9b9adb269abd5543f5bf5676bac

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:cc:a5:24:8b:f6:3f:d7:e8:f0:66:8a:50:51:b3:bc:7c:15:da:0f
Signer

Actual PE Digest

25:cc:a5:24:8b:f6:3f:d7:e8:f0:66:8a:50:51:b3:bc:7c:15:da:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
wcsrchr
wcstoul
memset
wcsstr
wcstol

kernel32

DeleteFileW
WideCharToMultiByte
CreateFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleW
MulDiv
lstrcpyW
GlobalAlloc
LoadLibraryW
GetProcAddress
lstrcmpiW
lstrlenW
WriteFile
ReadFile
lstrcmpW
lstrcpynW
GetLastError
CreateFileW
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatW
GetFileSize

user32

MessageBoxW
GetParent
ShowWindow
SetWindowLongW
IsWindow
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
PostMessageW
GetWindowTextW
SendMessageW
SetDlgItemTextW
SetWindowPos
SystemParametersInfoW
GetClientRect
GetWindowRect
SetTimer
LoadIconW
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
IsWindowVisible
EnableWindow
CreateDialogParamW
FindWindowExW
wsprintfA
wsprintfW
GetWindowLongW

wininet

HttpSendRequestW
HttpSendRequestExW
HttpQueryInfoW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestW
HttpAddRequestHeadersW
HttpEndRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SPtool.dll
.dll windows:5 windows x86 arch:x86

9a4acc558732f5ae7e900bac53cbd98a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\builds\75\Search Protector\SP-2.12.20-Production\Sources\SearchProtector\Dev\2.12.20\Output\Release_32\SPtool.pdb

Imports

kernel32

FindNextFileW
FindClose
GetDiskFreeSpaceExW
GetLongPathNameW
GetModuleFileNameW
CreateEventW
GetSystemTime
GetTempPathW
CreateDirectoryW
GetTempFileNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
OpenProcess
TerminateProcess
CreateProcessW
LoadLibraryA
GetVersionExW
DeleteFileW
LoadLibraryW
FreeLibrary
GetModuleFileNameA
ExitThread
GetModuleHandleExW
GetUserDefaultLCID
GetModuleHandleW
GetLocaleInfoW
GetProcessHeap
HeapAlloc
GetCurrentProcess
HeapFree
InitializeCriticalSection
TryEnterCriticalSection
lstrlenW
ProcessIdToSessionId
LocalAlloc
GetSystemInfo
DeleteCriticalSection
GetVersionExA
LocalFree
FormatMessageW
LockFileEx
UnlockFileEx
ExpandEnvironmentStringsW
WaitForMultipleObjects
lstrcpynA
lstrcpyA
lstrlenA
FileTimeToLocalFileTime
FileTimeToDosDateTime
CreateFileA
GetFileTime
VirtualQuery
GetModuleHandleA
OutputDebugStringA
GlobalMemoryStatus
GetLocalTime
TlsSetValue
IsDebuggerPresent
GetCurrentThread
SetLastError
GetSystemWindowsDirectoryW
GetTickCount
MoveFileW
OpenEventW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
InterlockedIncrement
FindFirstFileW
GetStringTypeW
EncodePointer
DecodePointer
SetFilePointer
GetCommandLineA
LoadLibraryExW
HeapReAlloc
GetCPInfo
IsProcessorFeaturePresent
ExitProcess
AreFileApisANSI
RaiseException
RtlUnwind
UnhandledExceptionFilter
TlsAlloc
TlsFree
GetStartupInfoW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
HeapSize
GetStdHandle
GetFileType
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
SetConsoleCtrlHandler
GetTimeZoneInformation
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetEnvironmentVariableW
SetStdHandle
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableA
OpenEventA
ResetEvent
SystemTimeToFileTime
FormatMessageA
GetCurrentDirectoryW
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
DeviceIoControl
InterlockedCompareExchange
GetFileAttributesW
ReadFile
GetFileSize
DeleteFileA
GetTempPathA
GetDiskFreeSpaceA
CreateFileMappingA
GetDiskFreeSpaceW
HeapValidate
HeapCreate
GetFileAttributesA
LockFile
UnlockFile
HeapDestroy
FlushConsoleInputBuffer
GetVersion
ReadConsoleW
GetFullPathNameA
LeaveCriticalSection
Sleep
EnterCriticalSection
GetCurrentThreadId
GetSystemTimeAsFileTime
ReleaseMutex
InterlockedDecrement
WriteFile
QueueUserWorkItem
ReadConsoleInputA
SetConsoleMode
CreateFileW
MoveFileExW
GetFileAttributesExW
WaitForSingleObject
GetLastError
CreateMutexW
TlsGetValue
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
lstrcpynW
lstrcpyW
GlobalFree
CloseHandle
GetProcAddress
SetEvent
CreateEventA
CopyFileW
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetDriveTypeW
FindResourceExW
LockResource
SizeofResource
LoadResource
FindResourceW

user32

wsprintfW
LoadStringW
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics

crypt32

CryptMsgClose
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptQueryObject

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleFileNameExW
GetModuleBaseNameW

dbghelp

MiniDumpWriteDump

advapi32

CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
CryptDestroyHash
ControlService
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
CheckTokenMembership
FreeSid
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
AllocateAndInitializeSid
OpenThreadToken
RegCloseKey
ConvertSidToStringSidW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
DeleteService
GetTokenInformation
GetUserNameW
OpenProcessToken
CryptGetHashParam

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
StringFromGUID2
CoInitializeSecurity
CoSetProxyBlanket

oleaut32

VariantInit
VariantClear
SysAllocString
SysStringLen
VariantChangeType
SysFreeString

rpcrt4

I_RpcBindingInqTransportType
RpcRevertToSelfEx
RpcObjectInqType
RpcImpersonateClient
RpcBindingInqObject
RpcObjectSetType
RpcServerUnregisterIfEx
RpcServerRegisterIfEx
NdrClientCall2
RpcStringFreeW
RpcBindingFree
RpcEpResolveBinding
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetObject
I_RpcBindingInqLocalClientPID
NdrServerCall2
RpcServerUseProtseqEpW

wininet

InternetSetOptionW
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetAttemptConnect
HttpOpenRequestA
HttpAddRequestHeadersA
InternetQueryOptionW
HttpSendRequestW
HttpSendRequestA
HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
HttpQueryInfoA
InternetReadFile
InternetSetCookieA

Exports

Exports

Invoke

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

917ae9b9adb269abd5543f5bf5676bac

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:cc:a5:24:8b:f6:3f:d7:e8:f0:66:8a:50:51:b3:bc:7c:15:da:0f
Signer

Actual PE Digest

25:cc:a5:24:8b:f6:3f:d7:e8:f0:66:8a:50:51:b3:bc:7c:15:da:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
wcsrchr
wcstoul
memset
wcsstr
wcstol

kernel32

DeleteFileW
WideCharToMultiByte
CreateFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleW
MulDiv
lstrcpyW
GlobalAlloc
LoadLibraryW
GetProcAddress
lstrcmpiW
lstrlenW
WriteFile
ReadFile
lstrcmpW
lstrcpynW
GetLastError
CreateFileW
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatW
GetFileSize

user32

MessageBoxW
GetParent
ShowWindow
SetWindowLongW
IsWindow
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
PostMessageW
GetWindowTextW
SendMessageW
SetDlgItemTextW
SetWindowPos
SystemParametersInfoW
GetClientRect
GetWindowRect
SetTimer
LoadIconW
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
IsWindowVisible
EnableWindow
CreateDialogParamW
FindWindowExW
wsprintfA
wsprintfW
GetWindowLongW

wininet

HttpSendRequestW
HttpSendRequestExW
HttpQueryInfoW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestW
HttpAddRequestHeadersW
HttpEndRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:5 windows x86 arch:x86

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrlenW
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
GetCommandLineW
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleW
GetTickCount
GetStartupInfoW
CreatePipe
GetVersionExW
GlobalLock
DeleteFileW
lstrcatW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

CharPrevW
CharNextW
SendMessageW
FindWindowExW
wsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_37_
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

917ae9b9adb269abd5543f5bf5676bac

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:cc:a5:24:8b:f6:3f:d7:e8:f0:66:8a:50:51:b3:bc:7c:15:da:0f
Signer

Actual PE Digest

25:cc:a5:24:8b:f6:3f:d7:e8:f0:66:8a:50:51:b3:bc:7c:15:da:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
wcsrchr
wcstoul
memset
wcsstr
wcstol

kernel32

DeleteFileW
WideCharToMultiByte
CreateFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleW
MulDiv
lstrcpyW
GlobalAlloc
LoadLibraryW
GetProcAddress
lstrcmpiW
lstrlenW
WriteFile
ReadFile
lstrcmpW
lstrcpynW
GetLastError
CreateFileW
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatW
GetFileSize

user32

MessageBoxW
GetParent
ShowWindow
SetWindowLongW
IsWindow
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
PostMessageW
GetWindowTextW
SendMessageW
SetDlgItemTextW
SetWindowPos
SystemParametersInfoW
GetClientRect
GetWindowRect
SetTimer
LoadIconW
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
IsWindowVisible
EnableWindow
CreateDialogParamW
FindWindowExW
wsprintfA
wsprintfW
GetWindowLongW

wininet

HttpSendRequestW
HttpSendRequestExW
HttpQueryInfoW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestW
HttpAddRequestHeadersW
HttpEndRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

6c:80:e6:4c:86:7d:c6:bc:b4:f3:72:85:a4:88:e4:6a:8e:f0:56:5bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 1.8MB

.rsrc Size: 94KB - Virtual size: 94KB

806cb4e62b61a7b238cc1e9dcacd5384

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

93:56:73:eb:8f:49:cc:37:d0:37:e6:76:c1:98:32:55:b2:fd:08:4fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wtsapi32

userenv

kernel32

user32

advapi32

shell32

ole32

oleaut32

rpcrt4

psapi

version

wininet

crypt32

dbghelp

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 490KB - Virtual size: 490KB

.data Size: 43KB - Virtual size: 94KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 120KB - Virtual size: 120KB

.reloc Size: 265KB - Virtual size: 264KB

9a4acc558732f5ae7e900bac53cbd98a

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

6c:80:e6:4c:86:7d:c6:bc:b4:f3:72:85:a4:88:e4:6a:8e:f0:56:5b
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 1.8MB

.rsrc
Size: 94KB - Virtual size: 94KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

93:56:73:eb:8f:49:cc:37:d0:37:e6:76:c1:98:32:55:b2:fd:08:4f
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 490KB - Virtual size: 490KB

.data
Size: 43KB - Virtual size: 94KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 120KB - Virtual size: 120KB

.reloc
Size: 265KB - Virtual size: 264KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f3:0d:49:d7:39:76:6d:5b:56:08:b1:cb:5b:18:82:7c:e5:49:ad:36
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 435KB - Virtual size: 435KB

.data
Size: 36KB - Virtual size: 86KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 120KB - Virtual size: 120KB

.reloc
Size: 247KB - Virtual size: 247KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

cc:2a:90:15:b5:6a:eb:c1:92:50:0e:78:1d:77:6e:5d:ee:c6:7c:3e
Signer

.text
Size: 936KB - Virtual size: 935KB

.rdata
Size: 332KB - Virtual size: 332KB

.data
Size: 152KB - Virtual size: 203KB