cd72fe4a13caa538aa8307b8151d32cc6ac641e254206abb3c3b9b21713327e9

Sharing

Copy URL Twitter E-mail

General

Target

cd72fe4a13caa538aa8307b8151d32cc6ac641e254206abb3c3b9b21713327e9
Size

1.6MB
MD5

eb0eb8d5cf5f86cd417e18114dc9c4c8
SHA1

55d1df445edc742d46ed62af8dece9f33a0b6223
SHA256

cd72fe4a13caa538aa8307b8151d32cc6ac641e254206abb3c3b9b21713327e9
SHA512

2c4ac0761395a422fc55ac96c0407c2c35348cf5085df8a93195d7d3ae48255031514f1729fa744fc31a515cbe6ec448fc6c74474a581c178977db067696ebde
SSDEEP

49152:TG1ocOpDZUledXfWzjepw6C4enXNS3LB90vYgH:/pTdXllUYu

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Hillstone Secure Connect/Uninstall.exe
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UserInfo.dll
unpack002/$PLUGINSDIR/nsExec.dll
unpack001/Hillstone Secure Connect/bin/2052/MUI.dll
unpack001/Hillstone Secure Connect/bin/TaskHelp.dll
unpack001/Hillstone Secure Connect/driver/tapinstall.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/Hillstone Secure Connect/Uninstall.exe	nsis_installer_1
static1/unpack001/Hillstone Secure Connect/Uninstall.exe	nsis_installer_2

Files

cd72fe4a13caa538aa8307b8151d32cc6ac641e254206abb3c3b9b21713327e9
.zip
Hillstone Secure Connect/Uninstall.exe
.exe windows:4 windows x86 arch:x86

3abe302b6d9a1256e6a915429af4ffd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
GetTickCount
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GetWindowsDirectoryA
SetCurrentDirectoryA
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
CreateThread
GlobalLock
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 606B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

cce05dea98cbac3a9d486b233588f528

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentProcess
GlobalAlloc
GetCurrentThread
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA

advapi32

OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

46f8b6973f33717335c0f6d8087de67b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrlenA
GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
lstrcpynA
ReadFile
PeekNamedPipe
GetTickCount
lstrcpyA
CreateProcessA
GetStartupInfoA
GetProcAddress
GetVersion
DeleteFileA
lstrcmpiA
GetCurrentProcess
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
CreatePipe
GlobalLock
lstrcatA

user32

SendMessageA
OemToCharBuffA
FindWindowExA
CharNextA
wsprintfA
CharPrevA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 458B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hillstone Secure Connect/bin/2052/MUI.dll
.dll windows:4 windows x86 arch:x86

e07e00e45407ff0dd6abc9eaa981fa7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
malloc
_adjust_fdiv
free

Sections

.text
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 138B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 267KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hillstone Secure Connect/bin/DetectAV.dll
.dll windows:4 windows x86 arch:x86

171043b7765d11a123aec3f3638f6a90

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:43:44:78:bf:62:8a:39:2d:30:c4:50:95:67:5f:fe
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/05/2017, 00:00

Not After

01/05/2019, 23:59

Subject

CN=山石网科通信技术有限公司,OU=stoneos,O=山石网科通信技术有限公司,L=苏州,ST=江苏,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fd:60:8d:ab:c6:b6:1e:d5:33:25:75:34:c2:99:d0:55:d2:21:e7:1a
Signer

Actual PE Digest

fd:60:8d:ab:c6:b6:1e:d5:33:25:75:34:c2:99:d0:55:d2:21:e7:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryW
GetLocalTime
CreateDirectoryW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
DisableThreadLibraryCalls

shlwapi

PathFileExistsW
PathRemoveFileSpecW

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

msvcrt

_vsnwprintf
__CxxFrameHandler
??2@YAPAXI@Z
fclose
wcslen
fwrite
ftell
_wfopen
_wstat
wcscpy
swprintf
fseek
_except_handler3
wcsrchr
_wrename
_wremove
_waccess
_wsplitpath
wcscmp
wcstok
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

DetectAVProc

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 482B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hillstone Secure Connect/bin/LiveUpdate.exe
.exe windows:4 windows x86 arch:x86

2d1c30425233821632a48e587e6fa26c

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:43:44:78:bf:62:8a:39:2d:30:c4:50:95:67:5f:fe
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/05/2017, 00:00

Not After

01/05/2019, 23:59

Subject

CN=山石网科通信技术有限公司,OU=stoneos,O=山石网科通信技术有限公司,L=苏州,ST=江苏,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:e3:42:48:15:62:f7:33:1c:5e:57:0c:4e:3e:5e:e0:d5:01:5d:df
Signer

Actual PE Digest

0b:e3:42:48:15:62:f7:33:1c:5e:57:0c:4e:3e:5e:e0:d5:01:5d:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
GetTimeZoneInformation
GetSystemTime
SetStdHandle
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
GetCurrentDirectoryA
VirtualAlloc
CompareStringA
CompareStringW
LCMapStringA
LCMapStringW
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetCPInfo
GetDriveTypeA
GetACP
GetOEMCP
SetEnvironmentVariableA
GetFileType
HeapAlloc
MoveFileA
GetDriveTypeW
RaiseException
RtlUnwind
ExitProcess
GetStartupInfoW
GetTickCount
GetProcessVersion
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GetFileSize
FileTimeToLocalFileTime
FileTimeToSystemTime
MulDiv
GetModuleHandleA
GetVersion
lstrcatW
GlobalAddAtomW
GlobalFindAtomW
GetModuleHandleW
WritePrivateProfileStringW
GlobalUnlock
GlobalFree
LockResource
FindResourceW
LoadResource
GlobalLock
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetModuleFileNameW
GetThreadLocale
GetFullPathNameW
GetVolumeInformationW
GetProcAddress
MoveFileW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
LoadLibraryA
FreeLibrary
lstrcpyW
lstrcpynW
SetLastError
InterlockedDecrement
InterlockedIncrement
GetCurrentDirectoryW
GetWindowsDirectoryW
GetSystemDirectoryW
FormatMessageW
GetFileTime
GetFileAttributesW
Sleep
IsBadReadPtr
IsBadWritePtr
lstrcmpiW
LocalAlloc
lstrlenA
MultiByteToWideChar
CreateFileW
GetLocalTime
CreateMutexW
GetLastError
LocalFree
GetTempPathW
GetTempFileNameW
DeleteFileW
WaitForSingleObject
InterlockedExchange
CreateThread
ResetEvent
CloseHandle
CreateEventW
SetEvent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
WideCharToMultiByte
FindFirstFileW
FindClose
CreateDirectoryW
SetUnhandledExceptionFilter
SetFileAttributesW

user32

DestroyMenu
MessageBeep
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableW
CharNextW
GetSysColorBrush
PtInRect
GetClassNameW
LoadCursorW
LoadStringW
GrayStringW
DrawTextW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
UpdateWindow
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
GetTopWindow
IsChild
GetCapture
WinHelpW
GetClassInfoW
RegisterClassW
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextW
GetDlgCtrlID
CreateWindowExW
SetPropW
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongW
RegisterWindowMessageW
OffsetRect
SystemParametersInfoW
GetWindowPlacement
GetWindowRect
CopyRect
GetDC
ReleaseDC
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
RegisterClipboardFormatW
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
PostThreadMessageW
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageW
GetCursorPos
SetWindowsHookExW
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongW
SetCursor
PostQuitMessage
CharUpperW
wsprintfW
GetDesktopWindow
EnableWindow
MessageBoxW
GetAsyncKeyState
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageW
SetTimer
LoadIconW
PostMessageW
GetMenu
UnregisterClassW

gdi32

GetMapMode
LPtoDP
DPtoLP
GetBkColor
GetTextColor
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
DeleteObject
CreateBitmap
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegOpenCurrentUser
CryptReleaseContext
CryptSetProvParam
RegCloseKey
CryptAcquireContextW

shell32

Shell_NotifyIconW
CommandLineToArgvW
ShellExecuteW

comctl32

ord17

oledlg

OleUIBusyW

ole32

CLSIDFromString
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
OleFlushClipboard
OleIsCurrentClipboard
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize
CoRegisterMessageFilter
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoRevokeClassObject

olepro32

ord253

oleaut32

SysStringLen
VariantChangeType
VariantCopy
VariantClear
SysFreeString
SysAllocString
SysAllocStringLen
VariantTimeToSystemTime

wininet

InternetGetLastResponseInfoW
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetQueryDataAvailable
InternetSetOptionW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetOpenW
InternetCloseHandle
InternetSetOptionExW
InternetSetStatusCallback
InternetSetCookieW
InternetSetFilePointer
InternetWriteFile
InternetReadFile

wsock32

WSACleanup
WSAStartup

shlwapi

PathRemoveFileSpecW
PathFileExistsW

crypt32

CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertOpenStore
CertGetNameStringW
CryptAcquireCertificatePrivateKey
CertEnumCertificateContextProperties
CertCloseStore

Sections

.text
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Hillstone Secure Connect/bin/LiveUpdateConfig.exe
.exe windows:4 windows x86 arch:x86

08955ea8be38d203a80e9c93856a3e64

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:43:44:78:bf:62:8a:39:2d:30:c4:50:95:67:5f:fe
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/05/2017, 00:00

Not After

01/05/2019, 23:59

Subject

CN=山石网科通信技术有限公司,OU=stoneos,O=山石网科通信技术有限公司,L=苏州,ST=江苏,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

54:e3:94:ef:4c:14:34:22:f8:30:31:bb:7e:f8:e6:bd:64:23:fe:89
Signer

Actual PE Digest

54:e3:94:ef:4c:14:34:22:f8:30:31:bb:7e:f8:e6:bd:64:23:fe:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetFileType
TerminateProcess
HeapFree
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapReAlloc
HeapSize
SetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
RtlUnwind
VirtualFree
VirtualAlloc
IsBadWritePtr
CompareStringA
CompareStringW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetStringTypeA
GetStringTypeW
GetDriveTypeA
GetACP
GetOEMCP
SetEnvironmentVariableA
ExitProcess
GetStartupInfoW
GetTickCount
SetErrorMode
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileSize
lstrcmpiW
GetThreadLocale
GetFullPathNameW
GetVolumeInformationW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
LocalFree
FindNextFileW
FindFirstFileW
FindClose
lstrcpynW
MulDiv
SetLastError
GetModuleHandleA
LoadLibraryA
FreeLibrary
GetVersion
lstrcatW
GlobalAddAtomW
GlobalFindAtomW
lstrcpyW
GetModuleHandleW
GetProcAddress
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
GlobalFree
LockResource
FindResourceW
LoadResource
WaitForSingleObject
GlobalLock
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
lstrlenW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetWindowsDirectoryW
GetSystemDirectoryW
FormatMessageW
GetLastError
CreateFileW
GetFileTime
CloseHandle
GetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
WritePrivateProfileStringW
GetModuleFileNameW
GetPrivateProfileStringW
HeapCreate
GetCurrentDirectoryW

user32

RegisterClipboardFormatW
PostThreadMessageW
GetSysColorBrush
PtInRect
GetClassNameW
LoadCursorW
GetDesktopWindow
CharUpperW
GrayStringW
DrawTextW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
DestroyMenu
LoadStringW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
UpdateWindow
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
GetTopWindow
IsChild
GetCapture
WinHelpW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetMenuItemID
GetWindowTextLengthW
GetWindowTextW
GetDlgCtrlID
CreateWindowExW
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongW
RegisterWindowMessageW
OffsetRect
SystemParametersInfoW
GetWindowPlacement
GetWindowRect
CopyRect
GetDC
ReleaseDC
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
wsprintfW
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamW
DestroyWindow
MessageBeep
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableW
CharNextW
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageW
GetCursorPos
SetWindowsHookExW
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongW
MessageBoxW
SetCursor
PostQuitMessage
PostMessageW
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuW
SendMessageW
LoadIconW
GetSubMenu
UnregisterClassW

gdi32

PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
GetTextColor
GetBkColor
DPtoLP
GetMapMode
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
DeleteObject
LPtoDP
CreateBitmap
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox

comdlg32

GetFileTitleW
GetOpenFileNameW
GetSaveFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

shell32

ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
CommandLineToArgvW

comctl32

ord17
ImageList_Destroy

oledlg

OleUIBusyW

ole32

OleIsCurrentClipboard
OleFlushClipboard
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject

olepro32

ord253

oleaut32

SysStringLen
VariantChangeType
VariantCopy
VariantTimeToSystemTime
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Hillstone Secure Connect/bin/SSLChannel.exe
.exe windows:4 windows x86 arch:x86

6263c3408bc7d0f6942686bb18f2cab0

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:43:44:78:bf:62:8a:39:2d:30:c4:50:95:67:5f:fe
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/05/2017, 00:00

Not After

01/05/2019, 23:59

Subject

CN=山石网科通信技术有限公司,OU=stoneos,O=山石网科通信技术有限公司,L=苏州,ST=江苏,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

18:fa:c4:49:c4:2c:7f:15:ec:02:37:e0:05:e2:9d:d9:c6:20:c9:7e
Signer

Actual PE Digest

18:fa:c4:49:c4:2c:7f:15:ec:02:37:e0:05:e2:9d:d9:c6:20:c9:7e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetNamedPipeHandleState
WaitNamedPipeW
GetExitCodeProcess
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreW
FlushFileBuffers
DisconnectNamedPipe
CreateMutexW
CreateNamedPipeW
GetLocalTime
IsBadReadPtr
IsBadWritePtr
SetFileAttributesW
CopyFileW
DeleteFileW
HeapAlloc
HeapFree
ConnectNamedPipe
Sleep
GetOverlappedResult
WriteFile
ReadFile
CancelIo
IsBadStringPtrW
GetTempPathW
CreateProcessW
DeviceIoControl
LocalAlloc
LocalFree
CreateEventW
CreateDirectoryW
GetCurrentDirectoryW
GetVersionExW
LoadLibraryW
GetProcAddress
FreeLibrary
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameW
SetCurrentDirectoryW
InterlockedDecrement
CancelWaitableTimer
GetUserDefaultUILanguage
ExitThread
WaitForMultipleObjects
GetDriveTypeA
GetFullPathNameA
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
CompareStringA
IsBadCodePtr
GetCPInfo
SetUnhandledExceptionFilter
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
SetEndOfFile
GetStartupInfoA
FindFirstFileA
SetHandleCount
GetStringTypeW
GetStringTypeA
SetStdHandle
GetCurrentDirectoryA
GetFullPathNameW
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
TlsGetValue
SetWaitableTimer
WaitForMultipleObjectsEx
GetTickCount
CreateThread
lstrlenW
WideCharToMultiByte
EnterCriticalSection
SetEvent
LeaveCriticalSection
SleepEx
WaitForSingleObject
ResetEvent
lstrlenA
MultiByteToWideChar
GetLastError
CloseHandle
DeleteCriticalSection
CreateWaitableTimerW
InitializeCriticalSection
TlsAlloc
TlsSetValue
HeapSize
RaiseException
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
GetCurrentProcess
TerminateProcess
HeapReAlloc
ExitProcess
GetStartupInfoW
SetFilePointer
GetModuleHandleA
GetVersion
GetFileType
GetStdHandle
GlobalMemoryStatus
QueryPerformanceCounter
LoadLibraryA
FlushConsoleInputBuffer
SetLastError
SystemTimeToFileTime
GetSystemTime
InterlockedExchange
InterlockedIncrement
RtlUnwind
GetTimeZoneInformation
MoveFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
CreateFileA
GetFileAttributesW

user32

GetUserObjectInformationW
MessageBoxA
PostThreadMessageW
KillTimer
SetTimer
GetMessageW
DispatchMessageW
TranslateMessage
GetProcessWindowStation

advapi32

CryptGenKey
ReportEventA
DeregisterEventSource
RegQueryValueExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
CryptReleaseContext
CryptEncrypt
CryptDestroyHash
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptDestroyKey
CryptExportKey
CryptGetUserKey
CryptAcquireContextW
CryptDecrypt
CryptImportKey
RegDeleteKeyW
RegOpenCurrentUser
CryptSetProvParam
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumValueW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
CryptGetHashParam
CryptSetHashParam
CryptSignHashW
ChangeServiceConfigW
QueryServiceConfigW
QueryServiceConfig2W
RegisterServiceCtrlHandlerW
SetServiceStatus
ControlService
StartServiceW
OpenServiceW
QueryServiceStatus
OpenSCManagerW
CloseServiceHandle
RegisterEventSourceA

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket

oleaut32

SysFreeString
SafeArrayPutElement
SysAllocString
SafeArrayDestroy
VariantClear
VariantInit
SafeArrayCreateVector

ws2_32

bind
WSAIoctl
htonl
WSAGetLastError
ntohs
inet_addr
htons
connect
inet_ntoa
send
recv
getsockname
closesocket
WSACloseEvent
ioctlsocket
getpeername
ntohl
__WSAFDIsSet
select
recvfrom
sendto
WSAGetOverlappedResult
WSARecvFrom
WSAResetEvent
WSASendTo
WSAStartup
gethostbyname
WSACleanup
setsockopt
socket

crypt32

CertFreeCertificateContext
CertCloseStore
CertOpenStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertGetNameStringW
CertEnumCertificateContextProperties
CertGetIssuerCertificateFromStore
CertNameToStrA
CertFreeCertificateChain
CertGetCertificateChain
CertCreateCertificateContext
CryptAcquireCertificatePrivateKey

iphlpapi

GetBestRoute
GetIpAddrTable
GetIpForwardTable
SetIpForwardEntry
DeleteIpForwardEntry
CreateIpForwardEntry
GetAdapterIndex
GetNetworkParams

shlwapi

PathRemoveFileSpecW
PathFileExistsW

wsock32

WSASetLastError
shutdown

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 913KB - Virtual size: 913KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Hillstone Secure Connect/bin/SecureConnect.exe
.exe windows:4 windows x86 arch:x86

1f07661f5f989e4ce2e83dfc0abb9840

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:43:44:78:bf:62:8a:39:2d:30:c4:50:95:67:5f:fe
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/05/2017, 00:00

Not After

01/05/2019, 23:59

Subject

CN=山石网科通信技术有限公司,OU=stoneos,O=山石网科通信技术有限公司,L=苏州,ST=江苏,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f8:9f:0c:1f:4f:3f:26:ed:0b:7b:16:2b:15:91:b2:58:e3:f0:f2:be
Signer

Actual PE Digest

f8:9f:0c:1f:4f:3f:26:ed:0b:7b:16:2b:15:91:b2:58:e3:f0:f2:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32NextW
GetStartupInfoW
FlushConsoleInputBuffer
QueryPerformanceCounter
GlobalMemoryStatus
GetStdHandle
GetFileType
GetVersion
GetModuleHandleA
Process32FirstW
CreateToolhelp32Snapshot
InterlockedIncrement
UnmapViewOfFile
OpenFileMappingW
GetTickCount
OpenEventW
MapViewOfFile
LoadLibraryA
InterlockedDecrement
DeleteFileW
FormatMessageW
SystemTimeToFileTime
CreateNamedPipeW
ConnectNamedPipe
WaitForMultipleObjects
ResetEvent
FlushFileBuffers
DisconnectNamedPipe
CreateThread
CreateMutexW
GetCommandLineW
ReleaseMutex
DeleteCriticalSection
CreateProcessW
GetTempPathW
GetExitCodeProcess
WaitNamedPipeW
SetNamedPipeHandleState
WriteFile
ReadFile
GetOverlappedResult
Sleep
ExitThread
WaitForSingleObject
GetTimeFormatW
LocalAlloc
LocalFree
SetEvent
SleepEx
CreateEventW
CreateDirectoryW
GetCurrentDirectoryW
GetVersionExW
GetUserDefaultUILanguage
GetUserDefaultLangID
OpenProcess
lstrcmpiW
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
EnumResourceLanguagesW
GetLastError
CreateFileW
CloseHandle
lstrlenA
MultiByteToWideChar
GetCurrentThreadId
GetCurrentProcessId
lstrlenW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleFileNameW
SetCurrentDirectoryW
FileTimeToSystemTime
GetLocalTime
TerminateProcess

user32

EndDialog
SetWindowPos
GetMenuItemCount
GetDlgItemTextA
DialogBoxParamW
GetDesktopWindow
LoadIconW
PostMessageW
GetWindowTextW
SetWindowTextW
SetTimer
KillTimer
SetClassLongW
GetDlgItemTextW
GetDlgItem
SetFocus
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
GetDlgItemInt
EnableWindow
SetDlgItemTextW
SendDlgItemMessageW
LoadStringW
RemoveMenu
RedrawWindow
MoveWindow
GetClientRect
DefWindowProcW
CheckMenuItem
MessageBoxW
ShowWindow
DispatchMessageW
TranslateMessage
GetMessageW
UpdateWindow
CreateWindowExW
RegisterClassExW
RegisterWindowMessageW
LoadCursorW
FindWindowW
PostQuitMessage
DestroyWindow
ScreenToClient
GetWindowRect
CreateDialogParamW
ClientToScreen
IsDlgButtonChecked
CheckDlgButton
SetActiveWindow
wsprintfW
IsWindowVisible
GetParent
GetWindowLongW
CreateAcceleratorTableW
DestroyAcceleratorTable
IsDialogMessageW
TranslateAcceleratorW
SetWindowLongW
GetMenuItemInfoW
EnableMenuItem
GetMenuState
SendMessageW
TrackPopupMenu
SetForegroundWindow
GetCursorPos
GetSubMenu
LoadMenuW
DestroyMenu
InsertMenuW

advapi32

SetSecurityInfo
CloseServiceHandle
CryptDecrypt
CryptAcquireContextW
CryptGetUserKey
CryptDestroyKey
CryptCreateHash
CryptDestroyHash
CryptReleaseContext
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
RegEnumValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
OpenSCManagerW
QueryServiceStatus
OpenServiceW
CryptSignHashW
CryptSetHashParam
CryptGetHashParam
RegOpenCurrentUser
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
CryptSetProvParam
GetSecurityDescriptorSacl
DeregisterEventSource
ReportEventA
RegisterEventSourceA

shell32

CommandLineToArgvW
Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

OleRun
CoInitialize
CoCreateInstance

oleaut32

SysStringLen
GetErrorInfo
VariantChangeType
SysAllocString
SysFreeString
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen

iphlpapi

GetIpForwardTable
GetAdaptersInfo
GetPerAdapterInfo
GetIfEntry
GetIfTable
GetIpAddrTable
GetAdapterIndex

shlwapi

StrCpyW
StrCmpW
PathRemoveFileSpecW
PathFileExistsW

msvcp60

?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB

crypt32

CertOpenSystemStoreW
CertEnumCertificatesInStore
CertCloseStore
CertGetNameStringW
CertGetCertificateContextProperty
CertOpenStore
CertGetNameStringA
CertFreeCertificateContext
CertEnumCertificateContextProperties
CryptProtectData
CryptUnprotectData
CryptAcquireCertificatePrivateKey

msvcrt

_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_onexit
__dllonexit
signal
_getch
fputs
fprintf
gmtime
fgets
_setmode
_errno
getenv
isxdigit
sscanf
isupper
strtoul
strncmp
tolower
isspace
isdigit
_strnicmp
_vsnprintf
raise
_exit
__setusermatherr
qsort
realloc
strchr
memmove
_waccess
_wremove
fseek
ftell
localtime
_wfopen
_itow
strstr
_wsplitpath
mbstowcs
sprintf
fopen
wcsncmp
_snprintf
memcmp
wcsstr
_ftol
atoi
strcpy
strncpy
strlen
wcsncpy
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_iob
_controlfp
_CxxThrowException
_snwprintf
fread
fwrite
_wcsicmp
fflush
_wtoi
wcschr
wcstombs
malloc
strcmp
isprint
_vsnwprintf
??1type_info@@UAE@XZ
memcpy
??2@YAPAXI@Z
_except_handler3
_local_unwind2
_wcsnicmp
memset
__CxxFrameHandler
wcscat
wcscpy
wcsrchr
free
_wrename
swprintf
rand
srand
time
_wstat
fclose
perror
fputws
calloc
wcslen
wcscmp

comctl32

InitCommonControlsEx

wsock32

ntohl
ioctlsocket
WSAStartup
inet_addr
WSACleanup
gethostbyname

Sections

.text
Size: 549KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Hillstone Secure Connect/bin/TaskHelp.dll
.dll windows:6 windows x86 arch:x86

1d78666970b0bf9b969cc6c2dc507d2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\svn_code\MX_MAIN\Code\TaskHelp\Release\TaskHelp.pdb

Imports

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity

oleaut32

SysFreeString
VariantClear
SysAllocString
VariantInit

secur32

GetUserNameExW

kernel32

FreeEnvironmentStringsW
CloseHandle
CreateFileW
FlushFileBuffers
LCMapStringW
HeapSize
LoadLibraryW
GetStringTypeW
OutputDebugStringW
InterlockedDecrement
LocalFree
GetLastError
GetCommandLineA
GetCurrentThreadId
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
HeapFree
HeapAlloc
SetLastError
InterlockedIncrement
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetProcessHeap
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
Sleep
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetModuleFileNameW
LoadLibraryExW
HeapReAlloc
SetStdHandle
WriteConsoleW

Exports

Exports

CreateSCVPNTask
IsSCVPNTaskExist
RemoveAllSCVPNTask
RemoveSCVPNTask

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hillstone Secure Connect/bin/addadapter.bat
Hillstone Secure Connect/bin/deladapter.bat
Hillstone Secure Connect/bin/signatures.ini
Hillstone Secure Connect/cert/cert-21030911-443
Hillstone Secure Connect/cert/cert316145321-443
Hillstone Secure Connect/driver/hssvc.cat
Hillstone Secure Connect/driver/hssvc.inf
Hillstone Secure Connect/driver/hssvc.sys
.sys windows:6 windows x64 arch:x64

741e65dbed0bdb03af558a33e0336da1

Code Sign

8b:8a:54:81:13:69:d7:e1:06:38:3a:1e:16:79:e9:7b:17:c6:5f:76
Signer

Actual PE Digest

8b:8a:54:81:13:69:d7:e1:06:38:3a:1e:16:79:e9:7b:17:c6:5f:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\mx_main\code\tapdriver\amd64\hssvc.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeAcquireSpinLockRaiseToDpc
KeRemoveQueueDpc
RtlCreateSecurityDescriptor
IoReleaseCancelSpinLock
ZwOpenFile
RtlFreeAnsiString
ZwSetSecurityObject
IofCompleteRequest
ZwClose
KeInsertQueueDpc
MmMapLockedPagesSpecifyCache
RtlFreeUnicodeString
KeReleaseSpinLock
KeInitializeDpc
RtlUnicodeStringToAnsiString
MmMapLockedPages
RtlAnsiStringToUnicodeString
RtlUnicodeToMultiByteN
__C_specific_handler

ndis.sys

NdisMRegisterAdapterShutdownHandler
NdisAllocateMemoryWithTag
NdisReadConfiguration
NdisTerminateWrapper
NdisMDeregisterDevice
NdisMDeregisterAdapterShutdownHandler
NdisMSetAttributesEx
NdisInitializeWrapper
NdisFreeMemory
NdisMRegisterMiniport
NdisCloseConfiguration
NdisMRegisterDevice
NdisMRegisterUnloadHandler
NdisMIndicateStatus
NdisMIndicateStatusComplete
NdisMSleep
NdisOpenConfiguration

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hillstone Secure Connect/driver/tapinstall.exe
.exe windows:6 windows x64 arch:x64

ce4a5cfcfb0452b87e013f07f4d59f9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\src\21\tapinstall\objfre_wnet_amd64\amd64\tapinstall.pdb

Imports

advapi32

OpenProcessToken
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownExW
RegCloseKey
CloseServiceHandle
OpenSCManagerW
OpenServiceW
RegDeleteValueW
RegSetValueExW

kernel32

GetCurrentProcess
FormatMessageW
lstrlenW
GetLastError
CloseHandle
LocalFree
GetDateFormatW
FreeLibrary
LoadLibraryW
FileTimeToSystemTime
GetProcAddress
GetFullPathNameW
FindFirstFileW
GetFileAttributesW
FindClose
FindNextFileW
GetWindowsDirectoryW
Sleep
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter

msvcrt

wcschr
_wcsicmp
towlower
_wcsnicmp
fputs
__iob_func
wcsrchr
fputws
?terminate@@YAXXZ
memset
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
wprintf
??2@YAPEAX_K@Z
towupper
??3@YAXPEAX@Z
iswalpha

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

ole32

CLSIDFromString

setupapi

SetupScanFileQueueW
SetupDiGetClassDevsExW
SetupDiGetDeviceRegistryPropertyW
SetupDiSetClassInstallParamsW
SetupDiClassNameFromGuidExW
CM_Reenumerate_DevNode_Ex
SetupCopyOEMInfW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetINFClassW
CM_Disconnect_Machine
SetupDiBuildClassInfoListExW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
CM_Connect_MachineW
CM_Locate_DevNode_ExW
CM_Get_DevNode_Status_Ex
SetupDiBuildDriverInfoList
SetupDiGetDeviceInstallParamsW
SetupDiOpenDevRegKey
SetupDiSetSelectedDriverW
SetupGetStringFieldW
CM_Get_Res_Des_Data_Size_Ex
SetupDiEnumDriverInfoW
CM_Free_Log_Conf_Handle
CM_Get_Device_ID_ExW
CM_Get_Next_Res_Des_Ex
SetupCloseFileQueue
SetupDiGetDriverInstallParamsW
CM_Get_Res_Des_Data_Ex
SetupDiOpenClassRegKeyExW
SetupCloseInfFile
SetupOpenFileQueue
SetupDiCallClassInstaller
SetupDiDestroyDriverInfoList
SetupOpenInfFileW
CM_Free_Res_Des_Handle
CM_Get_First_Log_Conf_Ex
SetupDiSetDeviceInstallParamsW
SetupFindFirstLineW
SetupDiGetDriverInfoDetailW
SetupDiGetClassDescriptionExW
SetupDiClassGuidsFromNameExW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoListExW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

user32

CharNextW
CharPrevW
LoadStringW

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3abe302b6d9a1256e6a915429af4ffd2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 106KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 23KB - Virtual size: 23KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 851B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 606B

cce05dea98cbac3a9d486b233588f528

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 692B

.rdata Size: 1024B - Virtual size: 673B

.data Size: 512B - Virtual size: 120B

.reloc Size: 512B - Virtual size: 240B

46f8b6973f33717335c0f6d8087de67b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 458B

e07e00e45407ff0dd6abc9eaa981fa7b

Headers

File Characteristics

Imports

msvcrt

Sections

.text Size: 512B - Virtual size: 340B

.rdata Size: 512B - Virtual size: 138B

.data Size: 512B - Virtual size: 36B

.rsrc Size: 267KB - Virtual size: 267KB

.reloc Size: 512B - Virtual size: 324B

171043b7765d11a123aec3f3638f6a90

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 23KB - Virtual size: 23KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 606B

.text
Size: 1024B - Virtual size: 692B

.rdata
Size: 1024B - Virtual size: 673B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 512B - Virtual size: 240B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 458B

.text
Size: 512B - Virtual size: 340B

.rdata
Size: 512B - Virtual size: 138B

.data
Size: 512B - Virtual size: 36B

.rsrc
Size: 267KB - Virtual size: 267KB

.reloc
Size: 512B - Virtual size: 324B

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

3b:43:44:78:bf:62:8a:39:2d:30:c4:50:95:67:5f:fe
Certificate

fd:60:8d:ab:c6:b6:1e:d5:33:25:75:34:c2:99:d0:55:d2:21:e7:1a
Signer

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 482B

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

3b:43:44:78:bf:62:8a:39:2d:30:c4:50:95:67:5f:fe
Certificate

0b:e3:42:48:15:62:f7:33:1c:5e:57:0c:4e:3e:5e:e0:d5:01:5d:df
Signer

.text
Size: 186KB - Virtual size: 185KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 26KB - Virtual size: 45KB

.rsrc
Size: 161KB - Virtual size: 160KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate