05aa0e32be0afdfe820298787ac82e78_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

05aa0e32be0afdfe820298787ac82e78_JaffaCakes118
Size

4.5MB
MD5

05aa0e32be0afdfe820298787ac82e78
SHA1

51d1600c26517f01d5ce64c3831e737954879c1f
SHA256

dbe96846d98ad0b62311bb9747c612227b4a0fd792b8fef60792bddb6e59bb37
SHA512

fd459e1603e70ec43c1abd0c0c98e17bf965e2df7705113585419de29794d13729b5f72a3995c8e0a01083f4c7981f895e22fa968ad9b5c8fe2602abeecfbf57
SSDEEP

98304:jsHioP9hVL3RmbrPbM2+FMPCkP/7cIFLXceOE8WH8f:jslP9h9oXA2iqcscnE8e8f

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack002/bass.dll
unpack002/bass.net.dll
unpack002/basswma.dll
unpack002/chefknife.exe
unpack002/common.logging.dll
unpack002/haozes.fxclient.dll
unpack002/hardcodet.wpf.taskbarnotific
unpack002/log4net.dll
unpack002/quartz.dll
unpack002/system.data.sqlite.dll
unpack001/ChefKnife-1.6.1.1/ISSetup.dll
unpack001/ChefKnife-1.6.1.1/setup.exe

Files

05aa0e32be0afdfe820298787ac82e78_JaffaCakes118
.rar
ChefKnife-1.6.1.1/Chef Knife.msi
.msi
ChefKnife-1.6.1.1/Data1.cab
.cab
bass.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_Apply3D
BASS_ChannelBytes2Seconds
BASS_ChannelFlags
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttribute
BASS_ChannelGetData
BASS_ChannelGetDevice
BASS_ChannelGetInfo
BASS_ChannelGetLength
BASS_ChannelGetLevel
BASS_ChannelGetPosition
BASS_ChannelGetTags
BASS_ChannelIsActive
BASS_ChannelIsSliding
BASS_ChannelLock
BASS_ChannelPause
BASS_ChannelPlay
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttribute
BASS_ChannelSetDSP
BASS_ChannelSetDevice
BASS_ChannelSetFX
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelSlideAttribute
BASS_ChannelStop
BASS_ChannelUpdate
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXReset
BASS_FXSetParameters
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetConfig
BASS_GetConfigPtr
BASS_GetDSoundObject
BASS_GetDevice
BASS_GetDeviceInfo
BASS_GetEAXParameters
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_MusicFree
BASS_MusicLoad
BASS_Pause
BASS_PluginFree
BASS_PluginGetInfo
BASS_PluginLoad
BASS_RecordFree
BASS_RecordGetDevice
BASS_RecordGetDeviceInfo
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetDevice
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleFree
BASS_SampleGetChannel
BASS_SampleGetChannels
BASS_SampleGetData
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SampleSetData
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetConfig
BASS_SetConfigPtr
BASS_SetDevice
BASS_SetEAXParameters
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateFileUser
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamPutData
BASS_StreamPutFileData
BASS_Update
_

Sections

Size: 92KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 568B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bass.net.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 548KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
basswma.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_WMA_EncodeClose
BASS_WMA_EncodeGetClients
BASS_WMA_EncodeGetPort
BASS_WMA_EncodeGetRates
BASS_WMA_EncodeOpen
BASS_WMA_EncodeOpenFile
BASS_WMA_EncodeOpenNetwork
BASS_WMA_EncodeOpenNetworkMulti
BASS_WMA_EncodeOpenPublish
BASS_WMA_EncodeOpenPublishMulti
BASS_WMA_EncodeSetNotify
BASS_WMA_EncodeSetTag
BASS_WMA_EncodeWrite
BASS_WMA_GetTags
BASS_WMA_GetWMObject
BASS_WMA_StreamCreateFile
BASS_WMA_StreamCreateFileAuth
BASS_WMA_StreamCreateFileUser
BASSplugin

Sections

Size: 14KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 576B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
c1.wpf.c1chart.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:d4:3d:cf:9b:f3:e5:92:fa:f5:a9:61:fe:41:f2:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/08/2009, 00:00

Not After

23/09/2012, 23:59

Subject

CN=ComponentOne,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ComponentOne,L=Pittsburgh,ST=PA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:74:b7:9b:b7:c3:e0:ca:42:a5:11:2a:77:c2:d0:dd:88:8e:39:55
Signer

Actual PE Digest

61:74:b7:9b:b7:c3:e0:ca:42:a5:11:2a:77:c2:d0:dd:88:8e:39:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 452KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c1.wpf.c1chart.extended.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:d4:3d:cf:9b:f3:e5:92:fa:f5:a9:61:fe:41:f2:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/08/2009, 00:00

Not After

23/09/2012, 23:59

Subject

CN=ComponentOne,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ComponentOne,L=Pittsburgh,ST=PA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

84:92:96:cf:de:ac:cd:fd:28:55:00:c1:d9:3c:60:71:ef:f9:c7:f1
Signer

Actual PE Digest

84:92:96:cf:de:ac:cd:fd:28:55:00:c1:d9:3c:60:71:ef:f9:c7:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c1.wpf.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:d4:3d:cf:9b:f3:e5:92:fa:f5:a9:61:fe:41:f2:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/08/2009, 00:00

Not After

23/09/2012, 23:59

Subject

CN=ComponentOne,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ComponentOne,L=Pittsburgh,ST=PA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:2b:f2:c0:0e:f5:28:07:85:74:12:fb:19:26:8f:ed:d2:42:76:36
Signer

Actual PE Digest

71:2b:f2:c0:0e:f5:28:07:85:74:12:fb:19:26:8f:ed:d2:42:76:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c1.wpf.extended.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:d4:3d:cf:9b:f3:e5:92:fa:f5:a9:61:fe:41:f2:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/08/2009, 00:00

Not After

23/09/2012, 23:59

Subject

CN=ComponentOne,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ComponentOne,L=Pittsburgh,ST=PA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d3:3c:56:89:9d:2b:e9:ea:05:84:b7:f2:ea:bc:5e:3f:72:41:4e:90
Signer

Actual PE Digest

d3:3c:56:89:9d:2b:e9:ea:05:84:b7:f2:ea:bc:5e:3f:72:41:4e:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
chefknife.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
chefknife.exe.config
.xml
common.logging.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
haozes.fxclient.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\我的文档\MiniStock Resource\HaozesFx-56002\FxClient\obj\Release\Haozes.FxClient.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hardcodet.wpf.taskbarnotific
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\我的文档\visual studio 2010\Projects\wpf-notifyicon\NotifyIconWpf\obj\Release\Hardcodet.Wpf.TaskbarNotification.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
log4net.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\我的文档\visual studio 2010\Projects\log4net-1.2.10\src\obj\Debug\log4net.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
quartz.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
system.data.sqlite.dll
.dll windows:5 windows x86 arch:x86

8067a5631cafa1803a58b72f826f7911

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
SetEndOfFile
FreeLibrary
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
LeaveCriticalSection
GetFileAttributesA
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
GetDiskFreeSpaceA
DeleteCriticalSection
GetCurrentThreadId
GetVersionExA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
LocalAlloc
InterlockedExchange
RaiseException
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
VirtualAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
GetModuleHandleA
HeapSize
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle

mscoree

_CorDllMain

Exports

Exports

_sqlite3_bind_double_interop@12
_sqlite3_bind_int64_interop@12
_sqlite3_bind_parameter_name_interop@12
_sqlite3_close_interop@4
_sqlite3_column_database_name16_interop@12
_sqlite3_column_database_name_interop@12
_sqlite3_column_decltype16_interop@12
_sqlite3_column_decltype_interop@12
_sqlite3_column_double_interop@12
_sqlite3_column_int64_interop@12
_sqlite3_column_name16_interop@12
_sqlite3_column_name_interop@12
_sqlite3_column_origin_name16_interop@12
_sqlite3_column_origin_name_interop@12
_sqlite3_column_table_name16_interop@12
_sqlite3_column_table_name_interop@12
_sqlite3_column_text16_interop@12
_sqlite3_column_text_interop@12
_sqlite3_context_collcompare@20
_sqlite3_context_collseq@16
_sqlite3_create_function_interop@36
_sqlite3_cursor_rowid@12
_sqlite3_errmsg_interop@8
_sqlite3_finalize_interop@4
_sqlite3_index_column_info_interop@32
_sqlite3_open16_interop@12
_sqlite3_open_interop@12
_sqlite3_prepare16_interop@24
_sqlite3_prepare_interop@24
_sqlite3_reset_interop@4
_sqlite3_result_double_interop@8
_sqlite3_result_int64_interop@8
_sqlite3_table_column_metadata_interop@44
_sqlite3_table_cursor@12
_sqlite3_value_double_interop@8
_sqlite3_value_int64_interop@8
_sqlite3_value_text16_interop@8
_sqlite3_value_text_interop@8
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_key
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_rekey
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_status
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_win32_mbcs_to_utf8

Sections

.text
Size: 646KB - Virtual size: 645KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wpftoolkit.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

78:ad:59:01:6e:90:b6:bb:0e:e2:71:c2:d6:d0:1b:d7:70:a4:ac:e8
Signer

Actual PE Digest

78:ad:59:01:6e:90:b6:bb:0e:e2:71:c2:d6:d0:1b:d7:70:a4:ac:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\dd\WPF_1\src\wpf\src\ControlsPack\WPFToolkit\obj\Release\WPFToolkit.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 448KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChefKnife-1.6.1.1/ISSetup.dll
.dll regsvr32 windows:4 windows x86 arch:x86

66f062b345ab57f988126e6b7fe5c6a1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msi

ord18

user32

GetDesktopWindow

gdi32

SelectClipRgn

advapi32

GetTokenInformation

shell32

SHGetMalloc

ole32

CoTaskMemFree

oleaut32

BSTR_UserSize

rpcrt4

NdrPointerMarshall

winmm

sndPlaySoundA

comctl32

ord17

version

GetFileVersionInfoSizeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EmbeddedUIHandler
InitializeEmbeddedUI
RunISMSIMajorUpgradeRemoval
RunISMSISetup
ShutdownEmbeddedUI
f1
f10
f100
f1000
f101
f102
f103
f104
f105
f106
f107
f108
f109
f11
f110
f111
f112
f113
f114
f115
f116
f117
f118
f119
f12
f120
f121
f122
f123
f124
f125
f126
f127
f128
f129
f13
f130
f131
f132
f133
f134
f135
f136
f137
f138
f139
f14
f140
f141
f142
f143
f144
f145
f146
f147
f148
f149
f15
f150
f151
f152
f153
f154
f155
f156
f157
f158
f159
f16
f160
f161
f162
f163
f164
f165
f166
f167
f168
f169
f17
f170
f171
f172
f173
f174
f175
f176
f177
f178
f179
f18
f180
f181
f182
f183
f184
f185
f186
f187
f188
f189
f19
f190
f191
f192
f193
f194
f195
f196
f197
f198
f199
f2
f20
f200
f201
f202
f203
f204
f205
f206
f207
f208
f209
f21
f210
f211
f212
f213
f214
f215
f216
f217
f218
f219
f22
f220
f221
f222
f223
f224
f225
f226
f227
f228
f229
f23
f230
f231
f232
f233
f234
f235
f236
f237
f238
f239
f24
f240
f241
f242
f243
f244
f245
f246
f247
f248
f249
f25
f250
f251
f252
f253
f254
f255
f256
f257
f258
f259
f26
f260
f261
f262
f263
f264
f265
f266
f267
f268
f269
f27
f270
f271
f272
f273
f274
f275
f276
f277
f278
f279
f28
f280
f281
f282
f283
f284
f285
f286
f287
f288
f289
f29
f290
f291
f292
f293
f294
f295
f296
f297
f298
f299
f3
f30
f300
f301
f302
f303
f304
f305
f306
f307
f308
f309
f31
f310
f311
f312
f313
f314
f315
f316
f317
f318
f319
f32
f320
f321
f322
f323
f324
f325
f326
f327
f328
f329
f33
f330
f331
f332
f333
f334
f335
f336
f337
f338
f339
f34
f340
f341
f342
f343
f344
f345
f346
f347
f348
f349
f35
f350
f351
f352
f353
f354
f355
f356
f357
f358
f359
f36
f360
f361
f362
f363
f364
f365
f366
f367
f368
f369
f37
f370
f371
f372
f373
f374
f375
f376
f377
f378
f379
f38
f380
f381
f382
f383
f384
f385
f386
f387
f388
f389
f39
f390
f391
f392
f393
f394
f395
f396
f397
f398
f399
f4
f40
f400
f401
f402
f403
f404
f405
f406
f407
f408
f409
f41
f410
f411
f412
f413
f414
f415
f416
f417
f418
f419
f42
f420
f421
f422
f423
f424
f425
f426
f427
f428
f429
f43
f430
f431
f432
f433
f434
f435
f436
f437
f438
f439
f44
f440
f441
f442
f443
f444
f445
f446
f447
f448
f449
f45
f450
f451
f452
f453
f454
f455
f456
f457
f458
f459
f46
f460
f461
f462
f463
f464
f465
f466
f467
f468
f469
f47
f470
f471
f472
f473
f474
f475
f476
f477
f478
f479
f48
f480
f481
f482
f483
f484
f485
f486
f487
f488
f489
f49
f490
f491
f492
f493
f494
f495
f496
f497
f498
f499
f5
f50
f500
f501
f502
f503
f504
f505
f506
f507
f508
f509
f51
f510
f511
f512
f513
f514
f515
f516
f517
f518
f519
f52
f520
f521
f522
f523
f524
f525
f526
f527
f528
f529
f53
f530
f531
f532
f533
f534
f535
f536
f537
f538
f539
f54

Sections

.text
Size: 442KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 143KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ChefKnife-1.6.1.1/setup.exe
.exe windows:4 windows x86 arch:x86

57667c8db8bb51dbd1bd7d19850c11f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetMalloc
SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA

comctl32

ord17

kernel32

CompareStringA
CompareStringW
GetVersionExA
LoadLibraryA
FreeLibrary
GetProcAddress
GetLocaleInfoA
GetExitCodeProcess
ExitThread
GetCommandLineA
GetSystemDefaultLangID
lstrcmpA
lstrcmpiA
VerLanguageNameA
MoveFileA
FindClose
FindNextFileA
CompareFileTime
FindFirstFileA
GetSystemTimeAsFileTime
SetFileAttributesA
GetPrivateProfileStringA
CreateDirectoryA
LocalFree
FormatMessageA
GetSystemInfo
MulDiv
IsValidLocale
GetVersion
GetModuleHandleA
GetFileAttributesA
GetCurrentDirectoryA
FileTimeToLocalFileTime
GetFileTime
IsBadReadPtr
VirtualQuery
FlushFileBuffers
SetEndOfFile
GetDiskFreeSpaceA
GetTempFileNameA
GetCurrentThread
lstrcatA
CreateEventA
QueryPerformanceFrequency
InterlockedDecrement
InterlockedIncrement
CopyFileA
CreateThread
GetExitCodeThread
GetTickCount
GlobalFree
FindResourceA
LoadResource
SizeofResource
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
ExpandEnvironmentStringsA
GetTempPathA
SetErrorMode
GetWindowsDirectoryA
lstrcpyA
GetSystemDirectoryA
SetEnvironmentVariableA
GetLocaleInfoW
GetTimeZoneInformation
SetStdHandle
SetConsoleCtrlHandler
IsBadCodePtr
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
FatalAppExitA
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
GetStartupInfoA
HeapReAlloc
RtlUnwind
FreeResource
GetPrivateProfileIntA
GetPrivateProfileSectionNamesA
SystemTimeToFileTime
SetCurrentDirectoryA
CreateProcessA
WaitForSingleObject
ExitProcess
GetShortPathNameA
GetCurrentProcess
DuplicateHandle
GetThreadContext
VirtualProtectEx
WriteProcessMemory
FlushInstructionCache
SetThreadContext
ResumeThread
DeleteFileA
Sleep
RemoveDirectoryA
IsDBCSLeadByte
SetFilePointer
GetProcessHeap
HeapAlloc
ReadFile
lstrlenW
HeapFree
WriteFile
lstrcpynA
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
lstrlenA
GetLastError
SetLastError
WritePrivateProfileSectionA
GetPrivateProfileSectionA
MoveFileExA
GetDriveTypeA
QueryPerformanceCounter
SetEvent
ResetEvent
SearchPathA
VirtualProtect
GetCurrentProcessId
FindResourceExA
LoadLibraryExA
GetDateFormatA
GetTimeFormatA
GetLocalTime
TerminateProcess
GetProcessTimes
OpenProcess
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
RaiseException
InterlockedExchange
LocalAlloc

user32

LoadImageA
CreateDialogParamA
GetParent
GetWindowTextA
SetCursor
GetWindow
GetDlgItemTextA
SetFocus
SetDlgItemTextA
SetForegroundWindow
SetActiveWindow
GetDlgCtrlID
GetDC
FillRect
GetSysColor
GetSysColorBrush
GetSystemMetrics
SetRect
FindWindowA
IntersectRect
SubtractRect
CreateDialogIndirectParamA
CharNextA
FindWindowExA
IsDialogMessageA
EnableWindow
SendDlgItemMessageA
SendMessageA
GetWindowRect
ScreenToClient
MoveWindow
DestroyWindow
MessageBoxA
WaitForInputIdle
GetWindowLongA
BeginPaint
EndPaint
SetWindowLongA
GetClientRect
ClientToScreen
SetWindowPos
ExitWindowsEx
CharUpperA
RegisterClassExA
InvalidateRect
EnumChildWindows
UpdateWindow
SetPropA
DrawIcon
MapDialogRect
GetClassNameA
CallWindowProcA
RemovePropA
GetPropA
DrawFocusRect
InflateRect
DrawTextA
CopyRect
MapWindowPoints
GetWindowDC
ReleaseDC
EndDialog
SetWindowTextA
GetDlgItem
ShowWindow
DialogBoxIndirectParamA
GetDesktopWindow
wsprintfA
MsgWaitForMultipleObjects
PeekMessageA
DefWindowProcA
PostMessageA
KillTimer
PostQuitMessage
SetTimer
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
wvsprintfA
CharPrevA
IsWindow

gdi32

UnrealizeObject
SelectPalette
RealizePalette
GetSystemPaletteEntries
CreatePalette
CreateHalftonePalette
CreateFontA
GetDIBColorTable
SetTextColor
GetDeviceCaps
CreateSolidBrush
TranslateCharsetInfo
GetObjectA
CreateFontIndirectA
CreateCompatibleDC
SelectObject
DeleteDC
CreateDIBitmap
DeleteObject
GetStockObject
DeleteMetaFile
CreateCompatibleBitmap
CreateDCA
RestoreDC
GetTextExtentPoint32A
SaveDC
CreatePatternBrush
SetMetaFileBitsEx
SetStretchBltMode
SelectClipRgn
CreateRectRgn
SetPixel
PatBlt
PlayMetaFile
SetBkColor
StretchBlt
CreateBitmap
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
SetBkMode
BitBlt

advapi32

OpenThreadToken
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegOpenKeyA
RegEnumKeyA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
AllocateAndInitializeSid
EqualSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegEnumValueA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

ole32

StringFromCLSID
CoCreateInstance
CLSIDFromProgID
ProgIDFromCLSID
CoTaskMemFree
CoInitializeSecurity
CoUninitialize
CoInitialize
CoCreateGuid
CreateItemMoniker
StringFromGUID2
GetRunningObjectTable

oleaut32

SysFreeString
GetErrorInfo
VariantChangeType
VariantClear
SysAllocString
SysStringLen
SysReAllocStringLen
SysAllocStringLen
LoadTypeLi
CreateErrorInfo
SetErrorInfo
RegisterTypeLi

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA
UuidFromStringA

Sections

.text
Size: 649KB - Virtual size: 649KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: 92KB - Virtual size: 376KB

.rsrc Size: 568B - Virtual size: 4KB

Size: - Virtual size: 8KB

Size: 4KB - Virtual size: 3KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 548KB - Virtual size: 544KB

.sdata Size: 4KB - Virtual size: 228B

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 12B

Headers

File Characteristics

Exports

Exports

Sections

Size: 14KB - Virtual size: 28KB

.rsrc Size: 576B - Virtual size: 4KB

Size: - Virtual size: 4KB

Size: 2KB - Virtual size: 1KB

dae02f32a21e03ce65412f6e56942daa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

61:d4:3d:cf:9b:f3:e5:92:fa:f5:a9:61:fe:41:f2:65Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:74:b7:9b:b7:c3:e0:ca:42:a5:11:2a:77:c2:d0:dd:88:8e:39:55Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 452KB - Virtual size: 449KB

.sdata Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

61:d4:3d:cf:9b:f3:e5:92:fa:f5:a9:61:fe:41:f2:65Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

84:92:96:cf:de:ac:cd:fd:28:55:00:c1:d9:3c:60:71:ef:f9:c7:f1Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.rsrc
Size: 568B - Virtual size: 4KB

.text
Size: 548KB - Virtual size: 544KB

.sdata
Size: 4KB - Virtual size: 228B

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 12B

.rsrc
Size: 576B - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

61:d4:3d:cf:9b:f3:e5:92:fa:f5:a9:61:fe:41:f2:65
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:74:b7:9b:b7:c3:e0:ca:42:a5:11:2a:77:c2:d0:dd:88:8e:39:55
Signer

.text
Size: 452KB - Virtual size: 449KB

.sdata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

61:d4:3d:cf:9b:f3:e5:92:fa:f5:a9:61:fe:41:f2:65
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

84:92:96:cf:de:ac:cd:fd:28:55:00:c1:d9:3c:60:71:ef:f9:c7:f1
Signer

.text
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

61:d4:3d:cf:9b:f3:e5:92:fa:f5:a9:61:fe:41:f2:65
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

71:2b:f2:c0:0e:f5:28:07:85:74:12:fb:19:26:8f:ed:d2:42:76:36
Signer

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 344KB - Virtual size: 343KB

.reloc
Size: 512B - Virtual size: 12B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

61:d4:3d:cf:9b:f3:e5:92:fa:f5:a9:61:fe:41:f2:65
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

d3:3c:56:89:9d:2b:e9:ea:05:84:b7:f2:ea:bc:5e:3f:72:41:4e:90
Signer

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 209KB - Virtual size: 209KB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 59KB - Virtual size: 58KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 16KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B