29486734bc7c1c647f3123c0d504eb6b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29486734bc7c1c647f3123c0d504eb6b_JaffaCakes118
Size

1.3MB
MD5

29486734bc7c1c647f3123c0d504eb6b
SHA1

51af78353401bec7c7d613536b68468d48091bc3
SHA256

e36aac9bf6aae42f4b7aa0ae43907a7c00905822d72564f30ec805e2a19d29e7
SHA512

0d8be9ba385e1bfa34c4bab18b296ff30250d292f81ac77503f2aea2e5fc7f67d2cb2e3bb7c015c9b64c1d75b7d60a7c2fac4b2fff4ea595bee0514368aa7feb
SSDEEP

24576:WOBF9qv+USM3k+Ed4FIw+XG2tOjmKlxfkYNsccNI3Mox8:WmF9qv+USM3Zc4FIw+XGsINlxcYVWI3g

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Install.exe
unpack001/Interop.IWshRuntimeLibrary.dll
unpack001/Setup.exe
unpack001/SourceFiles/ICSharpCode.SharpZipLib.dll
unpack001/SourceFiles/UnInstall.exe
unpack001/SourceFiles/WordToCHM.exe
unpack001/SourceFiles/hha.dll

Files

29486734bc7c1c647f3123c0d504eb6b_JaffaCakes118
.rar
Install.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\软件开发\NewWin项目\WORD2CHM\Word2CHM(Filter)\Install\Setup\obj\Debug\Install.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interop.IWshRuntimeLibrary.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setup.exe
.exe windows:5 windows x86 arch:x86

ae21b47bea3e4df4e26c1d86d992cf6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\win项目\安装\Setup\Debug\Setup.pdb

Imports

user32

BeginPaint
EndPaint
PostQuitMessage
DefWindowProcA
LoadIconA
LoadCursorA
RegisterClassExA
MessageBoxA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA

gdi32

TextOutA

advapi32

RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

kernel32

CloseHandle
GetTimeZoneInformation
SetFilePointer
CreateFileA
WriteConsoleA
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
CompareStringW
CompareStringA
SetEnvironmentVariableA
GetConsoleOutputCP
LoadLibraryA
IsValidLocale
GetDateFormatA
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetProcAddress
ExitProcess
GetModuleFileNameW
RtlUnwind
RaiseException
GetCommandLineA
GetStartupInfoA
HeapValidate
IsBadReadPtr
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FatalAppExitA
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
GetLastError
GetCurrentThread
GetModuleFileNameA
WriteFile
GetStdHandle
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
SetConsoleCtrlHandler
FreeLibrary
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
OutputDebugStringA
WriteConsoleW
GetFileType
OutputDebugStringW
LoadLibraryW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
GetLocaleInfoA
GetProcessHeap
VirtualQuery
GetTimeFormatA

Sections

.textbss
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SourceFiles/Config.xml
.xml
SourceFiles/Copyright.xml
.xml
SourceFiles/ICSharpCode.SharpZipLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\下载源码\SharpZipLib_0860_SourceSamples\SrcSamples\src\obj\Debug\ICSharpCode.SharpZipLib.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SourceFiles/Jscript/jquery-latest.pack.js
.js
SourceFiles/Jscript/jquery.pngFix.js
.js
SourceFiles/Jscript/rendering.js
.js
SourceFiles/Language/zh-CN.xml
SourceFiles/Microsoft.Office.Interop.Word.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4c:ef:15:06:e4:43:3f:9d:00:79:7f:51:9c:c4:66:10:d4:83:0c:1e
Signer

Actual PE Digest

4c:ef:15:06:e4:43:3f:9d:00:79:7f:51:9c:c4:66:10:d4:83:0c:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 744KB - Virtual size: 743KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SourceFiles/Microsoft.Vbe.Interop.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8c:28:0c:a0:bd:22:4d:00:39:37:3a:88:f3:40:70:f3:c0:2c:8e:c3
Signer

Actual PE Digest

8c:28:0c:a0:bd:22:4d:00:39:37:3a:88:f3:40:70:f3:c0:2c:8e:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SourceFiles/Office.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a7:4a:a4:54:d9:ec:82:62:1b:91:1e:e9:af:0d:42:3b:6b:bb:c8:74
Signer

Actual PE Digest

a7:4a:a4:54:d9:ec:82:62:1b:91:1e:e9:af:0d:42:3b:6b:bb:c8:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 388KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SourceFiles/Template.xml
SourceFiles/Templates/BGround/content.html
SourceFiles/Templates/BGround/css.css
SourceFiles/Templates/BGround/default.html
.html
SourceFiles/Templates/BGround/frameimages/Banner.png
.png
SourceFiles/Templates/BGround/frameimages/Logo.gif
.gif
SourceFiles/Templates/BGround/frameimages/Thumbs.db
SourceFiles/Templates/BGround/frameimages/Top.png
.png
SourceFiles/Templates/BGround/frameimages/blank.gif
.gif
SourceFiles/Templates/BGround/frameimages/no_child.gif
.gif
SourceFiles/Templates/BGround/frameimages/with_child.gif
.gif
SourceFiles/Templates/BGround/images/Next.gif
.gif
SourceFiles/Templates/BGround/images/Prev.gif
.gif
SourceFiles/Templates/BGround/images/Thumbs.db
SourceFiles/Templates/BGround/images/Up.gif
.gif
SourceFiles/Templates/BGround/images/_Next.gif
.gif
SourceFiles/Templates/BGround/images/_Prev.gif
.gif
SourceFiles/Templates/BGround/images/_Up.gif
.gif
SourceFiles/Templates/BGround/images/bg.jpg
.jpg
SourceFiles/Templates/BGround/list.html
SourceFiles/Templates/BGround/search.html
.js
SourceFiles/Templates/BGround/top.html
.html
SourceFiles/Templates/Default/css.css
SourceFiles/Templates/Default/default.html
.html
SourceFiles/Templates/Default/frameimages/Banner.png
.png
SourceFiles/Templates/Default/frameimages/Logo.gif
.gif
SourceFiles/Templates/Default/frameimages/Thumbs.db
SourceFiles/Templates/Default/frameimages/Top.png
.png
SourceFiles/Templates/Default/frameimages/blank.gif
.gif
SourceFiles/Templates/Default/frameimages/no_child.gif
.gif
SourceFiles/Templates/Default/frameimages/with_child.gif
.gif
SourceFiles/Templates/Default/images/Next.gif
.gif
SourceFiles/Templates/Default/images/Prev.gif
.gif
SourceFiles/Templates/Default/images/Thumbs.db
SourceFiles/Templates/Default/images/Up.gif
.gif
SourceFiles/Templates/Default/images/_Next.gif
.gif
SourceFiles/Templates/Default/images/_Prev.gif
.gif
SourceFiles/Templates/Default/images/_Up.gif
.gif
SourceFiles/Templates/Default/list.html
SourceFiles/Templates/Default/search.html
.js
SourceFiles/Templates/Default/top.html
.html
SourceFiles/UnInstall.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\软件开发\NewWin项目\WORD2CHM\Word2CHM(Filter)\Install\UnInstall\obj\Debug\UnInstall.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SourceFiles/WordToCHM.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.textxc
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SourceFiles/hha.dll
.dll windows:4 windows x86 arch:x86

969d3807d966bc686a2e4719c377ca96

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
ExitProcess
RaiseException
GetCurrentThreadId
GetCurrentProcess
GetLocalTime
GetCommandLineA
HeapCreate
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
SetUnhandledExceptionFilter
GetModuleHandleA
SetHandleCount
GetFileType
GetStdHandle
GetTimeZoneInformation
GetSystemTime
TlsSetValue
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsBadWritePtr
IsBadCodePtr
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
GetLocaleInfoW
CompareStringW
SetEnvironmentVariableA
GetPrivateProfileStringA
_lread
GlobalHandle
GlobalLock
GlobalFree
FreeLibrary
GlobalMemoryStatus
GetCurrentProcessId
SetEndOfFile
GetWindowsDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
lstrcmpiA
LCMapStringA
VirtualAlloc
VirtualFree
ExitThread
WaitForSingleObject
Sleep
SetFilePointer
CreateSemaphoreA
CreateThread
ReleaseSemaphore
WriteFile
LocalAlloc
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
GetSystemDefaultLangID
SetCurrentDirectoryA
lstrlenA
MulDiv
GetLastError
FormatMessageA
LocalFree
GetVolumeInformationA
OpenFile
_lwrite
_lclose
GetUserDefaultLCID
FatalAppExitA
GetVersion
IsDBCSLeadByte
CompareStringA
ReadFile
CloseHandle
CreateFileA
LoadLibraryA
GetProcAddress
GetLocaleInfoA
WritePrivateProfileStringA
IsBadReadPtr
lstrcatA
lstrcpyA
GetFileSize
GetTempPathA
GetTempFileNameA
DeleteFileA
GetSystemTimeAsFileTime
LocalReAlloc
FindNextFileA
FindFirstFileA
FindClose
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
GetVersionExA
SearchPathA
SetLastError
_llseek
_lopen
MultiByteToWideChar
WideCharToMultiByte
lstrcpynA
lstrlenW
CreateFileMappingA
MapViewOfFile
GetTickCount
DebugBreak
GetSystemDirectoryA
GlobalAlloc
GetStartupInfoA
FlushFileBuffers
GetCPInfo

user32

BeginPaint
DeleteMenu
GetMenuItemID
InsertMenuA
DefWindowProcA
IsIconic
RegisterClassA
SetRect
CharUpperA
FillRect
WinHelpA
EnableWindow
CreateWindowExA
OffsetRect
CharPrevA
SetWindowPos
LoadCursorA
SetCursor
LoadStringA
MessageBoxA
CharLowerA
CharNextA
GetSysColor
EndPaint
GetDlgItemInt
LoadBitmapA
GetClientRect
GetParent
SetDlgItemInt
UnhookWindowsHookEx
ClientToScreen
SetTimer
GetCursorPos
ScreenToClient
CallWindowProcA
GetClassNameA
CreateDialogParamA
ShowWindow
SendDlgItemMessageA
wsprintfA
SetFocus
SetWindowTextA
GetWindowTextLengthA
GetWindowTextA
GetWindowLongA
PostMessageA
EndDialog
SetWindowLongA
GetDC
ReleaseDC
GetDlgItem
GetSystemMetrics
InvalidateRect
CallNextHookEx
GetDesktopWindow
GetWindowRect
SystemParametersInfoA
MoveWindow
DialogBoxParamA
IsWindow
DestroyWindow
SendMessageA
EnumChildWindows
SetWindowsHookExA
FindWindowA
wvsprintfA
GetWindowPlacement
KillTimer
ReleaseCapture
SetCapture
PtInRect

gdi32

SelectClipRgn
PatBlt
GetTextMetricsA
GetDeviceCaps
CreateFontA
DeleteObject
GetObjectA
GetTextExtentPointA
ExtTextOutA
SetBkColor
SetTextColor
BitBlt
CreateFontIndirectA
SetMapMode
CreateCompatibleDC
CreateDCA
CreateICA
DeleteDC
SelectPalette
RealizePalette
CreatePen
CreateSolidBrush
CreateCompatibleBitmap
CreatePalette
GetDIBits
StretchDIBits
CreateDIBSection
GetPaletteEntries
CreateHalftonePalette
RestoreDC
PlayMetaFile
SetBkMode
SetViewportExtEx
SetViewportOrgEx
SaveDC
DeleteMetaFile
SetMetaFileBitsEx
CreateRectRgnIndirect
SelectObject
CreateBitmap
CreatePatternBrush

advapi32

RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

comdlg32

GetOpenFileNameA

comctl32

ord15
ord14
CreatePropertySheetPageA
PropertySheetA

version

VerQueryValueA
GetFileVersionInfoA

ole32

CoGetClassObject
CoCreateInstance

Exports

Exports

?LoadJpeg@@YG?AW4FSERR@@PBDPAUIMAGE@@@Z
EditHhCtrlObject
EditHhCtrlScript
FreeFilterDIB
HHA_CompileHHP
LoadFilterImage

Sections

.text
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SourceFiles/hhc.exe
.exe windows:4 windows x86 arch:x86

923cb3b7dca4da6b58b66663d91cb878

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:c4:85:02:8e:f7:fc:04:21:c1:31:d6:8f:33:02:90:bc:7a:82:ed
Signer

Actual PE Digest

30:c4:85:02:8e:f7:fc:04:21:c1:31:d6:8f:33:02:90:bc:7a:82:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

hha

ord1
ord8
ord31
ord315
ord32
ord30
ord319
ord64
ord67
ord68
ord4

kernel32

GetCurrentProcess
DeleteFileA
ExitProcess
TerminateProcess
GetFileAttributesA
RtlUnwind
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
HeapFree
HeapAlloc
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
VirtualAlloc
GetProcAddress
LoadLibraryA
FlushFileBuffers
SetFilePointer
CloseHandle
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetLocaleInfoW
LCMapStringA
LCMapStringW

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SourceFiles/itcc.dll
.dll regsvr32 windows:5 windows x86 arch:x86

8fc17f38bab8bbc866f938baa2ab7c7a

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

83:bb:9a:a1:77:f7:7a:a2:8e:f8:ab:59:51:48:59:ed:9d:f2:7f:b7
Signer

Actual PE Digest

83:bb:9a:a1:77:f7:7a:a2:8e:f8:ab:59:51:48:59:ed:9d:f2:7f:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetTempPathA
WriteFile
GetTempFileNameA
CreateFileA
DeleteFileA
UnmapViewOfFile
GlobalAlloc
HeapDestroy
GlobalFree
lstrcatA
CloseHandle
lstrcpyA
GetLastError
GetCurrentProcess
GetModuleHandleA
lstrcmpiA
GetModuleFileNameA
EnterCriticalSection
GetCurrentThreadId
lstrlenA
LeaveCriticalSection
lstrlenW
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
InterlockedIncrement
DeleteCriticalSection
DisableThreadLibraryCalls
GetACP
GetOEMCP
TlsAlloc
TlsFree
GlobalFlags
GlobalLock
GlobalUnlock
GetFileSize
IsBadWritePtr
GlobalHandle
lstrcpynA
GetWindowsDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
OpenFile
ReadFile
GetStartupInfoA
GetCPInfo
SetFilePointer
SetStdHandle
GetLocaleInfoW
FlushFileBuffers
GetLocaleInfoA
GetStringTypeW
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
TlsSetValue
CreateFileMappingA
GlobalReAlloc
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
VirtualFree
MapViewOfFile
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapCreate
GetProcAddress
VirtualAlloc
LoadLibraryA
LCMapStringA
LCMapStringW

user32

LoadStringA
CharNextA
wsprintfA
GetActiveWindow
GetWindowLongA
CharUpperA

advapi32

RegEnumKeyExA
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA

ole32

CoCreateInstance
StringFromCLSID
CoTaskMemFree
CoGetClassObject
CLSIDFromProgID

oleaut32

LoadTypeLi
RegisterTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SourceFiles/新云软件.url
.url
使用说明.txt

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 412KB - Virtual size: 412KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 36KB - Virtual size: 34KB

.rsrc Size: 4KB - Virtual size: 888B

.reloc Size: 4KB - Virtual size: 12B

ae21b47bea3e4df4e26c1d86d992cf6e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

gdi32

advapi32

shell32

kernel32

Sections

.textbss Size: - Virtual size: 172KB

.text Size: 370KB - Virtual size: 370KB

.rdata Size: 73KB - Virtual size: 73KB

.data Size: 5KB - Virtual size: 14KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 16KB - Virtual size: 16KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 208KB - Virtual size: 205KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

4c:ef:15:06:e4:43:3f:9d:00:79:7f:51:9c:c4:66:10:d4:83:0c:1eSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 744KB - Virtual size: 743KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 412KB - Virtual size: 412KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 36KB - Virtual size: 34KB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 4KB - Virtual size: 12B

.textbss
Size: - Virtual size: 172KB

.text
Size: 370KB - Virtual size: 370KB

.rdata
Size: 73KB - Virtual size: 73KB

.data
Size: 5KB - Virtual size: 14KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 16KB - Virtual size: 16KB

.text
Size: 208KB - Virtual size: 205KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

4c:ef:15:06:e4:43:3f:9d:00:79:7f:51:9c:c4:66:10:d4:83:0c:1e
Signer

.text
Size: 744KB - Virtual size: 743KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

8c:28:0c:a0:bd:22:4d:00:39:37:3a:88:f3:40:70:f3:c0:2c:8e:c3
Signer

.text
Size: 44KB - Virtual size: 41KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

a7:4a:a4:54:d9:ec:82:62:1b:91:1e:e9:af:0d:42:3b:6b:bb:c8:74
Signer

.text
Size: 388KB - Virtual size: 384KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 72KB - Virtual size: 72KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 512B - Virtual size: 12B

.textxc
Size: 146KB - Virtual size: 145KB