31bca434592a58fc2253dec4c9ae1e21_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

31bca434592a58fc2253dec4c9ae1e21_JaffaCakes118
Size

4.9MB
MD5

31bca434592a58fc2253dec4c9ae1e21
SHA1

69268186da49fb89a60ac7292ecc2c72e7b4a5ef
SHA256

1b6a385a08fb7970f0ffaa9d442e8ab0d7b80c623915dd3d378b4cfeea0a78d4
SHA512

00ab1da3d0661d49cd4ca16fb8e68e9606ecbc8920286177d8651950be4d8676d8ed5c04f94c3a7b6f8d6d1d4c8af0f878b71f2cedc0f9347dcd363844545b38
SSDEEP

98304:OKDyLyqliZ0vJqG7ptrGP0LnE6Lx2M+J/hJ6ZYWs5egyFKxIT4CMNH204Y7:OKDyLyqlm0vbL6P0LnE6Nl+Jh3KFGIn6

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstGameInfoHelper.exe
unpack001/$PLUGINSDIR/IwinToolbar.exe
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack002/$PLUGINSDIR/System.dll
unpack001/iWinGamesHookIE.dll
unpack001/iWinInfo.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/Uninstall.exe	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_2

Files

31bca434592a58fc2253dec4c9ae1e21_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:d6:34:44:57:7d:d6:03:29:54:ef:0d:46:05:2c:79
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

11/11/2008, 00:00

Not After

16/11/2010, 23:59

Subject

CN=iWin\, Inc,OU=SECURE APPLICATION DEVELOPMENT,O=iWin\, Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/GameuxInstallHelper.dll
.dll windows:6 windows x86 arch:x86

d46feae5913f2b33d6159af1367e8ee7

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:eb:1a:31:ab:86:59:9c:42:ce:aa:0d:c1:4b:fd:e6:6f:ea:4e:ac
Signer

Actual PE Digest

3f:eb:1a:31:ab:86:59:9c:42:ce:aa:0d:c1:4b:fd:e6:6f:ea:4e:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

GameuxInstallHelper.pdb

Imports

kernel32

GetFileAttributesW
GetWindowsDirectoryW
MultiByteToWideChar
DeleteFileW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
FindResourceW
LoadLibraryW
GetCommandLineA
GetVersionExA
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
GetCurrentThreadId
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
OutputDebugStringA
CreateFileW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetModuleHandleW
GetCPInfo
GetACP
GetOEMCP
Sleep
VirtualAlloc
HeapReAlloc
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
VirtualProtect
GetSystemInfo
VirtualQuery
CreateFileA
FlushFileBuffers
ReadFile
CloseHandle
GetCurrentProcessId
GetFullPathNameW
GetVersionExW
TerminateProcess
WriteFile

ole32

CoSetProxyBlanket
StringFromGUID2
CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
CreateStreamOnHGlobal

msi

ord74
ord145
ord70

oleaut32

VariantClear
SysAllocString
SysFreeString

shell32

ShellExecuteW
SHGetFolderPathW
SHCreateDirectoryExW
SHFileOperationW

shlwapi

SHDeleteKeyW
PathAddBackslashW

advapi32

RegQueryValueExW
RegCreateKeyExW
RegEnumKeyW
RegSetValueExW
RegCloseKey

Exports

Exports

AddToGameExplorerA
AddToGameExplorerUsingMSI
AddToGameExplorerW
CreateTaskA
CreateTaskW
GenerateGUID
RegisterWithMediaCenterA
RegisterWithMediaCenterW
RemoveFromGameExplorer
RemoveFromGameExplorerUsingMSI
RemoveRichSavedGamesA
RemoveRichSavedGamesW
RemoveTasks
RetrieveGUIDForApplicationA
RetrieveGUIDForApplicationW
SetMSIGameExplorerProperties
SetupRichSavedGamesA
SetupRichSavedGamesW
UnRegisterWithMediaCenterA
UnRegisterWithMediaCenterW

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstGameInfoHelper.exe
.exe windows:5 windows x86 arch:x86

2f05f2531b6da725824fc913b1b92aff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\vorona\Documents\iwin\games\iWinArcade\Runnable\InstGameInfoHelper.pdb

Imports

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetReadFile

oleaut32

OleLoadPicture
OleSavePictureFile

ole32

CreateStreamOnHGlobal

kernel32

GetStdHandle
GetProcessHeap
SetEndOfFile
LCMapStringW
LCMapStringA
GlobalAlloc
GlobalFree
CreateFileA
GetFileSize
CloseHandle
GlobalLock
ReadFile
GlobalUnlock
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
RaiseException
RtlUnwind
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
MultiByteToWideChar
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
VirtualAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetLocaleInfoA
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/IwinToolbar.exe
.exe windows:4 windows x86 arch:x86

72467ab5b1f21b6db7557829bab796cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
VirtualAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
ExitProcess
RaiseException
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetACP
GetExitCodeProcess
CreateProcessA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
SetErrorMode
GetOEMCP
GetCPInfo
CreateFileA
GetCurrentProcess
GetThreadLocale
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
WritePrivateProfileStringA
FormatMessageA
LocalFree
MulDiv
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedDecrement
GetModuleFileNameW
GlobalUnlock
GlobalFree
FreeResource
GetCurrentProcessId
SetLastError
GlobalAddAtomA
WaitForSingleObject
CloseHandle
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
lstrlenA
CompareStringW
CompareStringA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentStrings
InterlockedExchange

user32

LoadCursorA
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetForegroundWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
DrawIcon
SendMessageA
IsIconic
GetClientRect
LoadIconA
EnableWindow
GetWindow
UnhookWindowsHookEx
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
DestroyMenu
UnregisterClassA
GetSysColorBrush
GetWindowTextA
GetSystemMetrics
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
IsWindowEnabled
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetTopWindow

gdi32

DeleteDC
GetStockObject
GetDeviceCaps
ScaleWindowExtEx
SetWindowExtEx
RectVisible
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
CreateBitmap
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
TextOutA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 344KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/defaultthumbnail.bmp
$PLUGINSDIR/ftdownload.dat
$PLUGINSDIR/iwintoolbarinst.exe
.exe windows:4 windows x86 arch:x86

81638d02019c0bfcaaf23a9c69f2f12c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
WaitForSingleObject
CreateProcessA
GetCommandLineA
CloseHandle
UnmapViewOfFile
WriteFile
MapViewOfFile
DeleteFileA
GetTempFileNameA
GetTempPathA
CreateFileA
GetShortPathNameA
GetModuleFileNameA

user32

wsprintfA

Sections

.text
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 533B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AdminWorker.exe
.exe windows:5 windows x86 arch:x86

59fc68ac8f271ad3122896142d9cabc4

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

49:d6:34:44:57:7d:d6:03:29:54:ef:0d:46:05:2c:79
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

11/11/2008, 00:00

Not After

16/11/2010, 23:59

Subject

CN=iWin\, Inc,OU=SECURE APPLICATION DEVELOPMENT,O=iWin\, Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

da:74:74:d3:c6:60:b8:9d:75:4a:29:e7:63:f5:b1:29:f4:8e:42:80
Signer

Actual PE Digest

da:74:74:d3:c6:60:b8:9d:75:4a:29:e7:63:f5:b1:29:f4:8e:42:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

shlwapi

SHGetValueW

user32

SetForegroundWindow

advapi32

RegEnumKeyW

shell32

SHFileOperationA

ole32

CoUninitialize

oleaut32

SysAllocString

Sections

.text
Size: 71KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Uninstall.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

49:d6:34:44:57:7d:d6:03:29:54:ef:0d:46:05:2c:79
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

11/11/2008, 00:00

Not After

16/11/2010, 23:59

Subject

CN=iWin\, Inc,OU=SECURE APPLICATION DEVELOPMENT,O=iWin\, Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:a1:e5:c6:38:26:2c:ba:75:a2:0e:48:90:1a:89:8d:26:d9:8f:eb
Signer

Actual PE Digest

07:a1:e5:c6:38:26:2c:ba:75:a2:0e:48:90:1a:89:8d:26:d9:8f:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/GameuxInstallHelper.dll
.dll windows:6 windows x86 arch:x86

d46feae5913f2b33d6159af1367e8ee7

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:eb:1a:31:ab:86:59:9c:42:ce:aa:0d:c1:4b:fd:e6:6f:ea:4e:ac
Signer

Actual PE Digest

3f:eb:1a:31:ab:86:59:9c:42:ce:aa:0d:c1:4b:fd:e6:6f:ea:4e:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

GameuxInstallHelper.pdb

Imports

kernel32

GetFileAttributesW
GetWindowsDirectoryW
MultiByteToWideChar
DeleteFileW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
FindResourceW
LoadLibraryW
GetCommandLineA
GetVersionExA
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
GetCurrentThreadId
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
OutputDebugStringA
CreateFileW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetModuleHandleW
GetCPInfo
GetACP
GetOEMCP
Sleep
VirtualAlloc
HeapReAlloc
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
VirtualProtect
GetSystemInfo
VirtualQuery
CreateFileA
FlushFileBuffers
ReadFile
CloseHandle
GetCurrentProcessId
GetFullPathNameW
GetVersionExW
TerminateProcess
WriteFile

ole32

CoSetProxyBlanket
StringFromGUID2
CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
CreateStreamOnHGlobal

msi

ord74
ord145
ord70

oleaut32

VariantClear
SysAllocString
SysFreeString

shell32

ShellExecuteW
SHGetFolderPathW
SHCreateDirectoryExW
SHFileOperationW

shlwapi

SHDeleteKeyW
PathAddBackslashW

advapi32

RegQueryValueExW
RegCreateKeyExW
RegEnumKeyW
RegSetValueExW
RegCloseKey

Exports

Exports

AddToGameExplorerA
AddToGameExplorerUsingMSI
AddToGameExplorerW
CreateTaskA
CreateTaskW
GenerateGUID
RegisterWithMediaCenterA
RegisterWithMediaCenterW
RemoveFromGameExplorer
RemoveFromGameExplorerUsingMSI
RemoveRichSavedGamesA
RemoveRichSavedGamesW
RemoveTasks
RetrieveGUIDForApplicationA
RetrieveGUIDForApplicationW
SetMSIGameExplorerProperties
SetupRichSavedGamesA
SetupRichSavedGamesW
UnRegisterWithMediaCenterA
UnRegisterWithMediaCenterW

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
WebInstaller.exe
.exe windows:5 windows x86 arch:x86

fe31a1ea0465cd2d80098af8995d27d2

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

49:d6:34:44:57:7d:d6:03:29:54:ef:0d:46:05:2c:79
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

11/11/2008, 00:00

Not After

16/11/2010, 23:59

Subject

CN=iWin\, Inc,OU=SECURE APPLICATION DEVELOPMENT,O=iWin\, Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d1:6b:a6:7e:f7:b9:32:17:7e:20:13:19:fe:9a:4e:6a:8e:d2:eb:f7
Signer

Actual PE Digest

d1:6b:a6:7e:f7:b9:32:17:7e:20:13:19:fe:9a:4e:6a:8e:d2:eb:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\data\iwin\games\iWinArcade\WebInterceptor\WebInstaller\Release\WebInstaller.pdb

Imports

shlwapi

SHGetValueA

advapi32

RegDeleteValueW
RegSetValueExW
RegSetValueExA
RegCreateKeyExW
RegQueryValueExA
RegQueryValueExW
RegOpenKeyW
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegEnumValueA
RegEnumValueW
RegOpenKeyExW
RegOpenKeyA
RegFlushKey
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHFileOperationA

kernel32

FreeEnvironmentStringsW
GetModuleFileNameW
GetModuleFileNameA
GetVersionExA
WinExec
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
GetModuleHandleA
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
MultiByteToWideChar
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
ReadFile
CreateFileA
CloseHandle
FlushFileBuffers

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WebUpdater.bmp
WebUpdater.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

49:d6:34:44:57:7d:d6:03:29:54:ef:0d:46:05:2c:79
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

11/11/2008, 00:00

Not After

16/11/2010, 23:59

Subject

CN=iWin\, Inc,OU=SECURE APPLICATION DEVELOPMENT,O=iWin\, Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ce:21:97:8a:59:d2:16:77:0e:ed:a2:8b:33:b7:f7:12:bd:cb:29:b6
Signer

Actual PE Digest

ce:21:97:8a:59:d2:16:77:0e:ed:a2:8b:33:b7:f7:12:bd:cb:29:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 44KB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
firefox/chrome.manifest
firefox/chrome/iwinarcade.jar
.zip
content/contents.rdf
.xml
content/iwa-ovr.js
.js
content/iwa-ovr.xul
.xml
content/iwinarcade.js
firefox/iWinArcadeLauncher.exe
.exe windows:4 windows x86 arch:x86

80ecfa2eb6a7155e205be13d4cdc1119

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

17/11/2006, 00:00

Not After

16/11/2008, 23:59

Subject

CN=iWin\, Inc,OU=Secure Application Development,O=iWin\, Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c2:f2:b1:ce:35:01:13:e3:a2:5b:2f:4f:00:17:54:c6:c6:d7:b5:49
Signer

Actual PE Digest

c2:f2:b1:ce:35:01:13:e3:a2:5b:2f:4f:00:17:54:c6:c6:d7:b5:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegOpenKeyW
RegCloseKey

shell32

ShellExecuteW

kernel32

GetStringTypeW
GetStringTypeA
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
RaiseException
HeapAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
HeapSize
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
firefox/install.rdf
.xml
firefox/version
gamepage/buynow.html
.html .js polyglot
gamepage/common.js
.js
gamepage/css/offline.css
gamepage/disconnected-upsell.html
.html
gamepage/end.html
.html
gamepage/expired.html
.html
gamepage/images/alert32x32.gif
.gif
gamepage/images/bg_header.gif
.gif
gamepage/images/buttons/close-blue-28.gif
.gif
gamepage/images/buttons/continue-orange-132.gif
.gif
gamepage/images/buttons/yesiwantabackupcd-orange-197.gif
.gif
gamepage/images/common/header-bg.gif
.gif
gamepage/images/common/header-small-bg.gif
.gif
gamepage/images/common/loading.gif
.gif
gamepage/images/continuefreetrial-32.gif
.gif
gamepage/images/global/logo-invis.gif
.gif
gamepage/images/global/logo.gif
.gif
gamepage/images/global/page-bg-swirly.gif
.gif
gamepage/images/global/page-bg.gif
.gif
gamepage/images/global/page-header-small-bg.jpg
.jpg
gamepage/images/logo.jpg
.jpg
gamepage/images/misc/blue-bottom-triangle.gif
.gif
gamepage/images/misc/information.gif
.gif
gamepage/images/ous/divider.gif
.gif
gamepage/images/ous/eus.jpg
.jpg
gamepage/images/ous/hotel-bg.gif
.gif
gamepage/images/ous/hotel-iwin.gif
.gif
gamepage/images/ous/opal.gif
.gif
gamepage/images/ous/opalbox.jpg
.jpg
gamepage/images/ous/ous-promo-banner.jpg
.jpg
gamepage/images/plans/plan1.gif
.gif
gamepage/images/plans/plan2.gif
.gif
gamepage/images/plans/plan3.gif
.gif
gamepage/images/product/feature.jpg
.jpg
gamepage/open.html
.html
gamepage/operationfailed.html
.html .js polyglot
gamepage/scripts/disconnected-upsell.js
.js
gamepage/scripts/popups.js
.js
gamepage/scripts/prototype-1.6.js
.js
gamepage/styles/base.css
gamepage/styles/disconnected-upsell.css
gamepage/styles/shoppingcart.css
gamepage/success.html
.html
host.cfg
iWinGames.exe
.exe windows:5 windows x86 arch:x86

f15673b218ff42322d7fc5f5c0169646

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

49:d6:34:44:57:7d:d6:03:29:54:ef:0d:46:05:2c:79
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

11/11/2008, 00:00

Not After

16/11/2010, 23:59

Subject

CN=iWin\, Inc,OU=SECURE APPLICATION DEVELOPMENT,O=iWin\, Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:5d:21:11:f2:0b:14:24:9c:51:45:6c:a6:46:6a:2a:5e:be:b4:d8
Signer

Actual PE Digest

51:5d:21:11:f2:0b:14:24:9c:51:45:6c:a6:46:6a:2a:5e:be:b4:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
recv
WSACleanup
send
ioctlsocket
socket
htons
connect
closesocket
WSAGetLastError
gethostbyname

winmm

PlaySoundA
PlaySoundW
timeGetTime
joyGetPosEx

msimg32

GradientFill
TransparentBlt

shlwapi

SHGetValueW
PathIsUNCA
PathFindExtensionA
PathFindFileNameA
SHGetValueA
PathStripToRootA

kernel32

GetProfileIntA
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetSystemTimeAsFileTime
RemoveDirectoryA
VirtualProtect
VirtualAlloc
GetModuleHandleW
VirtualQuery
GetCommandLineA
GetStartupInfoA
HeapReAlloc
HeapSize
GetStdHandle
GetACP
IsValidCodePage
LCMapStringA
GetFileTime
HeapCreate
VirtualFree
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetTimeFormatA
GetDateFormatA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
GetFileAttributesA
InterlockedCompareExchange
LoadLibraryExA
FindResourceExA
GetUserDefaultLangID
GetNumberFormatA
GetCurrencyFormatA
lstrcpyA
WinExec
IsBadWritePtr
IsBadReadPtr
SetErrorMode
GetUserDefaultLCID
FileTimeToLocalFileTime
SystemTimeToFileTime
FileTimeToSystemTime
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
CreateEventA
SetEvent
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
DuplicateHandle
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrcmpA
GetCurrentProcessId
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GlobalSize
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
GlobalAlloc
GlobalFree
GetCurrentProcess
lstrlenA
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
GetVersion
InterlockedExchange
ExitProcess
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
FindFirstFileW
FindNextFileW
FindClose
GetSystemTime
GetTimeZoneInformation
GetLocalTime
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetComputerNameA
HeapAlloc
HeapFree
SetLastError
OpenProcess
GetModuleHandleA
ReleaseMutex
TerminateProcess
GetExitCodeProcess
WriteFile
ReadFile
GetProcAddress
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetLastError
CreateThread
GetVolumeInformationA
GetSystemInfo
GetDiskFreeSpaceExA
Sleep
TerminateThread
WaitForSingleObject
MulDiv
FindResourceA
LoadResource
LockResource
SizeofResource
CopyFileA
CloseHandle
CreateProcessW
CreateProcessA
SetCurrentDirectoryW
SetCurrentDirectoryA
GetModuleFileNameW
GetModuleFileNameA
MoveFileW
MoveFileA
OpenMutexW
OpenMutexA
CreateMutexW
CreateMutexA
CreateFileW
CreateFileA
GetFullPathNameW
GetFullPathNameA
DeleteFileW
DeleteFileA
CreateDirectoryW
CreateDirectoryA
GetCurrentDirectoryW
GetCurrentDirectoryA
GetTempPathW
GetTempPathA
LoadLibraryW
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
GetVersionExA
LCMapStringW

user32

PostThreadMessageA
LockWindowUpdate
GetDCEx
MessageBeep
GetNextDlgGroupItem
CopyAcceleratorTableA
CharNextA
UnionRect
DeleteMenu
MapVirtualKeyA
GetKeyNameTextA
CreateMenu
InvalidateRgn
RegisterClipboardFormatA
UnregisterClassA
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
GetMessageA
PostQuitMessage
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
UnpackDDElParam
ReuseDDElParam
DestroyMenu
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
BringWindowToTop
SetMenu
TranslateAcceleratorA
GetDesktopWindow
ValidateRect
SetParent
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
IsWindowEnabled
MoveWindow
IsDialogMessageA
SendDlgItemMessageA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetLastActivePopup
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
EqualRect
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
CallWindowProcA
SystemParametersInfoA
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
EnumChildWindows
PeekMessageA
TranslateMessage
DispatchMessageA
IsWindowUnicode
RegisterWindowMessageA
CharUpperA
GetSysColor
GetMenuItemInfoA
WaitMessage
ReleaseCapture
SetCapture
GetCapture
DrawFocusRect
FillRect
InflateRect
SetRect
AdjustWindowRectEx
LoadIconA
IsIconic
LoadMenuA
SetWindowLongA
AllowSetForegroundWindow
EnumWindows
GetForegroundWindow
GetWindowThreadProcessId
CreateWindowExW
SendMessageW
DestroyWindow
GetClassNameA
IsZoomed
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
MapVirtualKeyExA
DestroyAcceleratorTable
EnableScrollBar
IsCharAlphaNumericA
DrawIconEx
GetCursor
GetIconInfo
CreateAcceleratorTableA
LoadMenuIndirectA
IsClipboardFormatAvailable
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
GetAsyncKeyState
IsMenu
GetWindowRgn
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetClassInfoA
DefWindowProcA
GetWindowLongA
GetWindowPlacement
GetSystemMetrics
IsChild
SetWindowRgn
GetSystemMenu
ShowWindow
SetActiveWindow
SetForegroundWindow
DrawIcon
GetActiveWindow
SetFocus
SetCursor
WindowFromPoint
DestroyCursor
LoadImageA
LoadCursorA
DestroyIcon
IsWindow
GetKeyState
IsWindowVisible
ClientToScreen
PostMessageA
OffsetRect
PtInRect
CopyRect
GetCursorPos
GrayStringA
DrawTextExA
TabbedTextOutA
SetWindowPos
EnableWindow
GetWindow
GetFocus
KillTimer
SetTimer
RedrawWindow
InvalidateRect
UpdateWindow
ScreenToClient
CreateIconIndirect
DrawFrameControl
FrameRect
DrawStateA
GetClientRect
GetWindowRect
LoadBitmapA
IntersectRect
SetRectEmpty
IsRectEmpty
SendMessageA
GetParent
FindWindowW
FindWindowA
MessageBoxW
MessageBoxA
DrawTextW
DrawTextA
GetWindowTextW
GetWindowTextA
SetWindowTextW
SetWindowTextA
GetLastInputInfo
UnhookWindowsHookEx

gdi32

SetRectRgn
PatBlt
GetTextMetricsA
CreateHatchBrush
StretchDIBits
GetRgnBox
Rectangle
ExtCreatePen
CreatePen
SelectPalette
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
GetTextColor
RoundRect
SetPixel
GetTextAlign
SetStretchBltMode
GetStretchBltMode
GetTextFaceA
GetWindowOrgEx
CopyMetaFileA
GetClipBox
SetTextColor
OffsetRgn
SetBkColor
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
SetBrushOrgEx
ExtFloodFill
SetPixelV
Polygon
CreateEllipticRgn
CreateEllipticRgnIndirect
PtInRegion
EnumFontFamiliesExA
CreateDIBitmap
FrameRgn
RealizePalette
GetDIBits
SetDIBits
GetTextCharset
EnumFontFamiliesA
ExtCreateRegion
Ellipse
FillRgn
GetNearestColor
CreateRoundRectRgn
CreatePalette
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
RestoreDC
SaveDC
GetTextExtentPoint32A
GetTextExtentPoint32W
GetStockObject
CreateBitmap
CreateCompatibleBitmap
GetObjectA
CreateCompatibleDC
GetBkColor
GetMapMode
DPtoLP
LPtoDP
BitBlt
StretchBlt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateDIBSection
CreateFontIndirectA
GetViewportOrgEx
DeleteObject
CreateRectRgnIndirect
CreatePolygonRgn
CreateSolidBrush
SetBkMode
CreateRectRgn
CombineRgn
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
OpenProcessToken
GetTokenInformation
RegEnumKeyExA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExW
RegOpenKeyExA
RegSetValueExW
RegSetValueExA
RegEnumKeyW
RegEnumKeyA
RegEnumValueW
RegEnumValueA
RegOpenKeyW
RegOpenKeyA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid

shell32

DragQueryFileA
DragFinish
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHFileOperationA
SHGetSpecialFolderPathA
SHGetMalloc
ExtractIconW
ExtractIconA
ShellExecuteExW
SHBrowseForFolderW
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetDesktopFolder
ShellExecuteA
ShellExecuteW
ShellExecuteExA

oledlg

ord8

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateILockBytesOnHGlobal
OleLoadFromStream
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleSaveToStream
OleDuplicateData
ReleaseStgMedium
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
OleInitialize
CoCreateInstance
OleRun
CoInitialize
CoUninitialize
OleIsCurrentClipboard
OleFlushClipboard
CoFreeUnusedLibraries
CoRevokeClassObject
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
WriteClassStm
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
DoDragDrop
OleGetClipboard
OleTranslateAccelerator
IsAccelerator

oleaut32

VarMul
GetErrorInfo
OleCreateFontIndirect
VarBstrFromDate
VarDateFromStr
VariantClear
SysAllocString
VariantInit
SysFreeString
SystemTimeToVariantTime
SafeArrayDestroy
VariantChangeType
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantCopy
VariantTimeToSystemTime

wininet

HttpSendRequestA
HttpQueryInfoA
InternetReadFile
HttpOpenRequestA
InternetSetOptionA
InternetQueryOptionA
HttpAddRequestHeadersA
InternetConnectA
InternetOpenA
InternetGetCookieA
InternetSetCookieA
PrivacyGetZonePreferenceW
InternetCloseHandle

pdh

PdhLookupPerfNameByIndexA
PdhOpenQueryA
PdhAddCounterA
PdhCollectQueryData
PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhMakeCounterPathA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

comctl32

ImageList_Duplicate

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 576KB - Virtual size: 575KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iWinGamesHookIE.dll
.dll regsvr32 windows:5 windows x86 arch:x86

047274650477bff36e9ba8bcda1eb5af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\vorona\Documents\iwin\games\iWinArcade\Runnable\iWinGamesHookIE.pdb

Imports

kernel32

FindResourceA
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
DisableThreadLibraryCalls
DeleteCriticalSection
RaiseException
InitializeCriticalSection
InterlockedIncrement
LoadResource
EnterCriticalSection
LeaveCriticalSection
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SizeofResource
FreeLibrary
WideCharToMultiByte
GetLastError
lstrlenW
MultiByteToWideChar
GetModuleFileNameA
lstrlenA
InterlockedDecrement
GetModuleHandleA
CloseHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
SetFilePointer
ReadFile
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
VirtualFree
VirtualAlloc
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
VirtualProtect
GetModuleHandleW
GetSystemInfo
VirtualQuery
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
WriteFile
GetStdHandle
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetOEMCP
IsValidCodePage

user32

EndDialog
SetWindowLongA
CharNextA
UnregisterClassA
GetDlgItem
SendMessageA
MessageBoxA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA

shell32

ShellExecuteA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CoTaskMemFree

oleaut32

VariantCopy
VariantChangeType
VariantClear
LoadRegTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
RegisterTypeLi
VarUI4FromStr
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iWinInfo.dll
.dll regsvr32 windows:5 windows x86 arch:x86

53a4d1bbb5cb295f8a3af310371f3ce4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\data\iwin\games\iWinArcade\Runnable\iWinInfo.pdb

Imports

kernel32

IsDBCSLeadByte
DisableThreadLibraryCalls
DeleteCriticalSection
RaiseException
InitializeCriticalSection
InterlockedIncrement
lstrcmpiA
EnterCriticalSection
LeaveCriticalSection
CloseHandle
CreateFileW
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetLastError
lstrlenW
MultiByteToWideChar
GetModuleFileNameA
lstrlenA
InterlockedDecrement
GetModuleHandleA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
VirtualProtect
VirtualAlloc
GetProcAddress
GetModuleHandleW
GetSystemInfo
VirtualQuery
RtlUnwind
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
VirtualFree
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
WriteFile
GetStdHandle
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCPInfo
GetOEMCP
IsValidCodePage

user32

UnregisterClassA
CharNextA

advapi32

RegEnumKeyW
RegEnumValueW
RegQueryValueExW
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyW

ole32

CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc

oleaut32

LoadRegTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
RegisterTypeLi
VarUI4FromStr
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iWinTrusted.exe
.exe windows:5 windows x86 arch:x86

1d202b691b926267f9061ac5fdbf97fa

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

49:d6:34:44:57:7d:d6:03:29:54:ef:0d:46:05:2c:79
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

11/11/2008, 00:00

Not After

16/11/2010, 23:59

Subject

CN=iWin\, Inc,OU=SECURE APPLICATION DEVELOPMENT,O=iWin\, Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a0:af:ed:97:30:e6:1b:58:88:70:4b:fe:00:9f:a0:4a:65:5d:7e:43
Signer

Actual PE Digest

a0:af:ed:97:30:e6:1b:58:88:70:4b:fe:00:9f:a0:4a:65:5d:7e:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

CharNextW

advapi32

ChangeServiceConfig2W

ole32

CoRevokeClassObject

shell32

CommandLineToArgvW

oleaut32

LoadRegTypeLi

Sections

.text
Size: 51KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pages/alert32x32.gif
.gif
pages/arcadeCheck.js
.js
pages/blank.html
.html
pages/blank2.html
.html
pages/error.html
.html .js polyglot
pages/error404.css
pages/iwin_logo.gif
.gif
pages/login.html
.html
pages/maintenance.html
.html
pages/offline.css
pages/offline.html
.html
pages/offline.jpg
.jpg
pages/offlineBg.gif
.gif
pages/offline_tag.gif
.gif
pages/orange-im-connected-60.gif
.gif
pages/terrie404.gif
.gif
pages/test.html
.html .js polyglot
sounds/animation.wav
sounds/animationBack.wav
sounds/button_click.wav
sounds/coins.wav
sounds/download_completed.wav
sounds/slidebackin.wav
sounds/slideout.wav
sounds/start.wav

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

49:d6:34:44:57:7d:d6:03:29:54:ef:0d:46:05:2c:79Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 22KB - Virtual size: 22KB

d46feae5913f2b33d6159af1367e8ee7

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:0f:78:4d:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

3f:eb:1a:31:ab:86:59:9c:42:ce:aa:0d:c1:4b:fd:e6:6f:ea:4e:acSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

msi

oleaut32

shell32

shlwapi

advapi32

Exports

Exports

Sections

.text Size: 74KB - Virtual size: 73KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 4KB - Virtual size: 4KB

2f05f2531b6da725824fc913b1b92aff

Headers

DLL Characteristics

01
Certificate

0a
Certificate

49:d6:34:44:57:7d:d6:03:29:54:ef:0d:46:05:2c:79
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 22KB - Virtual size: 22KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

3f:eb:1a:31:ab:86:59:9c:42:ce:aa:0d:c1:4b:fd:e6:6f:ea:4e:ac
Signer

.text
Size: 74KB - Virtual size: 73KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 75KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 136KB - Virtual size: 133KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 344KB - Virtual size: 340KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 512B - Virtual size: 510B

.rdata
Size: 1024B - Virtual size: 533B

.data
Size: 512B - Virtual size: 20B

.rsrc
Size: 1.6MB - Virtual size: 1.6MB