33fb68619a1239e93db47be7970be56d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

33fb68619a1239e93db47be7970be56d_JaffaCakes118
Size

5.7MB
MD5

33fb68619a1239e93db47be7970be56d
SHA1

d3bc5d0423c9cf9daf5cbdaa01c9a7fcae03faed
SHA256

00fc4a42af02aaec6bf9ea8de90d482b60188cf28cca2374c4745a1c806db160
SHA512

1d0789e8dcbdafaea9dfa68f035301fe2c21f1002df6887d7f00b1a9f73763d3d06b8605610ad3fcb954e73afdb8e2ef56f17553dfc9f1fd267a0d0e8f2ca600
SSDEEP

98304:p5CZ032SLyKi+OIzf6RpT5IIpIhxfLbzjcflcxOG13KILeOnJCVSq39B5fwrOMTE:pS0m8i+ny3sXsC13KILeQCsq39B52TMr

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
33fb68619a1239e93db47be7970be56d_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/Alligator.k52
unpack001/MIG_29.dll
unpack001/PascalStreams.dll
unpack001/StarBurn.dll
unpack001/Uninstall.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack001/bs_load.di
unpack001/bs_wm.di
unpack001/partition_recovery.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/Uninstall.exe	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_2

Files

33fb68619a1239e93db47be7970be56d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
Alligator.k52
.exe windows:4 windows x86 arch:x86

f433e7fcc51e68080022754836705744

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 280KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bvxy39pf
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mew.poh7
Size: - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

76fkwxun
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

y6a5b90w
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IO.VXD
License.txt
MIG_29.dll
.dll windows:4 windows x86 arch:x86

24c4d7b7ef1d442521d6009361e9a87e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
SetEnvironmentVariableA
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
GetLastError
GetFileType
WriteFile
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
WideCharToMultiByte
GetTimeZoneInformation
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
MultiByteToWideChar
VirtualProtect
GetSystemInfo
VirtualQuery
RtlUnwind
InterlockedExchange
SetFilePointer
InitializeCriticalSection
GetACP
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RaiseException
LoadLibraryA
FlushFileBuffers
ReadFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
HeapSize
CloseHandle
CompareStringA
CompareStringW
SetEnvironmentVariableW

ws2_32

htonl
htons
ntohs
ntohl

Exports

Exports

Decode
Init

Sections

.text
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PascalStreams.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

PascalStreamFree
PascalStreamGetSize
PascalStreamRead
PascalStreamSeekToBegin

Sections

CODE
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
StarBurn.dll
.dll windows:6 windows x86 arch:x86

0ae4bcf48ec5f9a4b3d594e1baace18b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\starburn\Bin\Dynamic\Debug\i386\StarBurn.pdb

Imports

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
__CxxFrameHandler
_strnicmp
fwrite
fread
ferror
feof
_iob
vfprintf
_strerror
fseek
ftell
_stricmp
calloc
_wcsicmp
_purecall
printf
ctime
swprintf
memcpy
free
malloc
srand
rand
time
localtime
toupper
_splitpath
_CxxThrowException
_snprintf
wcsncpy
??2@YAPAXI@Z
sprintf
memmove
fopen
fprintf
fflush
fclose
strncmp
strncpy
_strupr
strstr
_errno
wcsstr
??3@YAXPAX@Z
memset
vsprintf

kernel32

IsBadWritePtr
IsBadReadPtr
InterlockedDecrement
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
InterlockedExchange
GetFileAttributesA
CreateThread
VirtualAlloc
GetTickCount
FlushFileBuffers
InterlockedIncrement
VirtualFree
ResetEvent
WaitForSingleObject
CreateEventA
FindFirstFileA
FindClose
FindNextFileA
GetCurrentProcess
DuplicateHandle
SetEvent
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
GetProcAddress
GetLogicalDrives
DeviceIoControl
QueryDosDeviceA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeZoneInformation
DeleteFileA
WriteFile
GetModuleHandleA
GetModuleFileNameA
GetFullPathNameA
ReadFile
SetFilePointer
MultiByteToWideChar
GetSystemTime
SystemTimeToFileTime
WideCharToMultiByte
FreeLibrary
Sleep
GetVersionExA
CreateFileA
GetLastError
GetFileSize
CloseHandle
OutputDebugStringA
IsBadCodePtr

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetUserObjectInformationA
MessageBoxA
GetProcessWindowStation

ole32

CoUninitialize
CoInitialize

Exports

Exports

A0DB34FC6FE35D429A28ADDE5467D4D7
StarBurn_CdvdBurnerGrabber_AuthorizeDVD
StarBurn_CdvdBurnerGrabber_Blank
StarBurn_CdvdBurnerGrabber_Cancel
StarBurn_CdvdBurnerGrabber_CloseSession
StarBurn_CdvdBurnerGrabber_Create
StarBurn_CdvdBurnerGrabber_CreateEx
StarBurn_CdvdBurnerGrabber_CreateExEx
StarBurn_CdvdBurnerGrabber_DisableHardwareErrorCorrection
StarBurn_CdvdBurnerGrabber_DiscAtOncePQFromFile
StarBurn_CdvdBurnerGrabber_DiscAtOncePQFromTree
StarBurn_CdvdBurnerGrabber_DiscAtOnceRawPWFromFile
StarBurn_CdvdBurnerGrabber_DiscAtOnceRawPWFromTree
StarBurn_CdvdBurnerGrabber_DiscBasicInformation_Create
StarBurn_CdvdBurnerGrabber_DiscBasicInformation_Destroy
StarBurn_CdvdBurnerGrabber_Eject
StarBurn_CdvdBurnerGrabber_ExecuteGeneric
StarBurn_CdvdBurnerGrabber_GetAdvancedSupportedMediaFormats
StarBurn_CdvdBurnerGrabber_GetBUP
StarBurn_CdvdBurnerGrabber_GetDVDProtectionSystem
StarBurn_CdvdBurnerGrabber_GetDVDRegionMask
StarBurn_CdvdBurnerGrabber_GetDeviceInformation
StarBurn_CdvdBurnerGrabber_GetDiscFileSystem
StarBurn_CdvdBurnerGrabber_GetDiscFreeSpace
StarBurn_CdvdBurnerGrabber_GetDiscInformation
StarBurn_CdvdBurnerGrabber_GetDiscUsedSpace
StarBurn_CdvdBurnerGrabber_GetInsertedDiscType
StarBurn_CdvdBurnerGrabber_GetLastTrack
StarBurn_CdvdBurnerGrabber_GetMechanicalOptions
StarBurn_CdvdBurnerGrabber_GetMediaTrayStatus
StarBurn_CdvdBurnerGrabber_GetNumberOfSystemDescriptors
StarBurn_CdvdBurnerGrabber_GetRPC
StarBurn_CdvdBurnerGrabber_GetSpeeds
StarBurn_CdvdBurnerGrabber_GetSupportedMediaFormats
StarBurn_CdvdBurnerGrabber_GetSupportedMediaFormatsEx
StarBurn_CdvdBurnerGrabber_GetSupportedMediaFormatsExEx
StarBurn_CdvdBurnerGrabber_GetTOCInformation
StarBurn_CdvdBurnerGrabber_GetTrackInformation
StarBurn_CdvdBurnerGrabber_GrabCD
StarBurn_CdvdBurnerGrabber_GrabDVD
StarBurn_CdvdBurnerGrabber_GrabRange
StarBurn_CdvdBurnerGrabber_GrabTrack
StarBurn_CdvdBurnerGrabber_IsDiscBlank
StarBurn_CdvdBurnerGrabber_Load
StarBurn_CdvdBurnerGrabber_LoadEx
StarBurn_CdvdBurnerGrabber_Lock
StarBurn_CdvdBurnerGrabber_MSFToLBA
StarBurn_CdvdBurnerGrabber_ProbeSupportedReadModes
StarBurn_CdvdBurnerGrabber_ProbeSupportedWriteModes
StarBurn_CdvdBurnerGrabber_Read
StarBurn_CdvdBurnerGrabber_Read10
StarBurn_CdvdBurnerGrabber_ReadATIP
StarBurn_CdvdBurnerGrabber_ReadCD
StarBurn_CdvdBurnerGrabber_ReadCooked
StarBurn_CdvdBurnerGrabber_ReadEx
StarBurn_CdvdBurnerGrabber_ReadLB
StarBurn_CdvdBurnerGrabber_ReadRaw
StarBurn_CdvdBurnerGrabber_Release
StarBurn_CdvdBurnerGrabber_RestoreReadErrorRecovery
StarBurn_CdvdBurnerGrabber_SendOPC
StarBurn_CdvdBurnerGrabber_SessionAtOnce
StarBurn_CdvdBurnerGrabber_SessionAtOnceRawRawPW
StarBurn_CdvdBurnerGrabber_SessionAtOnceRawRawPWEx
StarBurn_CdvdBurnerGrabber_SetBUP
StarBurn_CdvdBurnerGrabber_SetCDTextItem
StarBurn_CdvdBurnerGrabber_SetReadSpeed
StarBurn_CdvdBurnerGrabber_SetSpeeds
StarBurn_CdvdBurnerGrabber_StopPlayScan
StarBurn_CdvdBurnerGrabber_SuperVideoCD
StarBurn_CdvdBurnerGrabber_SuperVideoCDEx
StarBurn_CdvdBurnerGrabber_SuperVideoCDExEx
StarBurn_CdvdBurnerGrabber_TestUnitReady
StarBurn_CdvdBurnerGrabber_TestUnitReadyEx
StarBurn_CdvdBurnerGrabber_TestUnitReadyExEx
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromFile
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromMemory
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromPipe
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromPipeEx
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromTree
StarBurn_CdvdBurnerGrabber_VerifyFile
StarBurn_CdvdBurnerGrabber_VerifyTree
StarBurn_CdvdBurnerGrabber_VerifyTreeEx
StarBurn_CdvdBurnerGrabber_VideoCD
StarBurn_CdvdBurnerGrabber_VideoCDEx
StarBurn_CdvdBurnerGrabber_VideoCDExEx
StarBurn_CorrectISO9660Name_Default
StarBurn_CorrectJolietName_Default
StarBurn_DVDVideo_Create
StarBurn_DVDVideo_Destroy
StarBurn_DVDVideo_GetSizeInUCHARs
StarBurn_DVDVideo_GetTreePointer
StarBurn_DVDVideo_Read
StarBurn_DVDVideo_SeekToBegin
StarBurn_Destroy
StarBurn_DownShut
StarBurn_ExpandCookedWithRawRawPW
StarBurn_ExpandRawPQWithRawRawPW
StarBurn_ExpandRawWithRawRawPW
StarBurn_FindDevice
StarBurn_GetAudioFileStreamSizeInUCHARs
StarBurn_GetBufferUnderrunTimeOutInMs
StarBurn_GetDVDPLUSRDLCompatibleMode
StarBurn_GetDVDPadding
StarBurn_GetDeviceLetter
StarBurn_GetDeviceNameByDeviceAddress
StarBurn_GetDeviceTimeOutByDeviceAddress
StarBurn_GetEjectAfterFail
StarBurn_GetFastReadTOC
StarBurn_GetFastReadTOCLastTrack
StarBurn_GetId
StarBurn_GetIsCollisionDetectionDisabled
StarBurn_GetIsSafeGrabbingEnabled
StarBurn_GetVersion
StarBurn_GetVolumeIDs
StarBurn_ISO9660JolietFileTree_Add
StarBurn_ISO9660JolietFileTree_AddEx
StarBurn_ISO9660JolietFileTree_AddMemory
StarBurn_ISO9660JolietFileTree_AddPascalStream
StarBurn_ISO9660JolietFileTree_AddW
StarBurn_ISO9660JolietFileTree_BuildImage
StarBurn_ISO9660JolietFileTree_BuildImageEx
StarBurn_ISO9660JolietFileTree_Cancel
StarBurn_ISO9660JolietFileTree_Create
StarBurn_ISO9660JolietFileTree_GetAttributes
StarBurn_ISO9660JolietFileTree_GetFileSizeInUCHARs
StarBurn_ISO9660JolietFileTree_GetFirstKid
StarBurn_ISO9660JolietFileTree_GetFullPath
StarBurn_ISO9660JolietFileTree_GetLevel
StarBurn_ISO9660JolietFileTree_GetNames
StarBurn_ISO9660JolietFileTree_GetNamesEx
StarBurn_ISO9660JolietFileTree_GetNamesW
StarBurn_ISO9660JolietFileTree_GetNextKid
StarBurn_ISO9660JolietFileTree_GetNodeISO9660DateTime
StarBurn_ISO9660JolietFileTree_GetNodePowerInUCHARs
StarBurn_ISO9660JolietFileTree_GetNodeStartingLBA
StarBurn_ISO9660JolietFileTree_GetNodeSystemTime
StarBurn_ISO9660JolietFileTree_GetParent
StarBurn_ISO9660JolietFileTree_GetRoot
StarBurn_ISO9660JolietFileTree_GetSizeInUCHARs
StarBurn_ISO9660JolietFileTree_ImportFile
StarBurn_ISO9660JolietFileTree_ImportTrack
StarBurn_ISO9660JolietFileTree_Read
StarBurn_ISO9660JolietFileTree_Remove
StarBurn_ISO9660JolietFileTree_SeekToBegin
StarBurn_ISO9660JolietFileTree_SetAttributes
StarBurn_ISO9660JolietFileTree_SetBootImage
StarBurn_ISO9660JolietFileTree_SetBootImageEx
StarBurn_ISO9660JolietFileTree_SetCallbackContext
StarBurn_ISO9660JolietFileTree_SetNames
StarBurn_IsAudioFileSupported
StarBurn_Memory_Allocate
StarBurn_Memory_Free
StarBurn_MutilateExceptionNumber
StarBurn_SetBufferUnderrunTimeOutInMs
StarBurn_SetDVDPLUSRDLCompatibleMode
StarBurn_SetDVDPadding
StarBurn_SetDeviceTimeOutByDeviceAddress
StarBurn_SetEjectAfterFail
StarBurn_SetFastReadTOC
StarBurn_SetFastReadTOCLastTrack
StarBurn_SetIsCollisionDetectionDisabled
StarBurn_SetIsSafeGrabbingEnabled
StarBurn_StarPort_DeviceAddLocal
StarBurn_StarPort_DeviceAddRemote
StarBurn_StarPort_DeviceListQueryLocal
StarBurn_StarPort_DeviceListQueryRemote
StarBurn_StarPort_DeviceRemove
StarBurn_StarPort_GetDeviceInformation
StarBurn_StarPort_GetDeviceLetter
StarBurn_StarPort_GetDeviceSCSIAddress
StarBurn_StarPort_GetVersion
StarBurn_StarWave2_EncodeMP3OGGFromWAV
StarBurn_StarWave_CompressedFileReaderObjectBeginSeek
StarBurn_StarWave_CompressedFileReaderObjectCreate
StarBurn_StarWave_CompressedFileReaderObjectDestroy
StarBurn_StarWave_CompressedFileReaderObjectRead
StarBurn_StarWave_CompressedFileReaderObjectUncompressedSizeGet
StarBurn_StarWave_CompressedFileRecompress
StarBurn_StarWave_CompressedFileSupportedIs
StarBurn_StarWave_CompressedFileUncompress
StarBurn_StarWave_CompressedFileWriterObjectCreate
StarBurn_StarWave_CompressedFileWriterObjectDestroy
StarBurn_StarWave_CompressedFileWriterObjectWrite
StarBurn_StarWave_UncompressedFileCompress
StarBurn_StarWave_UncompressedFileSupportedIs
StarBurn_StarWave_VersionGet
StarBurn_UDF_Add
StarBurn_UDF_CleanUp
StarBurn_UDF_Create
StarBurn_UDF_CreateEx
StarBurn_UDF_Destroy
StarBurn_UDF_DestroyNodeAndKids
StarBurn_UDF_FormatTreeItemAsDirectory
StarBurn_UDF_FormatTreeItemAsFile
StarBurn_UDF_GetFirstChild
StarBurn_UDF_GetNextSibling
StarBurn_UDF_GetNodeObject
StarBurn_UDF_GetParent
StarBurn_UpStart
StarBurn_UpStartEx

Sections

.text
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
bs_load.di
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 163B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bs_wm.di
.dll regsvr32 windows:4 windows x86 arch:x86

f509ef338c2c3db8e554df0615b43244

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Source\GDCL\Tools\WMFDemux\Release\WMFDemux.pdb

Imports

wmvcore

WMCreateReader

msvcr71

??3@YAXPAX@Z
??2@YAPAXI@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
??_V@YAXPAX@Z
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??_U@YAPAXI@Z
_purecall
__security_error_handler
_except_handler3
??1type_info@@UAE@XZ
free
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
malloc

kernel32

LocalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
ExitProcess
DisableThreadLibraryCalls
GetModuleFileNameA
lstrlenA
GetVersionExA
GetTickCount
MultiByteToWideChar
GetModuleHandleA
GetProcAddress
GetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
ResetEvent
InterlockedDecrement
InterlockedIncrement
CloseHandle
CreateEventA
GetCurrentThreadId
CreateThread
ReleaseSemaphore
CreateSemaphoreA
FreeLibrary
SetThreadPriority

user32

wsprintfA

advapi32

RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegCreateKeyA

ole32

CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cbfs_ia64.sys
cbfs_x32.sys
.sys windows:6 windows x86 arch:x86

c8b37584e466c3ef655a05cdd6aaae82

Code Sign

01:00:00:00:00:01:10:0c:98:3a:31
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

10/01/2007, 15:20

Not After

10/01/2010, 15:20

Subject

CN=EldoS Corporation,O=EldoS Corporation,C=VG,1.2.840.113549.1.9.1=#0c0e696e666f40656c646f732e636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/12/2003, 13:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:10:92:eb:82:95
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

05/02/2007, 09:00

Not After

27/01/2014, 09:00

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign,1.2.840.113549.1.9.1=#0c1c74696d657374616d70696e666f40676c6f62616c7369676e2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:ec:e3:18:14:cf:74:5b:5f:3f:64:fb:d3:cf:16:af:10:1e:99:46
Signer

Actual PE Digest

ed:ec:e3:18:14:cf:74:5b:5f:3f:64:fb:d3:cf:16:af:10:1e:99:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\projects\callbackfs\bin\wxp\fre\i386\cbfs.pdb

Imports

ntoskrnl.exe

PsGetCurrentProcessId
ObfDereferenceObject
ObfReferenceObject
IofCompleteRequest
MmMapLockedPagesSpecifyCache
KeLeaveCriticalRegion
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
KeEnterCriticalRegion
memset
ExReleaseResourceLite
ExFreePoolWithTag
ExAcquireResourceExclusiveLite
ExAllocatePoolWithTag
swprintf
RtlCompareMemory
RtlCompareUnicodeString
FsRtlLegalAnsiCharacterArray
ZwClose
ZwWriteFile
ZwOpenFile
RtlInitUnicodeString
memcpy
SeReleaseSubjectContext
SeQueryAuthenticationIdToken
SeCaptureSubjectContext
ZwQueryInformationProcess
ObOpenObjectByPointer
IoGetCurrentProcess
IoCreateDevice
IoFreeIrp
KeWaitForSingleObject
_alldiv
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwOpenDirectoryObject
ObQueryNameString
ObReferenceObjectByHandle
ZwOpenSymbolicLinkObject
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoFileObjectType
IoFreeWorkItem
KeResetEvent
IofCallDriver
IoBuildDeviceIoControlRequest
IoQueueWorkItem
IoAllocateWorkItem
IoDeleteDevice
_allmul
MmGetSystemRoutineAddress
ExDeletePagedLookasideList
ExDeleteNPagedLookasideList
ExDeleteResourceLite
IoRegisterFileSystem
ExInitializePagedLookasideList
ExInitializeNPagedLookasideList
ExInitializeResourceLite
KeBugCheck
MmQuerySystemSize
KeInitializeTimer
KeInitializeDpc
ZwCreateDirectoryObject
PsGetVersion
IoUnregisterFileSystem
KeSetTimer
KeCancelTimer
KeBugCheckEx
FsRtlIsNtstatusExpected
KeSetEvent
FsRtlNotifyFullReportChange
IoRaiseInformationalHardError
FsRtlIsTotalDeviceFailure
IoRaiseHardError
IoSetDeviceToVerify
IoGetDeviceToVerify
IoGetTopLevelIrp
IoSetTopLevelIrp
IoFreeMdl
MmProbeAndLockPages
ExRaiseStatus
IoAllocateMdl
ExAcquireResourceSharedLite
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
ExFreeToPagedLookasideList
ExAllocateFromPagedLookasideList
CcSetFileSizes
IoAcquireVpbSpinLock
FsRtlUninitializeOplock
FsRtlInitializeOplock
FsRtlInitializeFileLock
FsRtlNotifyInitializeSync
IoCreateStreamFileObject
FsRtlNotifyUninitializeSync
ExQueueWorkItem
FsRtlNormalizeNtstatus
IoVerifyVolume
FsRtlOplockIsFastIoPossible
ExfInterlockedAddUlong
ExGetExclusiveWaiterCount
ExGetSharedWaiterCount
SeSinglePrivilegeCheck
KeQuerySystemTime
IoRemoveShareAccess
IoSetShareAccess
IoCheckShareAccess
CcIsThereDirtyData
CcPurgeCacheSection
MmCanFileBeTruncated
IoUpdateShareAccess
CcFlushCache
MmFlushImageSection
FsRtlCheckOplock
FsRtlCurrentBatchOplock
FsRtlDoesNameContainWildCards
memmove
FsRtlNotifyVolumeEvent
MmForceSectionClosed
CcUninitializeCacheMap
ExReleaseResourceForThreadLite
FsRtlFastUnlockAll
IoGetRequestorProcess
FsRtlNotifyFullChangeDirectory
FsRtlNotifyCleanup
CcWaitForCurrentLazyWriterActivity
ExIsResourceAcquiredExclusiveLite
IoIsOperationSynchronous
RtlEqualUnicodeString
RtlDelete
RtlSplay
ExLocalTimeToSystemTime
RtlCopyUnicodeString
CcInitializeCacheMap
ExIsResourceAcquiredSharedLite
KeDelayExecutionThread
FsRtlAreNamesEqual
MmUnlockPages
CcMdlReadComplete
CcMdlWriteComplete
IoGetStackLimits
CcMdlRead
CcCopyRead
CcSetReadAheadGranularity
FsRtlCheckLockForReadAccess
FsRtlPostStackOverflow
CcPrepareMdlWrite
CcCopyWrite
ExConvertExclusiveToSharedLite
FsRtlCheckLockForWriteAccess
ExAcquireSharedStarveExclusive
CcDeferWrite
CcCanIWrite
FsRtlFastCheckLockForWrite
FsRtlFastCheckLockForRead
FsRtlCopyRead
FsRtlCopyWrite
FsRtlPrivateLock
FsRtlFastUnlockSingle
FsRtlFastUnlockAllByKey
FsRtlProcessFileLock
IoBuildSynchronousFsdRequest
RtlLengthSecurityDescriptor
RtlValidSecurityDescriptor
MmSystemRangeStart
IoAttachDeviceToDeviceStack
IoDetachDevice
PsGetCurrentThreadId
IoRegisterFsRegistrationChange
FsRtlRegisterUncProvider
FsRtlDeregisterUncProvider
IoAllocateIrp
IoGetAttachedDevice
FsRtlDissectName
KeTickCount
IoReleaseVpbSpinLock
IoIsSystemThread
IoSetHardErrorOrVerifyDevice
KeGetCurrentThread
FsRtlUninitializeFileLock
KeInitializeEvent
ProbeForRead
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
_snwprintf
KeWaitForMultipleObjects
KeReleaseSemaphore
KeInitializeSemaphore
ExEventObjectType
ZwCreateEvent
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
KeUnstackDetachProcess
KeStackAttachProcess
RtlInsertElementGenericTable
PsLookupProcessByProcessId
RtlDeleteElementGenericTable
RtlGetElementGenericTable
RtlNumberGenericTableElements
RtlLookupElementGenericTable
ZwQuerySymbolicLinkObject
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
RtlInitializeGenericTable
RtlUnwind

hal

KfReleaseSpinLock
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cbfs_x64.sys
.sys windows:6 windows x64 arch:x64

fc03be659be45e832ce0f6fc33e9a254

Code Sign

01:00:00:00:00:01:10:0c:98:3a:31
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

10/01/2007, 15:20

Not After

10/01/2010, 15:20

Subject

CN=EldoS Corporation,O=EldoS Corporation,C=VG,1.2.840.113549.1.9.1=#0c0e696e666f40656c646f732e636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/12/2003, 13:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:10:92:eb:82:95
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

05/02/2007, 09:00

Not After

27/01/2014, 09:00

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign,1.2.840.113549.1.9.1=#0c1c74696d657374616d70696e666f40676c6f62616c7369676e2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:01:e6:3d:4c:b7:6a:23:20:5b:41:f3:cb:f6:23:ec:86:86:98:6b
Signer

Actual PE Digest

5e:01:e6:3d:4c:b7:6a:23:20:5b:41:f3:cb:f6:23:ec:86:86:98:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\projects\callbackfs\bin\wnet\fre\amd64\cbfs.pdb

Imports

ntoskrnl.exe

IoAcquireVpbSpinLock
ExAcquireResourceExclusiveLite
ExAllocatePoolWithTag
ExReleaseFastMutexUnsafe
IoBuildDeviceIoControlRequest
IoDeleteSymbolicLink
ExFreePoolWithTag
KeResetEvent
ExReleaseFastMutex
KeLeaveCriticalRegion
ExAcquireFastMutex
FsRtlLegalAnsiCharacterArray
IoSetHardErrorOrVerifyDevice
RtlInitUnicodeString
IoDeleteDevice
swprintf
IoFreeWorkItem
RtlAppendUnicodeToString
KeInitializeEvent
IoIs32bitProcess
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe
SeReleaseSubjectContext
ObQueryNameString
IoFileObjectType
MmMapLockedPagesSpecifyCache
SeCaptureSubjectContext
IoGetCurrentProcess
IoAllocateWorkItem
ExReleaseResourceLite
ZwClose
RtlAppendUnicodeStringToString
IofCompleteRequest
ObReferenceObjectByHandle
KeWaitForSingleObject
IoFreeIrp
RtlCompareUnicodeString
RtlCompareMemory
ZwQueryInformationProcess
ObfReferenceObject
IoCreateSymbolicLink
PsGetCurrentProcessId
ObfDereferenceObject
IoCreateDevice
IoQueueWorkItem
ZwOpenFile
ZwWriteFile
IoIsSystemThread
ObOpenObjectByPointer
SeQueryAuthenticationIdToken
IoReleaseVpbSpinLock
IofCallDriver
IoUnregisterFileSystem
ExInitializeNPagedLookasideList
InitializeSListHead
IoRegisterFileSystem
MmGetSystemRoutineAddress
ZwCreateDirectoryObject
KeInitializeDpc
KeInitializeTimer
ExDeletePagedLookasideList
MmQuerySystemSize
KeBugCheck
KeSetTimer
PsGetVersion
ExDeleteResourceLite
ExInitializePagedLookasideList
ExInitializeResourceLite
KeCancelTimer
ExDeleteNPagedLookasideList
ExRaiseStatus
IoSetDeviceToVerify
KeSetEvent
IoRaiseInformationalHardError
IoFreeMdl
IoGetDeviceToVerify
FsRtlIsTotalDeviceFailure
IoSetTopLevelIrp
KeBugCheckEx
IoRaiseHardError
MmProbeAndLockPages
IoGetTopLevelIrp
FsRtlIsNtstatusExpected
FsRtlNotifyFullReportChange
IoAllocateMdl
ExAcquireResourceSharedLite
CcSetFileSizes
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExQueryDepthSList
FsRtlNotifyUninitializeSync
IoCreateStreamFileObject
FsRtlInitializeFileLock
FsRtlInitializeOplock
FsRtlNotifyInitializeSync
FsRtlUninitializeFileLock
FsRtlUninitializeOplock
ExQueueWorkItem
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
FsRtlNormalizeNtstatus
IoVerifyVolume
FsRtlOplockIsFastIoPossible
ExInterlockedAddUlong
ExGetSharedWaiterCount
ExGetExclusiveWaiterCount
SeSinglePrivilegeCheck
IoUpdateShareAccess
MmFlushImageSection
IoRemoveShareAccess
CcPurgeCacheSection
CcFlushCache
FsRtlCheckOplock
CcIsThereDirtyData
IoCheckShareAccess
MmCanFileBeTruncated
FsRtlDoesNameContainWildCards
IoSetShareAccess
FsRtlCurrentBatchOplock
FsRtlNotifyCleanup
IoGetRequestorProcess
ExReleaseResourceForThreadLite
CcUninitializeCacheMap
FsRtlNotifyVolumeEvent
FsRtlNotifyFullChangeDirectory
FsRtlFastUnlockAll
MmForceSectionClosed
CcWaitForCurrentLazyWriterActivity
IoIsOperationSynchronous
ExIsResourceAcquiredExclusiveLite
RtlEqualUnicodeString
RtlDelete
RtlSplay
ExIsResourceAcquiredSharedLite
KeDelayExecutionThread
ExLocalTimeToSystemTime
RtlCopyUnicodeString
CcInitializeCacheMap
FsRtlAreNamesEqual
MmUnlockPages
CcMdlWriteComplete
CcMdlReadComplete
IoGetStackLimits
CcMdlRead
FsRtlCheckLockForReadAccess
FsRtlPostStackOverflow
CcCopyRead
CcSetReadAheadGranularity
CcPrepareMdlWrite
CcDeferWrite
CcCopyWrite
ExConvertExclusiveToSharedLite
CcCanIWrite
FsRtlCheckLockForWriteAccess
ExAcquireSharedStarveExclusive
FsRtlFastUnlockSingle
FsRtlCopyRead
FsRtlFastCheckLockForRead
FsRtlCopyWrite
FsRtlFastCheckLockForWrite
FsRtlFastUnlockAllByKey
FsRtlPrivateLock
FsRtlProcessFileLock
IoBuildSynchronousFsdRequest
MmSystemRangeStart
RtlValidSecurityDescriptor
RtlLengthSecurityDescriptor
IoDetachDevice
IoAttachDeviceToDeviceStack
PsGetCurrentThreadId
IoRegisterFsRegistrationChange
IoGetAttachedDevice
FsRtlDeregisterUncProvider
FsRtlRegisterUncProvider
IoAllocateIrp
FsRtlDissectName
ProbeForRead
ZwCreateEvent
_snwprintf
RtlSetDaclSecurityDescriptor
ZwMapViewOfSection
ZwUnmapViewOfSection
ExEventObjectType
KeInitializeSemaphore
KeReleaseSemaphore
ZwCreateSection
KeWaitForMultipleObjects
RtlCreateSecurityDescriptor
KeUnstackDetachProcess
KeStackAttachProcess
RtlNumberGenericTableElements
RtlGetElementGenericTable
PsSetLoadImageNotifyRoutine
PsLookupProcessByProcessId
ZwQuerySymbolicLinkObject
RtlDeleteElementGenericTable
PsSetCreateProcessNotifyRoutine
RtlLookupElementGenericTable
RtlInitializeGenericTable
RtlInsertElementGenericTable
__C_specific_handler
_local_unwind

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
click.wav
fsm.ini
help.chm
.chm
partition_recovery.exe
.exe windows:4 windows x86 arch:x86

f433e7fcc51e68080022754836705744

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 252KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hod81f.r
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1hjjp3z.
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1pfu1zeo
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gjr8puyi
Size: - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

7vtpkxrd
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vt1h8xi6
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 26KB - Virtual size: 25KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

f433e7fcc51e68080022754836705744

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: - Virtual size: 4.0MB

.itext Size: - Virtual size: 28KB

.data Size: - Virtual size: 120KB

.bss Size: - Virtual size: 280KB

.idata Size: - Virtual size: 20KB

bvxy39pf Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.rdata Size: - Virtual size: 4KB

mew.poh7 Size: - Virtual size: 236KB

.rsrc Size: 36KB - Virtual size: 288KB

76fkwxun Size: 1.9MB - Virtual size: 1.9MB

y6a5b90w Size: 512B - Virtual size: 4KB

24c4d7b7ef1d442521d6009361e9a87e

Headers

File Characteristics

Imports

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 198KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 8KB - Virtual size: 315KB

.rsrc Size: 4KB - Virtual size: 760B

.reloc Size: 20KB - Virtual size: 18KB

Headers

File Characteristics

Exports

Exports

Sections

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 26KB - Virtual size: 25KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 4.0MB

.itext
Size: - Virtual size: 28KB

.data
Size: - Virtual size: 120KB

.bss
Size: - Virtual size: 280KB

.idata
Size: - Virtual size: 20KB

bvxy39pf
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: - Virtual size: 4KB

mew.poh7
Size: - Virtual size: 236KB

.rsrc
Size: 36KB - Virtual size: 288KB

76fkwxun
Size: 1.9MB - Virtual size: 1.9MB

y6a5b90w
Size: 512B - Virtual size: 4KB

.text
Size: 200KB - Virtual size: 198KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 8KB - Virtual size: 315KB

.rsrc
Size: 4KB - Virtual size: 760B

.reloc
Size: 20KB - Virtual size: 18KB

CODE
Size: 68KB - Virtual size: 68KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 176B

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 6KB - Virtual size: 6KB

.text
Size: 596KB - Virtual size: 595KB

.data
Size: 13KB - Virtual size: 17KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 19KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 26KB - Virtual size: 25KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

CODE
Size: 400KB - Virtual size: 399KB