3f40629bb7358cbe7cd606a449b9b430_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f40629bb7358cbe7cd606a449b9b430_JaffaCakes118
Size

4.2MB
MD5

3f40629bb7358cbe7cd606a449b9b430
SHA1

9aff08456d6da524042ea0b9592d47d1b41bbda3
SHA256

93b71f36346b396896efd9807d5f03cc57c5972ca9e8a326cc0faebd9d112524
SHA512

6b962ec80f072b5d7cafbe3e17f73bdc1380eb086a3e1afa058f0f88776859306be81295e3931e21099f3ca0cba3d97b4f0aafd6149e7b889da85d85867400ae
SSDEEP

98304:NO4A5iFQqYFackfh1YcehFUbdl51p95LqCo/uu5lUCALJRF0v+:E4VQhFacQFbdl5R5W/uUG9LJRCv+

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 3 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/EPKISSP.dll	aspack_v212_v242
static1/unpack001/EPKIWCtl.ocx	aspack_v212_v242
static1/unpack001/EPKIWCtl_SI.dll	aspack_v212_v242

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EPKIWCtl_SI.dll
unpack001/EPKIWCtl_wrapper.dll
unpack001/epkiapi.dll
unpack001/gpkiapi.dll
unpack001/npEPKIPI.dll
unpack001/nsldap32v11.dll

Files

3f40629bb7358cbe7cd606a449b9b430_JaffaCakes118
.cab
0213eeae1c20382ca9f06fea5f9f073a93ef4774_3cc2814b00e7524d9baa47b7e161f50e.der
166732f4685e683147dbedecce612e9a2446c47d_48479209034cb66f1005525650458b7b.der
2587df3e181c92c06c2e9677d44a009559077649.der
34788769c3f59b338d6aaaaa2e8e0f94be57910e.der
EPKISSP.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

26:07:3b:ca:4d:49:00:8a:62:c9:0d:ad:e2:bf:9c:38
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

13/01/2010, 00:00

Not After

13/03/2012, 23:59

Subject

CN=BCQRE Co\,. Ltd,O=BCQRE Co\,. Ltd,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:48:d9:1f:80:91:ce:c8:e9:d3:cc:6c:87:b4:4e:d6:d9:f2:9a:d3
Signer

Actual PE Digest

49:48:d9:1f:80:91:ce:c8:e9:d3:cc:6c:87:b4:4e:d6:d9:f2:9a:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

Size: 64KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 301KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EPKISSPReg.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

6c7769ca2af6aeaa3ac4db071d2f04d0

Code Sign

26:07:3b:ca:4d:49:00:8a:62:c9:0d:ad:e2:bf:9c:38
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

13/01/2010, 00:00

Not After

13/03/2012, 23:59

Subject

CN=BCQRE Co\,. Ltd,O=BCQRE Co\,. Ltd,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f2:a2:a7:41:d1:3b:64:fd:06:57:a6:da:eb:e3:f1:bf:4c:ff:ee:0b
Signer

Actual PE Digest

f2:a2:a7:41:d1:3b:64:fd:06:57:a6:da:eb:e3:f1:bf:4c:ff:ee:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\SGA\Work\EPKI\EPKISSP\EPKISSP_Client_IE_1.0.2.1\Source\EPKISSP\outputr\EPKISSPReg.pdb

Imports

kernel32

GetFileTime
GetProfileIntA
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
ExitProcess
RaiseException
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
SetHandleCount
GetFileAttributesA
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetACP
IsValidCodePage
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
FindResourceExA
GetOEMCP
GetCPInfo
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileA
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
IsDBCSLeadByte
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetUserDefaultLCID
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
GlobalFree
CopyFileA
GlobalSize
GlobalUnlock
MulDiv
GetCurrentProcessId
SetLastError
GlobalAddAtomA
CloseHandle
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalLock
lstrcmpA
GlobalAlloc
GetModuleHandleA
lstrlenA
CompareStringW
CompareStringA
lstrlenW
GetVersion
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
GetLastError
FormatMessageA
LocalFree
GetModuleFileNameA
LoadLibraryA
FreeLibrary
GetFileType
GetProcAddress

user32

EnumChildWindows
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
RegisterClipboardFormatA
SetRect
SetWindowRgn
IsRectEmpty
CreateMenu
DestroyMenu
SetRectEmpty
LoadCursorA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetCapture
ReleaseDC
GetDC
ReleaseCapture
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetWindowTextA
GetForegroundWindow
SetActiveWindow
LockWindowUpdate
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
PtInRect
GetDlgCtrlID
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
CallWindowProcA
GetMenu
SetWindowPos
DestroyWindow
GetDesktopWindow
SetWindowLongA
InvalidateRect
UpdateWindow
GetWindowRect
OffsetRect
InflateRect
DefWindowProcA
CopyRect
ShowWindow
DrawEdge
SetParent
UnhookWindowsHookEx
GetMenuStringA
AppendMenuA
GetMenuItemID
UnregisterClassA
GetSysColorBrush
DestroyIcon
GetDCEx
GetDialogBaseUnits
GetTabbedTextExtentA
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
CharUpperA
EnableWindow
FillRect
CreateWindowExA

gdi32

SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
CreatePatternBrush
SelectClipRgn
CreatePen
ScaleViewportExtEx
CreateSolidBrush
CreateFontIndirectA
GetTextExtentPoint32A
GetTextAlign
GetTextMetricsA
SetRectRgn
PatBlt
EnumFontFamiliesExA
Rectangle
UnrealizeObject
DeleteObject
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreateRectRgn
Ellipse
MoveToEx
SetMapMode
SetROP2
SetBkMode
RestoreDC
SaveDC
CreateRectRgnIndirect
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CombineRgn
GetObjectA
SetBkColor
SetTextColor
GetClipBox
DeleteDC
DeleteMetaFile
CloseMetaFile
CreateMetaFileA
LPtoDP
CreateDCA
CopyMetaFileA
GetDeviceCaps
CreateBitmap
GetStockObject

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegCreateKeyA
RegCreateKeyExA
RegSetValueA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA

shell32

ExtractIconA

shlwapi

PathFindExtensionA
PathRemoveFileSpecA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

ole32

OleLoadFromStream
ReadClassStm
CreateStreamOnHGlobal
CoCreateInstance
CoDisconnectObject
CreateDataAdviseHolder
OleSaveToStream
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateOleAdviseHolder
CreateDataCache
StgCreateDocfileOnILockBytes
CoRevokeClassObject
CoRegisterClassObject
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
StringFromCLSID
ReadFmtUserTypeStg
CoTaskMemFree
CreateILockBytesOnHGlobal
StringFromGUID2

oleaut32

OleCreatePictureIndirect
OleCreateFontIndirect
SysAllocString
OleLoadPicture
VariantCopy
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
OleCreatePropertyFrame
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen

urlmon

CoInternetGetSession

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 240KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EPKIWCtl.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

26:07:3b:ca:4d:49:00:8a:62:c9:0d:ad:e2:bf:9c:38
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

13/01/2010, 00:00

Not After

13/03/2012, 23:59

Subject

CN=BCQRE Co\,. Ltd,O=BCQRE Co\,. Ltd,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:4b:9c:c8:f8:88:e9:ce:1b:9c:b3:66:ea:02:10:fc:a2:45:77:de
Signer

Actual PE Digest

8f:4b:9c:c8:f8:88:e9:ce:1b:9c:b3:66:ea:02:10:fc:a2:45:77:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

Size: 224KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 42KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 20KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 318KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EPKIWCtl_Install.inf
EPKIWCtl_SI.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AddSessionInfo
CloseSessionInfo
CreateSessionInfo
CreateSessionInfoEX
DeleteSessionInfo
FindSessionInfo
GetSessionInfoCount
OpenSessionInfo
ReadServerInfo
ReadSessionInfo

Sections

Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 298KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EPKIWCtl_SM.exe
.exe windows:4 windows x86 arch:x86

Code Sign

26:07:3b:ca:4d:49:00:8a:62:c9:0d:ad:e2:bf:9c:38
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

13/01/2010, 00:00

Not After

13/03/2012, 23:59

Subject

CN=BCQRE Co\,. Ltd,O=BCQRE Co\,. Ltd,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ce:f8:14:a0:27:22:df:4b:29:c8:6d:7e:f2:8d:f2:97:6c:a0:70:56
Signer

Actual PE Digest

ce:f8:14:a0:27:22:df:4b:29:c8:6d:7e:f2:8d:f2:97:6c:a0:70:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 136KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 29KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 309KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EPKIWCtl_SSI.dll
.dll regsvr32 windows:4 windows x86 arch:x86

c1bed82e165849bae1d9799a4402ff04

Code Sign

26:07:3b:ca:4d:49:00:8a:62:c9:0d:ad:e2:bf:9c:38
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

13/01/2010, 00:00

Not After

13/03/2012, 23:59

Subject

CN=BCQRE Co\,. Ltd,O=BCQRE Co\,. Ltd,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

82:09:3c:d8:c2:c8:22:9d:bb:54:eb:3a:e6:e7:57:b4:12:7d:44:d0
Signer

Actual PE Digest

82:09:3c:d8:c2:c8:22:9d:bb:54:eb:3a:e6:e7:57:b4:12:7d:44:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\SGA\Work\EPKI\EPKIWCtl_1.1.5.2\Source\EPKIWCtl\Output\ReleaseMT\EPKIWCtl_SSI.pdb

Imports

epkiapi

EPKI_CERT_GetCRLDP
EPKI_CERT_GetBasicConstraints
EPKI_CERT_GetCertPolicy
EPKI_CERT_GetCertPolicyID
EPKI_CERT_GetExtKeyUsage
EPKI_CERT_GetKeyUsage
EPKI_CERT_GetSubKeyID
EPKI_CERT_GetSubjectAltName
EPKI_CERT_GetPubKey
EPKI_CERT_GetPubKeyAlg
EPKI_CERT_GetSubjectName
EPKI_CERT_GetValidity
EPKI_CERT_GetIssuerName
EPKI_CERT_GetSignatureAlgorithm
EPKI_CERT_GetSerialNum
EPKI_CERT_GetAIA
EPKI_CERT_GetRemainDays
EPKI_BINSTR_SetData
EPKI_BINSTR_Delete
EPKI_CERT_GetAuthKeyID
EPKI_CERT_Verify
EPKI_BASE64_Decode
EPKI_BINSTR_Create
EPKI_API_Init
EPKI_API_SetGPKILibPath
EPKI_API_Finish
EPKI_API_GetErrInfo
EPKI_CERT_Load
EPKI_CERT_GetVersion
EPKI_CERT_Unload
EPKI_CERT_GetUID

kernel32

LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GlobalFlags
GetCPInfo
GetOEMCP
FindResourceExA
WritePrivateProfileStringA
GetFileAttributesA
HeapAlloc
HeapFree
HeapReAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
ExitProcess
HeapSize
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
ReadFile
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GetModuleFileNameW
VirtualProtect
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
FreeResource
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrcatA
WinExec
GetWindowsDirectoryA
lstrcpyA
MulDiv
CreateFileA
WriteFile
CloseHandle
SetLastError
LoadLibraryA
GetProcAddress
GetVersionExA
CreateDirectoryA
GetThreadLocale
SetThreadLocale
GetModuleHandleA
LoadLibraryExA
FreeLibrary
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
GetModuleFileNameA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetDateFormatA
GetTimeFormatA
FindResourceA
LoadResource
LockResource
SizeofResource
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
lstrlenA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange

user32

UnregisterClassA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
CallWindowProcA
IsIconic
GetWindowPlacement
SetWindowPos
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
GetWindowTextLengthA
GetScrollPos
GetWindow
SetFocus
GetDesktopWindow
SetActiveWindow
DestroyWindow
GetDlgItem
EndDialog
MapDialogRect
RegisterWindowMessageA
GetMessagePos
SetWindowLongA
IsWindowVisible
RedrawWindow
DrawIcon
GetWindowTextA
GetMenuItemCount
GetMenuItemID
GetMenuState
ChildWindowFromPoint
IsWindowEnabled
GetClassInfoA
DefWindowProcA
IsWindow
GetCursorPos
GetClassNameA
FindWindowA
KillTimer
SetTimer
ScreenToClient
SetWindowRgn
EqualRect
SetRectEmpty
SetRect
PtInRect
IsRectEmpty
GetSystemMetrics
LoadCursorA
CopyIcon
DestroyMenu
DestroyCursor
LoadImageA
GetIconInfo
CreateIconIndirect
GetDC
ReleaseDC
TrackPopupMenuEx
PostMessageA
SetCursor
DestroyIcon
GetWindowLongA
WindowFromPoint
GetNextDlgTabItem
GetActiveWindow
ClientToScreen
DrawFocusRect
FrameRect
FillRect
OffsetRect
InflateRect
CopyRect
DrawStateA
GetSysColor
LoadIconA
SendMessageA
GetParent
InvalidateRect
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
GetClientRect
GetWindowRect
DrawEdge
GetSysColorBrush
GetSubMenu
TabbedTextOutA
GetWindowThreadProcessId
GetMessageA
TranslateMessage
ValidateRect
CreateDialogIndirectParamA
PostQuitMessage
SystemParametersInfoA
MessageBoxA
CharNextA
EnableWindow
GetAsyncKeyState
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetFocus

gdi32

GetTextExtentPoint32A
SetTextJustification
TextOutA
FrameRgn
SelectClipRgn
FillRgn
CombineRgn
CreatePolygonRgn
PtVisible
RectVisible
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateFontIndirectA
DPtoLP
EnumFontFamiliesExA
RestoreDC
GetTextMetricsA
SetBkMode
MoveToEx
LineTo
StretchBlt
GetDeviceCaps
CreateDIBSection
GetObjectA
GetPixel
SetPixel
CreateBitmap
SetBkColor
SetTextColor
DeleteDC
GetStockObject
DeleteObject
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreatePen
CreateSolidBrush
SaveDC
GetClipBox
GetCurrentObject
OffsetRgn
CreateRoundRectRgn
CreateRectRgn
SetMapMode

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueExA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegEnumKeyExA
RegQueryInfoKeyA

shell32

ShellExecuteA
ShellExecuteExA
SHGetSpecialFolderPathA

comctl32

ord17
ImageList_GetIcon
_TrackMouseEvent
ImageList_GetImageCount

shlwapi

PathFileExistsA
PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance

oleaut32

VariantTimeToSystemTime
VariantChangeType
VarDateFromStr
VarBstrFromDate
VariantClear
VariantInit
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
BSTR_UserSize
BSTR_UserMarshal
SysFreeString
BSTR_UserFree
BSTR_UserUnmarshal

rpcrt4

NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2
NdrDllUnregisterProxy

winmm

PlaySoundA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 267B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EPKIWCtl_Vista.dll
.dll regsvr32 windows:4 windows x86 arch:x86

bff5b63e5e865e4d378157706b779525

Code Sign

26:07:3b:ca:4d:49:00:8a:62:c9:0d:ad:e2:bf:9c:38
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

13/01/2010, 00:00

Not After

13/03/2012, 23:59

Subject

CN=BCQRE Co\,. Ltd,O=BCQRE Co\,. Ltd,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a6:4b:65:0b:0d:63:41:f8:bf:c9:c4:c1:65:73:f8:24:f6:e6:50:9f
Signer

Actual PE Digest

a6:4b:65:0b:0d:63:41:f8:bf:c9:c4:c1:65:73:f8:24:f6:e6:50:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\SGA\Work\EPKI\EPKIWCtl_1.1.5.2\Source\EPKIWCtl\Output\ReleaseMT\EPKIWCtl_Vista.pdb

Imports

epkiapi

EPKI_STORAGE_ReadFile
EPKI_STORAGE_WriteFile
EPKI_STORAGE_DeletePriKey
EPKI_STORAGE_ReadPriKey
EPKI_API_SetGPKILibPath
EPKI_PRIKEY_ChangePasswd
EPKI_API_Init
EPKI_API_Finish
EPKI_STORAGE_DeleteCert
EPKI_BINSTR_Create
EPKI_BINSTR_Delete

kernel32

CreateFileA
FindNextFileA
FileTimeToLocalFileTime
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
WritePrivateProfileStringA
GetCurrentDirectoryA
GlobalFlags
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
GetFileAttributesA
GetFileTime
GetCPInfo
GetOEMCP
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
GetFullPathNameA
GetCommandLineA
ExitProcess
HeapSize
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDriveTypeA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
GetCurrentProcessId
GlobalAddAtomA
CloseHandle
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
SetLastError
GetProcessHeap
HeapFree
CopyFileA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
LoadLibraryA
GetProcAddress
GetVersionExA
CompareStringW
CompareStringA
GetVersion
InterlockedExchange
GetWindowsDirectoryA
GetThreadLocale
SetThreadLocale
GetModuleHandleA
LoadLibraryExA
FreeLibrary
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
GetModuleFileNameA
lstrcmpiA
GetLastError
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
HeapReAlloc

user32

RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
SetWindowLongA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
LoadCursorA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
GetSystemMetrics
GetWindowTextA
UnhookWindowsHookEx
GetWindowThreadProcessId
ShowWindow
DestroyMenu
GetClassInfoA
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CharUpperA
MessageBoxA
AdjustWindowRect
SetWindowPos
CharNextA

gdi32

GetStockObject
DeleteDC
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegQueryValueExA
RegOpenKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shell32

SHGetSpecialFolderPathA

shlwapi

PathRemoveFileSpecA
PathFindFileNameA
PathStripToRootA
PathFileExistsA
PathFindExtensionA
PathIsUNCA

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc

oleaut32

SysStringLen
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
VariantChangeType

rpcrt4

NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrStubCall2

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 267B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EPKIWCtl_wrapper.dll
.dll windows:4 windows x86 arch:x86

7d29c4cc38d5b8fb8584a8e097fad1fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\SGA\Work\EPKI\npEPKIPI_1.1.5.2\Source\npEPKIPI\output\release\EPKIWCtl_wrapper.pdb

Imports

kernel32

GetFileAttributesA
GetFileTime
HeapReAlloc
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
RtlUnwind
RaiseException
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
FileTimeToLocalFileTime
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetTickCount
FileTimeToSystemTime
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GlobalFlags
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
CloseHandle
GlobalFree
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
InterlockedDecrement
GetModuleFileNameW
GetCurrentThread
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
GlobalLock
lstrcmpA
GlobalAlloc
GetThreadLocale
InterlockedIncrement
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
LoadLibraryA
SetLastError
lstrcmpW
GetModuleHandleA
GetProcAddress
GetVersionExA
FindResourceA
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
InterlockedExchange
CompareStringW
GetVersion
CompareStringA
GetLastError
WideCharToMultiByte
SetHandleCount
lstrlenA

user32

RegisterClipboardFormatA
EndDialog
CreateDialogIndirectParamA
PostThreadMessageA
SetRect
IsRectEmpty
CopyAcceleratorTableA
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
GetDesktopWindow
ClientToScreen
UnregisterClassA
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
SetCursor
GetMessageA
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
PostQuitMessage
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
MessageBeep
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
CharNextA
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextA
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
EnableWindow
GetForegroundWindow
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
GetNextDlgTabItem
GetNextDlgGroupItem
GetMenu
PostMessageA
ReleaseCapture
SetCapture
InvalidateRgn
LoadBitmapA
InvalidateRect
CharUpperA
GetWindow
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
SetWindowLongA
GetWindowLongA
CallWindowProcA
DefWindowProcA
SendMessageA
GetDlgCtrlID
PtInRect
CopyRect
EqualRect
GetParent
AdjustWindowRectEx
GetSysColor
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
MessageBoxA
GetMenuItemCount
GetMenuItemID
GetSubMenu

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
ScaleViewportExtEx
CreateRectRgnIndirect
GetRgnBox
GetMapMode
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
DeleteObject
CreateBitmap
GetTextColor
GetBkColor
GetDeviceCaps
GetStockObject
GetObjectA
SetBkColor
SetTextColor
GetClipBox

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegCloseKey
RegDeleteKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CoRevokeClassObject
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter

oleaut32

VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
OleCreateFontIndirect
SysStringLen
SysFreeString
SysAllocStringByteLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy

Exports

Exports

CallBase64Decode
CallBase64Encode
CallDecryptData
CallDestroySession
CallDevelopData
CallEncryptData
CallEnvelopData
CallGenSymKey
CallGetCertData
CallGetCertInfo
CallGetEPKIWCtlProperty
CallGetErrorMsg
CallGetErrorNum
CallGetExceptionInfo
CallHashData
CallInvokeCMDlg
CallRequestSession
CallRequestVerifyVID
CallSessionDecrypt
CallSessionEncrypt
CallSetEPKIWCtlProperty
CallSignData
CallVerifyData
SetPropBannerUrl
SetPropCAType
SetPropCertCRLCheck
SetPropCertCRLCheckClient
SetPropCertPathCheck
SetPropCertPathCheckClient
SetPropCertTimeCheck
SetPropCertTimeCheckClient
SetPropConnectedURL
SetPropDN
SetPropIDNAndSN
SetPropOID
SetPropServerCert
SetPropStorage

Sections

.text
Size: 216KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
api.conf
banner.bmp
bfb627d8035a76654c6101415631e58b7b3ad9cc_04.der
c8d08ec749ae1f2042b24b7f13c977580ca1cdc1.der
epkiapi.dll
.dll windows:4 windows x86 arch:x86

bc1e4016728ce51d6a5a063399eb0f62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\EPS Toolkits\B. Windows Platform\CSTCore_Dev\EPKIAPI\bin_Release\epkiapi.pdb

Imports

nsldap32v11

ord79
ord13
ord418
ord85
ord60
ord50
ord26
ord41
ord35

wsock32

recv
send
closesocket
connect
ntohs
gethostbyname
ioctlsocket
htons
WSAStartup
socket

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

urlmon

ObtainUserAgentString

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
InitializeCriticalSection
GetStringTypeW
GetStringTypeA
HeapSize
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
SetStdHandle
FlushFileBuffers
GetCurrentProcessId
FreeLibrary
GetProcAddress
GetLocaleInfoA
GetPrivateProfileIntA
GetPrivateProfileStringA
Sleep
GetVersionExA
GetTickCount
GetWindowsDirectoryA
DeleteFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetTempFileNameA
GetTempPathA
LoadLibraryExA
GetSystemDefaultLCID
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetCurrentDirectoryA
GetFullPathNameA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemDirectoryA
CreateDirectoryA
LoadLibraryA
FindClose
QueryPerformanceCounter
CloseHandle
GlobalMemoryStatus
GetLastError
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetFileAttributesA
GetCommandLineA
GetProcessHeap
GetDriveTypeA
FindFirstFileA
GetTimeZoneInformation
MultiByteToWideChar
ReadFile
GetFileType
CreateFileA
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapReAlloc
MoveFileA
SetConsoleCtrlHandler
RtlUnwind
SetFilePointer
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement

user32

SetScrollRange
MessageBoxA
DispatchMessageA
TranslateMessage
PeekMessageA
SendMessageA
InvalidateRect
SetWindowLongA
LoadStringA

gdi32

CreateDCA
GetDeviceCaps

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

EPKI_API_Finish
EPKI_API_GetErrInfo
EPKI_API_Init
EPKI_API_InitWithFile
EPKI_API_SetGPKILibPath
EPKI_API_SetOption
EPKI_BASE64_Decode
EPKI_BASE64_Encode
EPKI_BINSTR_Create
EPKI_BINSTR_Delete
EPKI_BINSTR_SetData
EPKI_CERT_AddCert
EPKI_CERT_AddTrustedCert
EPKI_CERT_GetAIA
EPKI_CERT_GetAuthKeyID
EPKI_CERT_GetBasicConstraints
EPKI_CERT_GetCRLDP
EPKI_CERT_GetCert
EPKI_CERT_GetCertCount
EPKI_CERT_GetCertPolicy
EPKI_CERT_GetCertPolicyID
EPKI_CERT_GetExtKeyUsage
EPKI_CERT_GetIssuerName
EPKI_CERT_GetKeyUsage
EPKI_CERT_GetPubKey
EPKI_CERT_GetPubKeyAlg
EPKI_CERT_GetPubKeyLen
EPKI_CERT_GetRemainDays
EPKI_CERT_GetSerialNum
EPKI_CERT_GetSignature
EPKI_CERT_GetSignatureAlgorithm
EPKI_CERT_GetSubKeyID
EPKI_CERT_GetSubjectAltName
EPKI_CERT_GetSubjectName
EPKI_CERT_GetUID
EPKI_CERT_GetValidity
EPKI_CERT_GetVersion
EPKI_CERT_Load
EPKI_CERT_SetVerifyEnv
EPKI_CERT_Unload
EPKI_CERT_Verify
EPKI_CERT_VerifyByIVS
EPKI_CMS_GetSigner
EPKI_CMS_MakeEncryptedData
EPKI_CMS_MakeEnvelopedData
EPKI_CMS_MakeEnvelopedDataWithMultiRecipients
EPKI_CMS_MakeEnvelopedFile
EPKI_CMS_MakeEnvelopedFileWithMultiRecipients
EPKI_CMS_MakeSignedAndEnvData
EPKI_CMS_MakeSignedData
EPKI_CMS_MakeSignedDataWithAddSigner
EPKI_CMS_MakeSignedDataWithHSM
EPKI_CMS_MakeSignedFile
EPKI_CMS_ProcessEncryptedData
EPKI_CMS_ProcessEnvelopedData
EPKI_CMS_ProcessEnvelopedFile
EPKI_CMS_ProcessSignedAndEnvData
EPKI_CMS_ProcessSignedData
EPKI_CMS_ProcessSignedData2
EPKI_CMS_ProcessSignedFile
EPKI_CRYPT_ClearKeyAndIV
EPKI_CRYPT_Decrypt
EPKI_CRYPT_DecryptFile
EPKI_CRYPT_Encrypt
EPKI_CRYPT_EncryptFile
EPKI_CRYPT_GenKeyAndIV
EPKI_CRYPT_GenMAC
EPKI_CRYPT_GenRandom
EPKI_CRYPT_GetKeyAndIV
EPKI_CRYPT_Hash
EPKI_CRYPT_HashFile
EPKI_CRYPT_SetKeyAndIV
EPKI_CRYPT_VerifyMAC
EPKI_HSM_CloseSessionID
EPKI_HSM_DeleteKeyAndCertInToken
EPKI_HSM_FreeP11Config
EPKI_HSM_GetAllCertsInToken
EPKI_HSM_GetP11Config
EPKI_HSM_GetRNumberInToken
EPKI_HSM_GetSessionID
EPKI_HSM_GetSlotList
EPKI_HSM_LoadP11Library
EPKI_HSM_LoginToTokenWithSessionID
EPKI_HSM_LogoutFromToken
EPKI_HSM_SaveKeyAndCertToToken
EPKI_HSM_UnloadP11Library
EPKI_PRIKEY_ChangePasswd
EPKI_PRIKEY_Decrypt
EPKI_PRIKEY_Encrypt
EPKI_STORAGE_DeleteCert
EPKI_STORAGE_DeletePriKey
EPKI_STORAGE_ReadCert
EPKI_STORAGE_ReadFile
EPKI_STORAGE_ReadPriKey
EPKI_STORAGE_WriteCert
EPKI_STORAGE_WriteFile
EPKI_STORAGE_WritePriKey
EPKI_VID_GetRandomFromPriKey
EPKI_VID_Verify

Sections

.text
Size: 776KB - Virtual size: 773KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 240KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gpkiapi.dll
.dll windows:4 windows x86 arch:x86

b890f6d989f92a93d3e1f309fca6a161

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetProcAddress
GetLastError
LoadLibraryA
FreeLibrary
CompareStringW
CompareStringA
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetModuleHandleA
LCMapStringW
LCMapStringA
MultiByteToWideChar
CloseHandle
CreateFileA
WriteFile
CreateDirectoryA
ReadFile
GetFileSize
SetFilePointer
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
GetCurrentThreadId
HeapAlloc
HeapFree
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
MoveFileA
DeleteFileA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetSystemTimeAsFileTime
GetCurrentProcessId
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
IsBadWritePtr
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WideCharToMultiByte
SetEnvironmentVariableA

nsldap32v11

ord418
ord22
ord13
ord60
ord85
ord41
ord79
ord201
ord27
ord33
ord35
ord32
ord200
ord50
ord26
ord30

wsock32

closesocket
connect
htons
ioctlsocket
WSAGetLastError
socket
WSAStartup
send
recv
__WSAFDIsSet
select
inet_addr
gethostbyname

Exports

Exports

GPKI_API_Finish
GPKI_API_GetErrInfo
GPKI_API_GetInfo
GPKI_API_GetVersion
GPKI_API_Init
GPKI_API_SetOption
GPKI_BASE64_Decode
GPKI_BASE64_Encode
GPKI_BINSTR_Create
GPKI_BINSTR_Delete
GPKI_BINSTR_SetData
GPKI_CERT_AddCert
GPKI_CERT_AddTrustedCert
GPKI_CERT_GetAIA
GPKI_CERT_GetAuthKeyID
GPKI_CERT_GetBasicConstraints
GPKI_CERT_GetCRLDP
GPKI_CERT_GetCert
GPKI_CERT_GetCertCount
GPKI_CERT_GetCertPolicy
GPKI_CERT_GetCertPolicyID
GPKI_CERT_GetExtKeyUsage
GPKI_CERT_GetIssuerName
GPKI_CERT_GetKeyUsage
GPKI_CERT_GetPubKey
GPKI_CERT_GetPubKeyAlg
GPKI_CERT_GetPubKeyLen
GPKI_CERT_GetRemainDays
GPKI_CERT_GetSerialNum
GPKI_CERT_GetSignature
GPKI_CERT_GetSignatureAlgorithm
GPKI_CERT_GetSubKeyID
GPKI_CERT_GetSubjectAltName
GPKI_CERT_GetSubjectName
GPKI_CERT_GetUID
GPKI_CERT_GetValidity
GPKI_CERT_GetVersion
GPKI_CERT_Load
GPKI_CERT_SetVerifyEnv
GPKI_CERT_Unload
GPKI_CERT_Verify
GPKI_CERT_VerifyByIVS
GPKI_CMS_ComposeSignedData
GPKI_CMS_GetSigner
GPKI_CMS_MakeEncryptedData
GPKI_CMS_MakeEnvelopedData
GPKI_CMS_MakeEnvelopedDataWithMultiRecipients
GPKI_CMS_MakeEnvelopedData_File
GPKI_CMS_MakeEnvelopedData_NoContent_File
GPKI_CMS_MakeSignedAndEnvData
GPKI_CMS_MakeSignedData
GPKI_CMS_MakeSignedDataWithAddSigner
GPKI_CMS_MakeSignedData_File
GPKI_CMS_MakeSignedData_NoContent_File
GPKI_CMS_MakeTBSData
GPKI_CMS_ProcessEncryptedData
GPKI_CMS_ProcessEnvelopedData
GPKI_CMS_ProcessEnvelopedData_File
GPKI_CMS_ProcessEnvelopedData_NoContent_File
GPKI_CMS_ProcessSignedAndEnvData
GPKI_CMS_ProcessSignedData
GPKI_CMS_ProcessSignedData2
GPKI_CMS_ProcessSignedData_File
GPKI_CMS_ProcessSignedData_NoContent_File
GPKI_CRYPT_AsymDecrypt
GPKI_CRYPT_AsymEncrypt
GPKI_CRYPT_ClearKeyAndIV
GPKI_CRYPT_Decrypt
GPKI_CRYPT_Decrypt_File
GPKI_CRYPT_Encrypt
GPKI_CRYPT_Encrypt_File
GPKI_CRYPT_GenKeyAndIV
GPKI_CRYPT_GenMAC
GPKI_CRYPT_GenRandom
GPKI_CRYPT_GetKeyAndIV
GPKI_CRYPT_Hash
GPKI_CRYPT_SetKeyAndIV
GPKI_CRYPT_Sign
GPKI_CRYPT_Verify
GPKI_CRYPT_VerifyMAC
GPKI_KEY_Share
GPKI_KEY_Unite
GPKI_LDAP_GetAnyDataByURL
GPKI_LDAP_GetCRLByCert
GPKI_LDAP_GetCertPath
GPKI_LDAP_GetDataByCN
GPKI_LDAP_GetDataByURL
GPKI_PRIKEY_ChangePasswd
GPKI_PRIKEY_CheckKeyPair
GPKI_PRIKEY_Decrypt
GPKI_PRIKEY_Encrypt
GPKI_SIGEA_MakeChallenge
GPKI_SIGEA_MakeResponse
GPKI_SIGEA_VerifyResponse
GPKI_STORAGE_DeleteCert
GPKI_STORAGE_DeletePriKey
GPKI_STORAGE_Load
GPKI_STORAGE_ReadCert
GPKI_STORAGE_ReadFile
GPKI_STORAGE_ReadPriKey
GPKI_STORAGE_Unload
GPKI_STORAGE_WriteCert
GPKI_STORAGE_WriteFile
GPKI_STORAGE_WritePriKey
GPKI_TSP_GetTokenInfo
GPKI_TSP_MakeReqMsg
GPKI_TSP_SendAndRecv
GPKI_TSP_VerifyResMsg
GPKI_TSP_VerifyToken
GPKI_UTIL_GetProfileInt
GPKI_UTIL_GetProfileString
GPKI_UTIL_SetProfileInt
GPKI_UTIL_SetProfileString
GPKI_VID_GetRandomFromPriKey
GPKI_VID_Verify
GPKI_VID_VerifyByIVS
GPKI_WCMS_MakeSignedContent
GPKI_WCMS_MakeWapEnvelopedData
GPKI_WCMS_ProcessSignedContent
GPKI_WCMS_ProcessWapEnvelopedData

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 224KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hsm.cer
npEPKIPI.dll
.dll windows:4 windows x86 arch:x86

12a4880e382c0bfc61553b9b70749d20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\SGA\Work\EPKI\npEPKIPI_1.1.5.2\Source\npEPKIPI\output\release\npEPKIPI.pdb

Imports

kernel32

GetLastError
LoadLibraryExA
SizeofResource
GetProcAddress
MultiByteToWideChar
FindResourceA
FindResourceExA
LoadResource
GetModuleFileNameA
LockResource
WideCharToMultiByte
lstrlenA
InterlockedExchange
GetModuleHandleA
FreeLibrary
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetACP
GetLocaleInfoA
GetThreadLocale
CloseHandle
CreateFileA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
VirtualAlloc
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
LoadLibraryA
GetCPInfo
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode

user32

MessageBoxA
UnregisterClassA

oleaut32

SysFreeString
SafeArrayDestroyData
SafeArrayCopy
VariantClear
SysAllocStringLen
VariantInit
SafeArrayCreate
SafeArrayPutElement
VariantCopy

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
npInst.exe
.exe windows:4 windows x86 arch:x86

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:7f:c6:29:54:07:29:5f:9d:aa:53:79:1e:01:43:98
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

13/02/2008, 06:41

Not After

12/02/2010, 06:41

Subject

CN=BCQRE Co\,. Ltd,OU=Cryptographic Security Technology Lab,O=BCQRE Co\,. Ltd,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

f1:06:f6:37:47:e4:93:ba:0a:0e:e6:bc:7c:0f:77:a9:1d:4d:d3:75
Signer

Actual PE Digest

f1:06:f6:37:47:e4:93:ba:0a:0e:e6:bc:7c:0f:77:a9:1d:4d:d3:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 23KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 315KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
npInst.ini
nsldap32v11.dll
.dll windows:4 windows x86 arch:x86

7b103496832d12b54dafd19d2bf54834

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

select
ioctlsocket
WSACleanup
ntohl
__WSAFDIsSet
closesocket
htons
WSAStartup
recv
send
htonl
connect
gethostbyname
socket

msvcrt

fseek
strrchr
_isctype
_strcmpi
_write
_strdup
fopen
atoi
fflush
fprintf
__p__iob
malloc
realloc
sprintf
free
memmove
calloc
time
strtok
strchr
fclose
fread
ftell
rewind
fgets
_adjust_fdiv
__p___mb_cur_max
__p__pctype
strerror
_errno
_initterm
strncpy
_strnicmp
qsort
toupper
ctime

kernel32

DisableThreadLibraryCalls
GetVersion
GlobalAlloc
GlobalFree

Exports

Exports

ber_alloc
ber_alloc_t
ber_bvdup
ber_bvecfree
ber_bvfree
ber_dup
ber_first_element
ber_flush
ber_free
ber_get_bitstringa
ber_get_boolean
ber_get_int
ber_get_next
ber_get_null
ber_get_option
ber_get_stringa
ber_get_stringal
ber_get_stringb
ber_get_tag
ber_init
ber_next_element
ber_peek_tag
ber_printf
ber_put_bitstring
ber_put_boolean
ber_put_enum
ber_put_int
ber_put_null
ber_put_ostring
ber_put_seq
ber_put_set
ber_put_string
ber_read
ber_reset
ber_scanf
ber_set_option
ber_skip_tag
ber_sockbuf_alloc
ber_sockbuf_get_option
ber_sockbuf_set_option
ber_start_seq
ber_start_set
ber_write
der_alloc
ldap_abandon
ldap_add
ldap_add_s
ldap_ber_free
ldap_bind
ldap_bind_s
ldap_build_filter
ldap_cache_flush
ldap_charray_add
ldap_charray_dup
ldap_charray_free
ldap_charray_inlist
ldap_charray_merge
ldap_charray_position
ldap_compare
ldap_compare_s
ldap_count_entries
ldap_count_values
ldap_count_values_len
ldap_create_filter
ldap_delete
ldap_delete_s
ldap_dn2ufn
ldap_entry2html
ldap_entry2html_search
ldap_entry2text
ldap_entry2text_search
ldap_err2string
ldap_explode_dn
ldap_explode_dns
ldap_explode_rdn
ldap_first_attribute
ldap_first_disptmpl
ldap_first_entry
ldap_first_searchobj
ldap_first_tmplcol
ldap_first_tmplrow
ldap_free_friendlymap
ldap_free_searchprefs
ldap_free_templates
ldap_free_urldesc
ldap_friendly_name
ldap_get_dn
ldap_get_lderrno
ldap_get_option
ldap_get_values
ldap_get_values_len
ldap_getfilter_free
ldap_getfirstfilter
ldap_getnextfilter
ldap_init
ldap_init_getfilter
ldap_init_getfilter_buf
ldap_init_searchprefs
ldap_init_searchprefs_buf
ldap_init_templates
ldap_init_templates_buf
ldap_is_dns_dn
ldap_is_ldap_url
ldap_memfree
ldap_modify
ldap_modify_s
ldap_modrdn
ldap_modrdn2
ldap_modrdn2_s
ldap_modrdn_s
ldap_mods_free
ldap_msgfree
ldap_msgid
ldap_msgtype
ldap_multisort_entries
ldap_name2template
ldap_next_attribute
ldap_next_disptmpl
ldap_next_entry
ldap_next_searchobj
ldap_next_tmplcol
ldap_next_tmplrow
ldap_oc2template
ldap_open
ldap_perror
ldap_result
ldap_result2error
ldap_search
ldap_search_s
ldap_search_st
ldap_set_filter_additions
ldap_set_lderrno
ldap_set_option
ldap_set_rebind_proc
ldap_setfilteraffixes
ldap_simple_bind
ldap_simple_bind_s
ldap_sort_entries
ldap_sort_strcasecmp
ldap_sort_values
ldap_str2charray
ldap_tmplattrs
ldap_tmplerr2string
ldap_ufn_search_c
ldap_ufn_search_ct
ldap_ufn_search_s
ldap_ufn_setfilter
ldap_ufn_setprefix
ldap_ufn_timeout
ldap_unbind
ldap_unbind_s
ldap_url_parse
ldap_url_search
ldap_url_search_s
ldap_url_search_st
ldap_vals2html
ldap_vals2text
ldap_value_free
ldap_value_free_len
ldap_version

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
policy.conf
setup.dat
sgainst.exe
.exe windows:4 windows x86 arch:x86

3b6495d6453edbcb80945d34ad76affb

Code Sign

26:07:3b:ca:4d:49:00:8a:62:c9:0d:ad:e2:bf:9c:38
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

13/01/2010, 00:00

Not After

13/03/2012, 23:59

Subject

CN=BCQRE Co\,. Ltd,O=BCQRE Co\,. Ltd,L=Seocho-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

01/01/2021, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e7:79:9f:e4:0d:05:d6:df:f4:ab:f9:cd:16:50:ea:ef:fd:de:ed:30
Signer

Actual PE Digest

e7:79:9f:e4:0d:05:d6:df:f4:ab:f9:cd:16:50:ea:ef:fd:de:ed:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetPrivateProfileStringA
Sleep
GetFileAttributesExA
GetFileAttributesA
CopyFileA
RemoveDirectoryA
DeleteFileA
GetPrivateProfileSectionA
GetPrivateProfileIntA
lstrcmpiA
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
WideCharToMultiByte
FlushInstructionCache
TerminateThread
GetExitCodeThread
ResumeThread
SuspendThread
GetCurrentThreadId
SetLastError
CreateThread
GetModuleFileNameA
LocalFree
FormatMessageA
OpenProcess
GetModuleHandleA
OutputDebugStringA
GetCurrentProcessId
lstrlenW
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
LoadLibraryExA
GetShortPathNameA
InterlockedExchange
SetErrorMode
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapCreate
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
SetEndOfFile
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
SetFilePointer
GetConsoleMode
GetConsoleCP
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
lstrcatA
FindFirstFileA
FindClose
CompareStringA
GetCurrentProcess
GetVersionExA
lstrlenA
lstrcpyA
CreateDirectoryA
CreateFileA
DosDateTimeToFileTime
FlushFileBuffers
WriteFile
ReadFile
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LocalFileTimeToFileTime
SetFileTime
CloseHandle
SetFileAttributesA
GetStringTypeW
GetStringTypeA
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange

user32

SetForegroundWindow
EnableWindow
DefWindowProcA
DestroyWindow
CharNextA
GetTopWindow
GetWindowTextA
IsWindowVisible
GetWindowThreadProcessId
GetActiveWindow
GetSystemMetrics
LoadImageA
OffsetRect
DialogBoxParamA
GetParent
GetWindow
SystemParametersInfoA
MapWindowPoints
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
ScreenToClient
GetClientRect
GetWindowRect
SetWindowPos
SetWindowTextA
PostMessageA
GetWindowLongA
SetWindowLongA
EndDialog
GetForegroundWindow
IsWindow
SendMessageA
ExitWindowsEx
LoadStringA
MessageBoxA
wsprintfA
UnregisterClassA

advapi32

RegDeleteValueA
RegQueryValueExA
RegOpenKeyA
AdjustTokenPrivileges
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegCreateKeyA
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

VarUI4FromStr

shlwapi

PathRemoveFileSpecA

comctl32

ImageList_Create
ImageList_Remove
InitCommonControlsEx
ImageList_ReplaceIcon

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

26:07:3b:ca:4d:49:00:8a:62:c9:0d:ad:e2:bf:9c:38Certificate

Extended Key Usages

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

49:48:d9:1f:80:91:ce:c8:e9:d3:cc:6c:87:b4:4e:d6:d9:f2:9a:d3Signer

Headers

File Characteristics

Exports

Exports

Sections

Size: 64KB - Virtual size: 128KB

Size: 512B - Virtual size: 4KB

Size: 12KB - Virtual size: 28KB

Size: 2KB - Virtual size: 176KB

.rsrc Size: 4KB - Virtual size: 4KB

Size: 6KB - Virtual size: 12KB

Size: 4KB - Virtual size: 4KB

.data Size: 301KB - Virtual size: 304KB

.adata Size: - Virtual size: 4KB

6c7769ca2af6aeaa3ac4db071d2f04d0

Code Sign

26:07:3b:ca:4d:49:00:8a:62:c9:0d:ad:e2:bf:9c:38Certificate

Extended Key Usages

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

f2:a2:a7:41:d1:3b:64:fd:06:57:a6:da:eb:e3:f1:bf:4c:ff:ee:0bSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

urlmon

Exports

Exports

Sections

.text Size: 240KB - Virtual size: 237KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 32KB - Virtual size: 28KB

Code Sign

26:07:3b:ca:4d:49:00:8a:62:c9:0d:ad:e2:bf:9c:38Certificate

Extended Key Usages

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

26:07:3b:ca:4d:49:00:8a:62:c9:0d:ad:e2:bf:9c:38
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

49:48:d9:1f:80:91:ce:c8:e9:d3:cc:6c:87:b4:4e:d6:d9:f2:9a:d3
Signer

.rsrc
Size: 4KB - Virtual size: 4KB

.data
Size: 301KB - Virtual size: 304KB

.adata
Size: - Virtual size: 4KB

26:07:3b:ca:4d:49:00:8a:62:c9:0d:ad:e2:bf:9c:38
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

f2:a2:a7:41:d1:3b:64:fd:06:57:a6:da:eb:e3:f1:bf:4c:ff:ee:0b
Signer

.text
Size: 240KB - Virtual size: 237KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 32KB - Virtual size: 28KB

26:07:3b:ca:4d:49:00:8a:62:c9:0d:ad:e2:bf:9c:38
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

8f:4b:9c:c8:f8:88:e9:ce:1b:9c:b3:66:ea:02:10:fc:a2:45:77:de
Signer

.rsrc
Size: 100KB - Virtual size: 100KB

.data
Size: 318KB - Virtual size: 320KB

.adata
Size: - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.data
Size: 298KB - Virtual size: 300KB

.adata
Size: - Virtual size: 4KB

26:07:3b:ca:4d:49:00:8a:62:c9:0d:ad:e2:bf:9c:38
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

ce:f8:14:a0:27:22:df:4b:29:c8:6d:7e:f2:8d:f2:97:6c:a0:70:56
Signer

.rsrc
Size: 120KB - Virtual size: 120KB

.data
Size: 309KB - Virtual size: 312KB

.adata
Size: - Virtual size: 4KB

26:07:3b:ca:4d:49:00:8a:62:c9:0d:ad:e2:bf:9c:38
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

82:09:3c:d8:c2:c8:22:9d:bb:54:eb:3a:e6:e7:57:b4:12:7d:44:d0
Signer