3c94d4291c634245d9efdc0039ea13be_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3c94d4291c634245d9efdc0039ea13be_JaffaCakes118
Size

5.2MB
MD5

3c94d4291c634245d9efdc0039ea13be
SHA1

f620605ce76298f80921137504f5e4e8f8b6ed95
SHA256

8e5a9cfc683347efcc2182df7904c618299c0a7ce324fd8d577693909607da68
SHA512

1addcbf70fc1472f79312eac645b841afde8b7cebf8fb5cbdff5c8b61f439b120718171bc01f4cb7317d4d4bcd6c0052ffdadaf501b876d72af8d5d49066db37
SSDEEP

98304:2IlgRrCjoLYm3zEY5zMD3Cl9QowC/OsWWIdtPOTcwRbFBA0qtv0fuELCeI:Plg+oLZ3z1kYcsWrwdA0qtguEK

Score

3^/10

Malware Config

Signatures

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$R0
unpack002/$R2/NSIS.Library.RegTool.v2.$_7_.exe
unpack002/aceftp3.exe
unpack005/$PLUGINSDIR/InetLoad.dll
unpack005/$PLUGINSDIR/InstallOptions.dll
unpack005/$PLUGINSDIR/Processes.dll
unpack005/$PLUGINSDIR/System.dll
unpack005/$PLUGINSDIR/UserInfo.dll
unpack005/$PLUGINSDIR/xml.dll
unpack005/$WINDIR/Downloaded Program Files/$R2/NSIS.Library.RegTool.v2.$_32_.exe
unpack005/$WINDIR/Downloaded Program Files/PPClean.exe
unpack005/$_25_/vmntoolbar/$R2/NSIS.Library.RegTool.v2.$_32_.exe
unpack006/$PLUGINSDIR/InetLoad.dll
unpack006/$PLUGINSDIR/System.dll
unpack006/$PLUGINSDIR/locate.dll

NSIS installer 3 IoCs

installer

resource	yara_rule
static1/unpack001/aceftp3pro.exe	nsis_installer_1
static1/unpack002/vmntoolbar/vmntoolbarsetup1.7_en.exe	nsis_installer_1
static1/unpack005/tbuninstall.exe	nsis_installer_1

Files

3c94d4291c634245d9efdc0039ea13be_JaffaCakes118
.rar
aceftp3pro.exe
.exe windows:4 windows x86 arch:x86

dd1742eadfc6df18ded3c26ae64ad610

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:64:7b:50:98:3e:d1:eb:11:c2:79:cb:39:8c:2c:a4
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

20/06/2007, 00:00

Not After

22/06/2008, 23:59

Subject

CN=Visicom Media Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Visicom Media Inc.,L=Brossard,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

26:bc:37:ac:71:be:f7:43:66:c5:2e:ac:9c:50:5d:ea:62:69:02:ee
Signer

Actual PE Digest

26:bc:37:ac:71:be:f7:43:66:c5:2e:ac:9c:50:5d:ea:62:69:02:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
CloseHandle
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
ExitProcess

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

c4fa86e78b598d87f225e209ba30786f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
PtInRect
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
OpenClipboard

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1002B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/customFinish.ini
$PLUGINSDIR/eulaetzer_pro.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$R0
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 165B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$R2/NSIS.Library.RegTool.v2.$_7_.exe
.exe windows:4 windows x86 arch:x86

a56a9c58ddb2b2da8fde66551747ce70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CloseHandle
CreateProcessA
GetSystemDirectoryA
FreeLibrary
LoadLibraryExA
MultiByteToWideChar
lstrcmpiA
lstrlenA
SetEndOfFile
GetProcAddress
UnmapViewOfFile
lstrcpyA
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
lstrcatA
GetWindowsDirectoryA
GetShortPathNameA
GetCommandLineA
ExitProcess
GetModuleHandleA
GetModuleFileNameA
SetFilePointer
SetErrorMode

oleaut32

LoadTypeLi
RegisterTypeLi

advapi32

RegQueryValueExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegCloseKey

user32

wsprintfA
CharNextA

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FTPCntxt.ini
IniSites.zip
.zip
AceFTP Storage.ftp
Popular Sites/Anti-Virus/McAfee.ftp
Popular Sites/Anti-Virus/Norton Antivirus.ftp
Popular Sites/Anti-Virus/PcCillin.ftp
Popular Sites/Browsers/MSIE.ftp
Popular Sites/Browsers/Netscape.ftp
Popular Sites/Browsers/Opera.ftp
Popular Sites/Games/Epic Games.ftp
Popular Sites/Games/ID Software.ftp
Popular Sites/Games/Lucas Arts.ftp
Popular Sites/Games/Sierra.ftp
Popular Sites/Hardware/ATI.ftp
Popular Sites/Hardware/Creative Labs.ftp
Popular Sites/Hardware/Diamond.ftp
Popular Sites/Hardware/Epson.ftp
Popular Sites/Hardware/HP.ftp
Popular Sites/Hardware/Iomega (Zip).ftp
Popular Sites/Hardware/Lexmark.ftp
Popular Sites/Hardware/US Robotics.ftp
Popular Sites/Hardware/nvidia.ftp
Popular Sites/Operating Systems/Mac OS.ftp
Popular Sites/Operating Systems/RedHat - Linux.ftp
Popular Sites/Operating Systems/Windows.ftp
Popular Sites/Software/Adobe.ftp
Popular Sites/Software/Apple.ftp
Popular Sites/Software/Corel.ftp
Popular Sites/Software/Eudora.ftp
Popular Sites/Software/Microsoft.ftp
Popular Sites/Software/WinZip.ftp
aceftp3.exe
.exe windows:4 windows x86 arch:x86

1879b3ff1c0fde5ed1578c22599255b3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeNameA
GetUserNameA
GetTokenInformation
CryptGetProvParam
CryptDestroyHash
CryptSignHashA
CryptSetHashParam
CryptCreateHash
CryptImportKey
CryptExportKey
CryptReleaseContext
CryptDestroyKey
CryptGetUserKey
CryptAcquireContextA
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
CloseServiceHandle

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
WaitForInputIdle
VkKeyScanA
ValidateRect
UpdateWindow
UnregisterClassA
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
ToAscii
TabbedTextOutA
SystemParametersInfoA
SubtractRect
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRectEmpty
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardViewer
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendNotifyMessageA
SendMessageTimeoutA
SendMessageW
SendMessageA
SendDlgItemMessageA
ScrollWindow
ScrollDC
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharBuffA
OemToCharA
MsgWaitForMultipleObjects
MoveWindow
MessageBoxW
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LockWindowUpdate
LoadStringA
LoadKeyboardLayoutA
LoadImageA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericA
IsCharAlphaA
InvalidateRgn
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextA
GetWindowRgn
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetUpdateRect
GetTopWindow
GetTabbedTextExtentA
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageA
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameA
GetClipboardData
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoA
GetCaretPos
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExA
FindWindowA
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndDialog
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExA
DrawTextW
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DragDetect
DispatchMessageW
DispatchMessageA
DialogBoxParamA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DeferWindowPos
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIconIndirect
CreateIconFromResource
CreateIcon
CreateDialogParamA
CopyRect
CopyImage
CloseClipboard
ClientToScreen
ChildWindowFromPointEx
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharLowerBuffW
ChangeClipboardChain
CallWindowProcA
CallNextHookEx
BeginPaint
BeginDeferWindowPos
AttachThreadInput
AppendMenuA
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
DdeCmpStringHandles
DdeFreeStringHandle
DdeQueryStringA
DdeCreateStringHandleA
DdeGetLastError
DdeFreeDataHandle
DdeUnaccessData
DdeAccessData
DdeCreateDataHandle
DdeClientTransaction
DdeNameService
DdePostAdvise
DdeSetUserHandle
DdeQueryConvInfo
DdeDisconnect
DdeConnect
DdeUninitialize
DdeInitializeA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryA
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCurrentDirectoryA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
CreateDirectoryA
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrlenW
lstrcpyA
lstrcmpiW
lstrcmpiA
lstrcmpA
_lwrite
_lread
_lopen
_llseek
_lcreat
_lclose
WritePrivateProfileStringA
WriteFile
WinExec
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjects
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
TerminateThread
TerminateProcess
SystemTimeToFileTime
SuspendThread
Sleep
SizeofResource
SetVolumeLabelA
SetThreadPriority
SetThreadLocale
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesW
SetFileAttributesA
SetEvent
SetErrorMode
SetEnvironmentVariableA
SetEndOfFile
SetCurrentDirectoryA
SearchPathA
ResumeThread
ResetEvent
ReleaseSemaphore
ReadFile
OutputDebugStringA
OpenProcess
OpenFileMappingA
MultiByteToWideChar
MulDiv
MoveFileA
MapViewOfFile
LockResource
LocalFree
LocalFileTimeToFileTime
LoadResource
LoadLibraryExA
LoadLibraryA
LeaveCriticalSection
IsDBCSLeadByte
IsBadReadPtr
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalMemoryStatus
GlobalHandle
GlobalLock
GlobalGetAtomNameA
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetWindowsDirectoryA
GetVersionExA
GetVersion
GetUserDefaultLCID
GetTimeZoneInformation
GetTimeFormatA
GetTickCount
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathW
GetTempPathA
GetTempFileNameA
GetSystemTime
GetSystemInfo
GetSystemDirectoryA
GetSystemDefaultLangID
GetStdHandle
GetStartupInfoA
GetShortPathNameA
GetProfileStringA
GetProcAddress
GetPrivateProfileStringA
GetPriorityClass
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLogicalDrives
GetLocaleInfoW
GetLocaleInfoA
GetLocalTime
GetLastError
GetHandleInformation
GetFullPathNameA
GetFileTime
GetFileAttributesA
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableA
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameA
GetCommandLineW
GetCommandLineA
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FlushInstructionCache
FlushFileBuffers
FindResourceA
FindNextFileW
FindNextFileA
FindNextChangeNotification
FindFirstFileW
FindFirstFileA
FindFirstChangeNotificationA
FindCloseChangeNotification
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
ExitThread
EnumSystemLocalesA
EnumCalendarInfoA
EnterCriticalSection
DuplicateHandle
DosDateTimeToFileTime
DeleteFileW
DeleteFileA
DeleteCriticalSection
CreateThread
CreateSemaphoreA
CreateProcessA
CreateFileMappingA
CreateFileW
CreateFileA
CreateEventA
CreateDirectoryW
CreateDirectoryA
CopyFileA
CompareStringW
CompareStringA
CloseHandle
AreFileApisANSI
Sleep
FindFirstChangeNotificationA
GetVersionExA

gdi32

UpdateColors
UnrealizeObject
TextOutA
StrokePath
StretchDIBits
StretchBlt
StartPage
StartDocA
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextJustification
SetTextColor
SetTextAlign
SetStretchBltMode
SetRectRgn
SetROP2
SetPixelV
SetPixel
SetPaletteEntries
SetMapMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SelectClipPath
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
PtInRegion
Polyline
Polygon
PolyPolyline
PlayEnhMetaFile
PathToRegion
PatBlt
OffsetWindowOrgEx
OffsetRgn
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32W
GetTextExtentPoint32A
GetTextExtentExPointA
GetTextColor
GetTextAlign
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectType
GetObjectA
GetNearestPaletteIndex
GetNearestColor
GetMapMode
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionA
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBkMode
GetBkColor
GetBitmapBits
GdiFlush
FrameRgn
FillPath
ExtTextOutW
ExtTextOutA
ExtSelectClipRgn
ExcludeClipRect
EqualRgn
EndPath
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePen
CreatePatternBrush
CreatePalette
CreateICA
CreateHatchBrush
CreateHalftonePalette
CreateFontIndirectA
CreateFontA
CreateEnhMetaFileA
CreateEllipticRgn
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
CloseEnhMetaFile
BitBlt
BeginPath
TranslateCharsetInfo
GetRandomRgn

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

mpr

WNetOpenEnumA
WNetGetUniversalNameA
WNetEnumResourceA
WNetCloseEnum

ole32

IsEqualGUID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoCreateGuid
CreateStreamOnHGlobal
IsAccelerator
ReleaseStgMedium
OleDraw
OleSetMenuDescriptor
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
StgIsStorageFile
StgOpenStorage
StgCreateDocfile
CreateDataAdviseHolder
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoGetMalloc
CoUninitialize
CoInitialize
IsEqualGUID
CoCreateGuid
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
DoDragDrop
RegisterDragDrop

olepro32

OleLoadPicture

winspool.drv

OpenPrinterA
GetPrinterDriverA
EnumPrintersA
DocumentPropertiesA
ClosePrinter

comctl32

ImageList_Destroy
ImageList_Add
ImageList_Create
_TrackMouseEvent
LBItemFromPt
MakeDragList
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

wsock32

WSACleanup
WSAStartup
WSASetLastError
WSAGetLastError
WSAAsyncSelect
gethostname
gethostbyname
gethostbyaddr
socket
shutdown
setsockopt
send
recv
ntohs
listen
ioctlsocket
inet_ntoa
inet_addr
htons
getsockopt
getsockname
connect
closesocket
bind
accept

shell32

Shell_NotifyIconA
ShellExecuteA
SHGetFileInfoA
SHFileOperationA
DragQueryFileA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder
SHChangeNotify
SHGetMalloc
SHGetDesktopFolder
SHGetInstanceExplorer
ord90

wininet

InternetSetOptionA
InternetReadFile
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpQueryInfoA
HttpOpenRequestA

comdlg32

ChooseFontA
ChooseColorA
GetSaveFileNameA
GetOpenFileNameA

crypt32

CertSetCertificateContextProperty
CertGetCertificateContextProperty
CertOpenStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertDeleteCertificateFromStore
CertFreeCertificateContext
CertAddEncodedCertificateToStore
CertCloseStore
CertFindCertificateInStore
CertOpenSystemStoreA
CertOpenSystemStoreA
CertGetNameStringA
CertAddEncodedCertificateToStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod
PlaySoundA

cryptui

CryptUIDlgViewCertificateA
CryptUIDlgCertMgr

shlwapi

PathIsDirectoryW
PathFileExistsW

Exports

Exports

EurekaLog_AttachedFilesRequestEvent
EurekaLog_CallCreateThread
EurekaLog_CallExceptObject
EurekaLog_CallExitThread
EurekaLog_CallGeneralRaise
EurekaLog_CallResumeThread
EurekaLog_CustomButtonClickEvent
EurekaLog_CustomDataRequestEventEx
EurekaLog_CustomWebFieldsRequestEvent
EurekaLog_ExceptionActionNotifyEvent
EurekaLog_ExceptionErrorNotifyEvent
EurekaLog_ExceptionNotifyEvent
EurekaLog_HandledExceptionNotifyEvent
EurekaLog_PasswordRequestEvent
EurekaLog_PasswordRequestEventEx
ExceptionManager

Sections

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 45KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 709B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 272B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
adv/adv.ini
adv/adv1.gif
.gif
adv/advs1.gif
.gif
dynamicpro.zip
.zip
about.gif
.gif
about.html
.html
aboutnew.html
.html .js polyglot
aceftp3proabout.gif
.gif
bg.gif
.gif
desktop.ini
img_aceftpstorage.gif
.gif
img_drawerh145.gif
.gif
logovisicom.GIF
.gif
partneridwizard.html
.html
reminder.html
.html .js polyglot
help/Help95.hlp
help/aceftp.chm
.chm
help/aceftp3proabout.gif
.gif
help/howtoorder.html
help/register.html
help/welcome.html
.html
license.txt
readme.doc
.rtf .doc
sounds/completed.wav
sounds/error.wav
sounds/failure.wav
sounds/reset.wav
sounds/success.wav
uninst-ftp.exe.nsis
vmntoolbar/vmntoolbarsetup1.7_en.exe
.exe windows:4 windows x86 arch:x86

36276e7c12820586c6f4cfea7e3f74d2

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:64:7b:50:98:3e:d1:eb:11:c2:79:cb:39:8c:2c:a4
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

20/06/2007, 00:00

Not After

22/06/2008, 23:59

Subject

CN=Visicom Media Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Visicom Media Inc.,L=Brossard,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

d7:bb:01:9e:96:e7:ec:04:6a:fe:b1:22:1f:cc:8a:75:84:73:c9:4f
Signer

Actual PE Digest

d7:bb:01:9e:96:e7:ec:04:6a:fe:b1:22:1f:cc:8a:75:84:73:c9:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InetLoad.dll
.dll windows:4 windows x86 arch:x86

7507f0d413789d0ae63abd4cefd463d0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

calloc
strcpy
_initterm
_stricmp
_adjust_fdiv
_open
strcat
_close
_unlink
free
sprintf
memset
strstr
strtol
strlen
strncmp
strtoul
_write
time
strrchr
strchr
malloc
strcmp

kernel32

lstrcpynA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
GetCommandLineA
lstrcpyA
GlobalFree
LoadLibraryA
GetProcAddress
SleepEx
GetLastError
MulDiv
lstrlenA
GlobalAlloc

user32

SendMessageA
wsprintfA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
PostMessageA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
MessageBoxA
SendDlgItemMessageA
SetDlgItemTextA
SetTimer
DestroyIcon
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindow
CreateDialogParamA
FindWindowExA
RedrawWindow
GetWindowTextA
GetDlgItem
SetWindowTextA

wininet

InternetQueryOptionA
HttpSendRequestA
HttpAddRequestHeadersA
InternetSetOptionA
HttpOpenRequestA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetSetFilePointer
InternetCloseHandle
InternetReadFile
HttpQueryInfoA

comctl32

ord17

shell32

ExtractIconA

Exports

Exports

load

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.ini
$PLUGINSDIR/Processes.dll
.dll windows:4 windows x86 arch:x86

f5edecae12589e705677a6e272ad0394

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
GlobalFree
lstrcpyA
GetCommandLineA
GetVersionExA
ExitProcess
GetModuleHandleA
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
UnhandledExceptionFilter
DisableThreadLibraryCalls
WriteFile
SetFilePointer
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetLocaleInfoA
VirtualProtect
GetSystemInfo

user32

FindWindowA
GetDesktopWindow
wsprintfA
UpdateWindow

Exports

Exports

FindDevice
FindProcess
KillProcess

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

6bc108eed3ca99f68adee56e9c99fac6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 657B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/eulaetzer1033.ini
$PLUGINSDIR/eulaetzer1036.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/xml.dll
.dll windows:4 windows x86 arch:x86

9726e505249d4b0c986acd6db607188d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrcmpA
lstrcmpiA
GlobalFree

msvcrt

strlen
??3@YAXPAX@Z
atoi
_itoa
??2@YAPAXI@Z
memcpy
memmove
_assert
strcmp
_purecall
_snprintf
strcpy
fclose
fopen
fprintf
fputs
fgets
ftell
fseek
isspace
tolower
isalpha
isalnum
strncmp
strchr
__dllonexit
_onexit
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

AttributeByName
CloneNode
Coordinate
CreateNode
CreateText
DeclarationEncoding
DeclarationStandalone
DeclarationVersion
FirstAttribute
FirstChild
FirstChildElement
FreeNode
GotoHandle
InsertAfterNode
InsertBeforeNode
InsertEndChild
LastAttribute
LastChild
LoadFile
NextAttribute
NextSibling
NextSiblingElement
NoChildren
NodeHandle
NodeType
Parent
PreviousAttribute
PreviousSibling
RemoveAllChild
RemoveAttribute
RemoveNode
ReplaceNode
RootElement
SaveFile
SetAttribute
SetAttributeName
SetAttributeValue
SetCondenseWhiteSpace
SetEncoding
SetNodeValue

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/Downloaded Program Files/$R0
.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:00:9f:11:23:41:eb:9e:47:ad:9a:71:d8:68:dc:95
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

31/05/2006, 00:00

Not After

21/06/2007, 23:59

Subject

CN=Visicom Media Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Visicom Media Inc.,L=Brossard,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2a:67:c0:3e:b9:96:b2:a5:57:70:34:09:3d:87:87:19:0c:c4:46:b8
Signer

Actual PE Digest

2a:67:c0:3e:b9:96:b2:a5:57:70:34:09:3d:87:87:19:0c:c4:46:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 586KB - Virtual size: 586KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/Downloaded Program Files/$R2/NSIS.Library.RegTool.v2.$_32_.exe
.exe windows:4 windows x86 arch:x86

a56a9c58ddb2b2da8fde66551747ce70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CloseHandle
CreateProcessA
GetSystemDirectoryA
FreeLibrary
LoadLibraryExA
MultiByteToWideChar
lstrcmpiA
lstrlenA
SetEndOfFile
GetProcAddress
UnmapViewOfFile
lstrcpyA
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
lstrcatA
GetWindowsDirectoryA
GetShortPathNameA
GetCommandLineA
ExitProcess
GetModuleHandleA
GetModuleFileNameA
SetFilePointer
SetErrorMode

oleaut32

LoadTypeLi
RegisterTypeLi

advapi32

RegQueryValueExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegCloseKey

user32

wsprintfA
CharNextA

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$WINDIR/Downloaded Program Files/PPClean.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 360KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$WINDIR/Downloaded Program Files/mainstrings.txt
$WINDIR/Downloaded Program Files/pestscan.ini
$WINDIR/Downloaded Program Files/pestscanx.inf
$WINDIR/Downloaded Program Files/pestscanx.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:00:9f:11:23:41:eb:9e:47:ad:9a:71:d8:68:dc:95
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

31/05/2006, 00:00

Not After

21/06/2007, 23:59

Subject

CN=Visicom Media Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Visicom Media Inc.,L=Brossard,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2a:67:c0:3e:b9:96:b2:a5:57:70:34:09:3d:87:87:19:0c:c4:46:b8
Signer

Actual PE Digest

2a:67:c0:3e:b9:96:b2:a5:57:70:34:09:3d:87:87:19:0c:c4:46:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 586KB - Virtual size: 586KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_20_/---Yahoo.bmp
$_20_/01net.bmp
$_20_/1px_dark.gif
.gif
$_20_/1px_green.gif
.gif
$_20_/1px_white.gif
.gif
$_20_/DownloadCOM.bmp
$_20_/ErrorPageTemplate.css
$_20_/YouTube.bmp
$_20_/a.bmp
$_20_/amazon.bmp
$_20_/an.bmp
$_20_/arrowB.gif
.gif
$_20_/arrowT.gif
.gif
$_20_/arrow_down.gif
.gif
$_20_/arrow_red.gif
.gif
$_20_/arrow_red2.gif
.gif
$_20_/arrow_up.gif
.gif
$_20_/autofill.bmp
$_20_/avstate.bmp
$_20_/b.bmp
$_20_/background2.bmp
$_20_/bg_pub.gif
.gif
$_20_/bg_ttl.gif
.gif
$_20_/bgmeteo_results.gif
.gif
$_20_/bn.bmp
$_20_/btn_close.gif
.gif
$_20_/btn_minus.gif
.gif
$_20_/btn_moreforecast.gif
.gif
$_20_/c.bmp
$_20_/canalblog.bmp
$_20_/cn.bmp
$_20_/d.bmp
$_20_/dictionary2.bmp
$_20_/dn.bmp
$_20_/dropdown.css
$_20_/f.bmp
$_20_/flag_argentine.bmp
$_20_/flag_australia.bmp
$_20_/flag_brazil.bmp
$_20_/flag_canada.bmp
$_20_/flag_china.bmp
$_20_/flag_france.bmp
$_20_/flag_germany.bmp
$_20_/flag_greece.bmp
$_20_/flag_hongkong.bmp
$_20_/flag_india.bmp
$_20_/flag_indonesia.bmp
$_20_/flag_italy.bmp
$_20_/flag_japan.bmp
$_20_/flag_korea.bmp
$_20_/flag_mexico.bmp
$_20_/flag_netherlands.bmp
$_20_/flag_spain.bmp
$_20_/flag_sweeden.bmp
$_20_/flag_taiwan.bmp
$_20_/flag_uk.bmp
$_20_/flag_usa.bmp
$_20_/fn.bmp
$_20_/g.bmp
$_20_/gaming.bmp
$_20_/gn.bmp
$_20_/gograph.bmp
$_20_/graphred0.bmp
$_20_/graphred0_5.bmp
$_20_/graphred1.bmp
$_20_/graphred1_5.bmp
$_20_/graphred2.bmp
$_20_/graphred2_5.bmp
$_20_/graphred3.bmp
$_20_/graphred3_5.bmp
$_20_/graphred4.bmp
$_20_/graphred4_5.bmp
$_20_/graphred5.bmp
$_20_/h.bmp
$_20_/h_aquarius.bmp
$_20_/h_aries.bmp
$_20_/h_cancer.bmp
$_20_/h_capricorn.bmp
$_20_/h_gemini.bmp
$_20_/h_leo.bmp
$_20_/h_libra.bmp
$_20_/h_pisces.bmp
$_20_/h_sagittarius.bmp
$_20_/h_scorpio.bmp
$_20_/h_taurus.bmp
$_20_/h_virgo.bmp
$_20_/help.gif
.gif
$_20_/hideremove.bmp
$_20_/highlight.bmp
$_20_/hn.bmp
$_20_/i.bmp
$_20_/icotemp_placeholder.gif
.gif
$_20_/in.bmp
$_20_/ipsearch.bmp
$_20_/j.bmp
$_20_/jn.bmp
$_20_/k.bmp
$_20_/kn.bmp
$_20_/l.bmp
$_20_/ln.bmp
$_20_/loading.gif
.gif
$_20_/login.bmp
$_20_/logo.bmp
$_20_/n.bmp
$_20_/new02.bmp
$_20_/news.bmp
$_20_/news.html
.html .js polyglot
$_20_/nn.bmp
$_20_/o.bmp
$_20_/on.bmp
$_20_/p.bmp
$_20_/p_yahoo.bmp
$_20_/pestscanimg.bmp
$_20_/pn.bmp
$_20_/popup_off.bmp
$_20_/popup_on.bmp
$_20_/popup_ona.bmp
$_20_/q.bmp
$_20_/qn.bmp
$_20_/r.bmp
$_20_/relatedlinks.bmp
$_20_/report.bmp
$_20_/rn.bmp
$_20_/rss.bmp
$_20_/rss.xsl
.xml
$_20_/rss1.bmp
$_20_/rsslib.js
.js
$_20_/s.bmp
$_20_/security.bmp
$_20_/siteinfo.bmp
$_20_/slider.bmp
$_20_/sn.bmp
$_20_/spacer.gif
.gif
$_20_/stars-red1.bmp
$_20_/stars-red2.bmp
$_20_/stars-red3.bmp
$_20_/stars-red4.bmp
$_20_/stars-red5.bmp
$_20_/storage.bmp
$_20_/t.bmp
$_20_/tab_icon.png
.png
$_20_/tablib.js
.js
$_20_/tabwelcome_en.html
.js
$_20_/tabwelcome_fr.html
.js
$_20_/technorati.bmp
$_20_/thes_search.bmp
$_20_/tn.bmp
$_20_/tools.bmp
$_20_/translate.bmp
$_20_/u.bmp
$_20_/un.bmp
$_20_/v.bmp
$_20_/vmlib.js
.js
$_20_/vn.bmp
$_20_/w.bmp
$_20_/web.bmp
$_20_/web_fr.bmp
$_20_/wikipedia.bmp
$_20_/wn.bmp
$_20_/x.bmp
$_20_/xp_close_small.gif
.gif
$_20_/yahoo.bmp
$_20_/yahoo_search.gif
.gif
$_20_/z.bmp
$_20_/zn.bmp
$_20_/zoom.bmp
$_25_/vmntoolbar/$R0
.dll regsvr32 windows:4 windows x86 arch:x86

c3e802d587bf7b22ab9526e63ca409ab

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:64:7b:50:98:3e:d1:eb:11:c2:79:cb:39:8c:2c:a4
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

20/06/2007, 00:00

Not After

22/06/2008, 23:59

Subject

CN=Visicom Media Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Visicom Media Inc.,L=Brossard,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

cb:c0:6b:4b:a3:dd:17:1f:34:91:b0:67:80:6e:be:d2:b2:e0:e0:e2
Signer

Actual PE Digest

cb:c0:6b:4b:a3:dd:17:1f:34:91:b0:67:80:6e:be:d2:b2:e0:e0:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
GetActiveObject
RegisterTypeLib
LoadTypeLibEx
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
GetUserNameA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptEncrypt
CryptDestroyKey
CryptDeriveKey
CryptAcquireContextA

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExW
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenuEx
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExW
SetWindowsHookExA
SetWindowTextW
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetSystemCursor
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoW
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetDlgItemTextA
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
SendDlgItemMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassW
RegisterClassA
RedrawWindow
PtInRect
PostThreadMessageA
PostQuitMessage
PostMessageW
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MoveWindow
MessageBoxW
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyW
MapVirtualKeyA
LoadStringA
LoadMenuA
LoadKeyboardLayoutA
LoadImageA
LoadIconA
LoadCursorFromFileA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextLengthA
GetWindowTextW
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringW
GetMenuStringA
GetMenuState
GetMenuItemInfoW
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassNameA
GetClassLongA
GetClassInfoW
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowExA
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextExA
DrawTextW
DrawTextA
DrawStateW
DrawStateA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefWindowProcA
DefMDIChildProcW
DefMDIChildProcA
DefFrameProcW
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateMDIWindowW
CreateIcon
CopyIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharNextW
CallWindowProcW
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
lstrcpyA
lstrcmpW
lstrcmpA
WritePrivateProfileStringA
WriteFile
WinExec
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualAlloc
SizeofResource
SetThreadLocale
SetLastError
SetFileTime
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryA
ReadFile
OpenMutexA
MultiByteToWideChar
MulDiv
MoveFileA
LockResource
LocalFileTimeToFileTime
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadLocale
GetTempPathA
GetStdHandle
GetShortPathNameA
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileAttributesA
GetExitCodeThread
GetExitCodeProcess
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetComputerNameA
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageW
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DosDateTimeToFileTime
DeleteFileA
DeleteCriticalSection
CreateThread
CreateMutexA
CreateFileW
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
CompareStringW
CompareStringA
CloseHandle
Sleep
GetLongPathNameA

msimg32

GradientFill

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32W
GetTextExtentPoint32A
GetTextExtentExPointA
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionA
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutW
ExtTextOutA
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePen
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateEnhMetaFileA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
CloseEnhMetaFile
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

IsEqualGUID
CoTaskMemFree
StringFromCLSID
CoCreateGuid
CreateStreamOnHGlobal
IsAccelerator
ReleaseStgMedium
OleDraw
OleSetMenuDescriptor
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CLSIDFromProgID
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoLockObjectExternal
CoDisconnectObject
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID

olepro32

OleLoadPicture

urlmon

CoInternetCreateZoneManager
CoInternetCreateSecurityManager

wininet

InternetSetOptionA
InternetSetCookieA
InternetReadFile
InternetOpenA
InternetGetCookieA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpQueryInfoA
HttpOpenRequestA

shell32

ShellExecuteExA
ShellExecuteA
SHGetFileInfoA
SHGetMalloc

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shfolder

SHGetFolderPathA

winmm

PlaySoundA

wsock32

WSACleanup
WSAStartup
gethostname
gethostbyname
setsockopt
inet_addr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 15KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_25_/vmntoolbar/$R2/NSIS.Library.RegTool.v2.$_32_.exe
.exe windows:4 windows x86 arch:x86

a56a9c58ddb2b2da8fde66551747ce70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CloseHandle
CreateProcessA
GetSystemDirectoryA
FreeLibrary
LoadLibraryExA
MultiByteToWideChar
lstrcmpiA
lstrlenA
SetEndOfFile
GetProcAddress
UnmapViewOfFile
lstrcpyA
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
lstrcatA
GetWindowsDirectoryA
GetShortPathNameA
GetCommandLineA
ExitProcess
GetModuleHandleA
GetModuleFileNameA
SetFilePointer
SetErrorMode

oleaut32

LoadTypeLi
RegisterTypeLi

advapi32

RegQueryValueExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegCloseKey

user32

wsprintfA
CharNextA

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$_25_/vmntoolbar/---Yahoo.bmp
$_25_/vmntoolbar/01net.bmp
$_25_/vmntoolbar/1px_dark.gif
.gif
$_25_/vmntoolbar/1px_green.gif
.gif
$_25_/vmntoolbar/1px_white.gif
.gif
$_25_/vmntoolbar/DownloadCOM.bmp
$_25_/vmntoolbar/ErrorPageTemplate.css
$_25_/vmntoolbar/YouTube.bmp
$_25_/vmntoolbar/a.bmp
$_25_/vmntoolbar/amazon.bmp
$_25_/vmntoolbar/an.bmp
$_25_/vmntoolbar/arrowB.gif
.gif
$_25_/vmntoolbar/arrowT.gif
.gif
$_25_/vmntoolbar/arrow_down.gif
.gif
$_25_/vmntoolbar/arrow_red.gif
.gif
$_25_/vmntoolbar/arrow_red2.gif
.gif
$_25_/vmntoolbar/arrow_up.gif
.gif
$_25_/vmntoolbar/autofill.bmp
$_25_/vmntoolbar/avstate.bmp
$_25_/vmntoolbar/b.bmp
$_25_/vmntoolbar/background2.bmp
$_25_/vmntoolbar/bg_pub.gif
.gif
$_25_/vmntoolbar/bg_ttl.gif
.gif
$_25_/vmntoolbar/bgmeteo_results.gif
.gif
$_25_/vmntoolbar/bn.bmp
$_25_/vmntoolbar/btn_close.gif
.gif
$_25_/vmntoolbar/btn_minus.gif
.gif
$_25_/vmntoolbar/btn_moreforecast.gif
.gif
$_25_/vmntoolbar/c.bmp
$_25_/vmntoolbar/canalblog.bmp
$_25_/vmntoolbar/cn.bmp
$_25_/vmntoolbar/d.bmp
$_25_/vmntoolbar/dictionary2.bmp
$_25_/vmntoolbar/dn.bmp
$_25_/vmntoolbar/dropdown.css
$_25_/vmntoolbar/f.bmp
$_25_/vmntoolbar/flag_argentine.bmp
$_25_/vmntoolbar/flag_australia.bmp
$_25_/vmntoolbar/flag_brazil.bmp
$_25_/vmntoolbar/flag_canada.bmp
$_25_/vmntoolbar/flag_china.bmp
$_25_/vmntoolbar/flag_france.bmp
$_25_/vmntoolbar/flag_germany.bmp
$_25_/vmntoolbar/flag_greece.bmp
$_25_/vmntoolbar/flag_hongkong.bmp
$_25_/vmntoolbar/flag_india.bmp
$_25_/vmntoolbar/flag_indonesia.bmp
$_25_/vmntoolbar/flag_italy.bmp
$_25_/vmntoolbar/flag_japan.bmp
$_25_/vmntoolbar/flag_korea.bmp
$_25_/vmntoolbar/flag_mexico.bmp
$_25_/vmntoolbar/flag_netherlands.bmp
$_25_/vmntoolbar/flag_spain.bmp
$_25_/vmntoolbar/flag_sweeden.bmp
$_25_/vmntoolbar/flag_taiwan.bmp
$_25_/vmntoolbar/flag_uk.bmp
$_25_/vmntoolbar/flag_usa.bmp
$_25_/vmntoolbar/fn.bmp
$_25_/vmntoolbar/g.bmp
$_25_/vmntoolbar/gaming.bmp
$_25_/vmntoolbar/gn.bmp
$_25_/vmntoolbar/gograph.bmp
$_25_/vmntoolbar/graphred0.bmp
$_25_/vmntoolbar/graphred0_5.bmp
$_25_/vmntoolbar/graphred1.bmp
$_25_/vmntoolbar/graphred1_5.bmp
$_25_/vmntoolbar/graphred2.bmp
$_25_/vmntoolbar/graphred2_5.bmp
$_25_/vmntoolbar/graphred3.bmp
$_25_/vmntoolbar/graphred3_5.bmp
$_25_/vmntoolbar/graphred4.bmp
$_25_/vmntoolbar/graphred4_5.bmp
$_25_/vmntoolbar/graphred5.bmp
$_25_/vmntoolbar/h.bmp
$_25_/vmntoolbar/h_aquarius.bmp
$_25_/vmntoolbar/h_aries.bmp
$_25_/vmntoolbar/h_cancer.bmp
$_25_/vmntoolbar/h_capricorn.bmp
$_25_/vmntoolbar/h_gemini.bmp
$_25_/vmntoolbar/h_leo.bmp
$_25_/vmntoolbar/h_libra.bmp
$_25_/vmntoolbar/h_pisces.bmp
$_25_/vmntoolbar/h_sagittarius.bmp
$_25_/vmntoolbar/h_scorpio.bmp
$_25_/vmntoolbar/h_taurus.bmp
$_25_/vmntoolbar/h_virgo.bmp
$_25_/vmntoolbar/help.gif
.gif
$_25_/vmntoolbar/hideremove.bmp
$_25_/vmntoolbar/highlight.bmp
$_25_/vmntoolbar/hn.bmp
$_25_/vmntoolbar/i.bmp
$_25_/vmntoolbar/icotemp_placeholder.gif
.gif
$_25_/vmntoolbar/in.bmp
$_25_/vmntoolbar/ipsearch.bmp
$_25_/vmntoolbar/j.bmp
$_25_/vmntoolbar/jn.bmp
$_25_/vmntoolbar/k.bmp
$_25_/vmntoolbar/kn.bmp
$_25_/vmntoolbar/l.bmp
$_25_/vmntoolbar/ln.bmp
$_25_/vmntoolbar/loading.gif
.gif
$_25_/vmntoolbar/login.bmp
$_25_/vmntoolbar/logo.bmp
$_25_/vmntoolbar/n.bmp
$_25_/vmntoolbar/new02.bmp
$_25_/vmntoolbar/news.bmp
$_25_/vmntoolbar/news.html
.html .js polyglot
$_25_/vmntoolbar/nn.bmp
$_25_/vmntoolbar/o.bmp
$_25_/vmntoolbar/on.bmp
$_25_/vmntoolbar/p.bmp
$_25_/vmntoolbar/p_yahoo.bmp
$_25_/vmntoolbar/pestscanimg.bmp
$_25_/vmntoolbar/pn.bmp
$_25_/vmntoolbar/popup_off.bmp
$_25_/vmntoolbar/popup_on.bmp
$_25_/vmntoolbar/popup_ona.bmp
$_25_/vmntoolbar/q.bmp
$_25_/vmntoolbar/qn.bmp
$_25_/vmntoolbar/r.bmp
$_25_/vmntoolbar/relatedlinks.bmp
$_25_/vmntoolbar/report.bmp
$_25_/vmntoolbar/rn.bmp
$_25_/vmntoolbar/rss.bmp
$_25_/vmntoolbar/rss.xsl
.xml
$_25_/vmntoolbar/rss1.bmp
$_25_/vmntoolbar/rsslib.js
.js
$_25_/vmntoolbar/s.bmp
$_25_/vmntoolbar/security.bmp
$_25_/vmntoolbar/siteinfo.bmp
$_25_/vmntoolbar/slider.bmp
$_25_/vmntoolbar/sn.bmp
$_25_/vmntoolbar/spacer.gif
.gif
$_25_/vmntoolbar/stars-red1.bmp
$_25_/vmntoolbar/stars-red2.bmp
$_25_/vmntoolbar/stars-red3.bmp
$_25_/vmntoolbar/stars-red4.bmp
$_25_/vmntoolbar/stars-red5.bmp
$_25_/vmntoolbar/storage.bmp
$_25_/vmntoolbar/t.bmp
$_25_/vmntoolbar/tab_icon.png
.png
$_25_/vmntoolbar/tablib.js
.js
$_25_/vmntoolbar/tabwelcome_en.html
.js
$_25_/vmntoolbar/tabwelcome_fr.html
.js
$_25_/vmntoolbar/technorati.bmp
$_25_/vmntoolbar/thes_search.bmp
$_25_/vmntoolbar/tn.bmp
$_25_/vmntoolbar/tools.bmp
$_25_/vmntoolbar/translate.bmp
$_25_/vmntoolbar/u.bmp
$_25_/vmntoolbar/un.bmp
$_25_/vmntoolbar/v.bmp
$_25_/vmntoolbar/vmlib.js
.js
$_25_/vmntoolbar/vn.bmp
$_25_/vmntoolbar/w.bmp
$_25_/vmntoolbar/web.bmp
$_25_/vmntoolbar/web_fr.bmp
$_25_/vmntoolbar/wikipedia.bmp
$_25_/vmntoolbar/wn.bmp
$_25_/vmntoolbar/x.bmp
$_25_/vmntoolbar/xp_close_small.gif
.gif
$_25_/vmntoolbar/yahoo.bmp
$_25_/vmntoolbar/yahoo_search.gif
.gif
$_25_/vmntoolbar/z.bmp
$_25_/vmntoolbar/zn.bmp
$_25_/vmntoolbar/zoom.bmp
$_26_/vmntoolbar/---Yahoo.bmp
$_26_/vmntoolbar/01net.bmp
$_26_/vmntoolbar/1px_dark.gif
.gif
$_26_/vmntoolbar/1px_green.gif
.gif
$_26_/vmntoolbar/1px_white.gif
.gif
$_26_/vmntoolbar/DownloadCOM.bmp
$_26_/vmntoolbar/ErrorPageTemplate.css
$_26_/vmntoolbar/YouTube.bmp
$_26_/vmntoolbar/a.bmp
$_26_/vmntoolbar/amazon.bmp
$_26_/vmntoolbar/an.bmp
$_26_/vmntoolbar/arrowB.gif
.gif
$_26_/vmntoolbar/arrowT.gif
.gif
$_26_/vmntoolbar/arrow_down.gif
.gif
$_26_/vmntoolbar/arrow_red.gif
.gif
$_26_/vmntoolbar/arrow_red2.gif
.gif
$_26_/vmntoolbar/arrow_up.gif
.gif
$_26_/vmntoolbar/autofill.bmp
$_26_/vmntoolbar/avstate.bmp
$_26_/vmntoolbar/b.bmp
$_26_/vmntoolbar/background2.bmp
$_26_/vmntoolbar/bg_pub.gif
.gif
$_26_/vmntoolbar/bg_ttl.gif
.gif
$_26_/vmntoolbar/bgmeteo_results.gif
.gif
$_26_/vmntoolbar/bn.bmp
$_26_/vmntoolbar/btn_close.gif
.gif
$_26_/vmntoolbar/btn_minus.gif
.gif
$_26_/vmntoolbar/btn_moreforecast.gif
.gif
$_26_/vmntoolbar/c.bmp
$_26_/vmntoolbar/canalblog.bmp
$_26_/vmntoolbar/cn.bmp
$_26_/vmntoolbar/d.bmp
$_26_/vmntoolbar/dictionary2.bmp
$_26_/vmntoolbar/dn.bmp
$_26_/vmntoolbar/dropdown.css
$_26_/vmntoolbar/f.bmp
$_26_/vmntoolbar/flag_argentine.bmp
$_26_/vmntoolbar/flag_australia.bmp
$_26_/vmntoolbar/flag_brazil.bmp
$_26_/vmntoolbar/flag_canada.bmp
$_26_/vmntoolbar/flag_china.bmp
$_26_/vmntoolbar/flag_france.bmp
$_26_/vmntoolbar/flag_germany.bmp
$_26_/vmntoolbar/flag_greece.bmp
$_26_/vmntoolbar/flag_hongkong.bmp
$_26_/vmntoolbar/flag_india.bmp
$_26_/vmntoolbar/flag_indonesia.bmp
$_26_/vmntoolbar/flag_italy.bmp
$_26_/vmntoolbar/flag_japan.bmp
$_26_/vmntoolbar/flag_korea.bmp
$_26_/vmntoolbar/flag_mexico.bmp
$_26_/vmntoolbar/flag_netherlands.bmp
$_26_/vmntoolbar/flag_spain.bmp
$_26_/vmntoolbar/flag_sweeden.bmp
$_26_/vmntoolbar/flag_taiwan.bmp
$_26_/vmntoolbar/flag_uk.bmp
$_26_/vmntoolbar/flag_usa.bmp
$_26_/vmntoolbar/fn.bmp
$_26_/vmntoolbar/g.bmp
$_26_/vmntoolbar/gaming.bmp
$_26_/vmntoolbar/gn.bmp
$_26_/vmntoolbar/gograph.bmp
$_26_/vmntoolbar/graphred0.bmp
$_26_/vmntoolbar/graphred0_5.bmp
$_26_/vmntoolbar/graphred1.bmp
$_26_/vmntoolbar/graphred1_5.bmp
$_26_/vmntoolbar/graphred2.bmp
$_26_/vmntoolbar/graphred2_5.bmp
$_26_/vmntoolbar/graphred3.bmp
$_26_/vmntoolbar/graphred3_5.bmp
$_26_/vmntoolbar/graphred4.bmp
$_26_/vmntoolbar/graphred4_5.bmp
$_26_/vmntoolbar/graphred5.bmp
$_26_/vmntoolbar/h.bmp
$_26_/vmntoolbar/h_aquarius.bmp
$_26_/vmntoolbar/h_aries.bmp
$_26_/vmntoolbar/h_cancer.bmp
$_26_/vmntoolbar/h_capricorn.bmp
$_26_/vmntoolbar/h_gemini.bmp
$_26_/vmntoolbar/h_leo.bmp
$_26_/vmntoolbar/h_libra.bmp
$_26_/vmntoolbar/h_pisces.bmp
$_26_/vmntoolbar/h_sagittarius.bmp
$_26_/vmntoolbar/h_scorpio.bmp
$_26_/vmntoolbar/h_taurus.bmp
$_26_/vmntoolbar/h_virgo.bmp
$_26_/vmntoolbar/help.gif
.gif
$_26_/vmntoolbar/hideremove.bmp
$_26_/vmntoolbar/highlight.bmp
$_26_/vmntoolbar/hn.bmp
$_26_/vmntoolbar/i.bmp
$_26_/vmntoolbar/icotemp_placeholder.gif
.gif
$_26_/vmntoolbar/in.bmp
$_26_/vmntoolbar/ipsearch.bmp
$_26_/vmntoolbar/j.bmp
$_26_/vmntoolbar/jn.bmp
$_26_/vmntoolbar/k.bmp
$_26_/vmntoolbar/kn.bmp
$_26_/vmntoolbar/l.bmp
$_26_/vmntoolbar/ln.bmp
$_26_/vmntoolbar/loading.gif
.gif
$_26_/vmntoolbar/login.bmp
$_26_/vmntoolbar/logo.bmp
$_26_/vmntoolbar/n.bmp
$_26_/vmntoolbar/new02.bmp
$_26_/vmntoolbar/news.bmp
$_26_/vmntoolbar/news.html
.html .js polyglot
$_26_/vmntoolbar/nn.bmp
$_26_/vmntoolbar/o.bmp
$_26_/vmntoolbar/on.bmp
$_26_/vmntoolbar/p.bmp
$_26_/vmntoolbar/p_yahoo.bmp
$_26_/vmntoolbar/pestscanimg.bmp
$_26_/vmntoolbar/pn.bmp
$_26_/vmntoolbar/popup_off.bmp
$_26_/vmntoolbar/popup_on.bmp
$_26_/vmntoolbar/popup_ona.bmp
$_26_/vmntoolbar/q.bmp
$_26_/vmntoolbar/qn.bmp
$_26_/vmntoolbar/r.bmp
$_26_/vmntoolbar/relatedlinks.bmp
$_26_/vmntoolbar/report.bmp
$_26_/vmntoolbar/rn.bmp
$_26_/vmntoolbar/rss.bmp
$_26_/vmntoolbar/rss.xsl
.xml
$_26_/vmntoolbar/rss1.bmp
$_26_/vmntoolbar/rsslib.js
.js
$_26_/vmntoolbar/s.bmp
$_26_/vmntoolbar/security.bmp
$_26_/vmntoolbar/siteinfo.bmp
$_26_/vmntoolbar/slider.bmp
$_26_/vmntoolbar/sn.bmp
$_26_/vmntoolbar/spacer.gif
.gif
$_26_/vmntoolbar/stars-red1.bmp
$_26_/vmntoolbar/stars-red2.bmp
$_26_/vmntoolbar/stars-red3.bmp
$_26_/vmntoolbar/stars-red4.bmp
$_26_/vmntoolbar/stars-red5.bmp
$_26_/vmntoolbar/storage.bmp
$_26_/vmntoolbar/t.bmp
$_26_/vmntoolbar/tab_icon.png
.png
$_26_/vmntoolbar/tablib.js
.js
$_26_/vmntoolbar/tabwelcome_en.html
.js
$_26_/vmntoolbar/tabwelcome_fr.html
.js
$_26_/vmntoolbar/technorati.bmp
$_26_/vmntoolbar/thes_search.bmp
$_26_/vmntoolbar/tn.bmp
$_26_/vmntoolbar/tools.bmp
$_26_/vmntoolbar/translate.bmp
$_26_/vmntoolbar/u.bmp
$_26_/vmntoolbar/un.bmp
$_26_/vmntoolbar/v.bmp
$_26_/vmntoolbar/vmlib.js
.js
$_26_/vmntoolbar/vn.bmp
$_26_/vmntoolbar/w.bmp
$_26_/vmntoolbar/web.bmp
$_26_/vmntoolbar/web_fr.bmp
$_26_/vmntoolbar/wikipedia.bmp
$_26_/vmntoolbar/wn.bmp
$_26_/vmntoolbar/x.bmp
$_26_/vmntoolbar/xp_close_small.gif
.gif
$_26_/vmntoolbar/yahoo.bmp
$_26_/vmntoolbar/yahoo_search.gif
.gif
$_26_/vmntoolbar/z.bmp
$_26_/vmntoolbar/zn.bmp
$_26_/vmntoolbar/zoom.bmp
install.ico
tbuninstall.exe
.exe windows:4 windows x86 arch:x86

4a9446e5cc2412c6405cea69dddb93be

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:00:9f:11:23:41:eb:9e:47:ad:9a:71:d8:68:dc:95
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

31/05/2006, 00:00

Not After

21/06/2007, 23:59

Subject

CN=Visicom Media Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Visicom Media Inc.,L=Brossard,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ee:7e:a2:c9:33:88:4e:55:1b:3f:44:5e:01:f5:8f:51:df:2a:a5:93
Signer

Actual PE Digest

ee:7e:a2:c9:33:88:4e:55:1b:3f:44:5e:01:f5:8f:51:df:2a:a5:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
CopyFileA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
ExitProcess

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
wsprintfA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InetLoad.dll
.dll windows:4 windows x86 arch:x86

7507f0d413789d0ae63abd4cefd463d0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

calloc
strcpy
_initterm
_stricmp
_adjust_fdiv
_open
strcat
_close
_unlink
free
sprintf
memset
strstr
strtol
strlen
strncmp
strtoul
_write
time
strrchr
strchr
malloc
strcmp

kernel32

lstrcpynA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
GetCommandLineA
lstrcpyA
GlobalFree
LoadLibraryA
GetProcAddress
SleepEx
GetLastError
MulDiv
lstrlenA
GlobalAlloc

user32

SendMessageA
wsprintfA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
PostMessageA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
MessageBoxA
SendDlgItemMessageA
SetDlgItemTextA
SetTimer
DestroyIcon
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindow
CreateDialogParamA
FindWindowExA
RedrawWindow
GetWindowTextA
GetDlgItem
SetWindowTextA

wininet

InternetQueryOptionA
HttpSendRequestA
HttpAddRequestHeadersA
InternetSetOptionA
HttpOpenRequestA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetSetFilePointer
InternetCloseHandle
InternetReadFile
HttpQueryInfoA

comctl32

ord17

shell32

ExtractIconA

Exports

Exports

load

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/locate.dll
.dll windows:4 windows x86 arch:x86

61142a69a9a888c92fddc2ab9dbb123a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
lstrcpynA
lstrcmpA
lstrlenA
GlobalAlloc
GlobalFree
lstrcmpiA
CompareFileTime
lstrcpyA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
FileTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime

user32

SendMessageA
wsprintfA
GetDlgItem
FindWindowExA
CharUpperA

Exports

Exports

_Close
_Find
_GetSize
_Open
_RMDirEmpty
_Unload

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
toolbar.ini
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

dd1742eadfc6df18ded3c26ae64ad610

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

53:64:7b:50:98:3e:d1:eb:11:c2:79:cb:39:8c:2c:a4Certificate

Extended Key Usages

26:bc:37:ac:71:be:f7:43:66:c5:2e:ac:9c:50:5d:ea:62:69:02:eeSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 7KB - Virtual size: 7KB

c4fa86e78b598d87f225e209ba30786f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1002B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 496B

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 92KB - Virtual size: 91KB

DATA Size: 2KB - Virtual size: 1KB

BSS Size: - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 165B

.reloc Size: 7KB - Virtual size: 7KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

53:64:7b:50:98:3e:d1:eb:11:c2:79:cb:39:8c:2c:a4
Certificate

26:bc:37:ac:71:be:f7:43:66:c5:2e:ac:9c:50:5d:ea:62:69:02:ee
Signer

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 7KB - Virtual size: 7KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1002B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

CODE
Size: 92KB - Virtual size: 91KB

DATA
Size: 2KB - Virtual size: 1KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 165B

.reloc
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 7KB - Virtual size: 7KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 2KB

.text
Size: 5.1MB - Virtual size: 5.1MB

.itext
Size: 15KB - Virtual size: 15KB

.data
Size: 129KB - Virtual size: 128KB

.bss
Size: - Virtual size: 45KB

.idata
Size: 23KB - Virtual size: 22KB

.edata
Size: 1024B - Virtual size: 709B

.tls
Size: - Virtual size: 272B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 341KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

53:64:7b:50:98:3e:d1:eb:11:c2:79:cb:39:8c:2c:a4
Certificate

d7:bb:01:9e:96:e7:ec:04:6a:fe:b1:22:1f:cc:8a:75:84:73:c9:4f
Signer