3edeee91b93f28cf67817921acc6d2c8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3edeee91b93f28cf67817921acc6d2c8_JaffaCakes118
Size

727KB
MD5

3edeee91b93f28cf67817921acc6d2c8
SHA1

109df2afe00191bbf1db0aa83098bc30b7a01a70
SHA256

1fca3fbb6dfec1ca316a891841d3ec64b2a31f1a8669c2b6d6ec82e7f949d33f
SHA512

3ca5703ae9d8bedbb410567a3e643181f5923081bc5e80b4b96131f27a8c6b3f333395faf48d8dfcb2fccd8fd889688f9a38884b0dafa506a7da88c06ed01584
SSDEEP

12288:EHHkaeRR5m7q3r47Uw7aWb7Qq7+FCAKoKxcTsJVtcTroAoisrK5LjXUw16BV:2HeRROqbb4aWnQO++xBltKdF16BV

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
3edeee91b93f28cf67817921acc6d2c8_JaffaCakes118
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/admodule.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/pnsis.dll
unpack001/$PLUGINSDIR/time.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

3edeee91b93f28cf67817921acc6d2c8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ff8d8dbb96b7ab762c0ce51911e4d104

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
SetFileTime
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
LocalFree
WideCharToMultiByte
OutputDebugStringA
GetCommandLineW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryA
CreateProcessA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
RemoveDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCommandLineA

user32

GetMessagePos
CallWindowProcA
IsWindowVisible
LoadBitmapA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
ScreenToClient
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
FindWindowExA
CheckDlgButton
LoadCursorA
SetCursor
GetWindowLongA
GetSysColor
CharNextA
DialogBoxParamA
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SendMessageTimeoutA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

CommandLineToArgvW
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumValueA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/PPAP.exe
.exe windows:4 windows x86 arch:x86

a7c2770340db65b3dcb79c29aa100aca

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:c8:9e:6c:14:0a:ee:24:c0:6a:21:17:a4:e2:f4:09:e0:9c:64:fc
Signer

Actual PE Digest

7b:c8:9e:6c:14:0a:ee:24:c0:6a:21:17:a4:e2:f4:09:e0:9c:64:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetCurrentProcessId
GetLocalTime
GetTempPathA
Module32NextW
GetLongPathNameA
Module32FirstW
CreateToolhelp32Snapshot
GetLastError
lstrcatA
lstrcpyA
VirtualQuery
FindFirstFileA
GetCommandLineA
CreateEventW
GetCurrentProcess
CreateMutexW
OpenProcess
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
lstrlenW
WaitForSingleObject
GetVersionExW
CreateProcessW
LocalFree
LocalAlloc
GetTempPathW
GetModuleHandleW
GetStartupInfoW
CloseHandle
OutputDebugStringA
GetModuleFileNameA
GetModuleFileNameW
GetEnvironmentVariableA
GetPrivateProfileStringA
CreateProcessA
TerminateProcess
SetUnhandledExceptionFilter
FreeLibrary
LoadLibraryW
GetProcAddress
GetCommandLineW
GetCurrentThread
GetCurrentThreadId
CreateFileA
GetFileSize
CreateFileMappingW
MapViewOfFile
IsBadReadPtr
ReleaseMutex
lstrcmpiW

user32

GetDesktopWindow
wsprintfW
GetWindowThreadProcessId
GetShellWindow

advapi32

SetTokenInformation
ImpersonateSelf
LookupPrivilegeValueW
AdjustTokenPrivileges
DuplicateTokenEx
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetLengthSid
ConvertStringSidToSidW
SetThreadToken

shell32

CommandLineToArgvW
SHGetFolderPathA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
StringFromCLSID

msvcp60

_Getcvt
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?_Id_cnt@id@locale@std@@0HA
??_7codecvt_base@std@@6B@
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0_Locinfo@std@@QAE@PBD@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?do_length@?$codecvt@GDH@std@@MBEHAAHPBG1I@Z
?do_out@?$codecvt@GDH@std@@MBEHAAHPBG1AAPBGPAD3AAPAD@Z
?do_in@?$codecvt@GDH@std@@MBEHAAHPBD1AAPBDPAG3AAPAG@Z
?do_encoding@?$codecvt@GDH@std@@MBEHXZ
?do_max_length@?$codecvt@GDH@std@@MBEHXZ
?do_always_noconv@?$codecvt@GDH@std@@MBE_NXZ
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0locale@std@@QAE@XZ
??1locale@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
??0bad_cast@std@@QAE@PBD@Z
?out@?$codecvt@GDH@std@@QBEHAAHPBG1AAPBGPAD3AAPAD@Z
??0?$codecvt@GDH@std@@QAE@I@Z
?_Iscloc@locale@std@@QBE_NXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@GDH@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
?_Global@_Locimp@locale@std@@0PAV123@A
??0_Lockit@std@@QAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??_7facet@locale@std@@6B@
??_7?$codecvt@GDH@std@@6B@
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??_7bad_cast@std@@6B@
??1_Locinfo@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z

msvcrt

_wcsicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
wcslen
_snprintf
??2@YAPAXI@Z
fclose
fflush
sprintf
_except_handler3
vfprintf
??0exception@@QAE@ABV0@@Z
fopen
toupper
_CxxThrowException
strncpy
__p___wargv
__p___argc
??0exception@@QAE@ABQBD@Z
free
_wcsdup
_XcptFilter
wcscpy
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

PathRemoveFileSpecW
PathAppendA
PathRemoveFileSpecA
PathAppendW
PathFindFileNameA
PathStripPathW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/PPInstallLog.dll
.dll windows:4 windows x86 arch:x86

256af4ebe940c94257ae641d926c73e1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ff:d5:b8:6e:c3:34:ec:95:13:1b:45:d8:63:a7:b1:e1:c9:08:e0:10
Signer

Actual PE Digest

ff:d5:b8:6e:c3:34:ec:95:13:1b:45:d8:63:a7:b1:e1:c9:08:e0:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord2554
ord561
ord815
ord354
ord665
ord825
ord823
ord1979
ord858
ord5442
ord3318
ord5186
ord6385
ord537
ord6467
ord6663
ord668
ord3178
ord3181
ord4058
ord2781
ord2770
ord356
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord4486
ord6375
ord4274
ord2614
ord2818
ord939
ord535
ord800
ord3738
ord540
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord1116

msvcrt

__CxxFrameHandler
__dllonexit
_onexit
??1type_info@@UAE@XZ
free
_initterm
malloc
_adjust_fdiv

kernel32

LocalFree
GlobalAlloc
lstrcpynA
lstrcpyA
GlobalFree
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
LocalAlloc

user32

wsprintfA

shlwapi

PathFileExistsA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

CloseLog
FileLog
FolderLog
OpenLog
StringLog

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/admodule.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 553KB - Virtual size: 552KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/mframe.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b1a4cd97a03147d1e3e766f3602fd630

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

45:a9:e0:de:d8:30:19:44:73:27:f9:41:61:79:9b:82:79:7c:b3:32
Signer

Actual PE Digest

45:a9:e0:de:d8:30:19:44:73:27:f9:41:61:79:9b:82:79:7c:b3:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord2810
ord956
ord3688
ord1634
ord3614
ord2371
ord861
ord2362
ord858
ord2634
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord5869
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord535
ord925
ord4124
ord6354
ord2756
ord4197
ord2859
ord6190
ord922
ord940
ord5706
ord3566
ord5781
ord6195
ord5795
ord1173
ord2862
ord4269
ord6371
ord4480
ord2546
ord2504
ord5783
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord3948
ord2717
ord1165
ord2606
ord6193
ord6107
ord6238
ord2105
ord2559
ord2444
ord927
ord3711
ord790
ord5977
ord3541
ord4118
ord1143
ord2822
ord3016
ord1115
ord1568
ord1570
ord1179
ord342
ord1240
ord1194
ord1563
ord1248
ord1250
ord1571
ord600
ord826
ord269
ord5784
ord6871
ord6168
ord5785
ord537
ord2114
ord1088
ord860
ord2910
ord5568
ord942
ord556
ord809
ord3716
ord2078
ord4294
ord538
ord2294
ord795
ord4470
ord4704
ord6330
ord3087
ord4229
ord2356
ord2287
ord2350
ord2293
ord641
ord324
ord3592
ord4419
ord5276
ord4401
ord1767
ord6048
ord2506
ord4992
ord4847
ord4370
ord5261
ord6211
ord6466
ord567
ord3397
ord2573
ord4214
ord1633
ord3658
ord825
ord2406
ord3621
ord3568
ord470
ord755
ord2854
ord2746
ord283
ord5871
ord540
ord3798
ord323
ord2397
ord640
ord800
ord6451
ord5047
ord4270
ord692
ord3634
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4395
ord1768
ord4073
ord6051
ord2016
ord2405
ord6362
ord1764
ord823
ord5727

msvcrt

wcscmp
abs
swprintf
_ftol
atoi
_purecall
_wcsicmp
memset
malloc
free
_wcsnicmp
fflush
vfprintf
fopen
_snprintf
strncpy
fclose
memcmp
realloc
wcslen
iswdigit
_wtoi
_wcsdup
_getdrives
strlen
isspace
wcscpy
srand
rand
_except_handler3
memcpy
__CxxFrameHandler
isalnum
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
strcpy

kernel32

OutputDebugStringW
DeleteCriticalSection
LoadLibraryExW
InterlockedIncrement
GetPrivateProfileStringW
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
GetLongPathNameW
GetCurrentProcess
FlushInstructionCache
WideCharToMultiByte
LoadLibraryA
lstrcpynW
GetWindowsDirectoryW
FreeLibrary
GetTickCount
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
LoadLibraryW
OutputDebugStringA
GetLastError
SetLastError
lstrlenW
InterlockedDecrement
InitializeCriticalSection
lstrcmpW
SetUnhandledExceptionFilter
GetLocalTime
lstrcatA
lstrcpyA
GetModuleFileNameA
GetLongPathNameA
Module32FirstW
CreateToolhelp32Snapshot
CloseHandle
Module32NextW
FindClose
FindFirstFileA
GetCurrentThread
VirtualQuery
DebugBreak
lstrlenA
GetPrivateProfileIntW
WritePrivateProfileStringW
GetEnvironmentVariableW
MultiByteToWideChar
LocalFree
LocalAlloc
lstrcpyW
GetCurrentThreadId

user32

EnableWindow
RedrawWindow
DrawTextW
FillRect
InflateRect
CopyRect
GetSysColor
DestroyWindow
CreateWindowExW
UnhookWindowsHookEx
GetWindowRect
GetWindowLongW
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
GetParent
SetDlgItemTextW
SendMessageW
SetWindowsHookExW
CallNextHookEx
GetKeyState
GetMenuItemInfoW
SetMenuItemInfoW
SetMenuDefaultItem
CreateDialogParamW
GetDoubleClickTime
EndDeferWindowPos
DeferWindowPos
ScreenToClient
ShowWindow
BeginDeferWindowPos
IsWindow
PostMessageW
MessageBoxA
LoadStringW
SetRect
wsprintfW
CharNextW
GetFocus
GetDC
IsRectEmpty
MoveWindow
SetWindowTextW
LoadImageW
IsChild
SetFocus
DestroyMenu
TrackPopupMenu
GetSubMenu
LoadMenuW
DialogBoxParamW
SetRectEmpty
GetAncestor
MonitorFromWindow
GetMonitorInfoW
SetParent
SetForegroundWindow
EndDialog
GetClassNameW
WindowFromPoint
SetActiveWindow
GetCursorPos
BringWindowToTop
IsWindowVisible
RegisterWindowMessageW
GrayStringW
TabbedTextOutW
EndPaint
BeginPaint
GetMenu
AdjustWindowRectEx
GetDlgCtrlID
SetCapture
IsWindowEnabled
KillTimer
SetTimer
UpdateWindow
ClientToScreen
DefWindowProcW
SetWindowLongW
DrawEdge
DrawFocusRect
CallWindowProcW
ReleaseDC
PtInRect
GetCapture
SetCursor
CopyIcon
LoadCursorW
wvsprintfW
GetSystemMetrics
InvalidateRect
ReleaseCapture
LoadBitmapW
GetWindowTextW
GetWindow
SetClassLongW

gdi32

SetTextColor
GetBkColor
GetViewportExtEx
SetBkMode
LPtoDP
FloodFill
GetStockObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
SetBkColor
GetObjectW
Rectangle
CreateFontIndirectW
CreatePen
GetTextExtentPoint32W
CreateSolidBrush
CreateDIBSection
CreateCompatibleDC
SelectObject
StretchBlt
DeleteDC
BitBlt
DeleteObject
GetWindowExtEx

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
SHGetMalloc

ole32

CoTaskMemFree
CreateBindCtx

oleaut32

SysStringLen
LoadRegTypeLi
DispCallFunc
LoadTypeLi
SysAllocStringLen
SysAllocString
VariantClear
SysFreeString

urlmon

RegisterBindStatusCallback
CreateURLMoniker

atl

ord11
ord43
ord15
ord44
ord32
ord10
ord45
ord42
ord30
ord53
ord21
ord58
ord18
ord57
ord16

msimg32

GradientFill

msvcp60

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1_Lockit@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

pplugin2

?GetCurrentVersionW@@YGHIPAGK@Z

shlwapi

PathFindFileNameA
PathFileExistsW
PathStripPathW
PathAppendA
PathRemoveFileSpecA
PathAppendW
PathRemoveFileSpecW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/pnsis.dll
.dll windows:4 windows x86 arch:x86

31c6ac2144003ec772b515931addb3ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetCurrentProcessId
GetLongPathNameA
FreeLibrary
GlobalFree
lstrcpyA
GetVersionExA
CloseHandle
OpenProcess
TerminateProcess
DisableThreadLibraryCalls
LocalFree
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
GetStringTypeA
GetStringTypeW
RtlUnwind
Sleep
InterlockedDecrement
InterlockedIncrement
UnhandledExceptionFilter
VirtualAlloc
HeapReAlloc
IsBadWritePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA

advapi32

BuildExplicitAccessWithNameA
SetEntriesInAclA
SetNamedSecurityInfoA
GetNamedSecurityInfoA

Exports

Exports

AddEveryoneToAcl
KillLinger

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/pplugin2.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2a8bfb8a1144751d8d12e443415e4f1c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

40:44:b9:54:2d:81:22:d2:a0:63:ea:0e:91:4c:b4:33:e4:b4:22:46
Signer

Actual PE Digest

40:44:b9:54:2d:81:22:d2:a0:63:ea:0e:91:4c:b4:33:e4:b4:22:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GetCurrentThreadId
MulDiv
FlushInstructionCache
CreateFileW
SetEndOfFile
GlobalLock
WriteFile
LocalFree
GetVersionExW
LoadLibraryA
GlobalUnlock
InitializeCriticalSection
lstrcatW
DeleteCriticalSection
HeapDestroy
DisableThreadLibraryCalls
lstrcpynW
lstrcmpiW
FindResourceW
LoadResource
SizeofResource
GetShortPathNameW
MultiByteToWideChar
CreateEventW
FindClose
FindNextFileW
lstrcpyW
WaitForSingleObject
FindFirstFileW
SetLastError
WideCharToMultiByte
GetPrivateProfileIntW
GetPrivateProfileStringW
LoadLibraryExW
GetModuleFileNameW
GetEnvironmentVariableW
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
FreeLibrary
OpenMutexW
lstrlenA
OutputDebugStringW
DebugBreak
lstrlenW
InterlockedDecrement
InterlockedIncrement
CreateDirectoryW
GetLastError
CopyFileW
CreateProcessW
CloseHandle
GetCurrentProcess
GetModuleHandleW
GetProcAddress
ReadFile

user32

RegisterWindowMessageW
PostMessageW
DrawTextW
MapWindowPoints
IsWindow
SendMessageW
CreateWindowExW
DestroyWindow
GetWindowLongW
SetWindowTextW
GetWindowRect
CallWindowProcW
ScreenToClient
SetTimer
KillTimer
SetDlgItemTextW
GetDlgItem
SetWindowPos
SetWindowLongW
BeginPaint
EndPaint
wvsprintfW
CharNextW
LoadStringW
MoveWindow
IsChild
WaitForInputIdle
ShowWindow
GetKeyState
PtInRect
UnionRect
GetFocus
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
ReleaseDC
GetDC
InvalidateRect
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
DefWindowProcW
SetFocus
GetParent
CreateDialogParamW
RedrawWindow
GetClientRect

gdi32

CreateDCW
LPtoDP
SetMapMode
SetViewportOrgEx
GetDeviceCaps
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
DeleteDC
GetObjectW
CreateFontIndirectW
DeleteObject
SetBkColor
ExtTextOutW
SetTextColor
SetBkMode
SelectObject
GetStockObject

advapi32

RegDeleteKeyW
GetTokenInformation
OpenProcessToken
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
ShellExecuteA
ShellExecuteExW
SHGetFolderPathW

ole32

CreateDataAdviseHolder
CreateOleAdviseHolder
OleLoadFromStream
WriteClassStm
OleSaveToStream
CoTaskMemFree
CreateBindCtx
OleRegGetUserType
OleRegEnumVerbs
OleRegGetMiscStatus
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromString
CoCreateInstance

oleaut32

VariantClear
VariantCopy
VariantInit
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
LoadRegTypeLi
OleCreatePropertyFrame
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
SysAllocStringLen
SysFreeString
VarUI4FromStr

urlmon

RegisterBindStatusCallback
CreateURLMoniker

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
??0Init@ios_base@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z

msvcrt

__CxxFrameHandler
wcsncpy
memset
wcscpy
realloc
free
wcscmp
memcpy
??2@YAPAXI@Z
wcslen
iswdigit
_wtoi
malloc
wcscat
_wcsicmp
swprintf
strlen
_wfullpath
_CxxThrowException
wcsrchr
memcmp
_purecall
_wcsdup
??1type_info@@UAE@XZ
wcstoul
_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
rand
_snwprintf

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAppendW

Exports

Exports

?GetCurrentVersionW@@YGHIPAGK@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ppp.dll
.dll regsvr32 windows:4 windows x86 arch:x86

46929088280429ac3354990b94720261

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cc:90:4b:17:da:27:76:65:f2:2a:ab:dd:f4:84:b2:36:09:c6:ba:ee
Signer

Actual PE Digest

cc:90:4b:17:da:27:76:65:f2:2a:ab:dd:f4:84:b2:36:09:c6:ba:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord5852
ord3658
ord1115
ord1173
ord1568
ord1165
ord1570
ord1179
ord1863
ord1240
ord1194
ord1563
ord1248
ord1250
ord1571
ord600
ord826
ord269
ord1560
ord268
ord4199
ord4272
ord2756
ord2859
ord470
ord2746
ord755
ord942
ord5679
ord5706
ord4124
ord6770
ord2822
ord2910
ord5568
ord6139
ord940
ord925
ord6466
ord1128
ord2717
ord3948
ord815
ord561
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord800
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord927
ord5929
ord834
ord860
ord823
ord920
ord3050
ord3420
ord6874
ord5857
ord538
ord537
ord541
ord922
ord801
ord6868
ord1594
ord535
ord858
ord2606
ord2810
ord861
ord825
ord540
ord342

msvcrt

_findfirst
rand
srand
fclose
fgetws
_wfopen
wcsncpy
swprintf
strcat
_findclose
tolower
islower
toupper
isalnum
isspace
wcslen
realloc
memcpy
_wcsicmp
_purecall
_itow
memcmp
wcscmp
strrchr
_i64tow
atol
strncpy
sscanf
memset
_ftol
wcscpy
sprintf
strcpy
wcstoul
_wtoi
malloc
free
strlen
atoi
__CxxFrameHandler
_CxxThrowException
_wcsdup
_snprintf
strcmp
fprintf
fputs
isalpha
strncmp
strchr
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_findnext

kernel32

WideCharToMultiByte
MultiByteToWideChar
lstrlenW
GetACP
lstrlenA
WritePrivateProfileStringW
CopyFileW
LocalFree
GetLastError
DeviceIoControl
GetPrivateProfileStringW
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
CreateMutexW
MapViewOfFile
OpenFileMappingW
ReleaseMutex
FlushViewOfFile
UnmapViewOfFile
GetEnvironmentVariableW
GetProcAddress
LoadLibraryW
FreeLibrary
GetTickCount
DeleteFileW
GetTempPathW
CreateDirectoryW
LeaveCriticalSection
EnterCriticalSection
FlushInstructionCache
GetCurrentProcess
InterlockedDecrement
TerminateProcess
CloseHandle
CreateProcessW
WaitForSingleObject
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
OutputDebugStringW
LoadLibraryExW
GetSystemInfo
GetModuleHandleW
GetVersionExW
GetPrivateProfileIntW
VirtualQuery
Sleep
CreateFileA
LocalAlloc
GetSystemTime

user32

KillTimer
SetWindowLongW
DefWindowProcW
RegisterWindowMessageW
GetWindowLongW
CallWindowProcW
GetClientRect
IsWindow
DestroyWindow
FindWindowW
SendMessageW
SetWindowTextW
ShowWindow
BringWindowToTop
MoveWindow
GetWindowRect
wsprintfW
GetWindowThreadProcessId
CreateWindowExW
SetTimer
GetAncestor
SetWindowPos
PostMessageW
WaitForInputIdle

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW

shell32

SHGetFolderPathW

ole32

CoCreateGuid
CoCreateInstance

oleaut32

SysAllocStringLen
LoadTypeLi
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
VariantInit
SysAllocString
SysStringLen
LoadRegTypeLi
VariantClear
DispCallFunc
SysFreeString

atl

ord21
ord42
ord18
ord10
ord58
ord30
ord57
ord23
ord15
ord53
ord16
ord32
ord44
ord43
ord45
ord48
ord11
ord47

msvcp60

??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?good@ios_base@std@@QBE_NXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z

rpcrt4

UuidToStringW
UuidFromStringA

ws2_32

gethostname
gethostbyname
inet_addr
inet_ntoa

shlwapi

PathRemoveExtensionW
PathFindExtensionW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
StrStrIW
StrStrIA
PathStripPathW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NSGetModule

Sections

.text
Size: 204KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/time.dll
.dll windows:4 windows x86 arch:x86

2e3a4d1f132aea64d421c1e936bcc407

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
lstrcmpiA
lstrcpynA
GlobalFree
lstrcpyA
GlobalAlloc
GetSystemTime
GetLocalTime
SetSystemTime
SetLocalTime
FindClose
FindFirstFileA
CloseHandle
SetFileTime
CreateFileA
lstrcatA

user32

SendMessageA
wsprintfA

Exports

Exports

_GetFileTime
_GetFileTimeUTC
_GetLocalTime
_GetLocalTimeUTC
_MathTime
_SetFileTime
_SetFileTimeUTC
_SetLocalTime
_SetLocalTimeUTC
_TimeString
_Unload

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff8d8dbb96b7ab762c0ce51911e4d104

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 107KB

.ndata Size: - Virtual size: 96KB

.rsrc Size: 179KB - Virtual size: 179KB

a7c2770340db65b3dcb79c29aa100aca

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65Certificate

Extended Key Usages

Key Usages

7b:c8:9e:6c:14:0a:ee:24:c0:6a:21:17:a4:e2:f4:09:e0:9c:64:fcSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

msvcp60

msvcrt

version

shlwapi

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 132KB - Virtual size: 128KB

256af4ebe940c94257ae641d926c73e1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65Certificate

Extended Key Usages

Key Usages

ff:d5:b8:6e:c3:34:ec:95:13:1b:45:d8:63:a7:b1:e1:c9:08:e0:10Signer

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

shlwapi

version

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 107KB

.ndata
Size: - Virtual size: 96KB

.rsrc
Size: 179KB - Virtual size: 179KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

7b:c8:9e:6c:14:0a:ee:24:c0:6a:21:17:a4:e2:f4:09:e0:9c:64:fc
Signer

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 132KB - Virtual size: 128KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

ff:d5:b8:6e:c3:34:ec:95:13:1b:45:d8:63:a7:b1:e1:c9:08:e0:10
Signer

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 880B

.reloc
Size: 4KB - Virtual size: 976B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 553KB - Virtual size: 552KB

.rdata
Size: 126KB - Virtual size: 125KB

.data
Size: 25KB - Virtual size: 41KB

.rsrc
Size: 41KB - Virtual size: 41KB

.reloc
Size: 60KB - Virtual size: 60KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

45:a9:e0:de:d8:30:19:44:73:27:f9:41:61:79:9b:82:79:7c:b3:32
Signer

.text
Size: 264KB - Virtual size: 260KB

.rdata
Size: 44KB - Virtual size: 43KB