4213580eaa5ca0c59f392bbc65e8d5f6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4213580eaa5ca0c59f392bbc65e8d5f6_JaffaCakes118
Size

6.9MB
MD5

4213580eaa5ca0c59f392bbc65e8d5f6
SHA1

6edab8ba297db43bde51d4042571ab1d1339099c
SHA256

fc32b11e8bc0c778921d1cde7a8462978229b59eb322b4d1a477697487709240
SHA512

902cf354d43b5b473d33043e09c470115f518ef16caa41719b7b83d9e1eca8e7c27fe7250fa30fc7241d0128e1074d948ce6506054b3b508ac722a6ca79c89d7
SSDEEP

196608:zTp+ppCM6zBiOUKGw90Sh7hIpv7nB9xB1G/EHnwmX8vZdRv:zTp+ppCxGfSh7hIlDnxBo8Hwu8vZdRv

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
4213580eaa5ca0c59f392bbc65e8d5f6_JaffaCakes118
unpack001/$PLUGINSDIR/FindProcDLL.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack002/components/FFExternalAlert.dll
unpack002/components/RadioWMPCore.dll
unpack001/Movier.exe
unpack004/$PLUGINSDIR/InstallOptions.dll
unpack004/$PLUGINSDIR/System.dll
unpack004/$PLUGINSDIR/nsWeb.dll
unpack004/$SYSDIR/pthreadVC.dll
unpack001/ffmpeg.exe
unpack001/uninst.exe
unpack005/$PLUGINSDIR/LangDLL.dll

NSIS installer 5 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/WinPcap_4_0_2.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

4213580eaa5ca0c59f392bbc65e8d5f6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpA
OpenProcess
lstrcpyA
LoadLibraryA
CloseHandle
FreeLibrary
GetVersionExA
lstrlenA
GlobalFree

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/OCSetupHlp.dll
.dll windows:5 windows x86 arch:x86

778dea84cc0fbb95213648a19d9866c3

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

73:81:06:0e:d4:60:b9:9e:62:a9:23:47:bb:b8:4d:48
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

15/03/2010, 00:00

Not After

15/03/2011, 23:59

Subject

CN=OpenCandy Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=OpenCandy Inc.,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d7:b4:9d:17:9b:22:06:7a:e2:7e:82:d3:b8:22:e7:ae:58:8c:04:84
Signer

Actual PE Digest

d7:b4:9d:17:9b:22:06:7a:e2:7e:82:d3:b8:22:e7:ae:58:8c:04:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateMutexA
CreateEventA
WaitForMultipleObjects
SetEvent
DuplicateHandle
lstrlenA
CompareStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
GetModuleHandleA
GetTimeZoneInformation
FlushFileBuffers
CreateFileA
GetFileAttributesA
CreateProcessA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetFileAttributesW
CreateProcessW
GetExitCodeProcess
LoadLibraryA
GetExitCodeThread
GetFullPathNameW
LCMapStringW
LCMapStringA
GetCurrentDirectoryA
GetFullPathNameA
ReadFile
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
VirtualAlloc
RtlUnwind
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetStdHandle
SetHandleCount
IsValidCodePage
TerminateThread
ExpandEnvironmentStringsA
FormatMessageA
WideCharToMultiByte
RemoveDirectoryW
ExitProcess
SleepEx
GetUserDefaultUILanguage
GetLocaleInfoW
LockResource
LoadResource
SizeofResource
FreeLibrary
FindResourceW
DeleteFileW
WriteFile
SetFilePointer
CreateFileW
GetTempPathW
GetLastError
CreateMutexW
CloseHandle
ReleaseMutex
GetModuleFileNameW
CreateDirectoryW
GetShortPathNameW
WaitForSingleObject
GetCurrentThreadId
Sleep
GetSystemDirectoryW
VirtualQuery
GetOEMCP
GetACP
GetCPInfo
HeapSize
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RaiseException
GetDriveTypeW
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
GetCurrentProcess
GetVersionExW
GetSystemInfo
CreateSemaphoreW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResumeThread
ReleaseSemaphore
OpenProcess
LoadLibraryW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
GetVersion
GetTickCount
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesExW
GetFileTime
InitializeCriticalSection
GlobalFree
EnterCriticalSection
GetTempFileNameW
LeaveCriticalSection
InterlockedDecrement
FindResourceA
GetProcessHeap
HeapAlloc
HeapFree
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
GetConsoleCP
GetConsoleMode
GetFileType
TerminateProcess

msimg32

AlphaBlend

user32

DrawFocusRect
CreateWindowExW
InvalidateRect
ReleaseCapture
SetCapture
PostMessageW
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
GetSubMenu
LoadMenuW
DestroyMenu
PeekMessageW
EndPaint
BeginPaint
CallWindowProcW
GetSysColorBrush
GetCursor
SetFocus
DispatchMessageW
TranslateMessage
GetMessageW
SetMenuItemInfoW
LoadIconW
LoadImageW
GetClientRect
GetSystemMetrics
EnableMenuItem
CallNextHookEx
UnhookWindowsHookEx
GetDesktopWindow
GetForegroundWindow
MessageBoxW
SetWindowsHookExW
ScreenToClient
ReleaseDC
GetDC
SetForegroundWindow
PostQuitMessage
LoadCursorW
SetCursor
ClientToScreen
IsWindowVisible
SetWindowPos
EnableWindow
ShowWindow
DialogBoxParamW
CreateDialogParamW
DestroyWindow
GetWindowLongW
SetWindowLongW
EndDialog
GetDlgItem
SendMessageW
MoveWindow
GetParent
GetWindowRect
ChildWindowFromPoint

gdi32

CreateDIBSection
DeleteObject
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32W
SelectObject
GetStockObject
SetBkMode
SetTextColor
CreateFontIndirectW
GetObjectW
GdiFlush

advapi32

RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
GetUserNameW
DuplicateTokenEx
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyW

shell32

SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
StringFromGUID2
CoInitializeSecurity
CoSetProxyBlanket

oleaut32

VariantClear
SysFreeString
SysAllocString

secur32

GetUserNameExW

urlmon

URLDownloadToFileW

wininet

InternetGetConnectedStateExW
InternetQueryOptionW

psapi

GetProcessImageFileNameW
EnumProcesses

ws2_32

inet_ntoa
htons
gethostbyname
WSASetLastError
socket
inet_addr
__WSAFDIsSet
select
send
ioctlsocket
getsockname
bind
getsockopt
setsockopt
getprotobyname
connect
WSACleanup
recv
WSAGetLastError
closesocket
ntohs
WSAStartup

winmm

timeGetTime

Exports

Exports

DownloadMgr2Init
MainLoop
OCCheckForInfo
OCCheckForLink
OCCleanupProduct
OCDeleteSelf
OCDetach
OCDisplay
OCExecuteOffer
OCGetBannerInfo
OCGetLinkPlacementX
OCGetLinkPlacementY
OCGetMsg
OCGetOfferState
OCGetOfferType
OCInit2A
OCInit2W
OCInitA
OCInitW
OCInnoAdjust
OCInnoRestore
OCInstallShieldAdjust
OCNSISAdjust
OCRunDialog
OCSetOfferData
OCSetOfferLocation
OCShutdown
OCSignalProductFailed
OCSignalProductInstalled
OCSignalProductUnInstalled
_DLMgr2Check@16
_Display@16
_DownloadMgr2RecycleOffer@12
_MgrCheck@16
_MgrExec@16

Sections

.text
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

4364d928a98ebbc94aa9916b60a4de94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
CharPrevA
DrawFocusRect
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
RemovePropA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
GetUserData
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/pantallatoolbar
$TEMP/Movier.exe
.exe windows:4 windows x86 arch:x86

81638d02019c0bfcaaf23a9c69f2f12c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:ab:9b:2e:e6:79:14:b7:df:4c:47:95:40:de:c5:61
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/01/2007, 00:00

Not After

23/03/2010, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
WaitForSingleObject
CreateProcessA
GetCommandLineA
CloseHandle
UnmapViewOfFile
WriteFile
MapViewOfFile
DeleteFileA
GetTempFileNameA
GetTempPathA
CreateFileA
GetShortPathNameA
GetModuleFileNameA

user32

wsprintfA

Sections

.text
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 533B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/Movier.xpi
.zip
META-INF/manifest.mf
META-INF/zigbert.rsa
META-INF/zigbert.sf
chrome.manifest
chrome/movier-media.jar
.zip
content/ScrollbarBindings.xml
.xml
content/about.xul
.xml
content/aboutTabs.htm
.html
content/alert-bindings.xml
.xml
content/alertAbout.xul
.xml
content/alertMain.xul
.xml
content/alertPreview.xul
.xml
content/alertSettings.xul
.xml
content/autocomplete-menulist.xml
.js .xml polyglot
content/chat-menu-button.xml
.js .xml polyglot
content/chevronDialog.xul
.js .xml polyglot
content/contents.rdf
.xml
content/ctoolbar.js
.js
content/enAddEdit.xul
.js .xml polyglot
content/enConfirm.xul
.js .xml polyglot
content/enSettings.xul
.js .xml polyglot
content/enTestAccount.xul
.xml
content/fbSettings.xul
.xml
content/feed-bindings.xml
.js .xml polyglot
content/gadgets-bindings.xml
.js .xml polyglot
content/manageMenu.xul
.xml
content/multicommunity.xul
.xml
content/multicommunity_detected.xul
.js .xml polyglot
content/multicommunity_download.xul
.xml
content/myStuffError.xul
.xml
content/oldapi/weather_oldapi.xul
.xml
content/options.xul
.xml
content/popup.xul
.js .xml polyglot
content/popup_chat.xul
.js .xml polyglot
content/radio.xml
.xml
content/radio_addEdit.xul
.js .xml polyglot
content/radio_menu.xul
.xml
content/radio_search.xul
.xml
content/radio_volume.xul
.xml
content/toolbarOverlay.xul
.js .xml polyglot
content/toolbarbutton-mirrored-icon.xml
.js .xml polyglot
content/truste.xul
.xml
content/twitter-bindings.xml
.js .xml polyglot
content/uninstall.xul
.js .xml polyglot
content/wait.xul
.xml
content/weather.xul
.xml
content/weatherRTL.xul
.js .xml polyglot
content/welcome.xul
.xml
content/welcomeMacLinux.xul
.xml
content/welcomeRTL.xul
.xml
skin/AOL_load.gif
.gif
skin/about_bg.png
.png
skin/about_icon.png
.png
skin/alert/AboutTitleBarImage.gif
.gif
skin/alert/BottomStrip.gif
.gif
skin/alert/CloseButtonAll.gif
.gif
skin/alert/NextAll.gif
.gif
skin/alert/OptionsTitleBarImage.gif
.gif
skin/alert/PrevAll.gif
.gif
skin/alert/SettingsButtonAll.gif
.gif
skin/alert/TopStrip.gif
.gif
skin/alert/TrayIcon.ico
skin/alert/TrayIconAnimated.gif
.gif
skin/alert/TrayIconBlocked.ico
skin/alert/about.css
skin/alert/aboutAll.gif
.gif
skin/alert/alert.css
skin/alert/btn.gif
.gif
skin/alert/btn_dn.gif
.gif
skin/alert/btn_hover.gif
.gif
skin/alert/dot.gif
.gif
skin/alert/faqAll.gif
.gif
skin/alert/feedbackAll.gif
.gif
skin/alert/preview.css
skin/alert/privacyAll.gif
.gif
skin/alert/settings.css
skin/alert/viewRecentTitleBarImage.gif
.gif
skin/blank.png
.png
skin/block.png
.png
skin/chat/HasUsersOnline.gif
.gif
skin/chevron.png
.png
skin/chevron_rtl.png
.png
skin/contents.rdf
.xml
skin/ebdialogstyle.css
skin/ebtoolbarbuttonstyleLinux.css
skin/ebtoolbarbuttonstyleMac.css
skin/ebtoolbarbuttonstyleWinXP.css
skin/ebtoolbarstyle.css
skin/email.png
.png
skin/emailnew.png
.png
skin/emailnewsmall.png
.png
skin/enSound.wav
skin/expand.png
.png
skin/facebook/component_icon_big.png
.png
skin/facebook/facebook.css
skin/facebook/facebook_logo.png
.png
skin/facebook/faq.png
.png
skin/facebook/faq_over.png
.png
skin/facebook/privacy.png
.png
skin/facebook/privacy_over.png
.png
skin/facebook/separator_line.jpg
.jpg
skin/feed.css
skin/feedRTL_bg.png
.png
skin/feed_bg.png
.png
skin/feed_comment_all.png
.png
skin/feed_delete_all.png
.png
skin/feed_env_read.png
.png
skin/feed_env_unread.png
.png
skin/feed_read_all.png
.png
skin/feed_refresh_all.png
.png
skin/feed_unread_all.png
.png
skin/floatingToolbar.css
skin/gadgets/MyStuff.png
.png
skin/gadgets/MyStuffBlinkAndHighlight.gif
.gif
skin/gadgets/MyStuffHighlight.png
.png
skin/gadgets/chat/Close.gif
.gif
skin/gadgets/chat/CloseHover.gif
.gif
skin/gadgets/chat/ClosePressed.gif
.gif
skin/gadgets/chat/EditDown.gif
.gif
skin/gadgets/chat/EditDownHover.gif
.gif
skin/gadgets/chat/EditDownPressed.gif
.gif
skin/gadgets/chat/EditUp.gif
.gif
skin/gadgets/chat/EditUpHover.gif
.gif
skin/gadgets/chat/EditUpPressed.gif
.gif
skin/gadgets/chat/GadgetWindow.css
skin/gadgets/chat/Minimized.gif
.gif
skin/gadgets/chat/MinimizedHover.gif
.gif
skin/gadgets/chat/MinimizedPressed.gif
.gif
skin/gadgets/chat/WindowTop.gif
.gif
skin/gadgets/gadget/Close.gif
.gif
skin/gadgets/gadget/CloseHover.gif
.gif
skin/gadgets/gadget/ClosePressed.gif
.gif
skin/gadgets/gadget/GadgetWindow.css
skin/gadgets/gadget/Minimize.png
.png
skin/gadgets/gadget/MinimizeHover.png
.png
skin/gadgets/gadget/MinimizePressed.png
.png
skin/gadgets/gadget/WindowTop.gif
.gif
skin/gadgets/gadget/thumb/bg-shadow-bottom-left.png
.png
skin/gadgets/gadget/thumb/bg-shadow-bottom-right.png
.png
skin/gadgets/gadget/thumb/bg-shadow-bottom.png
.png
skin/gadgets/gadget/thumb/bg-shadow-left.png
.png
skin/gadgets/gadget/thumb/bg-shadow-right.png
.png
skin/gadgets/gadget/thumb/bg-shadow-top-left.png
.png
skin/gadgets/gadget/thumb/bg-shadow-top-right.png
.png
skin/gadgets/gadget/thumb/bg-shadow-top.png
.png
skin/gadgets/gadget/thumb/bg.png
.png
skin/gadgets/gadget/thumb/close.png
.png
skin/gadgets/gadget/thumb/close_hover.png
.png
skin/gadgets/gadget/thumb/close_pressed.png
.png
skin/gadgets/gadget/thumb/hovered-bg.png
.png
skin/gadgets/gadget/thumb/minimized.css
skin/go_btn.gif
.gif
skin/go_btnRTL.gif
.gif
skin/highlighter.png
.png
skin/highlighterDisabled.png
.png
skin/highlighterSearchTerm.png
.png
skin/highlighter_chevron.png
.png
skin/loading.gif
.gif
skin/manage.gif
.gif
skin/mc_add_active.png
.png
skin/mc_add_candidate.png
.png
skin/mc_add_flashing.gif
.gif
skin/mc_add_inactive.png
.png
skin/mc_community.png
.png
skin/mc_community_dialog.png
.png
skin/mc_community_dialog_over.png
.png
skin/mc_community_selected.png
.png
skin/mc_community_starred.png
.png
skin/mc_options.png
.png
skin/mc_search.png
.png
skin/mc_tooltip_addTo.gif
.gif
skin/mc_tooltip_addTo_dn.gif
.gif
skin/mc_tooltip_addTo_over.gif
.gif
skin/mc_tooltip_close.gif
.gif
skin/mc_tooltip_close_dn.gif
.gif
skin/mc_tooltip_close_over.gif
.gif
skin/mc_tooltip_next.gif
.gif
skin/mc_tooltip_next_dis.gif
.gif
skin/mc_tooltip_next_dn.gif
.gif
skin/mc_tooltip_next_over.gif
.gif
skin/mc_tooltip_prev.gif
.gif
skin/mc_tooltip_prev_dis.gif
.gif
skin/mc_tooltip_prev_dn.gif
.gif
skin/mc_tooltip_prev_over.gif
.gif
skin/mc_tooltip_separator.gif
.gif
skin/minibrowser.png
.png
skin/multicommunityDialog_bg.png
.png
skin/myGadgets_detect_x.png
.png
skin/myGadgets_detect_x_dn.png
.png
skin/myGadgets_detect_x_hover.png
.png
skin/myStuff/add.png
.png
skin/myStuff/myStuff.css
skin/myStuff/options.png
.png
skin/radio/Podcast.png
.png
skin/radio/RadioCombo.gif
.gif
skin/radio/RadioEqualizerLoading.gif
.gif
skin/radio/RadioEqualizerPause.gif
.gif
skin/radio/RadioEqualizerPlay.gif
.gif
skin/radio/RadioEqualizerReal.ico
skin/radio/RadioEqualizerSilent.gif
.gif
skin/radio/RadioError.gif
.gif
skin/radio/RadioErrow.ico
skin/radio/RadioErrowRTL.ico
skin/radio/RadioImgChev.ico
skin/radio/RadioMaxi.gif
.gif
skin/radio/RadioMaxi_dn.gif
.gif
skin/radio/RadioMaxi_on.gif
.gif
skin/radio/RadioMini.gif
.gif
skin/radio/RadioMini_dn.gif
.gif
skin/radio/RadioMini_on.gif
.gif
skin/radio/RadioPause.gif
.gif
skin/radio/RadioPauseChev.ico
skin/radio/RadioPause_dn.gif
.gif
skin/radio/RadioPause_on.gif
.gif
skin/radio/RadioPlay.gif
.gif
skin/radio/RadioPlayChev.ico
skin/radio/RadioPlay_dn.gif
.gif
skin/radio/RadioPlay_on.gif
.gif
skin/radio/RadioSliderBG.gif
.gif
skin/radio/RadioSliderBall.gif
.gif
skin/radio/RadioStop.gif
.gif
skin/radio/RadioStopChev.ico
skin/radio/RadioStop_dn.gif
.gif
skin/radio/RadioStop_on.gif
.gif
skin/radio/RadioStrip.gif
.gif
skin/radio/RadioTooltipPlaying.gif
.gif
skin/radio/RadioTooltipStopped.gif
.gif
skin/radio/RadioVolume.gif
.gif
skin/radio/RadioVolume_dn.gif
.gif
skin/radio/RadioVolume_on.gif
.gif
skin/radio/RealLogo.png
.png
skin/radio/WMPLogo.png
.png
skin/radio/default_skin.xml
.xml
skin/radio/defaultskin/RadioImgChev.ico
skin/radio/defaultskin/RadioPlayChev.ico
skin/radio/defaultskin/RadioStopChev.ico
skin/radio/defaultskin/display.gif
.gif
skin/radio/defaultskin/equalizer_buffering.gif
.gif
skin/radio/defaultskin/equalizer_error.gif
.gif
skin/radio/defaultskin/equalizer_playing.gif
.gif
skin/radio/defaultskin/equalizer_stopped.gif
.gif
skin/radio/defaultskin/equalizer_stopped1.gif
.gif
skin/radio/defaultskin/maxi.png
.png
skin/radio/defaultskin/maxi_dn.png
.png
skin/radio/defaultskin/maxi_over.png
.png
skin/radio/defaultskin/minimize.png
.png
skin/radio/defaultskin/minimize_dn.png
.png
skin/radio/defaultskin/minimize_over.png
.png
skin/radio/defaultskin/pause.gif
.gif
skin/radio/defaultskin/pause_dn.gif
.gif
skin/radio/defaultskin/pause_over.gif
.gif
skin/radio/defaultskin/play.gif
.gif
skin/radio/defaultskin/play_dn.gif
.gif
skin/radio/defaultskin/play_over.gif
.gif
skin/radio/defaultskin/slider.gif
.gif
skin/radio/defaultskin/slider_bg.png
.png
skin/radio/defaultskin/slider_dn.gif
.gif
skin/radio/defaultskin/slider_over.gif
.gif
skin/radio/defaultskin/stop.png
.png
skin/radio/defaultskin/stop_dn.png
.png
skin/radio/defaultskin/stop_over.png
.png
skin/radio/defaultskin/vol.gif
.gif
skin/radio/defaultskin/vol_dn.gif
.gif
skin/radio/defaultskin/vol_over.gif
.gif
skin/resize.gif
.gif
skin/scrollbar/down-active.png
.png
skin/scrollbar/down.png
.png
skin/scrollbar/horizontal-background.png
.png
skin/scrollbar/horizontal-gripper.png
.png
skin/scrollbar/horizontal-thumb-end.png
.png
skin/scrollbar/horizontal-thumb-start.png
.png
skin/scrollbar/horizontal-thumb.png
.png
skin/scrollbar/left-active.png
.png
skin/scrollbar/left.png
.png
skin/scrollbar/right-active.png
.png
skin/scrollbar/right.png
.png
skin/scrollbar/slider.gif
.gif
skin/scrollbar/up-active.png
.png
skin/scrollbar/up.png
.png
skin/scrollbar/vertical-background.png
.png
skin/scrollbar/vertical-gripper.png
.png
skin/scrollbar/vertical-thumb-end.png
.png
skin/scrollbar/vertical-thumb-start.png
.png
skin/scrollbar/vertical-thumb.png
.png
skin/scrollbars.css
skin/searchBox-suggest.xml
.js .xml polyglot
skin/separator.png
.png
skin/small_arrow.png
.png
skin/small_arrowRTL.png
.png
skin/splitter.ico
skin/star.png
.png
skin/truste_about.gif
.gif
skin/truste_welcome.gif
.gif
skin/twitter/twitter.css
skin/twitter/twitterRTL_bg.png
.png
skin/twitter/twitter_bg.png
.png
skin/twitter/twitter_chevron.gif
.gif
skin/twitter/twitter_no_img.png
.png
skin/v.png
.png
skin/warning.png
.png
skin/weather.png
.png
skin/weather_bg.png
.png
skin/weather_bg_rtl.png
.png
skin/weather_bullet.png
.png
skin/weather_close.png
.png
skin/weather_close_dn.png
.png
skin/weather_na.png
.png
skin/welcome-rtl/arrow.png
.png
skin/welcome-rtl/bottom.png
.png
skin/welcome-rtl/corner_ld.png
.png
skin/welcome-rtl/corner_lup.png
.png
skin/welcome-rtl/corner_rd.png
.png
skin/welcome-rtl/corner_rup.png
.png
skin/welcome-rtl/emailNotifier.gif
.gif
skin/welcome-rtl/facebook.png
.png
skin/welcome-rtl/grad_dn.png
.png
skin/welcome-rtl/left.png
.png
skin/welcome-rtl/radio.gif
.gif
skin/welcome-rtl/right.png
.png
skin/welcome-rtl/upper_border.png
.png
skin/welcome-rtl/weather.gif
.gif
skin/welcome-rtl/welcomeDialog.css
skin/welcome.bmp
skin/welcome/arrow.png
.png
skin/welcome/bottom.png
.png
skin/welcome/corner_ld.png
.png
skin/welcome/corner_lup.png
.png
skin/welcome/corner_rd.png
.png
skin/welcome/corner_rup.png
.png
skin/welcome/emailNotifier.gif
.gif
skin/welcome/facebook.png
.png
skin/welcome/grad_dn.png
.png
skin/welcome/left.png
.png
skin/welcome/radio.gif
.gif
skin/welcome/right.png
.png
skin/welcome/upper_border.png
.png
skin/welcome/weather.gif
.gif
skin/welcome/welcomeDialog.css
skin/x.png
.png
components/ConduitAutoCompleteSearch.js
.js
components/ConduitAutoCompleteSearch.xpt
components/ConduitToolbar.idl
components/ConduitToolbar.js
.js
components/ConduitToolbar.xpt
components/FFExternalAlert.dll
.dll windows:5 windows x86 arch:x86

3223d50e0400d555fa5614bff18da5cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Conduit\RnD\Client\FF\Dev-2.5.0.x\FirefoxXPIGenerator\XPISource\components\FFExternalAlert.pdb

Imports

user32

RegisterWindowMessageW
DestroyWindow
CreateWindowExW

ole32

CoCreateInstance
IIDFromString
CLSIDFromString

oleaut32

SysAllocString
SysFreeString

nspr4

PR_AtomicDecrement
PR_AtomicIncrement

xpcom

NS_Alloc

kernel32

GetModuleFileNameA
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
HeapAlloc
RaiseException
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
WriteFile
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

Exports

Exports

NSGetModule

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
components/FFExternalAlert.xpt
components/RadioWMPCore.dll
.dll windows:5 windows x86 arch:x86

a50dc75f0f339366da4f56137bf8807f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Conduit\RnD\Client\FF\Dev-2.5.2\FirefoxXPIGenerator\XPISource\components\RadioWMPCore.pdb

Imports

xpcom

NS_GetServiceManager
NS_Alloc

kernel32

SetLastError
WideCharToMultiByte
LeaveCriticalSection
MultiByteToWideChar
EnterCriticalSection
GetModuleHandleA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryA
HeapSize
RtlUnwind
WriteFile
HeapReAlloc
VirtualAlloc
GetLocaleInfoA
GetLastError
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapFree
HeapAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RaiseException
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

ole32

CoCreateInstance

oleaut32

SysFreeString

nspr4

PR_AtomicDecrement
PR_AtomicIncrement

Exports

Exports

NSGetModule

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
components/RadioWMPCore.xpt
defaults/default_radio_skin.xml
.xml
defaults/fbAlert.js
.html .js polyglot
install.rdf
.xml
lib/xpcom.js
.js
searchplugin/conduit.PNG
.png
searchplugin/conduit.gif
.gif
searchplugin/conduit.ico
searchplugin/conduit.src
searchplugin/conduit.xml
version.txt
$TEMP/captura.bmp
Language/movier_cs.xml
Language/movier_en-US.xml
Language/movier_es-ES.xml
Language/movier_fr-FR.xml
Language/movier_ja-JP.xml
Language/movier_pl-PL.xml
Language/movier_pt-BR.xml
Language/movier_pt-PT.xml
.xml
Language/movier_ro-RO.xml
.xml
Language/movier_ru-RU.xml
.xml
Movier.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenCandy/OCSetupHlp.dll
.dll windows:5 windows x86 arch:x86

778dea84cc0fbb95213648a19d9866c3

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

73:81:06:0e:d4:60:b9:9e:62:a9:23:47:bb:b8:4d:48
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

15/03/2010, 00:00

Not After

15/03/2011, 23:59

Subject

CN=OpenCandy Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=OpenCandy Inc.,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d7:b4:9d:17:9b:22:06:7a:e2:7e:82:d3:b8:22:e7:ae:58:8c:04:84
Signer

Actual PE Digest

d7:b4:9d:17:9b:22:06:7a:e2:7e:82:d3:b8:22:e7:ae:58:8c:04:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateMutexA
CreateEventA
WaitForMultipleObjects
SetEvent
DuplicateHandle
lstrlenA
CompareStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
GetModuleHandleA
GetTimeZoneInformation
FlushFileBuffers
CreateFileA
GetFileAttributesA
CreateProcessA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetFileAttributesW
CreateProcessW
GetExitCodeProcess
LoadLibraryA
GetExitCodeThread
GetFullPathNameW
LCMapStringW
LCMapStringA
GetCurrentDirectoryA
GetFullPathNameA
ReadFile
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
VirtualAlloc
RtlUnwind
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetStdHandle
SetHandleCount
IsValidCodePage
TerminateThread
ExpandEnvironmentStringsA
FormatMessageA
WideCharToMultiByte
RemoveDirectoryW
ExitProcess
SleepEx
GetUserDefaultUILanguage
GetLocaleInfoW
LockResource
LoadResource
SizeofResource
FreeLibrary
FindResourceW
DeleteFileW
WriteFile
SetFilePointer
CreateFileW
GetTempPathW
GetLastError
CreateMutexW
CloseHandle
ReleaseMutex
GetModuleFileNameW
CreateDirectoryW
GetShortPathNameW
WaitForSingleObject
GetCurrentThreadId
Sleep
GetSystemDirectoryW
VirtualQuery
GetOEMCP
GetACP
GetCPInfo
HeapSize
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RaiseException
GetDriveTypeW
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
GetCurrentProcess
GetVersionExW
GetSystemInfo
CreateSemaphoreW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResumeThread
ReleaseSemaphore
OpenProcess
LoadLibraryW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
GetVersion
GetTickCount
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesExW
GetFileTime
InitializeCriticalSection
GlobalFree
EnterCriticalSection
GetTempFileNameW
LeaveCriticalSection
InterlockedDecrement
FindResourceA
GetProcessHeap
HeapAlloc
HeapFree
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
GetConsoleCP
GetConsoleMode
GetFileType
TerminateProcess

msimg32

AlphaBlend

user32

DrawFocusRect
CreateWindowExW
InvalidateRect
ReleaseCapture
SetCapture
PostMessageW
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
GetSubMenu
LoadMenuW
DestroyMenu
PeekMessageW
EndPaint
BeginPaint
CallWindowProcW
GetSysColorBrush
GetCursor
SetFocus
DispatchMessageW
TranslateMessage
GetMessageW
SetMenuItemInfoW
LoadIconW
LoadImageW
GetClientRect
GetSystemMetrics
EnableMenuItem
CallNextHookEx
UnhookWindowsHookEx
GetDesktopWindow
GetForegroundWindow
MessageBoxW
SetWindowsHookExW
ScreenToClient
ReleaseDC
GetDC
SetForegroundWindow
PostQuitMessage
LoadCursorW
SetCursor
ClientToScreen
IsWindowVisible
SetWindowPos
EnableWindow
ShowWindow
DialogBoxParamW
CreateDialogParamW
DestroyWindow
GetWindowLongW
SetWindowLongW
EndDialog
GetDlgItem
SendMessageW
MoveWindow
GetParent
GetWindowRect
ChildWindowFromPoint

gdi32

CreateDIBSection
DeleteObject
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32W
SelectObject
GetStockObject
SetBkMode
SetTextColor
CreateFontIndirectW
GetObjectW
GdiFlush

advapi32

RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
GetUserNameW
DuplicateTokenEx
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyW

shell32

SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
StringFromGUID2
CoInitializeSecurity
CoSetProxyBlanket

oleaut32

VariantClear
SysFreeString
SysAllocString

secur32

GetUserNameExW

urlmon

URLDownloadToFileW

wininet

InternetGetConnectedStateExW
InternetQueryOptionW

psapi

GetProcessImageFileNameW
EnumProcesses

ws2_32

inet_ntoa
htons
gethostbyname
WSASetLastError
socket
inet_addr
__WSAFDIsSet
select
send
ioctlsocket
getsockname
bind
getsockopt
setsockopt
getprotobyname
connect
WSACleanup
recv
WSAGetLastError
closesocket
ntohs
WSAStartup

winmm

timeGetTime

Exports

Exports

DownloadMgr2Init
MainLoop
OCCheckForInfo
OCCheckForLink
OCCleanupProduct
OCDeleteSelf
OCDetach
OCDisplay
OCExecuteOffer
OCGetBannerInfo
OCGetLinkPlacementX
OCGetLinkPlacementY
OCGetMsg
OCGetOfferState
OCGetOfferType
OCInit2A
OCInit2W
OCInitA
OCInitW
OCInnoAdjust
OCInnoRestore
OCInstallShieldAdjust
OCNSISAdjust
OCRunDialog
OCSetOfferData
OCSetOfferLocation
OCShutdown
OCSignalProductFailed
OCSignalProductInstalled
OCSignalProductUnInstalled
_DLMgr2Check@16
_Display@16
_DownloadMgr2RecycleOffer@12
_MgrCheck@16
_MgrExec@16

Sections

.text
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenCandy/OpenCandy_Why_Is_This_Here.txt
WinPcap_4_0_2.exe
.exe windows:4 windows x86 arch:x86

18bc6fa81e19f21156316b1ae696ed6b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:ab:a1:ed:0c:8f:63:f3:bf:2b:e0:d4:c0:50:a2:08
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/05/2007, 00:00

Not After

18/05/2008, 23:59

Subject

CN=CACE TECHNOLOGIES\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CACE TECHNOLOGIES\, LLC,L=Davis,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:e0:1b:d2:fe:b3:3f:e1:0a:d8:98:c9:7e:2c:9b:93:d2:1a:fe:26
Signer

Actual PE Digest

87:e0:1b:d2:fe:b3:3f:e1:0a:d8:98:c9:7e:2c:9b:93:d2:1a:fe:26

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsWeb.dll
.dll windows:4 windows x86 arch:x86

d12ed83df3a4aa87887f14a225ff95d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GlobalFree
lstrcpyA
GlobalAlloc

user32

MapWindowPoints
GetWindowRect
SendMessageA
PostMessageA
MoveWindow
GetDlgItem
GetWindowLongA
GetClientRect
SetWindowLongA
ShowWindow
UpdateWindow
IsDialogMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
CreateDialogParamA
CallWindowProcA

ole32

OleInitialize
OleUninitialize
OleSetContainedObject
OleCreate

oleaut32

SafeArrayCreate
SafeArrayDestroy
SysFreeString
SysAllocStringLen
VariantClear
SysAllocString
VariantInit
SafeArrayAccessData

urlmon

CreateURLMoniker

wininet

InternetAttemptConnect

Exports

Exports

IsInet
ShowHTMLInPage
ShowWebInPage
ShowWebInPopUp

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/Packet.dll
.dll windows:4 windows x86 arch:x86

159da4fb58d740e6fd486492861bf942

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:ab:a1:ed:0c:8f:63:f3:bf:2b:e0:d4:c0:50:a2:08
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/05/2007, 00:00

Not After

18/05/2008, 23:59

Subject

CN=CACE TECHNOLOGIES\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CACE TECHNOLOGIES\, LLC,L=Davis,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:79:35:20:6e:3e:f3:90:be:bd:de:cc:7e:b1:3a:6e:a4:c1:63:42
Signer

Actual PE Digest

b9:79:35:20:6e:3e:f3:90:be:bd:de:cc:7e:b1:3a:6e:a4:c1:63:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

inet_addr

wanpacket

WanPacketGetStats
WanPacketSetBpfFilter
WanPacketSetBufferSize
WanPacketSetReadTimeout
WanPacketSetMode
WanPacketSetMinToCopy
WanPacketReceivePacket
WanPacketCloseAdapter
WanPacketOpenAdapter
WanPacketGetReadEvent
WanPacketTestAdapter

kernel32

GlobalFree
GlobalHandle
GlobalUnlock
ReleaseMutex
WaitForSingleObject
GlobalLock
GlobalAlloc
CloseHandle
GetModuleFileNameW
CreateMutexW
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetLastError
LCMapStringW
CreateEventW
SetLastError
WideCharToMultiByte
CreateFileA
GetVersion
SetEvent
ReadFile
WriteFile
QueryPerformanceFrequency
QueryPerformanceCounter
GetFullPathNameW
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
FlushFileBuffers
DeviceIoControl
LCMapStringA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
HeapFree
GetCommandLineA
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapAlloc
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetStdHandle

advapi32

RegOpenKeyExA
ControlService
OpenServiceA
QueryServiceStatus
StartServiceW
OpenSCManagerW
CreateServiceA
CloseServiceHandle
RegEnumKeyW
RegQueryValueExA
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

PacketAllocatePacket
PacketCloseAdapter
PacketFreePacket
PacketGetAdapterNames
PacketGetAirPcapHandle
PacketGetDriverVersion
PacketGetNetInfoEx
PacketGetNetType
PacketGetReadEvent
PacketGetStats
PacketGetStatsEx
PacketGetVersion
PacketInitPacket
PacketIsDumpEnded
PacketLibraryVersion
PacketOpenAdapter
PacketReceivePacket
PacketRequest
PacketSendPacket
PacketSendPackets
PacketSetBpf
PacketSetBuff
PacketSetDumpLimits
PacketSetDumpName
PacketSetHwFilter
PacketSetLoopbackBehavior
PacketSetMinToCopy
PacketSetMode
PacketSetNumWrites
PacketSetReadTimeout
PacketSetSnapLen
PacketStopDriver

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/WanPacket.dll
.dll windows:4 windows x86 arch:x86

c4f10a94feffedd44a2a094b559256d7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:ab:a1:ed:0c:8f:63:f3:bf:2b:e0:d4:c0:50:a2:08
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/05/2007, 00:00

Not After

18/05/2008, 23:59

Subject

CN=CACE TECHNOLOGIES\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CACE TECHNOLOGIES\, LLC,L=Davis,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

eb:58:0e:89:06:fe:84:a4:c1:12:f5:aa:18:a9:98:12:82:27:a2:73
Signer

Actual PE Digest

eb:58:0e:89:06:fe:84:a4:c1:12:f5:aa:18:a9:98:12:82:27:a2:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

npptools

CreateNPPInterface
GetNPPBlobTable
SetBoolInBlob
CreateBlob
DestroyBlob

kernel32

GetFileType
GlobalAlloc
GlobalFree
GetSystemTimeAsFileTime
LeaveCriticalSection
SetEvent
EnterCriticalSection
LoadLibraryA
GetVersionExA
DeleteCriticalSection
CloseHandle
CreateEventA
InitializeCriticalSection
Sleep
OutputDebugStringA
WaitForSingleObject
ResetEvent
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

ole32

CoInitializeEx
CoInitialize
CoUninitialize

Exports

Exports

WanPacketCloseAdapter
WanPacketGetReadEvent
WanPacketGetStats
WanPacketOpenAdapter
WanPacketReceivePacket
WanPacketSetBpfFilter
WanPacketSetBufferSize
WanPacketSetMinToCopy
WanPacketSetMode
WanPacketSetReadTimeout
WanPacketTestAdapter

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/pthreadVC.dll
.dll windows:4 windows x86 arch:x86

90ee61357770484e2d085958b94141a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

calloc
_onexit
__dllonexit
_adjust_fdiv
_initterm
exit
longjmp
_setjmp3
_ftime
_endthreadex
_beginthreadex
_errno
malloc
free

wsock32

WSAGetLastError
WSASetLastError

kernel32

GetThreadPriority
Sleep
EnterCriticalSection
TlsFree
TlsAlloc
GetExitCodeThread
ReleaseSemaphore
CreateSemaphoreA
GetCurrentProcessId
OpenProcess
GetLastError
SetThreadPriority
GetProcessAffinityMask
CloseHandle
TlsSetValue
TlsGetValue
SetLastError
InterlockedDecrement
ResetEvent
WaitForSingleObject
SetEvent
ResumeThread
SetThreadContext
GetThreadContext
SuspendThread
LeaveCriticalSection
LoadLibraryA
GetCurrentThreadId
CreateEventA
InterlockedIncrement
DuplicateHandle
GetCurrentThread
GetCurrentProcess
FreeLibrary
WaitForMultipleObjects
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress

Exports

Exports

pthreadCancelableTimedWait
pthreadCancelableWait
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setpshared
pthread_create
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_getconcurrency
pthread_getschedparam
pthread_getspecific
pthread_getw32threadhandle_np
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getkind_np
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setkind_np
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_win32_process_attach_np
pthread_win32_process_detach_np
pthread_win32_thread_attach_np
pthread_win32_thread_detach_np
ptw32_get_exception_services_code
ptw32_pop_cleanup
ptw32_push_cleanup
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/wpcap.dll
.dll windows:4 windows x86 arch:x86

a74f57c0da946efe5b5644f58e3aa02c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:ab:a1:ed:0c:8f:63:f3:bf:2b:e0:d4:c0:50:a2:08
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/05/2007, 00:00

Not After

18/05/2008, 23:59

Subject

CN=CACE TECHNOLOGIES\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CACE TECHNOLOGIES\, LLC,L=Davis,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bb:cd:d3:6e:8d:09:97:3f:0f:8a:44:63:69:2e:f4:ee:9d:a6:c0:0d
Signer

Actual PE Digest

bb:cd:d3:6e:8d:09:97:3f:0f:8a:44:63:69:2e:f4:ee:9d:a6:c0:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FormatMessageA
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
FindClose
FindNextFileA
FindFirstFileA
SetEndOfFile
CreateFileA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
FlushFileBuffers
SetFilePointer
ReadFile
SetStdHandle
CloseHandle
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
InterlockedIncrement
InterlockedDecrement
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
RtlUnwind
DeleteCriticalSection
InitializeCriticalSection
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersion
HeapFree
HeapAlloc
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA

ws2_32

recv
ntohl
ntohs
inet_ntoa
htonl
WSAGetLastError
gethostbyname
inet_addr
getservbyname
htons
WSASetLastError
closesocket
accept
gethostbyaddr
getservbyport
select
setsockopt
getsockopt
getsockname
getpeername
WSACleanup
WSAStartup
connect
listen
bind
socket
shutdown
getprotobyname
send

packet

PacketGetReadEvent
PacketGetStatsEx
PacketSendPackets
PacketInitPacket
PacketSetDumpLimits
PacketSetDumpName
PacketSetMode
PacketIsDumpEnded
PacketGetAirPcapHandle
PacketSetMinToCopy
PacketSetLoopbackBehavior
PacketGetVersion
PacketGetAdapterNames
PacketGetNetInfoEx
PacketSetReadTimeout
PacketSetBuff
PacketAllocatePacket
PacketSetHwFilter
PacketFreePacket
PacketCloseAdapter
PacketGetNetType
PacketOpenAdapter
PacketGetStats
PacketReceivePacket
PacketSendPacket
PacketSetBpf

Exports

Exports

bpf_dump
bpf_filter
bpf_image
bpf_validate
endservent
eproto_db
getservent
install_bpf_program
pcap_breakloop
pcap_close
pcap_compile
pcap_compile_nopcap
pcap_createsrcstr
pcap_datalink
pcap_datalink_name_to_val
pcap_datalink_val_to_description
pcap_datalink_val_to_name
pcap_dispatch
pcap_dump
pcap_dump_close
pcap_dump_file
pcap_dump_flush
pcap_dump_ftell
pcap_dump_open
pcap_file
pcap_fileno
pcap_findalldevs
pcap_findalldevs_ex
pcap_freealldevs
pcap_freecode
pcap_get_airpcap_handle
pcap_geterr
pcap_getevent
pcap_getnonblock
pcap_is_swapped
pcap_lib_version
pcap_list_datalinks
pcap_live_dump
pcap_live_dump_ended
pcap_lookupdev
pcap_lookupnet
pcap_loop
pcap_major_version
pcap_minor_version
pcap_next
pcap_next_etherent
pcap_next_ex
pcap_offline_filter
pcap_offline_read
pcap_open
pcap_open_dead
pcap_open_live
pcap_open_offline
pcap_parsesrcstr
pcap_perror
pcap_read
pcap_remoteact_accept
pcap_remoteact_cleanup
pcap_remoteact_close
pcap_remoteact_list
pcap_sendpacket
pcap_sendqueue_alloc
pcap_sendqueue_destroy
pcap_sendqueue_queue
pcap_sendqueue_transmit
pcap_set_datalink
pcap_setbuff
pcap_setfilter
pcap_setmintocopy
pcap_setmode
pcap_setnonblock
pcap_setsampling
pcap_setuserbuffer
pcap_snapshot
pcap_stats
pcap_stats_ex
pcap_strerror
wsockinit

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CACE_Banner.htm
.html
$TEMP/CACE_Logo.gif
.gif
$TEMP/NetSol.jpg
.jpg
WinPcapInstall.dll
.dll windows:4 windows x86 arch:x86

d60f1109a9a63e2695e536772cd81b32

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:ab:a1:ed:0c:8f:63:f3:bf:2b:e0:d4:c0:50:a2:08
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/05/2007, 00:00

Not After

18/05/2008, 23:59

Subject

CN=CACE TECHNOLOGIES\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CACE TECHNOLOGIES\, LLC,L=Davis,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ce:27:09:aa:53:c3:1d:ee:f6:7f:52:da:12:da:f3:78:ab:b9:e6:a6
Signer

Actual PE Digest

ce:27:09:aa:53:c3:1d:ee:f6:7f:52:da:12:da:f3:78:ab:b9:e6:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
LoadLibraryExA
FormatMessageA
LocalFree
FreeLibrary
GetLastError
Sleep
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
HeapFree
CloseHandle
InitializeCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
FlushFileBuffers
InterlockedDecrement
InterlockedIncrement
CreateFileA
GetCPInfo
GetACP
GetOEMCP
SetFilePointer
SetEndOfFile
ReadFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

DeleteService
CreateServiceA
StartServiceA
ChangeServiceConfigA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

Exports

Exports

manage_netmon
manage_npf_driver
manage_rpcapd_service

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rpcapd.exe
.exe windows:4 windows x86 arch:x86

e15cadb5060ea0689a84c75d4e8422a5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:ab:a1:ed:0c:8f:63:f3:bf:2b:e0:d4:c0:50:a2:08
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/05/2007, 00:00

Not After

18/05/2008, 23:59

Subject

CN=CACE TECHNOLOGIES\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CACE TECHNOLOGIES\, LLC,L=Davis,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:fd:76:60:55:f2:a7:26:c9:32:1d:53:31:f8:7f:9f:d8:ad:9d:69
Signer

Actual PE Digest

26:fd:76:60:55:f2:a7:26:c9:32:1d:53:31:f8:7f:9f:d8:ad:9d:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htonl
htons
accept
ntohs
select
getsockname
WSASetLastError
getpeername
inet_ntoa
WSAGetLastError
gethostbyname
inet_addr
getservbyname
gethostbyaddr
getservbyport
closesocket
WSACleanup
WSAStartup
connect
listen
bind
socket
shutdown
send
ntohl
recv

wpcap

pcap_compile
pcap_open_live
pcap_open_offline
pcap_next_ex
pcap_geterr
bpf_validate
pcap_setfilter
pcap_findalldevs
pcap_strerror
pcap_freealldevs
pcap_stats
install_bpf_program
pcap_close

pthreadvc

pthread_attr_setdetachstate
pthread_create
pthread_attr_destroy
pthread_setcancelstate
pthread_setcanceltype
pthread_cancel
pthread_exit
pthread_attr_init

packet

PacketSetMinToCopy
PacketSetLoopbackBehavior

kernel32

FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetFilePointer
WriteFile
RtlUnwind
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
ReadFile
UnhandledExceptionFilter
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
GetVersion
GetCommandLineA
SetConsoleCtrlHandler
HeapAlloc
GetCurrentProcess
TerminateProcess
ExitProcess
HeapFree
CreateFileA
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetProcAddress
Sleep
LoadLibraryA
CloseHandle
FormatMessageA
GetLastError
FreeLibrary
SetEndOfFile
GetSystemDirectoryA

user32

MessageBoxA

advapi32

ImpersonateLoggedOnUser
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
LogonUserA

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
data.bin
ffmpeg.exe
.exe windows:4 windows x86 arch:x86

969e38efa44baf22b3f016a9ef9a99ad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateEventA
CreateMutexA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLastError
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
OpenProcess
ReleaseMutex
ReleaseSemaphore
ResetEvent
ResumeThread
SetEvent
SetLastError
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

_close
_fdopen
_getch
_isatty
_kbhit
_open
_read
_setmode
_strdup
_swab
_tempnam
_unlink
_write
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_atoi64
_beginthreadex
_cexit
_endthreadex
_errno
_filbuf
_ftime
_iob
_isctype
_lseeki64
_onexit
_pctype
_setjmp
_setmode
_stricmp
abort
acos
asin
atan
atexit
atof
atoi
calloc
ceil
cos
cosh
exit
exp
fclose
fflush
fgetc
floor
fopen
fprintf
fputc
fread
free
frexp
fscanf
fseek
ftell
fwrite
getenv
gmtime
isalpha
isprint
isspace
ldexp
localeconv
localtime
log
log10
longjmp
malloc
memchr
memcpy
memmove
memset
mktime
perror
pow
qsort
rand
realloc
rename
signal
sin
sinh
sprintf
sqrt
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
tan
tanh
time
tolower
toupper
ungetc
vfprintf
vsprintf
wcslen

user32

DestroyWindow
GetWindowLongA
SendMessageA
SetWindowLongA

avifil32

AVIFileExit
AVIFileGetStream
AVIFileInfoA
AVIFileInit
AVIFileOpenA
AVIFileRelease
AVIStreamInfoA
AVIStreamRead
AVIStreamReadFormat
AVIStreamRelease

avicap32

capCreateCaptureWindowA

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
bind
closesocket
connect
gethostbyname
gethostname
getsockname
getsockopt
htonl
htons
inet_ntoa
ioctlsocket
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

d23fbd09100caad5e10f17163f511668

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpynA
GlobalAlloc
lstrcmpA
lstrlenA
GetModuleHandleA
MulDiv
lstrcpyA
GetACP

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 290B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 52KB

.rsrc Size: 17KB - Virtual size: 16KB

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 104B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

778dea84cc0fbb95213648a19d9866c3

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

73:81:06:0e:d4:60:b9:9e:62:a9:23:47:bb:b8:4d:48Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

d7:b4:9d:17:9b:22:06:7a:e2:7e:82:d3:b8:22:e7:ae:58:8c:04:84Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msimg32

user32

gdi32

advapi32

shell32

ole32

oleaut32

secur32

urlmon

wininet

psapi

ws2_32

winmm

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 52KB

.rsrc
Size: 17KB - Virtual size: 16KB

.text
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 104B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

73:81:06:0e:d4:60:b9:9e:62:a9:23:47:bb:b8:4d:48
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

d7:b4:9d:17:9b:22:06:7a:e2:7e:82:d3:b8:22:e7:ae:58:8c:04:84
Signer

.text
Size: 318KB - Virtual size: 317KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 7KB - Virtual size: 19KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 19KB - Virtual size: 19KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 522B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

59:ab:9b:2e:e6:79:14:b7:df:4c:47:95:40:de:c5:61
Certificate

.text
Size: 512B - Virtual size: 510B

.rdata
Size: 1024B - Virtual size: 533B

.data
Size: 512B - Virtual size: 20B

.rsrc
Size: 1.6MB - Virtual size: 1.6MB