46d4d7497808450ac2ddf49c704cf25d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

46d4d7497808450ac2ddf49c704cf25d_JaffaCakes118
Size

1.7MB
MD5

46d4d7497808450ac2ddf49c704cf25d
SHA1

d642c4d5f73ee0974c4ccb405313556cb6510f46
SHA256

2d4c232402adfe08d851dbaea1498390558747e14b2b10b3fdb8895ae4e2e999
SHA512

8dbb8a3f6bc260ec37db36a2c278b83b91c0a19f7536e82c8da38f79427ff5c7098f35c4cd35f67ca35f77d301efb63ac998e0f02bccb20de66d4e2d0b918a25
SSDEEP

49152:mw/Omq+RALHYnG82rKUplMZ356q7YQHTsEy0s5:B/OmBvMrKIMZJ57YQz9y0q

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WindowFX/Render.dll
unpack001/WindowFX/wfx_64.dll
unpack001/WindowFX/wfx_64.exe
unpack001/WindowFX/wfxload .exe
unpack001/WindowFX/wfxload.exe

Files

46d4d7497808450ac2ddf49c704cf25d_JaffaCakes118
.rar
WindowFX/AX big/AX big.wfs
WindowFX/AX big/AX big.wfs_Shadows.Bottom.WBD
WindowFX/AX big/AX big.wfs_Shadows.Left.WBD
WindowFX/AX big/AX big.wfs_Shadows.Right.WBD
WindowFX/AX big/AX big.wfs_Shadows.Top.WBD
WindowFX/AX big/bottom.bmp
WindowFX/AX big/left.bmp
WindowFX/AX big/right.bmp
WindowFX/AX big/top.bmp
WindowFX/BBSI/bbsi.wfs
WindowFX/BBSI/bbsi.wfs_Shadows.Bottom.WBD
WindowFX/BBSI/bbsi.wfs_Shadows.Left.WBD
WindowFX/BBSI/bbsi.wfs_Shadows.Right.WBD
WindowFX/BBSI/bbsi.wfs_Shadows.Top.WBD
WindowFX/BBSI/bottom.bmp
WindowFX/BBSI/readme.txt
WindowFX/BBSI/right.bmp
WindowFX/Broad/Broad.wfs_Shadows.Bottom.WBD
WindowFX/Broad/Broad.wfs_Shadows.Left.WBD
WindowFX/Broad/Broad.wfs_Shadows.Right.WBD
WindowFX/Broad/bottom.bmp
WindowFX/Broad/broad.wfs
WindowFX/Broad/left.bmp
WindowFX/Broad/right.bmp
WindowFX/Darwin-Mini/Darwin-Mini.wfs
WindowFX/Darwin-Mini/Darwin-Mini.wfs_Shadows.Bottom.WBD
WindowFX/Darwin-Mini/Darwin-Mini.wfs_Shadows.Left.WBD
WindowFX/Darwin-Mini/Darwin-Mini.wfs_Shadows.Right.WBD
WindowFX/Darwin-Mini/bottom.bmp
WindowFX/Darwin-Mini/left.bmp
WindowFX/Darwin-Mini/right.bmp
WindowFX/Darwin-Mixed/Darwin-Mixed.wfs
WindowFX/Darwin-Mixed/Darwin-Mixed.wfs_Shadows.Bottom.WBD
WindowFX/Darwin-Mixed/Darwin-Mixed.wfs_Shadows.Left.WBD
WindowFX/Darwin-Mixed/Darwin-Mixed.wfs_Shadows.Right.WBD
WindowFX/Darwin-Mixed/Darwin-Mixed.wfs_Shadows.Top.WBD
WindowFX/Darwin-Mixed/bottom.bmp
WindowFX/Darwin-Mixed/left.bmp
WindowFX/Darwin-Mixed/right.bmp
WindowFX/Darwin-Mixed/top.bmp
WindowFX/Darwin/Darwin.wfs
WindowFX/Darwin/Darwin.wfs_Shadows.Bottom.WBD
WindowFX/Darwin/Darwin.wfs_Shadows.Left.WBD
WindowFX/Darwin/Darwin.wfs_Shadows.Right.WBD
WindowFX/Darwin/Darwin.wfs_Shadows.Top.WBD
WindowFX/Darwin/bottom.bmp
WindowFX/Darwin/left.bmp
WindowFX/Darwin/right.bmp
WindowFX/Darwin/top.bmp
WindowFX/Dual thin/Dual thin.wfs_Shadows.Bottom.WBD
WindowFX/Dual thin/Dual thin.wfs_Shadows.Right.WBD
WindowFX/Dual thin/bottom.bmp
WindowFX/Dual thin/dual thin.wfs
WindowFX/Dual thin/left.bmp
WindowFX/Dual thin/right.bmp
WindowFX/Duo/Duo.wfs_Shadows.Bottom.WBD
WindowFX/Duo/Duo.wfs_Shadows.Right.WBD
WindowFX/Duo/bottom.bmp
WindowFX/Duo/duo.wfs
WindowFX/Duo/left.bmp
WindowFX/Duo/right.bmp
WindowFX/Ghostrans/Ghostrans.wfs
WindowFX/Ghostrans/Ghostrans.wfs_Shadows.Bottom.WBD
WindowFX/Ghostrans/Ghostrans.wfs_Shadows.Left.WBD
WindowFX/Ghostrans/Ghostrans.wfs_Shadows.Right.WBD
WindowFX/Ghostrans/bottom.bmp
WindowFX/Ghostrans/left.bmp
WindowFX/Ghostrans/right.bmp
WindowFX/Glass V1/Glass V1.wfs
WindowFX/Glass V1/Glass V1.wfs_Shadows.Bottom.WBD
WindowFX/Glass V1/Glass V1.wfs_Shadows.Left.WBD
WindowFX/Glass V1/Glass V1.wfs_Shadows.Right.WBD
WindowFX/Glass V1/Glass V1.wfs_Shadows.Top.WBD
WindowFX/Glass V1/bottom.bmp
WindowFX/Glass V1/left.bmp
WindowFX/Glass V1/right.bmp
WindowFX/Glass V1/top.bmp
WindowFX/Glass V2/Glass V2.wfs
WindowFX/Glass V2/Glass V2.wfs_Shadows.Bottom.WBD
WindowFX/Glass V2/Glass V2.wfs_Shadows.Left.WBD
WindowFX/Glass V2/Glass V2.wfs_Shadows.Right.WBD
WindowFX/Glass V2/Glass V2.wfs_Shadows.Top.WBD
WindowFX/Glass V2/bottom.bmp
WindowFX/Glass V2/left.bmp
WindowFX/Glass V2/rechts.bmp
WindowFX/Glass V2/top.bmp
WindowFX/Glass V3/Glass V3.wfs
WindowFX/Glass V3/Glass V3.wfs_Shadows.Bottom.WBD
WindowFX/Glass V3/Glass V3.wfs_Shadows.Left.WBD
WindowFX/Glass V3/Glass V3.wfs_Shadows.Right.WBD
WindowFX/Glass V3/Glass V3.wfs_Shadows.Top.WBD
WindowFX/Glass V3/bottom.bmp
WindowFX/Glass V3/left.bmp
WindowFX/Glass V3/right.bmp
WindowFX/Glass V3/top.bmp
WindowFX/Glass V4/Glass V4.wfs
WindowFX/Glass V4/Glass V4.wfs_Shadows.Bottom.WBD
WindowFX/Glass V4/Glass V4.wfs_Shadows.Left.WBD
WindowFX/Glass V4/Glass V4.wfs_Shadows.Right.WBD
WindowFX/Glass V4/Glass V4.wfs_Shadows.Top.WBD
WindowFX/Glass V4/bottom.bmp
WindowFX/Glass V4/left.bmp
WindowFX/Glass V4/right.bmp
WindowFX/Glass V4/top.bmp
WindowFX/Glass V5/Glass V5.wfs
WindowFX/Glass V5/Glass V5.wfs_Shadows.Bottom.WBD
WindowFX/Glass V5/Glass V5.wfs_Shadows.Left.WBD
WindowFX/Glass V5/Glass V5.wfs_Shadows.Right.WBD
WindowFX/Glass V5/Glass V5.wfs_Shadows.Top.WBD
WindowFX/Glass V5/bottom.bmp
WindowFX/Glass V5/left.bmp
WindowFX/Glass V5/right.bmp
WindowFX/Glass V5/top.bmp
WindowFX/Glass V6/Glass V6.wfs
WindowFX/Glass V6/Glass V6.wfs_Shadows.Bottom.WBD
WindowFX/Glass V6/Glass V6.wfs_Shadows.Left.WBD
WindowFX/Glass V6/Glass V6.wfs_Shadows.Right.WBD
WindowFX/Glass V6/Glass V6.wfs_Shadows.Top.WBD
WindowFX/Glass V6/bottom.bmp
WindowFX/Glass V6/left.bmp
WindowFX/Glass V6/right.bmp
WindowFX/Glass V6/top.bmp
WindowFX/Glass V7/Glass V7.wfs
WindowFX/Glass V7/Glass V7.wfs_Shadows.Bottom.WBD
WindowFX/Glass V7/Glass V7.wfs_Shadows.Left.WBD
WindowFX/Glass V7/Glass V7.wfs_Shadows.Right.WBD
WindowFX/Glass V7/Glass V7.wfs_Shadows.Top.WBD
WindowFX/Glass V7/bottom.bmp
WindowFX/Glass V7/left.bmp
WindowFX/Glass V7/right.bmp
WindowFX/Glass V7/top.bmp
WindowFX/Glass V8/Glass V8.wfs
WindowFX/Glass V8/Glass V8.wfs_Shadows.Bottom.WBD
WindowFX/Glass V8/Glass V8.wfs_Shadows.Left.WBD
WindowFX/Glass V8/Glass V8.wfs_Shadows.Right.WBD
WindowFX/Glass V8/Glass V8.wfs_Shadows.Top.WBD
WindowFX/Glass V8/bottom.bmp
WindowFX/Glass V8/left.bmp
WindowFX/Glass V8/right.bmp
WindowFX/Glass V8/top.bmp
WindowFX/Lang/english.lng
WindowFX/Render.dll
.dll windows:4 windows x86 arch:x86

11019af102ba492d889f481394eb456c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
RtlUnwind
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
LoadLibraryA
MultiByteToWideChar

user32

IsWindow
ReleaseDC
GetWindowDC
GetWindowRect

gdi32

BitBlt

d3d9

Direct3DCreate9

d3dx9_25

D3DXMatrixMultiply
D3DXMatrixRotationYawPitchRoll
D3DXMatrixTranslation
D3DXCreateTexture
D3DXMatrixPerspectiveFovLH

winmm

timeSetEvent

Exports

Exports

??0CRender@@QAE@XZ
??4CRender@@QAEAAV0@ABV0@@Z
?fnRender@@YAHXZ
?nRender@@3HA
UpdateThumb

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WindowFX/Scripts/AutoReposition2Taskbar.ttt
WindowFX/Scripts/Distort3.tra
WindowFX/Scripts/Distort3.ttt
WindowFX/Scripts/Distort4.tra
WindowFX/Scripts/Distort4.ttt
WindowFX/Scripts/Distort5.tra
WindowFX/Scripts/Distort5.ttt
WindowFX/Scripts/DoorAround.tra
WindowFX/Scripts/DoorAround.ttt
WindowFX/Scripts/Doors.tra
WindowFX/Scripts/ElevDoor.tra
WindowFX/Scripts/ElevDoor.ttt
WindowFX/Scripts/Expand.tra
WindowFX/Scripts/Genie.tra
WindowFX/Scripts/MShaky.tra
WindowFX/Scripts/MZoom.tra
WindowFX/Scripts/MZoom.ttt
WindowFX/Scripts/ManyBars.tra
WindowFX/Scripts/Melt_It.tra
WindowFX/Scripts/Melt_it.ttt
WindowFX/Scripts/Mshaky.ttt
WindowFX/Scripts/Mverti.tra
WindowFX/Scripts/Mverti.ttt
WindowFX/Scripts/Quad2Desktop.tra
WindowFX/Scripts/QuadRotate2Middle.tra
WindowFX/Scripts/QuadShrink2Desktop.tra
WindowFX/Scripts/SlideBothWays.tra
WindowFX/Scripts/SlideColumnsUp-down.ttt
WindowFX/Scripts/SlideColumnsUpDown.tra
WindowFX/Scripts/SlideDiag.tra
WindowFX/Scripts/Spin2Desktop.tra
WindowFX/Scripts/Spin2Taskbar.tra
WindowFX/Scripts/Twister.tra
WindowFX/Scripts/Twister.ttt
WindowFX/Scripts/Vague.tra
WindowFX/Scripts/Variant.tra
WindowFX/Scripts/Variant1.ttt
WindowFX/Scripts/ZSlide.tra
WindowFX/Scripts/ZSlideandSpin.tra
WindowFX/Scripts/blinds.tra
WindowFX/Scripts/blinds.ttt
WindowFX/Scripts/distort.tra
WindowFX/Scripts/distort.ttt
WindowFX/Scripts/distort2.tra
WindowFX/Scripts/distort2.ttt
WindowFX/Scripts/distort2a.tra
WindowFX/Scripts/distort2a.ttt
WindowFX/Scripts/doors.ttt
WindowFX/Scripts/expand.ttt
WindowFX/Scripts/genie.ttt
WindowFX/Scripts/grid.tra
WindowFX/Scripts/grid.ttt
WindowFX/Scripts/grid2.tra
WindowFX/Scripts/grid2.ttt
WindowFX/Scripts/grid3.tra
WindowFX/Scripts/grid3.ttt
WindowFX/Scripts/grid4.tra
WindowFX/Scripts/grid4.ttt
WindowFX/Scripts/grid5.tra
WindowFX/Scripts/grid5.ttt
WindowFX/Scripts/grid6.tra
WindowFX/Scripts/grid6.ttt
WindowFX/Scripts/jeannie.tra
WindowFX/Scripts/jeannie.ttt
WindowFX/Scripts/manybars.ttt
WindowFX/Scripts/q2d_1_rect.ttt
WindowFX/Scripts/q2d_2_rect.ttt
WindowFX/Scripts/q2d_3_rect.ttt
WindowFX/Scripts/q2d_4_rect.ttt
WindowFX/Scripts/qr2m_1_rect.ttt
WindowFX/Scripts/qr2m_2_rect.ttt
WindowFX/Scripts/qr2m_3_rect.ttt
WindowFX/Scripts/qr2m_4_rect.ttt
WindowFX/Scripts/rect.ttt
WindowFX/Scripts/rect2.ttt
WindowFX/Scripts/slideboth.ttt
WindowFX/Scripts/slideboth2.ttt
WindowFX/Scripts/slides.tra
WindowFX/Scripts/slides.ttt
WindowFX/Scripts/strecther.tra
WindowFX/Scripts/stretcher.ttt
WindowFX/Scripts/trect.ttt
WindowFX/Scripts/vague.ttt
WindowFX/Scripts/wfx_scripting_variables.doc
.doc windows office2003
WindowFX/Shaft/Shaft.wfs
WindowFX/Shaft/Shaft.wfs_Shadows.Bottom.WBD
WindowFX/Shaft/Shaft.wfs_Shadows.Right.WBD
WindowFX/Shaft/bottom.bmp
WindowFX/Shaft/right.bmp
WindowFX/Solid/solid.wfs
WindowFX/Spank-Big/Spank-Big.wfs
WindowFX/Spank-Big/Spank-Big.wfs_Shadows.Bottom.WBD
WindowFX/Spank-Big/Spank-Big.wfs_Shadows.Left.WBD
WindowFX/Spank-Big/Spank-Big.wfs_Shadows.Right.WBD
WindowFX/Spank-Big/Spank-Big.wfs_Shadows.Top.WBD
WindowFX/Spank-Big/bottom.bmp
WindowFX/Spank-Big/left.bmp
WindowFX/Spank-Big/right.bmp
WindowFX/Spank-Big/top.bmp
WindowFX/Spank/Spank.wfs
WindowFX/Spank/Spank.wfs_Shadows.Bottom.WBD
WindowFX/Spank/Spank.wfs_Shadows.Left.WBD
WindowFX/Spank/Spank.wfs_Shadows.Right.WBD
WindowFX/Spank/Spank.wfs_Shadows.Top.WBD
WindowFX/Spank/bottom.bmp
WindowFX/Spank/left.bmp
WindowFX/Spank/right.bmp
WindowFX/Spank/top.bmp
WindowFX/Tri thin/bottom.bmp
WindowFX/Tri thin/left.bmp
WindowFX/Tri thin/right.bmp
WindowFX/Tri thin/tri thin.wfs
WindowFX/Tri thin/tri thin.wfs_Shadows.Bottom.WBD
WindowFX/Tri thin/tri thin.wfs_Shadows.Left.WBD
WindowFX/Tri thin/tri thin.wfs_Shadows.Right.WBD
WindowFX/Trio/Trio.wfs_Shadows.Bottom.WBD
WindowFX/Trio/Trio.wfs_Shadows.Left.WBD
WindowFX/Trio/Trio.wfs_Shadows.Right.WBD
WindowFX/Trio/bottom.bmp
WindowFX/Trio/left.bmp
WindowFX/Trio/right.bmp
WindowFX/Trio/trio.wfs
WindowFX/Windows Default All/Windows Default All.wfs
WindowFX/Windows Default All/Windows Default All.wfs_Shadows.Bottom.WBD
WindowFX/Windows Default All/Windows Default All.wfs_Shadows.Left.WBD
WindowFX/Windows Default All/Windows Default All.wfs_Shadows.Right.WBD
WindowFX/Windows Default All/Windows Default All.wfs_Shadows.Top.WBD
WindowFX/Windows Default All/bottom.bmp
WindowFX/Windows Default All/left.bmp
WindowFX/Windows Default All/right.bmp
WindowFX/d3dx9_25.dll
.dll windows:5 windows x86 arch:x86

cf59ec61a977c0dc219019890726b5d1

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a9:a7:5e:d0:8d:8a:3c:30:1f:ef:76:a0:e8:09:ff:d4:64:64:4e:ef
Signer

Actual PE Digest

a9:a7:5e:d0:8d:8a:3c:30:1f:ef:76:a0:e8:09:ff:d4:64:64:4e:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d3dx9_25.pdb

Imports

kernel32

GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FindResourceA
LoadResource
LockResource
SizeofResource
FreeResource
CompareStringA
GetFullPathNameA
LeaveCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
Sleep
InitializeCriticalSection
InterlockedExchange
EnterCriticalSection
lstrcmpiA
IsDBCSLeadByte
CreateFileW
GetTempPathA
GetTempFileNameA
CreateFileA
ReadFile
CloseHandle
DeleteFileA
InterlockedDecrement
InterlockedIncrement
IsProcessorFeaturePresent
GetSystemInfo
VirtualAlloc
VirtualFree
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringA
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetVersionExA
DeleteFileW
SetFilePointer
MoveFileA
MoveFileW
GetTempFileNameW
GlobalMemoryStatus
FreeLibrary
SetEndOfFile
ExpandEnvironmentStringsA
GetLastError
CreateMutexA
WaitForSingleObject
ReleaseMutex
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
DisableThreadLibraryCalls
HeapAlloc
GetProcessHeap
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
FindResourceW

msvcrt

_except_handler3
?terminate@@YAXXZ
_adjust_fdiv
_initterm
srand
_tempnam
exit
atol
_ultoa
wcstombs
rand
fread
_wfopen
fopen
fwrite
fclose
isxdigit
atof
_CIcosh
_CIexp
_CIsinh
_CItanh
_fpclass
strchr
_isnan
isalnum
isalpha
toupper
tolower
atoi
floor
_strtime
_strdate
sscanf
isspace
isdigit
_setjmp3
longjmp
ldexp
frexp
wcslen
calloc
realloc
malloc
_CIsqrt
setlocale
_strdup
free
ceil
_controlfp
_vsnprintf
_CIasin
__CxxFrameHandler
_finite
_CIacos
memmove
qsort
_CIfmod
_purecall
_stricmp
modf
iswspace
iswalpha
iswdigit
iswpunct
_CIpow
??2@YAPAXI@Z
??3@YAXPAX@Z

gdi32

GetCurrentObject
ExtTextOutW
MoveToEx
ExtTextOutA
CreateCompatibleDC
SetMapMode
SetTextAlign
CreateFontIndirectW
CreateFontIndirectA
GetFontLanguageInfo
SetBkMode
GetOutlineTextMetricsA
SetTextColor
GetCharacterPlacementW
GetCharacterPlacementA
SelectObject
DeleteObject
DeleteDC
CreateDIBSection
GetGlyphOutlineA
GetTextMetricsA
GetObjectW
GetObjectA
GetGlyphOutlineW
SetBkColor
GetTextMetricsW

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA

Exports

Exports

D3DXAssembleShader
D3DXAssembleShaderFromFileA
D3DXAssembleShaderFromFileW
D3DXAssembleShaderFromResourceA
D3DXAssembleShaderFromResourceW
D3DXBoxBoundProbe
D3DXCheckCubeTextureRequirements
D3DXCheckTextureRequirements
D3DXCheckVersion
D3DXCheckVolumeTextureRequirements
D3DXCleanMesh
D3DXColorAdjustContrast
D3DXColorAdjustSaturation
D3DXCompileShader
D3DXCompileShaderFromFileA
D3DXCompileShaderFromFileW
D3DXCompileShaderFromResourceA
D3DXCompileShaderFromResourceW
D3DXComputeBoundingBox
D3DXComputeBoundingSphere
D3DXComputeNormalMap
D3DXComputeNormals
D3DXComputeTangent
D3DXComputeTangentFrame
D3DXComputeTangentFrameEx
D3DXConcatenateMeshes
D3DXConvertMeshSubsetToSingleStrip
D3DXConvertMeshSubsetToStrips
D3DXCpuOptimizations
D3DXCreateAnimationController
D3DXCreateBox
D3DXCreateBuffer
D3DXCreateCompressedAnimationSet
D3DXCreateCubeTexture
D3DXCreateCubeTextureFromFileA
D3DXCreateCubeTextureFromFileExA
D3DXCreateCubeTextureFromFileExW
D3DXCreateCubeTextureFromFileInMemory
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateCubeTextureFromFileW
D3DXCreateCubeTextureFromResourceA
D3DXCreateCubeTextureFromResourceExA
D3DXCreateCubeTextureFromResourceExW
D3DXCreateCubeTextureFromResourceW
D3DXCreateCylinder
D3DXCreateEffect
D3DXCreateEffectCompiler
D3DXCreateEffectCompilerFromFileA
D3DXCreateEffectCompilerFromFileW
D3DXCreateEffectCompilerFromResourceA
D3DXCreateEffectCompilerFromResourceW
D3DXCreateEffectEx
D3DXCreateEffectFromFileA
D3DXCreateEffectFromFileExA
D3DXCreateEffectFromFileExW
D3DXCreateEffectFromFileW
D3DXCreateEffectFromResourceA
D3DXCreateEffectFromResourceExA
D3DXCreateEffectFromResourceExW
D3DXCreateEffectFromResourceW
D3DXCreateEffectPool
D3DXCreateFontA
D3DXCreateFontIndirectA
D3DXCreateFontIndirectW
D3DXCreateFontW
D3DXCreateFragmentLinker
D3DXCreateKeyframedAnimationSet
D3DXCreateLine
D3DXCreateMatrixStack
D3DXCreateMesh
D3DXCreateMeshFVF
D3DXCreateNPatchMesh
D3DXCreatePMeshFromStream
D3DXCreatePRTBuffer
D3DXCreatePRTBufferTex
D3DXCreatePRTCompBuffer
D3DXCreatePRTEngine
D3DXCreatePatchMesh
D3DXCreatePolygon
D3DXCreateRenderToEnvMap
D3DXCreateRenderToSurface
D3DXCreateSPMesh
D3DXCreateSkinInfo
D3DXCreateSkinInfoFVF
D3DXCreateSkinInfoFromBlendedMesh
D3DXCreateSphere
D3DXCreateSprite
D3DXCreateTeapot
D3DXCreateTextA
D3DXCreateTextW
D3DXCreateTexture
D3DXCreateTextureFromFileA
D3DXCreateTextureFromFileExA
D3DXCreateTextureFromFileExW
D3DXCreateTextureFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileW
D3DXCreateTextureFromResourceA
D3DXCreateTextureFromResourceExA
D3DXCreateTextureFromResourceExW
D3DXCreateTextureFromResourceW
D3DXCreateTextureGutterHelper
D3DXCreateTextureShader
D3DXCreateTorus
D3DXCreateVolumeTexture
D3DXCreateVolumeTextureFromFileA
D3DXCreateVolumeTextureFromFileExA
D3DXCreateVolumeTextureFromFileExW
D3DXCreateVolumeTextureFromFileInMemory
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileW
D3DXCreateVolumeTextureFromResourceA
D3DXCreateVolumeTextureFromResourceExA
D3DXCreateVolumeTextureFromResourceExW
D3DXCreateVolumeTextureFromResourceW
D3DXDebugMute
D3DXDeclaratorFromFVF
D3DXDisassembleEffect
D3DXDisassembleShader
D3DXFVFFromDeclarator
D3DXFileCreate
D3DXFillCubeTexture
D3DXFillCubeTextureTX
D3DXFillTexture
D3DXFillTextureTX
D3DXFillVolumeTexture
D3DXFillVolumeTextureTX
D3DXFilterTexture
D3DXFindShaderComment
D3DXFloat16To32Array
D3DXFloat32To16Array
D3DXFrameAppendChild
D3DXFrameCalculateBoundingSphere
D3DXFrameDestroy
D3DXFrameFind
D3DXFrameNumNamedMatrices
D3DXFrameRegisterNamedMatrices
D3DXFresnelTerm
D3DXGatherFragments
D3DXGatherFragmentsFromFileA
D3DXGatherFragmentsFromFileW
D3DXGatherFragmentsFromResourceA
D3DXGatherFragmentsFromResourceW
D3DXGenerateOutputDecl
D3DXGeneratePMesh
D3DXGetDeclLength
D3DXGetDeclVertexSize
D3DXGetDriverLevel
D3DXGetFVFVertexSize
D3DXGetImageInfoFromFileA
D3DXGetImageInfoFromFileInMemory
D3DXGetImageInfoFromFileW
D3DXGetImageInfoFromResourceA
D3DXGetImageInfoFromResourceW
D3DXGetPixelShaderProfile
D3DXGetShaderConstantTable
D3DXGetShaderInputSemantics
D3DXGetShaderOutputSemantics
D3DXGetShaderSamplers
D3DXGetShaderSize
D3DXGetShaderVersion
D3DXGetTargetDescByName
D3DXGetTargetDescByVersion
D3DXGetVertexShaderProfile
D3DXIntersect
D3DXIntersectSubset
D3DXIntersectTri
D3DXLoadMeshFromXA
D3DXLoadMeshFromXInMemory
D3DXLoadMeshFromXResource
D3DXLoadMeshFromXW
D3DXLoadMeshFromXof
D3DXLoadMeshHierarchyFromXA
D3DXLoadMeshHierarchyFromXInMemory
D3DXLoadMeshHierarchyFromXW
D3DXLoadPRTBufferFromFileA
D3DXLoadPRTBufferFromFileW
D3DXLoadPRTCompBufferFromFileA
D3DXLoadPRTCompBufferFromFileW
D3DXLoadPatchMeshFromXof
D3DXLoadSkinMeshFromXof
D3DXLoadSurfaceFromFileA
D3DXLoadSurfaceFromFileInMemory
D3DXLoadSurfaceFromFileW
D3DXLoadSurfaceFromMemory
D3DXLoadSurfaceFromResourceA
D3DXLoadSurfaceFromResourceW
D3DXLoadSurfaceFromSurface
D3DXLoadVolumeFromFileA
D3DXLoadVolumeFromFileInMemory
D3DXLoadVolumeFromFileW
D3DXLoadVolumeFromMemory
D3DXLoadVolumeFromResourceA
D3DXLoadVolumeFromResourceW
D3DXLoadVolumeFromVolume
D3DXMatrixAffineTransformation
D3DXMatrixAffineTransformation2D
D3DXMatrixDecompose
D3DXMatrixDeterminant
D3DXMatrixInverse
D3DXMatrixLookAtLH
D3DXMatrixLookAtRH
D3DXMatrixMultiply
D3DXMatrixMultiplyTranspose
D3DXMatrixOrthoLH
D3DXMatrixOrthoOffCenterLH
D3DXMatrixOrthoOffCenterRH
D3DXMatrixOrthoRH
D3DXMatrixPerspectiveFovLH
D3DXMatrixPerspectiveFovRH
D3DXMatrixPerspectiveLH
D3DXMatrixPerspectiveOffCenterLH
D3DXMatrixPerspectiveOffCenterRH
D3DXMatrixPerspectiveRH
D3DXMatrixReflect
D3DXMatrixRotationAxis
D3DXMatrixRotationQuaternion
D3DXMatrixRotationX
D3DXMatrixRotationY
D3DXMatrixRotationYawPitchRoll
D3DXMatrixRotationZ
D3DXMatrixScaling
D3DXMatrixShadow
D3DXMatrixTransformation
D3DXMatrixTransformation2D
D3DXMatrixTranslation
D3DXMatrixTranspose
D3DXOptimizeFaces
D3DXOptimizeVertices
D3DXPlaneFromPointNormal
D3DXPlaneFromPoints
D3DXPlaneIntersectLine
D3DXPlaneNormalize
D3DXPlaneTransform
D3DXPlaneTransformArray
D3DXQuaternionBaryCentric
D3DXQuaternionExp
D3DXQuaternionInverse
D3DXQuaternionLn
D3DXQuaternionMultiply
D3DXQuaternionNormalize
D3DXQuaternionRotationAxis
D3DXQuaternionRotationMatrix
D3DXQuaternionRotationYawPitchRoll
D3DXQuaternionSlerp
D3DXQuaternionSquad
D3DXQuaternionSquadSetup
D3DXQuaternionToAxisAngle
D3DXRectPatchSize
D3DXSHAdd
D3DXSHDot
D3DXSHEvalConeLight
D3DXSHEvalDirection
D3DXSHEvalDirectionalLight
D3DXSHEvalHemisphereLight
D3DXSHEvalSphericalLight
D3DXSHPRTCompSplitMeshSC
D3DXSHPRTCompSuperCluster
D3DXSHProjectCubeMap
D3DXSHRotate
D3DXSHRotateZ
D3DXSHScale
D3DXSaveMeshHierarchyToFileA
D3DXSaveMeshHierarchyToFileW
D3DXSaveMeshToXA
D3DXSaveMeshToXW
D3DXSavePRTBufferToFileA
D3DXSavePRTBufferToFileW
D3DXSavePRTCompBufferToFileA
D3DXSavePRTCompBufferToFileW
D3DXSaveSurfaceToFileA
D3DXSaveSurfaceToFileInMemory
D3DXSaveSurfaceToFileW
D3DXSaveTextureToFileA
D3DXSaveTextureToFileInMemory
D3DXSaveTextureToFileW
D3DXSaveVolumeToFileA
D3DXSaveVolumeToFileInMemory
D3DXSaveVolumeToFileW
D3DXSimplifyMesh
D3DXSphereBoundProbe
D3DXSplitMesh
D3DXTessellateNPatches
D3DXTessellateRectPatch
D3DXTessellateTriPatch
D3DXTriPatchSize
D3DXUVAtlasCreate
D3DXUVAtlasPack
D3DXUVAtlasPartition
D3DXValidMesh
D3DXValidPatchMesh
D3DXVec2BaryCentric
D3DXVec2CatmullRom
D3DXVec2Hermite
D3DXVec2Normalize
D3DXVec2Transform
D3DXVec2TransformArray
D3DXVec2TransformCoord
D3DXVec2TransformCoordArray
D3DXVec2TransformNormal
D3DXVec2TransformNormalArray
D3DXVec3BaryCentric
D3DXVec3CatmullRom
D3DXVec3Hermite
D3DXVec3Normalize
D3DXVec3Project
D3DXVec3ProjectArray
D3DXVec3Transform
D3DXVec3TransformArray
D3DXVec3TransformCoord
D3DXVec3TransformCoordArray
D3DXVec3TransformNormal
D3DXVec3TransformNormalArray
D3DXVec3Unproject
D3DXVec3UnprojectArray
D3DXVec4BaryCentric
D3DXVec4CatmullRom
D3DXVec4Cross
D3DXVec4Hermite
D3DXVec4Normalize
D3DXVec4Transform
D3DXVec4TransformArray
D3DXWeldVertices

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WindowFX/sig.bin
WindowFX/wfx.dll
.dll windows:4 windows x86 arch:x86

780f5e846363fed64bb83ccd9546216a

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d2:bd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

21/09/2005, 21:26

Not After

21/09/2007, 21:26

Subject

CN=Stardock Corporation,OU=,O=Stardock Corporation,L=Plymouth,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetModuleFileNameA
MultiByteToWideChar
GetCurrentProcessId
IsBadWritePtr
GetThreadPriority
EnterCriticalSection
Sleep
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTickCount
CreateFileA
ReadFile
CloseHandle
GetModuleHandleA
GetSystemDirectoryA
LoadLibraryA
GetLastError
GetProcAddress
FreeLibrary
IsBadReadPtr
GetCurrentThread
SetThreadPriority

user32

MonitorFromWindow
IntersectRect
DefWindowProcW
DrawIconEx
DrawIcon
MoveWindow
UpdateWindow
SetWindowPlacement
IsHungAppWindow
PtInRect
SetCapture
SetFocus
EnumDesktopWindows
GetThreadDesktop
RegisterHotKey
UnregisterHotKey
InsertMenuA
DeleteMenu
GetWindowTextA
GetSystemMenu
GetMonitorInfoA
EqualRect
GetAsyncKeyState
CallNextHookEx
GetWindowPlacement
ValidateRect
IsWindowEnabled
EnableWindow
SetForegroundWindow
RegisterWindowMessageA
GetKeyState
FindWindowA
LoadCursorA
RegisterClassA
EnumWindows
UnregisterClassA
EnumChildWindows
FindWindowExA
InvalidateRect
GetWindowThreadProcessId
SetWindowRgn
IsZoomed
GetParent
WindowFromDC
DrawEdge
DrawCaption
DrawTextA
SendNotifyMessageA
GetClassNameA
IsIconic
IsWindowVisible
PrintWindow
SendMessageA
GetWindowRgn
CopyImage
GetSystemMetrics
RedrawWindow
DestroyWindow
PostMessageA
CreateWindowExA
GetWindowDC
GetWindow
SetWindowPos
ShowWindow
UpdateLayeredWindow
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
BeginPaint
EndPaint
DefWindowProcA
GetClassLongA
GetCursorPos
WindowFromPoint
IsChild
SetTimer
IsRectEmpty
KillTimer
SetLayeredWindowAttributes
GetWindowLongA
GetForegroundWindow
IsWindow
SetPropA
RemovePropA
SetWindowLongA
SystemParametersInfoA
ReplyMessage
EnumDisplayMonitors
CallWindowProcA
LoadImageA
GetDesktopWindow
GetClientRect
GetDC
GetSysColor
ReleaseDC
GetWindowRect
GetPropA
SendMessageTimeoutA

gdi32

GetClipBox
GetObjectType
GetDeviceCaps
CreatePen
MoveToEx
PatBlt
GetRgnBox
SetTextColor
SetBkMode
CreateFontA
CreateRectRgn
CombineRgn
FillRgn
SetDCPenColor
SetDCBrushColor
Pie
GdiGetBatchLimit
GdiSetBatchLimit
GetDIBits
CreateBrushIndirect
BitBlt
StretchBlt
SetStretchBltMode
DeleteObject
Rectangle
GetStockObject
CreateSolidBrush
GetObjectA
DeleteDC
ExtTextOutA
SetBkColor
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
GdiFlush
SetDIBitsToDevice
LineTo

comctl32

ImageList_GetIconSize
ImageList_Draw

advapi32

RegCreateKeyA
RegQueryValueExA
RegCloseKey

msvcrt

strlen
strcpy
atoi
memset
strcmp
strcat
_ftol
fwrite
fclose
fread
fopen
cos
sin
rand
_beginthread
srand
??3@YAXPAX@Z
__CxxFrameHandler
strncpy
toupper
strrchr
??2@YAPAXI@Z
strncmp
time
abs
malloc
__dllonexit
_onexit
_initterm
_adjust_fdiv
_itoa
free

Exports

Exports

DestroyShadow
LoadShadow
MouseHook
PaintShadowWindow
PatchAPI
PatchAPI2
PatchAPI3
SetHookPtr
SetHookPtr3
SetHookPtr4
SetIgnoreME
ToolPreview
UpdateSetting
_GetWindowsDirectoryA@8
stubPatch

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WindowFX/wfx.ico
WindowFX/wfx_64.dll
.dll windows:4 windows x64 arch:x64

0a0adaa8968c7d44d94dd6b7a7a172b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

h:\wfx_64.pdb

Imports

comctl32

ImageList_GetIconSize
ImageList_Draw

kernel32

FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetFilePointer
HeapReAlloc
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
RtlPcToFileHeader
RaiseException
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
HeapSize
GetStringTypeA
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
UnhandledExceptionFilter
RtlUnwindEx
FlsAlloc
TlsSetValue
SetLastError
FlsFree
TlsFree
FlsGetValue
GetStdHandle
WriteFile
ExitProcess
HeapDestroy
HeapCreate
HeapSetInformation
GetProcessHeap
GetVersionExA
GetCommandLineA
FlsSetValue
GetSystemTimeAsFileTime
CreateThread
ResumeThread
ExitThread
HeapAlloc
HeapFree
GetStringTypeW
GetLocaleInfoA
SetEndOfFile
RtlVirtualUnwind
RtlLookupFunctionEntry
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
DeleteCriticalSection
GetModuleHandleA
GetThreadPriority
GetModuleFileNameA
LoadLibraryA
GetPrivateProfileStringA
EnterCriticalSection
GetProcAddress
GetLastError
SetThreadPriority
MultiByteToWideChar
GetSystemDirectoryA
ReadFile
IsBadWritePtr
LeaveCriticalSection
Sleep
GetPrivateProfileIntA
InitializeCriticalSection
IsBadReadPtr
GetCurrentThread
GetTickCount
FreeLibrary
CreateFileA
RtlCaptureContext

user32

EndPaint
DrawCaption
DestroyWindow
SetWindowPlacement
EnumDesktopWindows
GetMessageA
GetClassNameA
UpdateLayeredWindow
SetWindowRgn
GetSystemMenu
SetTimer
GetWindowRect
GetWindowLongPtrA
GetWindowDC
GetThreadDesktop
IsIconic
IsChild
SetCapture
SendNotifyMessageA
KillTimer
IsZoomed
DrawTextA
GetKeyState
GetPropA
DrawIconEx
SetForegroundWindow
ReplyMessage
DeleteMenu
CopyImage
GetParent
IsHungAppWindow
CallNextHookEx
RemovePropA
IsWindowEnabled
DrawIcon
FindWindowExA
WindowFromPoint
GetClientRect
SetFocus
SendMessageA
DrawEdge
RegisterWindowMessageA
GetClassLongPtrA
BeginPaint
EnumWindows
PtInRect
GetMonitorInfoA
GetDC
TranslateMessage
GetForegroundWindow
GetWindowPlacement
GetWindowTextA
SetPropA
GetAsyncKeyState
SetWindowLongA
IntersectRect
InvalidateRect
UnregisterClassA
GetWindowLongA
CreateWindowExA
PeekMessageA
ReleaseDC
MonitorFromWindow
GetWindowRgn
DefWindowProcA
RedrawWindow
SendMessageTimeoutA
GetDesktopWindow
GetSysColor
SetWindowPos
GetCursorPos
EnumChildWindows
SetLayeredWindowAttributes
ShowWindow
WindowFromDC
SetWindowLongPtrA
IsWindow
PostMessageA
DispatchMessageA
EqualRect
SystemParametersInfoA
GetSystemMetrics
IsWindowVisible
InsertMenuA
PrintWindow
LoadImageA
UpdateWindow
EnableWindow
CallWindowProcA
UnregisterHotKey
FindWindowA
LoadCursorA
RegisterHotKey
ValidateRect
DefWindowProcW
GetWindowThreadProcessId
RegisterClassA
GetWindow
GetClassLongA
MoveWindow
IsRectEmpty
EnumDisplayMonitors

gdi32

SetDCPenColor
GetObjectType
SetStretchBltMode
CreateRectRgn
CreatePen
GetClipBox
GetObjectA
GetStockObject
ExtTextOutA
CreateSolidBrush
CombineRgn
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
FillRgn
GdiFlush
SetBkColor
SetDCBrushColor
GetDIBits
StretchBlt
GetDeviceCaps
CreateFontA
CreateDIBSection
DeleteDC
SetTextColor
LineTo
Pie
PatBlt
GdiGetBatchLimit
SetDIBitsToDevice
BitBlt
MoveToEx
CreateBrushIndirect
GdiSetBatchLimit
Rectangle
GetRgnBox
CreateCompatibleBitmap

advapi32

RegQueryValueExA
RegCreateKeyA
RegCloseKey

Exports

Exports

DestroyShadow
GetWindowsDirectoryA
LoadShadow
MouseHook
PaintShadowWindow
PatchAPI
PatchAPI2
PatchAPI3
SetHookPtr
SetHookPtr3
SetHookPtr4
UpdateSetting
stubPatch

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WindowFX/wfx_64.exe
.exe windows:4 windows x64 arch:x64

06e9697506422ed837cc16f20b265a8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
GetModuleHandleA
HeapReAlloc
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
SetCurrentDirectoryA
GetLocaleInfoA
MultiByteToWideChar
HeapSize
Sleep
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
LoadLibraryA
GetLastError
SetProcessWorkingSetSize
ExitProcess
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RtlUnwindEx
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

user32

LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassExA
RegisterWindowMessageA
DefWindowProcA
DestroyWindow
DialogBoxParamA
BeginPaint
EndPaint
PostQuitMessage
MessageBoxA
SetWindowsHookExA
EndDialog
CreateWindowExA
ShowWindow
UpdateWindow

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyA

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WindowFX/wfxload .exe
.exe windows:4 windows x86 arch:x86

98c88d882f01a3f6ac1e5f7dfd761624

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

user32

MessageBoxA

Sections

Size: - Virtual size: 832KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 149KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 212KB - Virtual size: 4KB

IMAGE_SCN_MEM_DISCARDABLE
WindowFX/wfxload.exe
.exe windows:4 windows x86 arch:x86

98c88d882f01a3f6ac1e5f7dfd761624

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

user32

MessageBoxA

Sections

Size: - Virtual size: 832KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 149KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 212KB - Virtual size: 4KB

IMAGE_SCN_MEM_DISCARDABLE
WindowFX/wfxload1.exe
.exe windows:4 windows x86 arch:x86

1c65e5b72858809508ac81f0c3db20d0

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d2:bd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

21/09/2005, 21:26

Not After

21/09/2007, 21:26

Subject

CN=Stardock Corporation,OU=,O=Stardock Corporation,L=Plymouth,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeKillEvent
timeSetEvent
timeBeginPeriod
timeEndPeriod

ddraw

DirectDrawCreateEx
DirectDrawCreate
DirectDrawEnumerateExA

msimg32

TransparentBlt
AlphaBlend

shlwapi

PathFileExistsA

mfc42

ord3639
ord692
ord2358
ord4694
ord6111
ord2642
ord4224
ord3803
ord798
ord1997
ord2763
ord5466
ord5194
ord533
ord939
ord2379
ord3721
ord795
ord6199
ord6215
ord2764
ord1158
ord941
ord1200
ord6646
ord4202
ord2864
ord1908
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord1008
ord496
ord4259
ord1768
ord3870
ord4299
ord4715
ord5981
ord5849
ord4401
ord5683
ord3177
ord355
ord3742
ord818
ord4275
ord3626
ord3663
ord755
ord2414
ord5787
ord283
ord470
ord2860
ord922
ord924
ord1871
ord1146
ord1168
ord4220
ord2584
ord3654
ord2863
ord2438
ord1644
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord617
ord2621
ord5214
ord296
ord6877
ord3811
ord4683
ord2581
ord4219
ord2024
ord2413
ord6366
ord1771
ord616
ord3582
ord4398
ord2578
ord4218
ord2023
ord2411
ord5161
ord790
ord3716
ord4258
ord489
ord768
ord4835
ord5287
ord4854
ord4377
ord4358
ord4948
ord4976
ord4742
ord4905
ord5160
ord5162
ord1907
ord4538
ord293
ord2513
ord2362
ord609
ord3574
ord4396
ord2575
ord2302
ord683
ord567
ord3631
ord4424
ord3402
ord5290
ord1776
ord6055
ord6453
ord2364
ord2370
ord540
ord860
ord537
ord5710
ord858
ord800
ord535
ord4129
ord4204
ord823
ord4710
ord6334
ord4234
ord2301
ord2298
ord641
ord825
ord324
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord6195
ord1576

msvcrt

_errno
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
__dllonexit
?terminate@@YAXXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
strncmp
_except_handler3
strcmp
isalpha
tolower
memcpy
memset
memcmp
strlen
??9type_info@@QBEHABV0@@Z
?name@type_info@@QBEPBDXZ
??8type_info@@QBEHABV0@@Z
srand
exit
_purecall
memmove
_CxxThrowException
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
strrchr
strtok
malloc
free
time
gmtime
_getcwd
_mbsnbcpy
_beginthread
strstr
toupper
rand
atof
_ftol
__CxxFrameHandler
fopen
atoi
fseek
_mbscmp
fclose
fread
_ultoa
_setmbcp
_itoa
_onexit
_controlfp

kernel32

GetStartupInfoA
CloseHandle
GetFileSize
ReadFile
CreateFileA
GetPrivateProfileStringA
GetPrivateProfileSectionA
GetPrivateProfileIntA
Sleep
WaitForSingleObject
GetModuleHandleA
OutputDebugStringA
GetProcAddress
FreeLibrary
LoadLibraryA
GetVersionExA
WritePrivateProfileStringA
GetWindowsDirectoryA
FindClose
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
GetSystemDirectoryA
Beep
GetTickCount
MulDiv
GetLastError
GetModuleFileNameA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetProcessShutdownParameters
SetThreadPriority
GetCurrentThread
SetEvent
CreateEventA
lstrcatA
lstrcmpA
lstrlenA
SetLastError
GetComputerNameA
DeleteFileA
GetExitCodeProcess
CreateProcessA
lstrcpynA
GetCurrentProcess
SetProcessWorkingSetSize
SetPriorityClass
LocalAlloc
InterlockedExchange
RaiseException
GetCurrentThreadId

user32

RegisterHotKey
SetParent
FindWindowExA
SetFocus
RegisterClassA
PostQuitMessage
ValidateRect
GetClassNameA
ReplyMessage
CopyImage
UnhookWindowsHookEx
DrawIcon
SetWindowsHookExA
CallNextHookEx
wsprintfA
RedrawWindow
GetKeyState
IntersectRect
EqualRect
IsIconic
GetWindowRgn
TranslateMessage
DefWindowProcA
DrawIconEx
LoadMenuA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuStringA
ModifyMenuA
TrackPopupMenu
LoadIconA
FillRect
ScreenToClient
SetWindowPos
PtInRect
LoadCursorA
EnumChildWindows
SetForegroundWindow
BeginPaint
EndPaint
GetWindowPlacement
SetWindowPlacement
GetForegroundWindow
FindWindowA
RegisterWindowMessageA
SystemParametersInfoA
PostMessageA
IsWindow
CreateWindowExA
GetMessageA
DispatchMessageA
DestroyWindow
DrawEdge
WindowFromDC
DrawCaption
UpdateWindow
GetClassInfoExA
RegisterClassExA
GetWindowDC
GetDesktopWindow
GetSystemMetrics
SetMenuDefaultItem
EnableWindow
SetLayeredWindowAttributes
DrawTextA
GetSysColor
KillTimer
SetWindowTextA
SetPropA
MessageBoxA
SetTimer
InvalidateRect
LoadImageA
GetDlgItem
SetCapture
SetCursor
GetCursorPos
WindowFromPoint
GetParent
GetWindowRect
GetWindowTextA
ReleaseCapture
CallWindowProcA
RemovePropA
UpdateLayeredWindow
GetPropA
SetWindowRgn
SendMessageA
GetWindowLongA
IsWindowVisible
ShowWindow
MoveWindow
SetWindowLongA
GetMonitorInfoA
MonitorFromWindow
GetClientRect
ClientToScreen
GetDC
ReleaseDC

gdi32

SetBkColor
DeleteDC
CreateCompatibleDC
StretchBlt
SetStretchBltMode
Pie
SetDCBrushColor
SetDCPenColor
GdiFlush
CreateFontA
CreateCompatibleBitmap
LineTo
MoveToEx
CreateSolidBrush
SelectClipRgn
RoundRect
CreateDIBSection
Ellipse
ExtTextOutA
CombineRgn
SetROP2
GetROP2
OffsetRgn
SetRectRgn
RealizePalette
SelectPalette
UpdateColors
SelectObject
Rectangle
DeleteObject
GetObjectA
GetPixel
SetPixel
BitBlt
SetBkMode
SetTextColor
FillRgn
GetStockObject
CreateRectRgn
GetObjectType
CreatePen
GetDeviceCaps

advapi32

GetSidIdentifierAuthority
RegQueryValueExA
RegDeleteKeyA
IsValidSid
RegCloseKey
GetSidSubAuthorityCount
GetSidSubAuthority
LookupAccountNameA
RegDeleteValueA
RegSetValueExA
RegCreateKeyA

shell32

SHAppBarMessage
Shell_NotifyIconA
SHGetFileInfoA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_GetIconSize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcp60

??0bad_alloc@std@@QAE@PBD@Z
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

.text
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 396KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11019af102ba492d889f481394eb456c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

d3d9

d3dx9_25

winmm

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 3KB

cf59ec61a977c0dc219019890726b5d1

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7eCertificate

Extended Key Usages

Key Usages

61:05:87:58:00:03:00:00:00:5aCertificate

Extended Key Usages

Key Usages

a9:a7:5e:d0:8d:8a:3c:30:1f:ef:76:a0:e8:09:ff:d4:64:64:4e:efSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

gdi32

advapi32

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.data Size: 98KB - Virtual size: 193KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 63KB - Virtual size: 63KB

780f5e846363fed64bb83ccd9546216a

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

21:d2:bdCertificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

advapi32

msvcrt

Exports

Exports

Sections

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 3KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

61:05:87:58:00:03:00:00:00:5a
Certificate

a9:a7:5e:d0:8d:8a:3c:30:1f:ef:76:a0:e8:09:ff:d4:64:64:4e:ef
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 98KB - Virtual size: 193KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 63KB - Virtual size: 63KB

01
Certificate

0a
Certificate

21:d2:bd
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

.text
Size: 76KB - Virtual size: 72KB

.sdata
Size: 4KB - Virtual size: 36B

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 178KB - Virtual size: 178KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 8KB - Virtual size: 52KB

.pdata
Size: 7KB - Virtual size: 7KB

.sdata
Size: 512B - Virtual size: 52B

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 880B

.rsrc
Size: 149KB - Virtual size: 376KB

.rsrc
Size: 149KB - Virtual size: 376KB

01
Certificate

0a
Certificate