4a4527ee70dbfa3caeb513754fd7b373_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a4527ee70dbfa3caeb513754fd7b373_JaffaCakes118
Size

1.3MB
MD5

4a4527ee70dbfa3caeb513754fd7b373
SHA1

694a627b59f19d60c68adc83b8336f569422cfb0
SHA256

2e791910de34520b4468f544192b9eeb65b800a9fb65c869fd838f2aa2092b18
SHA512

bc601dd19b46dce3498fe4314a9c22712798a63fd523854c33bc9d7e34208121d11b57d0581ff68caa71098b9d99c295925548455deee5631bfb4e9979de2a3d
SSDEEP

24576:NdDoGQOPIQKonM22THMUHFzroWREPxsoAA93h03AILES4bqlshD9c9iCUIM9DTej:N+FOwQKonMTHpHFzr1KPxjbILEpqlsQL

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
4a4527ee70dbfa3caeb513754fd7b373_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/jscript.dll
unpack001/msscript.ocx
unpack001/msvcp60.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

4a4527ee70dbfa3caeb513754fd7b373_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$0
.dll regsvr32 windows:4 windows x86 arch:x86

21ab8754401127563b4a3dad95a4b7ba

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

20:ee:ba:90:0d:2c:38:ac:1b:13:3b:27:1b:ef:61:08
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/02/2007, 00:00

Not After

01/02/2008, 23:59

Subject

CN=Beijing Baofeng Inc.,O=Beijing Baofeng Inc.,POSTALCODE=100000,STREET=Haidian District+STREET=No.18\,Rd.Zhongguancun+STREET=Room 1911\,Floor 16\,Building Caizhi Guoji #C,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

43:0d:93:4d:d2:ce:6e:85:46:cb:5d:13:ef:b1:3a:e4:57:eb:bd:e6
Signer

Actual PE Digest

43:0d:93:4d:d2:ce:6e:85:46:cb:5d:13:ef:b1:3a:e4:57:eb:bd:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalUnlock
GlobalLock
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
IsDBCSLeadByte
lstrcmpiA
lstrcpyA
lstrcatA
DeleteCriticalSection
HeapDestroy
WideCharToMultiByte
GetModuleFileNameA
lstrlenW
GetModuleHandleA
lstrlenA
MultiByteToWideChar
GetShortPathNameA
lstrcpynA

user32

CharNextA

advapi32

RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegQueryInfoKeyA

shell32

DragQueryFileA
ShellExecuteA

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr
SysAllocString
RegisterTypeLi
SysFreeString
LoadTypeLi

msvcrt

realloc
malloc
??2@YAPAXI@Z
_purecall
_mbsrchr
_onexit
__dllonexit
_adjust_fdiv
_initterm
??3@YAXPAX@Z
free

shlwapi

SHGetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
Media2.dll
.dll regsvr32 windows:4 windows x86 arch:x86

14341401d767796903bc5a04036a5c0a

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

20:ee:ba:90:0d:2c:38:ac:1b:13:3b:27:1b:ef:61:08
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/02/2007, 00:00

Not After

01/02/2008, 23:59

Subject

CN=Beijing Baofeng Inc.,O=Beijing Baofeng Inc.,POSTALCODE=100000,STREET=Haidian District+STREET=No.18\,Rd.Zhongguancun+STREET=Room 1911\,Floor 16\,Building Caizhi Guoji #C,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

80:e3:f9:ee:12:c0:83:ee:41:49:bb:c5:b0:9d:61:68:4a:fc:28:1a
Signer

Actual PE Digest

80:e3:f9:ee:12:c0:83:ee:41:49:bb:c5:b0:9d:61:68:4a:fc:28:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
CompareStringA
lstrlenA
InitializeCriticalSection
CreateEventA
LeaveCriticalSection
lstrcmpiA
EnterCriticalSection
InterlockedDecrement
MultiByteToWideChar
InterlockedIncrement
GetPrivateProfileStringA
CloseHandle
DeleteCriticalSection
FindClose
GetSystemTime
FindNextFileA
DeleteFileA
FindFirstFileA
WritePrivateProfileStringA
Sleep
CopyFileA
WaitForSingleObject
MoveFileA
GetTempFileNameA
GetTempPathA
SetEvent
ResetEvent
SleepEx
SetThreadPriority
TerminateThread
SuspendThread
GetModuleHandleA
GetTickCount
GetLastError
WriteFile
CreateFileA
WideCharToMultiByte
lstrcpyA
GetStdHandle
SetHandleCount
FlushFileBuffers
SetFilePointer
InterlockedExchange
LocalFree
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetCurrentProcess
TerminateProcess
GetProcAddress
IsValidCodePage
IsValidLocale
SetEndOfFile
LoadLibraryA
ReadFile
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
GetStartupInfoA
HeapFree
RtlUnwind
GetFileAttributesA
GetTimeZoneInformation
GetLocalTime
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
CreateDirectoryA
RaiseException
GetCommandLineA
GetVersion
HeapAlloc
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
ExitProcess
TlsAlloc
TlsFree
SetLastError
GetFileType

user32

PeekMessageA
SetRect
RegisterWindowMessageA
PostThreadMessageA
GetMessageA

ole32

CoInitialize
CLSIDFromProgID
OleRun
CoCreateInstance
CLSIDFromString
CoUninitialize

oleaut32

SysStringByteLen
VariantClear
SysStringLen
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
GetErrorInfo

wininet

InternetOpenUrlA
InternetGetConnectedState
InternetCloseHandle
InternetCrackUrlA
InternetOpenA
HttpQueryInfoA
InternetReadFile
InternetSetOptionA
InternetConnectA
InternetGetCookieA
HttpOpenRequestA
HttpSendRequestA
InternetSetFilePointer

shlwapi

PathRemoveFileSpecA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

DllRegisterServer
DllUnregisterServer
Initialize
UnInitialize

Sections

.text
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Storm.exe
.exe windows:4 windows x86 arch:x86

a31276c03517c691b980e90229027d05

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

20:ee:ba:90:0d:2c:38:ac:1b:13:3b:27:1b:ef:61:08
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/02/2007, 00:00

Not After

01/02/2008, 23:59

Subject

CN=Beijing Baofeng Inc.,O=Beijing Baofeng Inc.,POSTALCODE=100000,STREET=Haidian District+STREET=No.18\,Rd.Zhongguancun+STREET=Room 1911\,Floor 16\,Building Caizhi Guoji #C,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

72:4b:e8:97:e1:b9:cd:7e:93:e7:ce:d8:46:81:91:bb:99:1f:2b:a7
Signer

Actual PE Digest

72:4b:e8:97:e1:b9:cd:7e:93:e7:ce:d8:46:81:91:bb:99:1f:2b:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashA
PathFileExistsA
StrStrA
PathRemoveFileSpecA
PathIsURLA
StrTrimA
SHDeleteKeyA
StrStrIA
StrChrA
PathFindExtensionA
PathFindFileNameA
SHGetValueA
SHDeleteValueA
SHSetValueA
StrRChrA
StrNCatA
PathRemoveBackslashA
StrFormatByteSize64A

msimg32

GradientFill
AlphaBlend

wininet

InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetCreateUrlA
HttpQueryInfoA
InternetQueryOptionA
InternetReadFile
InternetSetCookieA
InternetGetCookieA
InternetCrackUrlA

mfc42

ord793
ord2362
ord4694
ord2642
ord5148
ord2122
ord556
ord2864
ord6111
ord4284
ord3317
ord3499
ord4224
ord6877
ord3874
ord4476
ord4278
ord1979
ord6385
ord665
ord5186
ord354
ord2452
ord3742
ord818
ord1270
ord1232
ord2299
ord5981
ord3610
ord656
ord2297
ord2363
ord6197
ord6380
ord1768
ord3721
ord795
ord6453
ord6880
ord2086
ord283
ord4496
ord3631
ord683
ord6907
ord6007
ord3998
ord2080
ord1200
ord3226
ord3301
ord3286
ord2614
ord500
ord772
ord5860
ord3986
ord6142
ord2938
ord861
ord2298
ord6646
ord3019
ord2516
ord361
ord2513
ord293
ord1816
ord2645
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord4299
ord3803
ord1834
ord4750
ord5016
ord4375
ord4852
ord355
ord4229
ord5232
ord1180
ord1176
ord1568
ord5268
ord4834
ord4608
ord4716
ord4607
ord790
ord5067
ord2859
ord6569
ord6876
ord5601
ord5651
ord3127
ord3616
ord920
ord3810
ord350
ord1105
ord3093
ord6215
ord2135
ord1949
ord3005
ord4220
ord2584
ord3654
ord1644
ord2438
ord6270
ord668
ord3178
ord4058
ord2781
ord2770
ord356
ord2863
ord809
ord2405
ord1088
ord6178
ord6358
ord1601
ord6170
ord4034
ord4202
ord5788
ord2152
ord1233
ord3797
ord2448
ord5834
ord2044
ord2567
ord2919
ord6378
ord926
ord398
ord913
ord3439
ord700
ord3452
ord4189
ord940
ord4123
ord6379
ord802
ord542
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord4622
ord3738
ord815
ord561
ord804
ord2621
ord6438
ord1134
ord1223
ord1206
ord2725
ord5715
ord5289
ord3706
ord2089
ord4809
ord2582
ord4402
ord3640
ord693
ord4243
ord6762
ord2587
ord4406
ord3394
ord3729
ord6785
ord2754
ord3089
ord6605
ord801
ord541
ord2639
ord5861
ord5606
ord613
ord289
ord1570
ord1197
ord955
ord4133
ord4297
ord472
ord6883
ord2071
ord3185
ord2515
ord3181
ord3287
ord2566
ord2116
ord1929
ord6779
ord3903
ord2358
ord616
ord3582
ord4398
ord2578
ord4218
ord2023
ord2411
ord3719
ord3716
ord3303
ord4000
ord3914
ord2379
ord3297
ord6008
ord2096
ord1168
ord2860
ord1146
ord2862
ord384
ord810
ord686
ord3733
ord3398
ord4271
ord609
ord3574
ord3402
ord4396
ord2575
ord539
ord5683
ord5710
ord2301
ord3619
ord6394
ord6383
ord5440
ord5450
ord2107
ord2763
ord4129
ord858
ord923
ord6927
ord939
ord2915
ord5572
ord2764
ord6929
ord535
ord823
ord2841
ord537
ord941
ord924
ord922
ord3092
ord6199
ord4376
ord4710
ord6334
ord4234
ord2302
ord2370
ord324
ord860
ord641
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4998
ord4853
ord5265
ord470
ord540
ord2818
ord5875
ord800
ord755
ord5785
ord3663
ord323
ord1640
ord6194
ord1641
ord2414
ord640
ord3626
ord3573
ord3571
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord4275
ord765
ord825
ord567
ord3698
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord4635
ord1576

msvcrt

_endthreadex
_CxxThrowException
calloc
fseek
ftell
fread
strstr
wcstok
wcslen
iswdigit
_makepath
strncpy
fgets
_strdate
_strtime
_mbsstr
_except_handler3
exit
_access
malloc
_stricmp
rand
time
srand
_mbsicoll
_beginthreadex
_mbstok
_splitpath
toupper
_ltoa
strtok
_strdup
free
fopen
fclose
fwrite
fputc
vsprintf
_mbsnbicmp
_itoa
_mbsnbcpy
wcscmp
atof
atoi
sscanf
_mbsrchr
strrchr
atol
_purecall
_mbsicmp
memmove
_snprintf
_ftol
__CxxFrameHandler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_mbscmp
_wcsicmp
_setmbcp
_controlfp

kernel32

SetSystemPowerState
GetFileAttributesA
SetFileAttributesA
GetTempPathA
GetTempFileNameA
CreateFileA
WriteFile
CloseHandle
DeleteFileA
WideCharToMultiByte
GetProcAddress
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrcatA
GetVersionExA
GetCurrentThreadId
GetLastError
GlobalAddAtomA
GetDriveTypeA
GetVolumeInformationA
GetCurrentProcess
GlobalFree
GetModuleFileNameA
lstrlenA
lstrcpyA
MulDiv
InterlockedDecrement
LoadLibraryA
FreeLibrary
MultiByteToWideChar
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
LocalFree
lstrcmpiA
Sleep
GetLocaleInfoA
FlushInstructionCache
SetUnhandledExceptionFilter
SetFilePointer
VirtualQuery
IsBadWritePtr
GetFileSize
LockResource
SizeofResource
LoadResource
FindResourceA
ExitProcess
lstrcmpA
CopyFileA
MoveFileA
GetFullPathNameA
SetFileTime
SystemTimeToFileTime
CreateEventA
SetEvent
GetStartupInfoA
CreateDirectoryA
lstrcpynA
FindClose
FindFirstFileA
ReadFile
CreateProcessA
SetEnvironmentVariableA
GetEnvironmentVariableA
FindNextFileA
GetModuleHandleA
FormatMessageA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GlobalUnlock
GlobalLock
GetLocalTime
SetThreadExecutionState
GetShortPathNameA
GetWindowsDirectoryA
GetTickCount
GetVersion
VirtualFree
SetPriorityClass
GetCommandLineA
CreateMutexA
GetCurrentProcessId
SetThreadPriority
GetThreadPriority
GetCurrentThread
WaitForSingleObject
TerminateProcess
OpenProcess
MoveFileExA
HeapDestroy
SetLastError
VirtualProtect
FlushFileBuffers
GetSystemTime
FileTimeToSystemTime
InterlockedExchange
GlobalAlloc
InterlockedIncrement

user32

GetParent
SetRectEmpty
GetMessageA
GetAsyncKeyState
CopyIcon
DestroyCursor
GetMessagePos
RemoveMenu
CheckMenuRadioItem
AppendMenuA
PostThreadMessageA
SetDlgItemTextA
PostMessageA
WaitForInputIdle
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
ShowCursor
ExitWindowsEx
CallNextHookEx
GetFocus
IsWindowEnabled
SetWindowsHookExA
UnhookWindowsHookEx
PostQuitMessage
SetFocus
LoadMenuA
UnregisterHotKey
RegisterHotKey
GetSystemMetrics
SetWindowPos
IsIconic
wvsprintfA
FrameRect
IsWindow
GetWindowRect
MoveWindow
ShowWindow
SetTimer
GetUpdateRect
IsRectEmpty
GetClassInfoA
DefWindowProcA
LoadCursorA
GetDC
ReleaseDC
InvalidateRect
GetActiveWindow
GetDlgItem
LoadBitmapA
LoadIconA
GetMenuStringA
SetMenuItemInfoA
TranslateAcceleratorA
CreateAcceleratorTableA
DestroyAcceleratorTable
TranslateMessage
DispatchMessageA
PeekMessageA
EnableWindow
GrayStringA
DrawTextA
TabbedTextOutA
GetClientRect
SetRect
FillRect
SendMessageA
GetSysColor
DestroyWindow
ModifyMenuA
GetMenuItemInfoA
EnableMenuItem
CheckMenuItem
SendMessageTimeoutA
CharNextA
BeginPaint
EndPaint
ReplyMessage
CreateDialogParamA
EndDialog
SetWindowTextA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetDesktopWindow
BringWindowToTop
InvalidateRgn
IsWindowVisible
MessageBoxA
SetParent
GetMenuItemID
CreatePopupMenu
GetMenuItemCount
ShowOwnedPopups
GetWindowRgn
KillTimer
SetCapture
GetCapture
ReleaseCapture
SetCursor
ClientToScreen
IsZoomed
SystemParametersInfoA
SetWindowRgn
ScreenToClient
UpdateWindow
SetClassLongA
DrawEdge
wsprintfA
CallWindowProcA
SetWindowLongA
CopyRect
OffsetRect
PtInRect
IntersectRect
DrawFocusRect
CopyImage
TrackPopupMenuEx
GetCursorPos
WindowFromPoint
InflateRect
GetSubMenu

gdi32

DeleteDC
CreateFontIndirectA
DeleteObject
SetBkColor
GetDeviceCaps
GetStockObject
GetObjectA
CombineRgn
GetPixel
CreateRectRgn
SetBitmapBits
GetBitmapBits
SetPixel
PtInRegion
CreateRectRgnIndirect
GetTextExtentPoint32A
EqualRgn
SetBkMode
CreateDIBitmap
OffsetRgn
SetRectRgn
GetRgnBox
GetBkColor
LPtoDP
Rectangle
GetDIBits
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
StretchBlt
SetTextColor
SelectObject
DPtoLP
CreateBitmap
GetMapMode
BitBlt

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

advapi32

OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

SHChangeNotify
SHBrowseForFolderA
DragQueryFileA
ShellExecuteA
CommandLineToArgvW
SHGetSpecialFolderPathA
SHGetFolderPathA
SHGetMalloc
SHGetPathFromIDListA

comctl32

ImageList_GetImageCount
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_AddMasked
_TrackMouseEvent

ole32

CoRevokeClassObject
CoRegisterClassObject
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoCreateInstance
CoGetMalloc
StringFromIID
CLSIDFromProgID
OleRun
CLSIDFromString

oleaut32

SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VariantChangeType
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
VariantCopy
DispGetParam
VariantInit
VariantClear
SysAllocString
SysAllocStringLen
LoadRegTypeLi
SysStringLen
SysFreeString
GetErrorInfo

wsock32

recv
htons
connect
WSAGetLastError
select
__WSAFDIsSet
send
inet_ntoa
socket
closesocket
WSACleanup
WSAStartup
gethostbyname
ioctlsocket

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 864KB - Virtual size: 862KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 480KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
StormRes.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2b38829d0b5cc8c940f842c951793397

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

20:ee:ba:90:0d:2c:38:ac:1b:13:3b:27:1b:ef:61:08
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/02/2007, 00:00

Not After

01/02/2008, 23:59

Subject

CN=Beijing Baofeng Inc.,O=Beijing Baofeng Inc.,POSTALCODE=100000,STREET=Haidian District+STREET=No.18\,Rd.Zhongguancun+STREET=Room 1911\,Floor 16\,Building Caizhi Guoji #C,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:67:8a:d1:a5:d9:48:b7:68:af:1f:83:b5:e7:41:0b:02:ab:2e:f3
Signer

Actual PE Digest

bd:67:8a:d1:a5:d9:48:b7:68:af:1f:83:b5:e7:41:0b:02:ab:2e:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
CloseHandle
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
SetFilePointer
HeapAlloc
GetCPInfo
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
SetStdHandle
RtlUnwind
GetStringTypeA
GetStringTypeW
FlushFileBuffers

advapi32

RegOpenKeyA
RegCloseKey
RegEnumKeyA

shell32

SHChangeNotify

shlwapi

SHGetValueA
SHSetValueA

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 572KB - Virtual size: 571KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jscript.dll
.dll regsvr32 windows:5 windows x86 arch:x86

830f4ab43a868cc35d7be2d79283a6ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

jscript.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegCreateKeyA
RegOpenKeyExA
RegOpenKeyA
RegDeleteKeyA
RegSetValueA
RegSetValueExA

kernel32

GetTimeFormatA
GetDateFormatW
GetDateFormatA
GetLocaleInfoW
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
SetLastError
GetSystemTime
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
WideCharToMultiByte
GetVersionExA
LoadLibraryA
FreeLibrary
Sleep
GetModuleFileNameA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
SizeofResource
FreeResource
TlsFree
TlsAlloc
GetTimeFormatW
GetSystemInfo
VirtualQuery
InterlockedExchange
TlsSetValue
IsBadReadPtr
IsBadStringPtrW
GetACP
GetSystemDefaultLCID
GetLocaleInfoA
IsValidCodePage
IsValidLocale
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetUserDefaultLCID
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
GetProcAddress
GetComputerNameA
MultiByteToWideChar
TlsGetValue
GetNumberFormatA
GetNumberFormatW
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersion

msvcrt

_tzset
malloc
memmove
free
_wcsdup
wcslen
_wcsicmp
??3@YAXPAX@Z
??2@YAPAXI@Z
_except_handler3
_onexit
__dllonexit
_adjust_fdiv
_initterm
_CIpow
_isnan
_ftime
fmod
atan2
pow
tan
sqrt
sin
log
exp
cos
atan
asin
acos
qsort
bsearch
wcscat
_ismbblead
_wcslwr
isalpha
isdigit
_wasctime
ceil
realloc
localtime
floor
_CIfmod
iswxdigit
swscanf
isalnum
wcsstr
wcscspn
sprintf
_abnormal_termination
longjmp
wcscpy
_setjmp3
_wcsnicmp
atoi
wcsncmp
wcsncpy
strrchr
_ltow
wcschr
strtoul
wcscmp
swprintf
_vsnwprintf
_purecall
_clearfp
_control87
_ftol
_ultow
towlower

ole32

CoGetClassObject
CLSIDFromProgID
CreateBindCtx
MkParseDisplayName
BindMoniker
CLSIDFromString
StringFromCLSID
CoTaskMemFree
CoCreateInstance

oleaut32

SysAllocStringLen
SysFreeString
GetActiveObject
SysStringLen
VariantCopy
SafeArrayDestroy
SysAllocString
SafeArrayCreate
SafeArrayRedim
CreateTypeLi
VariantInit
VariantCopyInd
VariantClear
SysStringByteLen
SysAllocStringByteLen
GetErrorInfo
CreateTypeLib2
LoadTypeLibEx
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
VariantChangeTypeEx
LoadTypeLi
LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 372KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mee.db
mps.dll
.dll regsvr32 windows:4 windows x86 arch:x86

75e6e7f7c89189fd2a59daa5c1cf8d1b

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

20:ee:ba:90:0d:2c:38:ac:1b:13:3b:27:1b:ef:61:08
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/02/2007, 00:00

Not After

01/02/2008, 23:59

Subject

CN=Beijing Baofeng Inc.,O=Beijing Baofeng Inc.,POSTALCODE=100000,STREET=Haidian District+STREET=No.18\,Rd.Zhongguancun+STREET=Room 1911\,Floor 16\,Building Caizhi Guoji #C,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

63:fb:15:dc:5f:df:6a:4b:3a:be:12:38:62:a7:0d:91:b4:32:50:57
Signer

Actual PE Digest

63:fb:15:dc:5f:df:6a:4b:3a:be:12:38:62:a7:0d:91:b4:32:50:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CreateDataAdviseHolder
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
OleSaveToStream
CoUninitialize
OleLoadFromStream
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromProgID
OleRun
CreateStreamOnHGlobal
CoInitialize
WriteClassStm
CoFreeLibrary
CLSIDFromString
StringFromCLSID
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoLoadLibrary

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

_TrackMouseEvent

wininet

InternetCrackUrlA
RetrieveUrlCacheEntryFileA

ws2_32

WSACleanup
gethostbyname
htons
closesocket
select
connect
WSAStartup
bind
ioctlsocket
socket
send
recv
getsockname
htonl
sendto
__WSAFDIsSet
recvfrom
ntohl
ntohs
setsockopt
WSAGetLastError

shlwapi

PathRemoveFileSpecA
PathFileExistsA
StrCmpNIW
PathRemoveBackslashA
PathCreateFromUrlA
PathIsURLA
PathFindExtensionW
StrRChrW
PathFindFileNameA
PathFindExtensionA
UrlIsA
PathCanonicalizeA
PathAddBackslashA
StrRChrA
StrTrimA
StrChrA
StrToIntA
StrCmpNA
PathRemoveExtensionA
PathIsRelativeA
StrRStrIA
StrCmpNIA
PathGetDriveNumberA
SHGetValueA
PathAppendA
StrStrA
StrCpyW
StrDupA
StrStrW
StrStrIA

kernel32

GetLocalTime
GlobalFree
GlobalUnlock
FreeResource
LockResource
GlobalLock
GlobalAlloc
LoadResource
SizeofResource
FindResourceA
ReadFile
CloseHandle
GetFileSize
CreateFileA
MulDiv
FreeLibrary
lstrcatA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
InterlockedDecrement
MultiByteToWideChar
lstrlenA
InterlockedIncrement
FlushInstructionCache
VirtualProtect
GetCurrentProcess
GetModuleHandleA
WideCharToMultiByte
WinExec
DeviceIoControl
LoadLibraryW
GetVersionExA
GetSystemDirectoryA
GetShortPathNameA
DebugBreak
OutputDebugStringA
lstrcmpiA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetTickCount
SetEndOfFile
WriteFile
SetFilePointer
GetFileAttributesA
FindClose
FindFirstFileA
lstrcpynA
lstrlenW
lstrcpyA
lstrcmpA
FindNextFileA
DeleteFileA
GetLastError
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTempFileNameA
GetTempPathA
GetDriveTypeA
WaitForSingleObject
GetCommandLineA
GlobalMemoryStatus
GetWindowsDirectoryA
CreateEventA
LocalAlloc
LocalFree
SetEvent
GetCurrentThreadId
LoadLibraryExA
IsDBCSLeadByte
HeapDestroy
DisableThreadLibraryCalls
SetFileTime
VirtualAlloc
VirtualFree
GetExitCodeProcess
CreateProcessA
Sleep
TerminateThread
CreateThread
WritePrivateProfileStringA
SetProcessWorkingSetSize
CreateDirectoryA
CreateMutexA
ReleaseMutex
SystemTimeToFileTime
GetCurrentDirectoryA
LocalFileTimeToFileTime
ResetEvent
SetLastError

user32

GetParent
GetWindowRect
GetDesktopWindow
SetWindowPos
SetTimer
GetDC
ShowWindow
KillTimer
LoadBitmapA
MoveWindow
InvalidateRect
OffsetRect
CallWindowProcA
GetWindowLongA
SetWindowLongA
LoadCursorA
SetCursor
GetClientRect
FillRect
ClientToScreen
ScreenToClient
DefWindowProcA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
PostMessageA
PostThreadMessageA
RegisterWindowMessageA
LoadStringA
wsprintfA
CharNextA
wvsprintfA
DdeCreateStringHandleA
DdeCreateStringHandleW
GetWindowDC
ReleaseDC
DrawTextA
GetCursorPos
RegisterClassExA
GetClassInfoExA
ReleaseCapture
PtInRect
DestroyMenu
TrackPopupMenu
RemoveMenu
CheckMenuItem
GetSubMenu
LoadMenuA
GetSystemMetrics
GetMenuItemCount
CreateWindowExA
EndPaint
BeginPaint
DestroyWindow
IsChild
GetFocus
IsWindow
SetFocus
GetKeyState
UnionRect
SetWindowRgn
EqualRect
GetTopWindow
CopyRect
SetParent
TrackMouseEvent
SystemParametersInfoA
SetPropA
AnimateWindow
SetForegroundWindow
GetPropA
RemovePropA
PostQuitMessage
SendMessageA
IntersectRect
UpdateWindow
InvalidateRgn
SetCapture
RegisterClassA
IsWindowVisible
IsRectEmpty
SetRect
SetRectEmpty

gdi32

StretchDIBits
CreatePen
RoundRect
GetTextMetricsA
GetTextExtentPoint32A
SetTextAlign
CreateDIBSection
LineTo
MoveToEx
ExtTextOutA
GetTextColor
CreateBitmap
SetBkColor
StretchBlt
GetRgnBox
CreateRectRgn
OffsetRgn
GetObjectA
GetPixel
CombineRgn
CreateMetaFileA
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
SaveDC
SetWindowOrgEx
SetViewportOrgEx
RestoreDC
CreateDCA
CreateFontA
Rectangle
CreateFontIndirectA
SetTextColor
SetBkMode
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateSolidBrush
BitBlt
DeleteObject
DeleteDC
GetMapMode
SetMapMode
LPtoDP
GetDeviceCaps
DPtoLP
PtInRegion

advapi32

RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExA

oleaut32

OleLoadPicture
SysFreeString
SysAllocString
SysStringLen
GetErrorInfo
SysAllocStringLen
OleCreatePropertyFrame
SysStringByteLen
SysAllocStringByteLen
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
LoadRegTypeLi
VariantChangeType
VariantInit
VariantCopy
VariantClear

msdmo

DMOEnum

psapi

GetModuleFileNameExA
EnumProcessModules

urlmon

URLDownloadToCacheFileA

msvcrt

strchr
_mbsnbcpy
strstr
strtol
strncpy
_beginthreadex
realloc
calloc
fread
ftell
fseek
localtime
time
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
memcpy
??0exception@@QAE@ABQBD@Z
_splitpath
strspn
strcspn
longjmp
_iob
_setjmp3
exit
getenv
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_wcsnicmp
_strnicmp
_mbsrchr
_mbscmp
malloc
_except_handler3
sscanf
_ftol
fgets
strrchr
_mbsupr
__RTDynamicCast
sprintf
_fullpath
free
_strdup
_CxxThrowException
fopen
fprintf
fclose
_snprintf
_purecall
_mbsstr
memmove
atoi
_ismbcdigit
wcslen
wcscpy
__CxxFrameHandler
_stricmp

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Xlen@std@@YAXXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??_7out_of_range@std@@6B@
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z

msimg32

AlphaBlend
TransparentBlt

shell32

SHGetFolderPathA

Exports

Exports

CreateSTComponent
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetCLSIDs

Sections

.text
Size: 464KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msscript.ocx
.dll regsvr32 windows:5 windows x86 arch:x86

3793b90a92464f525c430a6b5fdf224f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msscript.pdb

Imports

msvcrt

??1type_info@@UAE@XZ
?terminate@@YAXXZ
_beginthreadex
wcslen
_purecall
__CxxFrameHandler
_wcsicmp
_vsnprintf
_onexit
__dllonexit
_adjust_fdiv
malloc
_initterm
free
_except_handler3

oleaut32

VariantCopyInd
SetErrorInfo
CreateErrorInfo
SysFreeString
SysAllocStringLen
SysStringLen
OleCreatePropertyFrame
LoadRegTypeLi
VariantChangeType
LoadTypeLibEx
UnRegisterTypeLi
LoadTypeLi
RegisterTypeLi
SysAllocString
VariantChangeTypeEx
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
LHashValOfNameSys

ole32

CoCreateInstance
CLSIDFromProgID
CoTaskMemAlloc
CreateOleAdviseHolder
CoTaskMemFree

advapi32

RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA

kernel32

lstrlenW
HeapFree
HeapAlloc
GetVersion
GetWindowsDirectoryA
lstrcatA
lstrlenA
lstrcpynA
OpenFile
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
InterlockedIncrement
ResetEvent
WaitForSingleObject
InterlockedDecrement
TlsGetValue
GetCurrentThreadId
lstrcpyA
GetLastError
GetModuleFileNameA
LoadLibraryA
GetLocaleInfoA
HeapReAlloc
WideCharToMultiByte
GetProcessHeap
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
MultiByteToWideChar
GetTickCount
SetEvent
TlsAlloc
CloseHandle
TlsFree
TlsSetValue
CreateEventA

user32

PtInRect
GetKeyState
TranslateMessage
LoadStringA
IsWindow
EndDialog
DialogBoxParamA
DrawIcon
DrawEdge
LoadIconA
RegisterClassA
LoadCursorA
EnableWindow
GetSystemMetrics
DestroyWindow
SendMessageTimeoutA
EnumThreadWindows
PostThreadMessageA
SetWindowLongA
GetWindowLongA
CreateDialogParamA
KillTimer
DispatchMessageA
IsDialogMessageA
GetMessageA
SetTimer
UnregisterClassA
wsprintfA
ReleaseDC
GetDC
CharNextA
SetParent
DefWindowProcA
EndPaint
GetClientRect
BeginPaint
SetFocus
SendMessageA
SetWindowPos
CreateWindowExA
IsWindowVisible
GetWindowRect
ClientToScreen
GetParent
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
ShowWindow
GetActiveWindow

gdi32

SetWindowOrgEx
SetViewportExtEx
CreateRectRgnIndirect
GetDeviceCaps
SetWindowExtEx
SetMapMode
CreateDCA
GetViewportExtEx
GetWindowExtEx
LPtoDP
DeleteDC
SetViewportOrgEx

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcp60.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rndrmgr.dll
.dll windows:4 windows x86 arch:x86

bfe0f75ad9cec4e6e5ca4d0d7cdae0b4

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

20:ee:ba:90:0d:2c:38:ac:1b:13:3b:27:1b:ef:61:08
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/02/2007, 00:00

Not After

01/02/2008, 23:59

Subject

CN=Beijing Baofeng Inc.,O=Beijing Baofeng Inc.,POSTALCODE=100000,STREET=Haidian District+STREET=No.18\,Rd.Zhongguancun+STREET=Room 1911\,Floor 16\,Building Caizhi Guoji #C,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

00:1c:41:2f:3d:da:e1:5a:91:e4:bb:f6:e6:11:76:72:21:03:a9:e1
Signer

Actual PE Digest

00:1c:41:2f:3d:da:e1:5a:91:e4:bb:f6:e6:11:76:72:21:03:a9:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFindExtensionW
StrCpyW
StrCpyNW
StrCmpIW

kernel32

IsBadReadPtr
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
IsBadWritePtr
GetVersionExA
WideCharToMultiByte
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesW
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
FreeLibrary

user32

GetClientRect
GetParent
MoveWindow
GetWindow
EnableWindow

ole32

CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoFreeUnusedLibraries

oleaut32

VariantClear
SysFreeString
VariantInit

msvcrt

free
_msize
_initterm
_adjust_fdiv
_CIpow
_purecall
_ftol
??2@YAPAXI@Z
__CxxFrameHandler
malloc

Exports

Exports

CreateSTComponent
GetCLSIDs

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
score.dll
.dll windows:4 windows x86 arch:x86

f42764e0f1d86be7132a5d22053e3d12

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

20:ee:ba:90:0d:2c:38:ac:1b:13:3b:27:1b:ef:61:08
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/02/2007, 00:00

Not After

01/02/2008, 23:59

Subject

CN=Beijing Baofeng Inc.,O=Beijing Baofeng Inc.,POSTALCODE=100000,STREET=Haidian District+STREET=No.18\,Rd.Zhongguancun+STREET=Room 1911\,Floor 16\,Building Caizhi Guoji #C,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cb:4c:dd:89:35:67:e2:f9:b3:f2:fc:ca:5d:1d:96:25:86:30:64:a2
Signer

Actual PE Digest

cb:4c:dd:89:35:67:e2:f9:b3:f2:fc:ca:5d:1d:96:25:86:30:64:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalFree
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
lstrcpyA
lstrcmpiA
GetShortPathNameA
DisableThreadLibraryCalls

msvcrt

??2@YAPAXI@Z
_purecall
__CxxFrameHandler
fclose
fprintf
fopen
_CxxThrowException
_strdup
free
??1type_info@@UAE@XZ
_initterm
malloc
_adjust_fdiv

Exports

Exports

CreateSTComponent
GetCLSIDs

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sexpert.dll
.dll windows:4 windows x86 arch:x86

32ca42a72f9c45acdacdf0bf5e276b6b

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

20:ee:ba:90:0d:2c:38:ac:1b:13:3b:27:1b:ef:61:08
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/02/2007, 00:00

Not After

01/02/2008, 23:59

Subject

CN=Beijing Baofeng Inc.,O=Beijing Baofeng Inc.,POSTALCODE=100000,STREET=Haidian District+STREET=No.18\,Rd.Zhongguancun+STREET=Room 1911\,Floor 16\,Building Caizhi Guoji #C,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d4:66:8c:e2:64:13:f2:e9:d6:d4:a3:98:81:41:f5:58:7a:a9:be:33
Signer

Actual PE Digest

d4:66:8c:e2:64:13:f2:e9:d6:d4:a3:98:81:41:f5:58:7a:a9:be:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls

msvcrt

_purecall
??2@YAPAXI@Z
__CxxFrameHandler
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

CreateSTComponent
GetCLSIDs

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
spfa.dll
.dll regsvr32 windows:4 windows x86 arch:x86

21ab8754401127563b4a3dad95a4b7ba

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

20:ee:ba:90:0d:2c:38:ac:1b:13:3b:27:1b:ef:61:08
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/02/2007, 00:00

Not After

01/02/2008, 23:59

Subject

CN=Beijing Baofeng Inc.,O=Beijing Baofeng Inc.,POSTALCODE=100000,STREET=Haidian District+STREET=No.18\,Rd.Zhongguancun+STREET=Room 1911\,Floor 16\,Building Caizhi Guoji #C,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

43:0d:93:4d:d2:ce:6e:85:46:cb:5d:13:ef:b1:3a:e4:57:eb:bd:e6
Signer

Actual PE Digest

43:0d:93:4d:d2:ce:6e:85:46:cb:5d:13:ef:b1:3a:e4:57:eb:bd:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalUnlock
GlobalLock
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
IsDBCSLeadByte
lstrcmpiA
lstrcpyA
lstrcatA
DeleteCriticalSection
HeapDestroy
WideCharToMultiByte
GetModuleFileNameA
lstrlenW
GetModuleHandleA
lstrlenA
MultiByteToWideChar
GetShortPathNameA
lstrcpynA

user32

CharNextA

advapi32

RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegQueryInfoKeyA

shell32

DragQueryFileA
ShellExecuteA

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr
SysAllocString
RegisterTypeLi
SysFreeString
LoadTypeLi

msvcrt

realloc
malloc
??2@YAPAXI@Z
_purecall
_mbsrchr
_onexit
__dllonexit
_adjust_fdiv
_initterm
??3@YAXPAX@Z
free

shlwapi

SHGetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
splayers.dll
.dll windows:4 windows x86 arch:x86

ec02bfda49cfbed27a02773dfc66766d

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

20:ee:ba:90:0d:2c:38:ac:1b:13:3b:27:1b:ef:61:08
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/02/2007, 00:00

Not After

01/02/2008, 23:59

Subject

CN=Beijing Baofeng Inc.,O=Beijing Baofeng Inc.,POSTALCODE=100000,STREET=Haidian District+STREET=No.18\,Rd.Zhongguancun+STREET=Room 1911\,Floor 16\,Building Caizhi Guoji #C,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

84:c0:c7:52:48:73:9b:4e:68:f8:86:a1:8f:46:3e:94:82:7f:63:f7
Signer

Actual PE Digest

84:c0:c7:52:48:73:9b:4e:68:f8:86:a1:8f:46:3e:94:82:7f:63:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidToStringA
RpcStringFreeA

winmm

waveOutGetVolume
waveOutSetVolume

kernel32

FreeLibrary
GetACP
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiA
IsDebuggerPresent
TerminateThread
CreateFileA
GetLastError
DeviceIoControl
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenW
lstrcmpA
HeapDestroy
OutputDebugStringA
DeleteFileA
CreateThread
LockResource
SizeofResource
LoadResource
FindResourceA
GetTempPathA
TlsAlloc
DuplicateHandle
TlsGetValue
TlsSetValue
LocalAlloc
LocalFree
DisableThreadLibraryCalls
SetProcessWorkingSetSize
GetVersionExA
GetModuleHandleA
LoadLibraryA
SetLastError
IsBadReadPtr
IsBadWritePtr
GetSystemDirectoryA
CreateMutexA
ReleaseMutex
GlobalFree
lstrcpyA
GetProcAddress
GetModuleFileNameA
lstrcatA
GetCurrentProcess
VirtualProtect
FlushInstructionCache
lstrlenA
GetCurrentProcessId
WideCharToMultiByte
SetEvent
GetCurrentThreadId
WaitForSingleObject
CloseHandle
CreateEventA
InterlockedExchange
Sleep
MultiByteToWideChar
WriteFile

user32

FillRect
GetAsyncKeyState
CopyRect
SetRectEmpty
MonitorFromWindow
IsRectEmpty
EqualRect
MapWindowPoints
IsWindowVisible
GetClientRect
GetWindow
SetCursor
LoadCursorA
GetMessagePos
GetPropA
SetPropA
GetMessageTime
GetWindowRect
InvalidateRgn
SetCapture
ReleaseCapture
CreateAcceleratorTableA
GetDesktopWindow
RedrawWindow
GetParent
GetClassNameA
GetFocus
IsChild
GetCursorPos
SetClassLongA
GetClassLongA
MsgWaitForMultipleObjects
DefWindowProcA
DestroyWindow
CreateWindowExA
RegisterClassExA
PostMessageA
SetFocus
GetDC
ReleaseDC
BeginPaint
EndPaint
CallWindowProcA
GetSysColor
SetWindowTextA
SendMessageA
GetClassInfoExA
wsprintfA
GetWindowLongA
SetWindowPos
InvalidateRect
AttachThreadInput
MoveWindow
SetWindowLongA
SetTimer
KillTimer
LoadStringA
DialogBoxParamA
GetDlgItem
GetWindowTextLengthA
MessageBoxA
GetWindowTextA
EndDialog
ShowWindow
SetParent
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
IsWindow
RegisterWindowMessageA
InSendMessage
ClientToScreen
ScreenToClient
OffsetRect

gdi32

CreateCompatibleBitmap
CreateSolidBrush
GetDeviceCaps
GetObjectA
CreateDIBSection
SetTextColor
SetBkColor
RestoreDC
GetStockObject
ExcludeClipRect
SaveDC
GetRegionData
CreateRectRgn
CombineRgn
EqualRgn
DeleteObject
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
TextOutA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegQueryValueA

ole32

CreateStreamOnHGlobal
StringFromCLSID
CoTaskMemFree
OleInitialize
CoFreeUnusedLibraries
CoInitialize
CoUninitialize
CLSIDFromString
CoCreateInstance
OleUninitialize
CLSIDFromProgID
CoTaskMemAlloc
OleLockRunning

oleaut32

SysAllocStringLen
SysFreeString
VariantClear
SysStringLen
SysAllocString
SafeArrayAccessData
LoadRegTypeLi
OleCreateFontIndirect
DispGetParam
VariantInit
SafeArrayUnaccessData

shlwapi

StrCatW
StrNCatA
PathAppendA
StrTrimA
SHGetValueA
StrStrA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

msvcrt

_except_handler3
_strdup
fopen
fprintf
fclose
_ftol
_CxxThrowException
malloc
free
??2@YAPAXI@Z
_snprintf
_stricmp
__CxxFrameHandler
_purecall
_fullpath
??8type_info@@QBEHABV0@@Z
sprintf
__dllonexit
_adjust_fdiv
_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
_beginthreadex
_endthreadex
_msize
_CIpow
strstr
swscanf
atof
rand
_access
strncpy
memmove
clock

Exports

Exports

CreateSTComponent
GetCLSIDs

Sections

.text
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sprobe.dll
.dll windows:4 windows x86 arch:x86

bdb87288df1731ce2e43d1ab08115474

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

20:ee:ba:90:0d:2c:38:ac:1b:13:3b:27:1b:ef:61:08
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/02/2007, 00:00

Not After

01/02/2008, 23:59

Subject

CN=Beijing Baofeng Inc.,O=Beijing Baofeng Inc.,POSTALCODE=100000,STREET=Haidian District+STREET=No.18\,Rd.Zhongguancun+STREET=Room 1911\,Floor 16\,Building Caizhi Guoji #C,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:bd:24:c5:09:50:2f:c0:eb:64:9f:9f:b6:73:e4:7c:d3:18:1d:14
Signer

Actual PE Digest

30:bd:24:c5:09:50:2f:c0:eb:64:9f:9f:b6:73:e4:7c:d3:18:1d:14

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrcmpiA

user32

LoadStringA

oleaut32

VariantClear

msvcrt

_adjust_fdiv
malloc
_initterm
_purecall
??2@YAPAXI@Z
__CxxFrameHandler
fclose
fprintf
fopen
_CxxThrowException
_strdup
free
??1type_info@@UAE@XZ

Exports

Exports

CreateSTComponent
GetCLSIDs

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 56KB

.rsrc Size: 27KB - Virtual size: 27KB

21ab8754401127563b4a3dad95a4b7ba

Code Sign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

20:ee:ba:90:0d:2c:38:ac:1b:13:3b:27:1b:ef:61:08Certificate

Extended Key Usages

Key Usages

43:0d:93:4d:d2:ce:6e:85:46:cb:5d:13:ef:b1:3a:e4:57:eb:bd:e6Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 4KB - Virtual size: 1KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 56KB

.rsrc
Size: 27KB - Virtual size: 27KB

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

20:ee:ba:90:0d:2c:38:ac:1b:13:3b:27:1b:ef:61:08
Certificate

43:0d:93:4d:d2:ce:6e:85:46:cb:5d:13:ef:b1:3a:e4:57:eb:bd:e6
Signer

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

20:ee:ba:90:0d:2c:38:ac:1b:13:3b:27:1b:ef:61:08
Certificate

80:e3:f9:ee:12:c0:83:ee:41:49:bb:c5:b0:9d:61:68:4a:fc:28:1a
Signer

.text
Size: 204KB - Virtual size: 200KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 4KB - Virtual size: 944B

.reloc
Size: 16KB - Virtual size: 15KB

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

20:ee:ba:90:0d:2c:38:ac:1b:13:3b:27:1b:ef:61:08
Certificate

72:4b:e8:97:e1:b9:cd:7e:93:e7:ce:d8:46:81:91:bb:99:1f:2b:a7
Signer

.text
Size: 864KB - Virtual size: 862KB

.rdata
Size: 172KB - Virtual size: 171KB

.data
Size: 60KB - Virtual size: 85KB

.rsrc
Size: 480KB - Virtual size: 478KB

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

20:ee:ba:90:0d:2c:38:ac:1b:13:3b:27:1b:ef:61:08
Certificate