60c374157c753a187e4071d476a99c54_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

60c374157c753a187e4071d476a99c54_JaffaCakes118
Size

793KB
MD5

60c374157c753a187e4071d476a99c54
SHA1

6898ea047edaccee69fc614360d73792e9f84d48
SHA256

fc096c55e733a3ff75b2b2edb9f4836a02866fb1e52bb8d8d7e284654660192a
SHA512

21c58236e411e90f0f54e067f2b2fe42b1721a48084d8e247da07c86bab7da5282bcf3c456fa59cbd3edc73185240331147e7cafb67b11305b4d5d54665232c8
SSDEEP

12288:KN4brFaxyh5B8hDQmuvODzqfzU6wVd82w68URx68qd8xsn7XLlJwoCCR8B99jE9r:KaFiyfBgDTDO4/vzS8qyxsFJw1CccB

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/version.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx
static1/unpack001/$PLUGINSDIR/version.dll	upx

Unsigned PE 21 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/ButtonEvent.dll
unpack001/$PLUGINSDIR/CustomBrandingURL.dll
unpack001/$PLUGINSDIR/CustomNSISdl.dll
unpack001/$PLUGINSDIR/CustomnsWeb.dll
unpack001/$PLUGINSDIR/FloatingProgress.dll
unpack001/$PLUGINSDIR/LuaBridge.dll
unpack001/$PLUGINSDIR/LuaSocket/mime/core.dll
unpack001/$PLUGINSDIR/LuaSocket/socket/core.dll
unpack001/$PLUGINSDIR/LuaXml_lib.dll
unpack001/$PLUGINSDIR/NotifyIcon.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/custominetc.dll
unpack001/$PLUGINSDIR/lua51.dll
unpack001/$PLUGINSDIR/luacom.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsis7z.dll
unpack001/$PLUGINSDIR/nsisunz.dll
unpack001/$PLUGINSDIR/un.package.exe
unpack001/$PLUGINSDIR/version.dll
unpack002/out.upx
unpack001/out.upx

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/out.upx	nsis_installer_2

Files

60c374157c753a187e4071d476a99c54_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

29:52:9b:0d:18:5f:85:25:a9:2a:86:6d:4a:38:da:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

03-04-2010 00:00

Not After

29-05-2013 23:59

Subject

CN=Download Admin,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Download Admin,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 472KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/AdvancedTests.lua
$PLUGINSDIR/BrowserControl.lua
$PLUGINSDIR/ButtonEvent.dll
.dll windows:4 windows x86 arch:x86

0ece15e7d9bb35972aec701f46192460

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GlobalAlloc
lstrcpyA
lstrcpynA
GlobalFree

user32

PostMessageA
CallWindowProcA
GetDlgItem
FindWindowExA
SetWindowLongA
wsprintfA

Exports

Exports

AddEventHandler
Unload
UnsetEventHandler
WhichButtonId

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 503B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CustomBrandingURL.dll
.dll windows:5 windows x86 arch:x86

82f18b0f522c05f362fb12db10cdf296

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
lstrcpyA
HeapAlloc
GlobalFree

user32

GetWindowRect
SetCapture
InvalidateRect
SendMessageA
ClientToScreen
RedrawWindow
ShowWindow
SetWindowTextA
GetDlgItem
SetWindowLongA
EnableWindow
LoadImageA
SetPropA
GetWindowLongA
PtInRect
ReleaseCapture
SetCursor
GetPropA
CallWindowProcA
GetCapture

gdi32

SetTextColor
CreateFontIndirectA
GetObjectA

shell32

ShellExecuteA

Exports

Exports

Init
Set
Unload
Update

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1005B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 390B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CustomNSISdl.dll
.dll windows:5 windows x86 arch:x86

e8a575fc69c67b8f92ba9e9cb62af0bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Programming\MonotoneHome\WorkingDir\Employers\Franco\TightRope-BundleManager\Custom\Customnsisdl\Debug\CustomNSISdl.pdb

Imports

ws2_32

socket
closesocket
shutdown
recv
send
__WSAFDIsSet
select
WSAGetLastError
connect
getsockname
WSACleanup
WSAStartup
htons
ioctlsocket
inet_addr
gethostbyname

kernel32

GetProcessHeap
HeapReAlloc
HeapAlloc
CreateFileA
Sleep
WriteFile
DeleteFileA
GetTickCount
MulDiv
GlobalFree
GlobalAlloc
lstrcatA
CreateThread
lstrcpyA
lstrcmpiA
CloseHandle
WaitForSingleObject
lstrcpynA
lstrlenA

user32

RegisterWindowMessageA
wvsprintfA
FindWindowExA
GetDlgItem
GetFocus
IsWindowVisible
ShowWindow
GetClientRect
GetWindowRect
CreateWindowExA
GetWindowLongA
EnableWindow
DestroyWindow
wsprintfA
SendMessageA
SetWindowTextA
SetDlgItemTextA
CharPrevA
SetWindowLongA
CallWindowProcA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Exports

Exports

download
download_cancel
download_embedded
download_quiet
download_reset

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CustomnsWeb.dll
.dll windows:5 windows x86 arch:x86

199dbccca3cc8b8a2cf04186d02f4abf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Programming\MonotoneHome\BM-Experimental\Employers\Franco\TightRope-BundleManager\Custom\Nsweb\Debug\nsWeb.pdb

Imports

wininet

InternetAttemptConnect

urlmon

CreateURLMoniker

kernel32

HeapAlloc
HeapReAlloc
lstrcpynA
lstrcpyA
MultiByteToWideChar
GlobalFree
GlobalAlloc
HeapFree
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryA

user32

DestroyWindow
DispatchMessageA
TranslateMessage
IsDialogMessageA
GetMessageA
UpdateWindow
ShowWindow
MoveWindow
MapWindowPoints
GetWindowRect
SendMessageA
CreateDialogParamA
GetDlgItem
wsprintfA
wvsprintfA
PostMessageA
GetClientRect
GetWindowLongA
SetWindowLongA
CallWindowProcA

ole32

OleCreate
OleSetContainedObject
CreateFileMoniker
GetRunningObjectTable
OleUninitialize
OleInitialize

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString
SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreate
SysAllocStringLen

Exports

Exports

CreateNestedBrowser
CreateNestedBrowserTagged
GetNestedIDispatch
IsInet
OleInit
ReleaseNestedIDispatch
SetExternalObject
ShowHTMLInPage
ShowWebInPage
ShowWebInPopUp

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Events.lua
$PLUGINSDIR/FloatingProgress.dll
.dll windows:5 windows x86 arch:x86

e4805ec4a9c843425a804b4b0ef6221e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
SetEvent
CreateEventA
CreateThread
lstrcpynA
GlobalAlloc
GlobalFree
lstrcpyA

user32

CallWindowProcA
DispatchMessageA
ShowWindow
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
EndDialog
GetDlgItem
LoadCursorA
CreateWindowExA
GetWindowLongA
SetWindowLongA
SetPropA
TranslateMessage
SendMessageA
LoadIconA
LoadStringA
GetPropA
PostQuitMessage
RegisterClassExA
GetWindowRect
GetMessageA
SetCursor
DestroyWindow
wsprintfA
DialogBoxParamA
TranslateAcceleratorA

shell32

ShellExecuteA

Exports

Exports

hideFloatingProgress
hideTrusteVisuals
setTrusteUrl
showFloatingProgress
wasCancelled

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/GuiInit.lua
.js
$PLUGINSDIR/IntegratedOffer-Pickle.html
.html .js polyglot
$PLUGINSDIR/IntegratedOffer.lua
$PLUGINSDIR/LuaBridge.dll
.dll windows:5 windows x86 arch:x86

4682694a7b56ff53baef1a0f1a91f5b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Programming\GitHome\master\Employers\Franco\TightRope-BundleManager\Custom\LuaBridge\Release\LuaBridge.pdb

Imports

lua51

luaL_loadfile
luaL_loadstring
lua_pcall
lua_settop
lua_close
luaL_newstate
luaL_openlibs
luaL_openlib
lua_touserdata
lua_type
lua_getfield
lua_pushfstring
lua_tointeger
lua_pushinteger
lua_pushnumber
lua_pushnil
lua_gettop
lua_pushstring
lua_error
lua_tolstring
lua_isnumber
lua_isstring
lua_isuserdata

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

kernel32

WaitForSingleObject
lstrcmpiA
LoadLibraryA
CreateProcessA
GetCurrentThreadId
CloseHandle
GetExitCodeProcess
ExpandEnvironmentStringsA
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
lstrlenA

user32

SendMessageA
SetWindowPos
SetWindowLongA
GetWindowLongA
MapWindowPoints
MoveWindow
ReleaseCapture
InvalidateRect
GetWindowRect
ShowWindow
GetClientRect
ClientToScreen
GetParent
CallWindowProcA
FindWindowExA
wvsprintfA
MessageBoxA

Exports

Exports

eval
exec
execFile
finalize
init
initThreadedLua

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 758B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LuaSocket/lua/ltn12.lua
.js
$PLUGINSDIR/LuaSocket/lua/mime.lua
.js
$PLUGINSDIR/LuaSocket/lua/socket.lua
.js
$PLUGINSDIR/LuaSocket/lua/socket/ftp.lua
.js
$PLUGINSDIR/LuaSocket/lua/socket/http.lua
.js
$PLUGINSDIR/LuaSocket/lua/socket/smtp.lua
$PLUGINSDIR/LuaSocket/lua/socket/tp.lua
.js
$PLUGINSDIR/LuaSocket/lua/socket/url.lua
$PLUGINSDIR/LuaSocket/mime/core.dll
.dll windows:4 windows x86 arch:x86

fe8e49b45d854066bc51a41f61066908

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

lua51

luaL_checkinteger
luaL_addlstring
lua_tolstring
lua_pushlstring
luaL_checknumber
luaL_optlstring
luaL_optnumber
lua_pushnil
luaL_buffinit
luaL_addstring
luaL_prepbuffer
luaL_pushresult
lua_pushnumber
luaL_openlib
lua_pushstring
lua_rawset

kernel32

GetEnvironmentStringsW
RtlUnwind
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
LoadLibraryA
MultiByteToWideChar

Exports

Exports

luaopen_mime_core

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LuaSocket/socket/core.dll
.dll windows:4 windows x86 arch:x86

f7bb4b78321004f93f7e54fe50af1981

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetSystemTimeAsFileTime
CloseHandle
FlushFileBuffers
ReadFile
RtlUnwind
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
LoadLibraryA
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSection
MultiByteToWideChar
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
InterlockedIncrement
InterlockedDecrement
WriteFile
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetLastError
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
ExitProcess
GetModuleHandleA
GetProcAddress
GetVersion
GetCommandLineA

lua51

lua_pushlstring
lua_newuserdata
lua_call
luaL_checknumber
luaL_checkinteger
luaL_openlib
lua_settable
lua_insert
lua_pcall
luaL_optlstring
luaL_buffinit
luaL_addlstring
luaL_pushresult
lua_pushvalue
lua_replace
lua_gettop
luaL_checklstring
lua_pushnil
luaL_optnumber
lua_isnumber
lua_tonumber
lua_pushnumber
luaL_checkudata
lua_rawget
lua_setmetatable
luaL_argerror
lua_typename
luaL_typerror
lua_toboolean
lua_getfield
lua_pushboolean
lua_getmetatable
lua_gettable
lua_type
lua_isstring
lua_error
lua_touserdata
lua_tolstring
lua_pushfstring
luaL_newmetatable
lua_pushstring
lua_createtable
lua_rawset
lua_pushcclosure
lua_settop
luaL_prepbuffer

ws2_32

getpeername
ntohs
htons
htonl
setsockopt
gethostname
inet_ntoa
gethostbyname
gethostbyaddr
ioctlsocket
recvfrom
recv
sendto
send
accept
listen
bind
connect
getsockopt
socket
shutdown
closesocket
select
WSAGetLastError
__WSAFDIsSet
WSAStartup
WSACleanup
getsockname

Exports

Exports

luaopen_socket_core

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LuaXml.lua
$PLUGINSDIR/LuaXml_lib.dll
.dll windows:4 windows x86 arch:x86

0e4b7cfc82eb1d2e2840274f1659b95a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
FindAtomA
GetAtomNameA

msvcrt

__dllonexit
__mb_cur_max
_errno
_iob
_isctype
_pctype
abort
fclose
fflush
fopen
fprintf
fread
free
fseek
ftell
malloc
memcpy
realloc
rewind
strcmp
strcpy
strncmp
strncpy
strstr

lua51

luaL_addlstring
luaL_addstring
luaL_buffinit
luaL_checklstring
luaL_error
luaL_gsub
luaL_prepbuffer
luaL_pushresult
luaL_register
lua_createtable
lua_getfield
lua_gettable
lua_gettop
lua_isuserdata
lua_objlen
lua_pushlightuserdata
lua_pushlstring
lua_pushnumber
lua_pushstring
lua_remove
lua_replace
lua_setmetatable
lua_settable
lua_settop
lua_tolstring
lua_touserdata

Exports

Exports

luaopen_LuaXML_lib

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 208B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NotifyIcon.dll
.dll windows:4 windows x86 arch:x86

e043e246d8abcbb9de2ad82c6e18cd88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

Shell_NotifyIconA

kernel32

GetProcAddress
lstrcpyA
lstrlenA
lstrcpynA
GlobalAlloc
GlobalFree
GetModuleHandleA

user32

CallWindowProcA
LoadImageA
ShowWindow
GetDlgItem
GetWindowLongA
SetWindowLongA
SendMessageA
FindWindowExA
wsprintfA
KillTimer
IsIconic
OpenIcon
SetTimer

Exports

Exports

Icon

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 758B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 414B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/__localxml.xml
$PLUGINSDIR/custominetc.dll
.dll windows:4 windows x86 arch:x86

cb0a607a2c9593bb9c969e6ca75c2b88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strtol
_onexit
__dllonexit
_adjust_fdiv
malloc
_initterm
free
atoi
_mbsrchr
strtoul
memset
_mbsstr
_mbschr
strlen

kernel32

DeleteFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetLastError
GetFileSize
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatA

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
GetWindowLongA
IsWindow
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SetWindowTextA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

delayed_hide
get
head
http_check
post
put

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/definitions.lua
$PLUGINSDIR/extension.tlb
$PLUGINSDIR/json.lua
$PLUGINSDIR/lua51.dll
.dll windows:4 windows x86 arch:x86

0b930a47b5846bb154dc0be3d35f00ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

fread
strerror
_errno
realloc
free
fprintf
fputs
_pctype
__mb_cur_max
_isctype
strtoul
_ftol
floor
_CIpow
fgets
exit
longjmp
_setjmp3
_popen
tmpfile
clearerr
fscanf
fwrite
ftell
fseek
setvbuf
fflush
_pclose
localeconv
_CIsinh
_CIcosh
_CItanh
_CIasin
_CIacos
ceil
_iob
modf
frexp
ldexp
rand
srand
_HUGE
strrchr
getenv
strtod
sprintf
strncat
strcspn
strncpy
system
remove
rename
tmpnam
clock
strftime
localtime
gmtime
time
mktime
difftime
setlocale
tolower
toupper
strpbrk
memchr
strcoll
_initterm
malloc
_adjust_fdiv
getc
freopen
fopen
ungetc
fclose
strchr
_CIfmod
strstr

kernel32

GetModuleFileNameA
FreeLibrary
GetProcAddress
GetLastError
FormatMessageA
LoadLibraryA
DisableThreadLibraryCalls

Exports

Exports

luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadfile
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_typerror
luaL_unref
luaL_where
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlevel
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_xmove
lua_yield
luaopen_base
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/luacom.dll
.dll windows:5 windows x86 arch:x86

148172081107200e70753e16a32c0c9a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Programming\OpenSource\luaCom\mak.vs2005\Release\luacom.dll.pdb

Imports

shlwapi

SHDeleteKeyA

lua51

luaL_optlstring
lua_pushvalue
lua_pushstring
luaL_argerror
lua_pushcclosure
lua_settable
lua_gettable
lua_createtable
lua_toboolean
lua_settop
lua_gettop
lua_next
lua_tonumber
lua_pushnil
lua_type
lua_pushboolean
lua_rawseti
lua_isuserdata
lua_tointeger
lua_rawgeti
lua_pushlstring
lua_objlen
lua_pushnumber
lua_pushlightuserdata
lua_topointer
lua_newuserdata
lua_insert
lua_setmetatable
lua_equal
lua_checkstack
lua_getmetatable
luaL_register
lua_close
luaL_openlibs
luaL_loadfile
lua_pcall
lua_setfield
luaL_newstate
lua_touserdata
luaL_ref
luaL_unref
lua_error
luaL_loadbuffer
lua_getfield
luaL_checknumber
lua_remove
lua_rawget
lua_call
luaL_checktype
lua_rawset
luaL_checklstring
lua_tolstring

kernel32

GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CloseHandle
GetStartupInfoA
GetFileType
SetHandleCount
RtlUnwind
HeapSize
FlushFileBuffers
GetConsoleMode
GetConsoleCP
RaiseException
GetStdHandle
WriteFile
ExitProcess
Sleep
WriteConsoleW
GetCurrentDirectoryA
IsBadWritePtr
lstrlenW
FatalAppExitA
DebugBreak
lstrcpyW
FormatMessageA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
LocalFree
ExpandEnvironmentStringsA
GetProcAddress
LoadLibraryA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
HeapReAlloc
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapDestroy
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetStdHandle
CreateFileA
ReadFile
SetEndOfFile
GetProcessHeap
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
GetFileAttributesA
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapFree
GetModuleFileNameA
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
GetCommandLineA
GetCurrentThreadId
HeapAlloc

user32

wsprintfA
TranslateMessage
WinHelpA
GetMessageA
RegisterClassA
CallWindowProcA
MapWindowPoints
IsWindowVisible
EqualRect
GetActiveWindow
ShowWindow
SetWindowPos
DefWindowProcA
CreateWindowExA
GetWindowLongA
MessageBoxA
IntersectRect
SetWindowRgn
GetWindowRect
DispatchMessageA
GetClientRect
SetFocus
OffsetRect

gdi32

SetViewportOrgEx
SetWindowExtEx
DeleteObject
CreateRectRgnIndirect
SetMapMode
SetViewportExtEx
SetWindowOrgEx

advapi32

RegQueryValueA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

ole32

CoCreateInstance
CreateBindCtx
MkParseDisplayName
CLSIDFromProgID
StringFromCLSID
CLSIDFromString
CoTaskMemFree
CoRevokeClassObject
CoRegisterClassObject
OleInitialize
OleUninitialize
StringFromIID
CoLockObjectExternal
CoTaskMemAlloc
CreateOleAdviseHolder
OleRegGetUserType
ProgIDFromCLSID

oleaut32

LoadTypeLibEx
SafeArrayAccessData
SysAllocStringLen
DispGetIDsOfNames
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayGetElement
VariantChangeType
SafeArrayGetDim
SystemTimeToVariantTime
SafeArrayCreate
SafeArrayDestroy
VariantCopy
GetActiveObject
UnRegisterTypeLi
SysFreeString
LoadRegTypeLi
SysStringLen
VariantClear
VariantInit
LHashValOfNameSys
VariantCopyInd
SafeArrayCreateVector
VariantTimeToSystemTime

Exports

Exports

DllGetClassObject
luacom_IDispatch2LuaCOM
luacom_close
luacom_detectAutomation
luacom_open
luacom_openlib
luaopen_luacom

Sections

.text
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsis7z.dll
.dll windows:5 windows x86 arch:x86

4c04c20a976733bf789fead96eb58701

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
AreFileApisANSI
GetModuleFileNameA
SetLastError
CreateFileW
SetFileTime
CloseHandle
SetFileAttributesA
RemoveDirectoryA
MoveFileA
SetFileAttributesW
RemoveDirectoryW
MoveFileW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DeleteFileW
GetFullPathNameA
lstrlenA
GetFullPathNameW
FindClose
FindFirstFileA
FindFirstFileW
CreateFileA
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
GetProcAddress
GetCurrentProcess
GetSystemInfo
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
DeleteCriticalSection
VirtualFree
VirtualAlloc
WaitForSingleObject
SetEvent
InitializeCriticalSection
CreateEventA
ResetEvent
SetFileApisToOEM
GetVersionExA
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
RaiseException
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
WriteConsoleW
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
HeapReAlloc
HeapCreate
HeapDestroy
GetModuleHandleW
Sleep
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
VirtualQuery

user32

GetDlgItem
FindWindowExA
SetWindowTextA
wsprintfA
CharUpperW
CharUpperA
SendMessageA

oleaut32

VariantCopy
VariantClear
SysAllocString

Exports

Exports

Extract
ExtractWithCallback
ExtractWithDetails

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisunz.dll
.dll windows:4 windows x86 arch:x86

0f92772da9c737d2bac38919e9863980

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryA
lstrcpyA
lstrcmpA
lstrcmpiA
GlobalFree
lstrcpynA
GlobalAlloc
lstrcatA
lstrlenA
GetVersion
LeaveCriticalSection
EnterCriticalSection
GetStdHandle
HeapAlloc
GetProcessHeap
HeapFree
GetLastError
CreateFileA
WriteFile
ReadFile
CloseHandle
SetFilePointer

user32

MessageBoxA
DispatchMessageA
TranslateMessage
PeekMessageA
CharPrevA
wsprintfA
SendMessageA
GetDlgItem
FindWindowExA

Exports

Exports

Unzip
UnzipToLog
UnzipToStack
extract_RunDLL

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/res/common.css
$PLUGINSDIR/res/common.js
.js
$PLUGINSDIR/res/jquery.js
.js
$PLUGINSDIR/skin-kitara/base.css
$PLUGINSDIR/skin-kitara/cancel.css
$PLUGINSDIR/skin-kitara/ham/accept.gif
.gif
$PLUGINSDIR/skin-kitara/ham/background.css
$PLUGINSDIR/skin-kitara/ham/bg.gif
.gif
$PLUGINSDIR/skin-kitara/ham/cancel.gif
.gif
$PLUGINSDIR/skin-kitara/ham/close.gif
.gif
$PLUGINSDIR/skin-kitara/ham/minimize.gif
.gif
$PLUGINSDIR/skin-kitara/ham/next.gif
.gif
$PLUGINSDIR/skin-kitara/headerBG.gif
.gif
$PLUGINSDIR/skin-kitara/magoo/accept.gif
.gif
$PLUGINSDIR/skin-kitara/magoo/background.css
$PLUGINSDIR/skin-kitara/magoo/bg.gif
.gif
$PLUGINSDIR/skin-kitara/magoo/cancel.gif
.gif
$PLUGINSDIR/skin-kitara/magoo/close.gif
.gif
$PLUGINSDIR/skin-kitara/magoo/minimize.gif
.gif
$PLUGINSDIR/skin-kitara/magoo/next.gif
.gif
$PLUGINSDIR/skin-kitara/mod.css
$PLUGINSDIR/skin-kitara/offers.css
$PLUGINSDIR/skin-kitara/pickle/accept.gif
.gif
$PLUGINSDIR/skin-kitara/pickle/background.css
$PLUGINSDIR/skin-kitara/pickle/bg.gif
.gif
$PLUGINSDIR/skin-kitara/pickle/cancel.gif
.gif
$PLUGINSDIR/skin-kitara/pickle/close.gif
.gif
$PLUGINSDIR/skin-kitara/pickle/minimize.gif
.gif
$PLUGINSDIR/skin-kitara/pickle/next.gif
.gif
$PLUGINSDIR/skin-kitara/progress.css
$PLUGINSDIR/un.package.exe
.exe windows:5 windows x86 arch:x86

35b698a6fd5038f719a27b089cb1f48e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\Programming\GitHome\master\Employers\Franco\TightRope-BundleManager\Custom\Scramble\Release\Scramble.pdb

Imports

kernel32

lstrcpyA
HeapAlloc
GetProcessHeap
lstrlenA
GetCommandLineA
WriteFile
FormatMessageA
GetLastError
CloseHandle
ReadFile
CreateFileA
ExitProcess

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/utils.lua
$PLUGINSDIR/version.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetWindowsVersion
IsWindows2000
IsWindows2003
IsWindows31
IsWindows95
IsWindows98
IsWindows98orLater
IsWindowsME
IsWindowsNT351
IsWindowsNT40
IsWindowsPlatform9x
IsWindowsPlatformNT
IsWindowsXP

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

29:52:9b:0d:18:5f:85:25:a9:2a:86:6d:4a:38:da:3aCertificate

Extended Key Usages

Key Usages

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 472KB

UPX1 Size: 17KB - Virtual size: 20KB

.rsrc Size: 187KB - Virtual size: 188KB

0ece15e7d9bb35972aec701f46192460

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 503B

.data Size: 512B - Virtual size: 128B

.reloc Size: 512B - Virtual size: 220B

82f18b0f522c05f362fb12db10cdf296

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 1005B

.data Size: 512B - Virtual size: 576B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 512B - Virtual size: 390B

e8a575fc69c67b8f92ba9e9cb62af0bf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

Exports

Exports

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 30KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

199dbccca3cc8b8a2cf04186d02f4abf

Headers

File Characteristics

29:52:9b:0d:18:5f:85:25:a9:2a:86:6d:4a:38:da:3a
Certificate

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

UPX0
Size: - Virtual size: 472KB

UPX1
Size: 17KB - Virtual size: 20KB

.rsrc
Size: 187KB - Virtual size: 188KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 503B

.data
Size: 512B - Virtual size: 128B

.reloc
Size: 512B - Virtual size: 220B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 1005B

.data
Size: 512B - Virtual size: 576B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 390B

.textbss
Size: - Virtual size: 64KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 30KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 1KB - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 516B

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 396B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1024B - Virtual size: 758B

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 3KB