6681a0d85660f3b06a444bd71caa00bd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6681a0d85660f3b06a444bd71caa00bd_JaffaCakes118
Size

1.9MB
MD5

6681a0d85660f3b06a444bd71caa00bd
SHA1

78d2bbb4cc38e8ac3db36fb697a8499ed6c3cfd5
SHA256

226c64b7bac8a856b8a0a1d3a939ff935ef1d4f982aa159e525eedc30b5f6850
SHA512

5418439225bfec4eddc632fef578098d79b516c363f51a3f01025b8622d6e56c0f5e8e3257ba5f9c8da3f1995d5e26921df47b8de6598aa903974b77f3c444e3
SSDEEP

49152:T9Gx1no3GJteOT0Bc47dt6Mr4LhClBdwhPDIG+p8D/rJBf8LUxl:T9Qo3CT0BX7dkMr4a6h71TNBf8LUxl

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ha_RegistryOptimizer-v3.10/RegD9x.exe
unpack001/ha_RegistryOptimizer-v3.10/Uninstall.exe
unpack001/ha_RegistryOptimizer-v3.10/msconfig.exe
unpack001/ha_RegistryOptimizer-v3.10/ntbackup.exe
unpack001/ha_RegistryOptimizer-v3.10/regx64.exe

Files

6681a0d85660f3b06a444bd71caa00bd_JaffaCakes118
.rar
ha_RegistryOptimizer-v3.10/Config.ini
ha_RegistryOptimizer-v3.10/Readme.txt
ha_RegistryOptimizer-v3.10/RegD9x.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 319KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ha_RegistryOptimizer-v3.10/RegOpt.exe
.exe windows:4 windows x86 arch:x86

66fc344c03d5024a014746412104671b

Code Sign

df:7a:76:a0:dd:02:b5:74:81:cb:ff:c9:86:35:34:ea
Certificate

Issuer

CN=WoTrust Code Signing Authority,O=Wotone Communications\, Inc.,C=US

Not Before

14/02/2007, 00:00

Not After

14/02/2008, 23:59

Subject

CN=Winaso.com,OU=Software,O=www.winaso.com,L=NY,ST=NY,C=US,1.2.840.113549.1.9.1=#0c12737570706f72744077696e61736f2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

05:c5:91:db:3a:74:ae:ee:0c:4c:77:e3:f7:79:9c:88
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/08/2006, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoTrust Code Signing Authority,O=Wotone Communications\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityDescriptorDacl
RegSetValueExA
RegSetKeySecurity
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegGetKeySecurity
RegFlushKey
RegEnumValueA
RegEnumKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
InitializeSecurityDescriptor
InitializeAcl
GetUserNameA
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
GetLengthSid
FreeSid
CopySid
AllocateAndInitializeSid
AdjustTokenPrivileges
AddAce
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
UnlockServiceDatabase
StartServiceA
QueryServiceStatus
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
LockServiceDatabase
ControlService
CloseServiceHandle
ChangeServiceConfigA

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WindowFromDC
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadImageA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CopyImage
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharNextW
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryA
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCurrentDirectoryA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
lstrcmpA
WritePrivateProfileStringA
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualAlloc
SuspendThread
SizeofResource
SetThreadPriority
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryA
ReadFile
OpenFile
MultiByteToWideChar
MulDiv
MoveFileExA
MoveFileA
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
HeapFree
HeapAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetTempPathA
GetSystemDirectoryA
GetStdHandle
GetProcessHeap
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLogicalDrives
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetExitCodeThread
GetEnvironmentVariableA
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
CompareStringA
CloseHandle
Sleep
GetLongPathNameA

msimg32

GradientFill

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExcludeClipRect
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
BitBlt
Arc

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
StringFromCLSID
CoCreateGuid

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

wininet

FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry

shell32

ShellExecuteExA
ShellExecuteA
SHGetFileInfoA
SHFileOperationA
ExtractIconA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHQueryRecycleBinA

shlwapi

PathMatchSpecA
PathFileExistsA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ha_RegistryOptimizer-v3.10/SUS.ini
ha_RegistryOptimizer-v3.10/ScanOption.ini
ha_RegistryOptimizer-v3.10/Uninstall.exe
.exe windows:4 windows x86 arch:x86

d5e0355f8764c235b38759b860077ceb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA

user32

MessageBoxA

Sections

CODE
Size: 25KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ha_RegistryOptimizer-v3.10/Uninstall.ini
ha_RegistryOptimizer-v3.10/WPI1.dxc
ha_RegistryOptimizer-v3.10/WPI2.dxc
ha_RegistryOptimizer-v3.10/WPI3.dxc
ha_RegistryOptimizer-v3.10/WPI4.dxc
ha_RegistryOptimizer-v3.10/WPI5.dxc
ha_RegistryOptimizer-v3.10/WinasoRD.exe
.exe windows:4 windows x86 arch:x86

36cde31e4ae4e24ff23e273a9343040b

Code Sign

df:7a:76:a0:dd:02:b5:74:81:cb:ff:c9:86:35:34:ea
Certificate

Issuer

CN=WoTrust Code Signing Authority,O=Wotone Communications\, Inc.,C=US

Not Before

14/02/2007, 00:00

Not After

14/02/2008, 23:59

Subject

CN=Winaso.com,OU=Software,O=www.winaso.com,L=NY,ST=NY,C=US,1.2.840.113549.1.9.1=#0c12737570706f72744077696e61736f2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

05:c5:91:db:3a:74:ae:ee:0c:4c:77:e3:f7:79:9c:88
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/08/2006, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoTrust Code Signing Authority,O=Wotone Communications\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegSaveKeyA
RegReplaceKeyA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumValueA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
InitiateSystemShutdownA
AdjustTokenPrivileges

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WindowFromDC
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadImageA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CopyImage
CloseClipboard
ClientToScreen
CheckMenuItem
CharNextW
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WritePrivateProfileStringA
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualAlloc
SizeofResource
SetThreadPriority
SetThreadLocale
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
QueryDosDeviceA
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetWindowsDirectoryA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetTempPathA
GetSystemDirectoryA
GetStdHandle
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CopyFileA
CompareStringA
CloseHandle
Sleep

msimg32

GradientFill

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExcludeClipRect
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
BitBlt
Arc

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
StringFromCLSID
CoCreateGuid

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

ShellExecuteA

Sections

.text
Size: 679KB - Virtual size: 679KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 606KB - Virtual size: 605KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ha_RegistryOptimizer-v3.10/english.ini
ha_RegistryOptimizer-v3.10/iKeys.ini
ha_RegistryOptimizer-v3.10/iShortCuts.ini
ha_RegistryOptimizer-v3.10/iValues.ini
ha_RegistryOptimizer-v3.10/language.ini
ha_RegistryOptimizer-v3.10/msconfig.exe
.exe windows:5 windows x86 arch:x86

37c275d5d490bb4599be062c92b4f4c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord1771
ord6451
ord922
ord4272
ord1735
ord940
ord5706
ord6919
ord6218
ord6868
ord2933
ord1775
ord801
ord686
ord6139
ord384
ord541
ord798
ord1989
ord6874
ord6278
ord5461
ord3313
ord5188
ord533
ord6403
ord2089
ord640
ord2442
ord1633
ord323
ord3093
ord4219
ord5604
ord2809
ord6655
ord6219
ord1900
ord1683
ord2520
ord6051
ord1768
ord5284
ord4433
ord2046
ord4425
ord4050
ord771
ord4254
ord1143
ord2859
ord5845
ord3470
ord3471
ord4709
ord4667
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord4418
ord3733
ord561
ord815
ord1220
ord1203
ord6211
ord2717
ord1008
ord617
ord2613
ord5208
ord296
ord1131
ord2362
ord6024
ord5605
ord1569
ord5679
ord6654
ord942
ord2606
ord489
ord1165
ord4197
ord2756
ord823
ord4253
ord768
ord4829
ord5283
ord4848
ord4371
ord4942
ord4970
ord4736
ord4899
ord5154
ord5156
ord825
ord5155
ord1899
ord3172
ord4124
ord3092
ord6279
ord2776
ord535
ord6921
ord2757
ord5618
ord2755
ord927
ord925
ord858
ord2810
ord6563
ord3087
ord355
ord2507
ord3494
ord540
ord5949
ord538
ord4155
ord861
ord800
ord542
ord802
ord2293
ord641
ord4229
ord324
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4704
ord4992
ord4847
ord4370
ord5261
ord496

msvcrt

wcscmp
_wcsicmp
wcscpy
_wmakepath
wcsncmp
wcslen
wcsncpy
_wtoi
_wtol
ceil
_ftol
malloc
free
realloc
iswdigit
_c_exit
_exit
_CxxThrowException
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__CxxFrameHandler
_itow
wcscat
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__dllonexit
_onexit
_controlfp
_except_handler3
wcscoll
_purecall
_XcptFilter
_cexit

advapi32

RegCreateKeyExW
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
QueryServiceConfigW
RegDeleteValueW
CloseServiceHandle
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
EnumServicesStatusW
RegDeleteKeyW
RegOpenKeyExA
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

kernel32

FindNextFileW
FindClose
CreateThread
WaitForSingleObject
MoveFileExW
GetLastError
GetDriveTypeW
GetSystemDirectoryW
lstrlenW
GetCurrentThreadId
GlobalAlloc
lstrlenA
CloseHandle
ReadFile
GetFileSize
CreateFileW
SetEndOfFile
WriteFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
lstrcmpW
GlobalMemoryStatus
GetSystemInfo
GlobalUnlock
GlobalLock
FindFirstFileW
GlobalFree
GlobalHandle
FindResourceW
CreateSemaphoreW
CreateDirectoryW
lstrcpyW
lstrcmpiW
lstrcpynW
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
lstrcatW
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
SizeofResource
LoadLibraryExW
GetShortPathNameW
GetCommandLineW
OpenProcess
GetCurrentProcessId
GetModuleHandleA
GetStartupInfoW
DeleteFileW
CopyFileW
ExpandEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
LeaveCriticalSection
FreeResource
EnterCriticalSection
LockResource
LoadLibraryA
LoadResource

gdi32

DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps
SelectObject
GetTextMetricsW
GetTextExtentPoint32W
CreateSolidBrush

user32

IsWindow
ExitWindowsEx
SetForegroundWindow
GetLastActivePopup
FindWindowW
IsIconic
CharNextW
LoadIconW
GetActiveWindow
DialogBoxIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateWindowExW
GetClassInfoExW
LoadCursorW
RegisterClassExW
CreateAcceleratorTableW
CheckDlgButton
EnableWindow
SendMessageW
GetClientRect
GetFocus
MessageBoxW
IsWindowEnabled
ShowWindow
PostMessageW
SetFocus
GetParent
CallWindowProcW
SetWindowLongW
GetWindowLongW
ScreenToClient
GetMessagePos
GetProcessDefaultLayout
ReleaseDC
GetDC
GetAsyncKeyState
DefWindowProcW
GetSysColor
GetDesktopWindow
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
GetWindow
IsChild
EndPaint
FillRect
BeginPaint
GetDlgItem
SetWindowPos
wsprintfW
RedrawWindow
GetClassNameW
DestroyWindow
EndDialog
GetDlgItemTextW
IsDlgButtonChecked
SetDlgItemTextW

oleaut32

RegisterTypeLi
SysAllocString
SysAllocStringLen
SysStringLen
VariantClear
LoadRegTypeLi
VarUI4FromStr
SysFreeString
LoadTypeLi

ole32

CoTaskMemRealloc
CoInitializeEx
CoRevokeClassObject
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
CoRegisterClassObject

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ha_RegistryOptimizer-v3.10/ntbackup.exe
.exe windows:5 windows x86 arch:x86

61800fb86a561f6c811f352fd90ea22f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ntbackup.pdb

Imports

mfc42u

ord2729
ord5268
ord5267
ord602
ord3562
ord2281
ord927
ord4273
ord2574
ord4396
ord3365
ord3635
ord693
ord686
ord802
ord384
ord542
ord6896
ord2857
ord6898
ord2088
ord5647
ord3122
ord3611
ord350
ord4690
ord3053
ord3060
ord6332
ord2502
ord2534
ord5239
ord1739
ord5573
ord3167
ord5649
ord4381
ord3449
ord3193
ord6076
ord6171
ord4617
ord4420
ord4414
ord2391
ord4211
ord665
ord1971
ord3178
ord6381
ord5180
ord354
ord941
ord501
ord773
ord5736
ord4947
ord4852
ord6004
ord1817
ord338
ord4817
ord4233
ord652
ord2078
ord2855
ord1560
ord268
ord4078
ord1936
ord1826
ord4224
ord4583
ord4582
ord4893
ord4364
ord4886
ord4527
ord4334
ord4883
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord6050
ord5236
ord3743
ord1718
ord5256
ord4426
ord5906
ord2970
ord4282
ord4279
ord3792
ord1833
ord784
ord5070
ord4341
ord5277
ord2083
ord804
ord4236
ord3701
ord2579
ord4400
ord3389
ord3724
ord364
ord4714
ord5848
ord4502
ord4780
ord6139
ord6874
ord801
ord4988
ord834
ord541
ord3753
ord935
ord939
ord2070
ord5031
ord2236
ord5854
ord6298
ord4163
ord5603
ord6136
ord2754
ord1083
ord5617
ord654
ord341
ord413
ord711
ord2400
ord2858
ord2090
ord539
ord537
ord1808
ord4215
ord2576
ord3649
ord2430
ord1637
ord3084
ord6266
ord5155
ord5156
ord5154
ord4899
ord4736
ord4970
ord4942
ord3093
ord4371
ord4848
ord5283
ord4829
ord3694
ord489
ord4253
ord768
ord4709
ord1683
ord4433
ord2046
ord4425
ord3695
ord496
ord4254
ord5050
ord2520
ord5845
ord2876
ord3470
ord5284
ord5790
ord6168
ord5785
ord4238
ord3288
ord3281
ord4442
ord4665
ord4670
ord4975
ord1851
ord4241
ord3864
ord2119
ord2383
ord5096
ord5099
ord3345
ord975
ord2875
ord4148
ord2375
ord5280
ord4431
ord4422
ord796
ord807
ord4584
ord4407
ord5251
ord4495
ord3865
ord4356
ord4143
ord554
ord529
ord402
ord6063
ord6205
ord5048
ord4901
ord6065
ord3479
ord4462
ord2250
ord5867
ord2486
ord2619
ord2618
ord5996
ord2109
ord5879
ord2112
ord4451
ord4718
ord5677
ord3739
ord3693
ord765
ord4199
ord4269
ord4605
ord4603
ord4479
ord3466
ord1994
ord5725
ord5190
ord5498
ord3441
ord3190
ord985
ord3597
ord648
ord334
ord5727
ord6399
ord2504
ord5124
ord6371
ord692
ord6193
ord5047
ord815
ord4480
ord2546
ord3917
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord2717
ord5746
ord4604
ord3282
ord5846
ord4606
ord6191
ord986
ord411
ord1229
ord4154
ord2613
ord6113
ord6024
ord1264
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord832
ord5446
ord6390
ord5436
ord6379
ord860
ord3728
ord810
ord4266
ord3393
ord3291
ord4118
ord1561
ord1177
ord1127
ord643
ord2443
ord5978
ord329
ord3197
ord1169
ord5856
ord1941
ord772
ord500
ord5274
ord5714
ord2621
ord1134
ord1258
ord5602
ord1761
ord5798
ord3867
ord5605
ord5597
ord6565
ord4272
ord536
ord3312
ord2776
ord6655
ord3092
ord6867
ord2859
ord2756
ord6278
ord6237
ord470
ord6115
ord755
ord472
ord5783
ord5784
ord4292
ord4128
ord836
ord3050
ord323
ord920
ord837
ord6017
ord5869
ord2397
ord640
ord2746
ord5871
ord6166
ord283
ord818
ord3737
ord919
ord929
ord2854
ord5781
ord1633
ord1143
ord3566
ord1634
ord3614
ord3568
ord4270
ord2406
ord3621
ord3658
ord6770
ord922
ord2291
ord6279
ord2755
ord3805
ord933
ord3875
ord3420
ord3049
ord3222
ord3403
ord2910
ord5568
ord5929
ord3605
ord6451
ord656
ord2290
ord2244
ord4280
ord4283
ord6211
ord3476
ord5977
ord3133
ord4294
ord527
ord794
ord5679
ord5706
ord4124
ord2809
ord2371
ord2914
ord942
ord3871
ord940
ord535
ord609
ord3569
ord4390
ord2567
ord3716
ord6195
ord795
ord5279
ord401
ord4494
ord976
ord4461
ord5250
ord4421
ord2437
ord4430
ord1658
ord2641
ord2374
ord5233
ord4072
ord4147
ord2873
ord2874
ord3398
ord5468
ord5006
ord3346
ord4298
ord5098
ord5094
ord3054
ord2382
ord2715
ord2093
ord5095
ord674
ord4240
ord1850
ord1008
ord771
ord2350
ord823
ord1662
ord2644
ord3087
ord2634
ord5949
ord616
ord567
ord3577
ord4418
ord3397
ord5286
ord4392
ord1768
ord6051
ord2570
ord4213
ord2015
ord2403
ord2294
ord2293
ord1172
ord1165
ord2362
ord825
ord2637
ord4847

msvcrt

realloc
malloc
free
wcsncpy
wcscmp
_wcsicmp
swscanf
wcsstr
_wcslwr
_ftol
wcschr
calloc
wcscat
_wcsupr
memmove
_CxxThrowException
wprintf
wcsncat
_snwprintf
wcspbrk
wcsncmp
_except_handler3
_local_unwind2
_wcsnicmp
_purecall
wcscpy
wcsrchr
wcslen
__CxxFrameHandler
swprintf
_wtoi
isalpha
localtime
_tzset
mktime
_putenv
_errno
fseek
_fdopen
_open_osfhandle
_wcsrev
_wcsdup
fflush
fread
_filelength
_getpid
_mbscpy
_mbslen
_wfopen
wcstok
_controlfp
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_vsnwprintf
isspace
fclose
ftell
time
clearerr
fwrite

advapi32

RegOpenKeyExA
QueryServiceStatus
OpenServiceW
StartServiceW
GetUserNameW
RegisterEventSourceW
ReportEventW
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
SetSecurityDescriptorDacl
RegDeleteValueW
AddAccessAllowedAce
RegQueryValueExA
ReadEncryptedFileRaw
WriteEncryptedFileRaw
EnumDependentServicesW
ControlService
OpenEncryptedFileRawW
CloseEncryptedFileRaw
EncryptFileW
DecryptFileW
RegRestoreKeyW
RegLoadKeyW
RegFlushKey
RegUnLoadKeyW
RegReplaceKeyW
RegConnectRegistryW
InitializeAcl
GetAce
EqualSid
DeleteAce
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
CloseServiceHandle
OpenSCManagerW
RegOpenKeyW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
LookupAccountSidW
GetTokenInformation
OpenThreadToken
RegSaveKeyW
SetFileSecurityW

kernel32

GetCurrentProcess
GetTickCount
Sleep
GetComputerNameW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
DeleteCriticalSection
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GetFileAttributesW
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
ExpandEnvironmentStringsW
WritePrivateProfileStringW
GetPrivateProfileStringW
SetCurrentDirectoryW
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
CreateThread
FindFirstFileW
FindClose
GetLocaleInfoW
SetLastError
GetLastError
DeleteFileW
CreateDirectoryW
CreateFileW
GetCurrentThread
GetDateFormatW
GetTimeFormatW
GetTapeParameters
ReleaseMutex
CreateMutexW
GetCurrentThreadId
GetVersionExW
GetSystemDirectoryW
ReleaseSemaphore
CreateSemaphoreW
LocalFree
VerifyVersionInfoW
VerSetConditionMask
FindNextFileW
FormatMessageW
CreateProcessW
GlobalFree
LockResource
LoadResource
FindResourceW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoW
SetFileAttributesW
GetFileInformationByHandle
GetExitCodeThread
GetEnvironmentVariableW
WriteFile
ReadFile
DeviceIoControl
FlushFileBuffers
GetVolumePathNameW
GetUserDefaultLCID
MultiByteToWideChar
SetEvent
CreateEventW
HeapFree
HeapAlloc
GetProcessHeap
SetFilePointer
GetSystemTime
CloseHandle
GetWindowsDirectoryW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
GetCurrentDirectoryA
GetCurrentDirectoryW
CompareStringW
GetNumberFormatW
SetErrorMode
SetEndOfFile
SetTapePosition
GetTapePosition
EraseTape
WriteTapemark
GetTapeStatus
SetTapeParameters
PrepareTape
FindVolumeMountPointClose
FindNextVolumeMountPointW
FindFirstVolumeMountPointW
ExitThread
MoveFileExW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
BackupRead
BackupWrite
CreateHardLinkW
BackupSeek
GetFileSize
LockFile
SetFileShortNameW
SetFileTime
LocalFileTimeToFileTime
GetCompressedFileSizeW
RemoveDirectoryW
WideCharToMultiByte
LoadLibraryA

gdi32

GetObjectW
Polygon
CombineRgn
CreateRectRgn
DeleteObject
GetTextExtentPoint32W
BitBlt
PatBlt
Rectangle
GetMapMode
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
CreateFontIndirectW

user32

PeekMessageW
EnableWindow
SendMessageW
PostMessageW
GetCapture
SetActiveWindow
GetAsyncKeyState
GetDlgItem
AppendMenuW
wvsprintfW
LoadStringW
GetKeyState
GetWindowRect
ScreenToClient
EnableMenuItem
DeleteMenu
SetClassLongW
IsCharAlphaW
IsCharAlphaNumericW
GetCursorPos
WindowFromPoint
ChildWindowFromPoint
GetSysColor
LoadCursorW
KillTimer
IsWindowVisible
InvalidateRect
ReleaseDC
GetDC
GetClientRect
LoadBitmapW
DefWindowProcW
PostQuitMessage
CreateDialogParamW
ShowWindow
DestroyWindow
UnregisterClassW
MonitorFromWindow
GetMonitorInfoW
GetFocus
LoadMenuW
GetWindowThreadProcessId
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
LoadImageW
GetMenu
RemoveMenu
GetSubMenu
CreateIconFromResource
LoadIconW
DrawFocusRect
InflateRect
CopyRect
GetActiveWindow
InvalidateRgn
MapDialogRect
SetWindowPos
ExitWindowsEx
SendDlgItemMessageW
SetParent
GetIconInfo
CreateIconIndirect
DestroyIcon
LockSetForegroundWindow
UpdateWindow
SetWindowLongW
ClientToScreen
SetCursor
MessageBoxW
BringWindowToTop
SystemParametersInfoW
FlashWindow
GetDesktopWindow
IsIconic
GetMenuItemID
SetTimer
IsWindow
GetWindowTextLengthW
SetWindowTextW
wsprintfW
GetNextDlgGroupItem
GetWindowTextW
GetWindow
GetWindowLongW
GetParent
GetSystemMetrics
GetMenuItemCount

ntdll

iswctype
_aulldvrm
towupper
NtSetQuotaInformationFile
NtQueryQuotaInformationFile
wcstoul
wcscspn
isdigit

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_AddMasked
ImageList_GetIcon
ImageList_GetImageCount
ImageList_ReplaceIcon
InitCommonControlsEx
PropertySheetW

shell32

SHGetSpecialFolderLocation
ExtractIconExW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
SHGetFolderPathW

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetGetConnectionW
WNetAddConnection2W
WNetCancelConnection2W
WNetCloseEnum

comdlg32

GetOpenFileNameW
GetFileTitleW
GetSaveFileNameW

netapi32

NetServerEnum
NetApiBufferSize
NetShareEnum
NetShareGetInfo
NetWkstaGetInfo
NetApiBufferFree

rpcrt4

UuidToStringW
UuidFromStringW

ole32

CoInitializeEx
CoCreateGuid
CLSIDFromString
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeSecurity

setupapi

SetupCloseInfFile
SetupFindNextLine
SetupFindFirstLineW
SetupOpenInfFileW
SetupGetLineTextW
SetupGetIntField
SetupGetStringFieldW

userenv

GetProfilesDirectoryW

ntmsapi

CloseNtmsNotification
WaitForNtmsNotification
OpenNtmsNotification
MoveToNtmsMediaPool
CloseNtmsSession
DeleteNtmsMedia
DeallocateNtmsMedia
AllocateNtmsMedia
GetNtmsObjectSecurity
DismountNtmsMedia
SetNtmsObjectSecurity
UpdateNtmsOmidInfo
ImportNtmsDatabase
InjectNtmsMedia
AccessNtmsLibraryDoor
EjectNtmsMedia
GetNtmsObjectInformationW
SetNtmsObjectInformationW
GetNtmsObjectAttributeW
SetNtmsObjectAttributeW
EnumerateNtmsObject
CreateNtmsMediaPoolW
DeleteNtmsMediaPool
EndNtmsDeviceChangeDetection
SetNtmsDeviceChangeDetection
OpenNtmsSessionW
IdentifyNtmsSlot
SetNtmsUIOptionsW
BeginNtmsDeviceChangeDetection
MountNtmsMedia

clusapi

RestoreClusterDatabase
GetNodeClusterState

query

SetCatalogState

sfc_os

SfcGetNextProtectedFile

syssetup

AsrRestorePlugPlayRegistryData
AsrAddSifEntryW
AsrFreeContext
AsrCreateStateFileW

oleaut32

SysFreeString

vssapi

ord3
ord4
?CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z
ord6

Sections

.text
Size: 875KB - Virtual size: 875KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ha_RegistryOptimizer-v3.10/regkey.ini
ha_RegistryOptimizer-v3.10/regx64.exe
.exe windows:4 windows x64 arch:x64

33e86d57b11bdd65ce643844d0bde95c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\testvc\x64\release\testvc.pdb

Imports

mfc80u

ord3746
ord2558
ord2671
ord2565
ord2862
ord2738
ord4338
ord2859
ord2755
ord2562
ord5601
ord5247
ord5264
ord4599
ord3976
ord2267
ord5260
ord5258
ord2955
ord1938
ord3860
ord5416
ord6258
ord5134
ord1022
ord3834
ord5618
ord2037
ord2082
ord4357
ord6318
ord3829
ord6316
ord4043
ord4067
ord1491
ord1095
ord3747
ord1216
ord3737
ord2669
ord3977
ord4512
ord4292
ord3361
ord588
ord286
ord769
ord577
ord3711
ord4572
ord776

msvcr80

_decode_pointer
?terminate@@YAXXZ
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
_amsg_exit
__wgetmainargs
__C_specific_handler
__CxxFrameHandler3

kernel32

QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentProcess
ExpandEnvironmentStringsW
Sleep

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ha_RegistryOptimizer-v3.10/sr98.exe
ha_RegistryOptimizer-v3.10/srme.exe
ha_RegistryOptimizer-v3.10/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 319KB - Virtual size: 318KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 52B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 21KB - Virtual size: 21KB

.rsrc Size: 16KB - Virtual size: 16KB

66fc344c03d5024a014746412104671b

Code Sign

df:7a:76:a0:dd:02:b5:74:81:cb:ff:c9:86:35:34:eaCertificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

05:c5:91:db:3a:74:ae:ee:0c:4c:77:e3:f7:79:9c:88Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

msimg32

gdi32

version

ole32

comctl32

wininet

shell32

shlwapi

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.itext Size: 4KB - Virtual size: 3KB

.data Size: 17KB - Virtual size: 16KB

.bss Size: - Virtual size: 21KB

.idata Size: 14KB - Virtual size: 14KB

.tls Size: - Virtual size: 64B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 102KB - Virtual size: 101KB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

d5e0355f8764c235b38759b860077ceb

Headers

File Characteristics

Imports

kernel32

user32

Sections

CODE Size: 25KB - Virtual size: 39KB

DATA Size: 1KB - Virtual size: 1KB

BSS Size: - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.tls Size: - Virtual size: 4B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 1024B

36cde31e4ae4e24ff23e273a9343040b

Code Sign

df:7a:76:a0:dd:02:b5:74:81:cb:ff:c9:86:35:34:eaCertificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

05:c5:91:db:3a:74:ae:ee:0c:4c:77:e3:f7:79:9c:88Certificate

Extended Key Usages

Key Usages

CODE
Size: 319KB - Virtual size: 318KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 52B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 16KB - Virtual size: 16KB

df:7a:76:a0:dd:02:b5:74:81:cb:ff:c9:86:35:34:ea
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

05:c5:91:db:3a:74:ae:ee:0c:4c:77:e3:f7:79:9c:88
Certificate

.text
Size: 1.6MB - Virtual size: 1.6MB

.itext
Size: 4KB - Virtual size: 3KB

.data
Size: 17KB - Virtual size: 16KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 14KB - Virtual size: 14KB

.tls
Size: - Virtual size: 64B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 102KB - Virtual size: 101KB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

CODE
Size: 25KB - Virtual size: 39KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.tls
Size: - Virtual size: 4B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 1024B

df:7a:76:a0:dd:02:b5:74:81:cb:ff:c9:86:35:34:ea
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

05:c5:91:db:3a:74:ae:ee:0c:4c:77:e3:f7:79:9c:88
Certificate

.text
Size: 679KB - Virtual size: 679KB

.itext
Size: 3KB - Virtual size: 2KB

.data
Size: 14KB - Virtual size: 13KB

.bss
Size: - Virtual size: 14KB

.idata
Size: 12KB - Virtual size: 11KB

.tls
Size: - Virtual size: 64B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 42KB - Virtual size: 41KB

.rsrc
Size: 606KB - Virtual size: 605KB

.text
Size: 109KB - Virtual size: 109KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 27KB - Virtual size: 27KB