6fae566b41f9c53f1f4d137ff241aac6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6fae566b41f9c53f1f4d137ff241aac6_JaffaCakes118
Size

5.7MB
MD5

6fae566b41f9c53f1f4d137ff241aac6
SHA1

85203ff23317aa2df37ebbad2b7e08f9eef311b4
SHA256

eac446bbf4f95d4780ab8573d3775f98de6a1efe455b39f087eb16655395df50
SHA512

3a870f36e8384e72f17fc5504e4a46786fb0b0dcdde019f8764e0dfccf665e59fc319dda7c7d52a943de97bd2d9262a561cf5c33bf16c1cad84ae5c708bb71d3
SSDEEP

98304:/3af73bE2Q1V/37Gn4i0Y4bhuApBTR8pmiuflVmR6hqfBBMytuAsw/j1zd:/3i3bg/3CnL0/d8IQ6h6uccMjBd

Score

1^/10

Malware Config

Signatures

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

6fae566b41f9c53f1f4d137ff241aac6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

18bc6fa81e19f21156316b1ae696ed6b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13-09-2008 00:00

Not After

09-10-2011 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:26:8b:05:66:db:e6:30:0e:2c:5f:17:9d:79:b6:04:bd:f6:88:ef
Signer

Actual PE Digest

09:26:8b:05:66:db:e6:30:0e:2c:5f:17:9d:79:b6:04:bd:f6:88:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/$_0_ /MSADuc.cab
.cab
$TEMP/$_0_ /elist.cab
.cab
content.dat
elist.dat
$TEMP/$_0_ /ffplg.cab
.cab
IMcFFplg.xpt
chrome.manifest
contents.rdf
.xml
install.rdf
.xml
mcffplg.dll
.dll windows:4 windows x86 arch:x86

875f3d29a72178886b5f5fce35edf194

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13-09-2008 00:00

Not After

09-10-2011 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

58:af:ef:6b:58:92:2c:78:53:07:c6:53:3d:23:16:27:e3:30:ed:2c
Signer

Actual PE Digest

58:af:ef:6b:58:92:2c:78:53:07:c6:53:3d:23:16:27:e3:30:ed:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\buildsystem\node\sacore102_6337012463914.build\build\win32\release\McFFPlg.pdb

Imports

xpcom

NS_GetServiceManager
NS_Alloc
NS_CStringContainerInit
NS_CStringGetData
NS_CStringContainerFinish
NS_Free

nspr4

PR_AtomicDecrement
PR_AtomicIncrement

kernel32

CloseHandle
CreateFileA
WriteConsoleW
InterlockedIncrement
SizeofResource
FindResourceW
FlushInstructionCache
LoadResource
MultiByteToWideChar
RaiseException
InterlockedDecrement
GetCurrentProcess
GetCurrentProcessId
LockResource
FindResourceExW
LeaveCriticalSection
LoadLibraryW
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
FlushFileBuffers
lstrcpyW
lstrlenW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
RtlUnwind
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
GetProcAddress
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedCompareExchange
HeapFree
GetOEMCP
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
GetSystemTimeAsFileTime
GetLastError
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo

user32

wsprintfW
GetCursorPos
TrackPopupMenuEx
PtInRect
GetForegroundWindow
SetWindowLongW
GetWindowThreadProcessId
PostMessageW
CreateWindowExW
EnumWindows
DestroyWindow
KillTimer
IsWindow
RegisterClassExW
SetTimer
CallWindowProcW
DefWindowProcW
GetClassNameW
UnregisterClassA

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW

oleaut32

SysFreeString
SysStringLen
SysAllocString
SysAllocStringLen

shlwapi

StrCmpW

Exports

Exports

NSGetModule

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
safe.xul
.xml
saffplg.js
.js
$TEMP/$_0_ /ieplg.cab
.cab
mcieplg.dll
.dll regsvr32 windows:4 windows x86 arch:x86

7fe3a292f540c06839b903f705cbf563

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13-09-2008 00:00

Not After

09-10-2011 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ec:dc:02:3e:19:33:d5:a0:1f:80:e0:6a:da:68:5b:6a:8f:98:6f:bc
Signer

Actual PE Digest

ec:dc:02:3e:19:33:d5:a0:1f:80:e0:6a:da:68:5b:6a:8f:98:6f:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\buildsystem\node\sacore102_6337012463914.build\build\win32\release\McIEPlg.pdb

Imports

urlmon

CoInternetGetSession

wininet

InternetQueryOptionW

kernel32

GetCurrentThreadId
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryW
GetProcAddress
OutputDebugStringW
OutputDebugStringA
lstrcmpiW
lstrlenA
MultiByteToWideChar
RaiseException
GetLastError
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LeaveCriticalSection
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
ExitProcess
ReadFile
GlobalLock
GlobalAlloc
GetFileSize
CloseHandle
GlobalFree
CreateFileW
GlobalUnlock
GetModuleFileNameW
lstrlenW
InterlockedDecrement
InterlockedIncrement
CreateFileA
FlushFileBuffers
IsValidCodePage
GetOEMCP
GetCPInfo
VirtualAlloc
VirtualFree
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
WriteFile
RtlUnwind
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

user32

GetClassNameW
ReleaseDC
InvalidateRect
PostMessageW
SetTimer
IsWindowVisible
GetDC
SendMessageW
SystemParametersInfoW
DispatchMessageW
TranslateMessage
PeekMessageW
GetWindowLongW
GetFocus
GetWindowTextW
SetWindowTextW
SetFocus
EnableWindow
ShowWindow
GetParent
GetCursorPos
CallNextHookEx
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowsHookExW
CreateWindowExW
GetClientRect
SetWindowPos
TrackPopupMenuEx
MapWindowPoints
DestroyWindow
KillTimer
UnhookWindowsHookEx

gdi32

SetTextColor
GetDeviceCaps
RealizePalette
SelectPalette
GetLayout
CreateFontIndirectW

advapi32

RegOpenKeyW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyExW

shell32

ShellExecuteW

ole32

CreateStreamOnHGlobal
StringFromCLSID
CLSIDFromProgID
CoCreateInstance
StringFromGUID2
CoTaskMemFree

oleaut32

OleLoadPicture
SysFreeString
VariantClear
VariantInit
SysAllocString

shlwapi

SHDeleteKeyW
StrCmpW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_0_ /ieplg64.cab
.cab
x64/mcieplg.dll
.dll regsvr32 windows:4 windows x64 arch:x64

686b34c9f6398949979f1dd855d67930

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13-09-2008 00:00

Not After

09-10-2011 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e5:11:d7:48:25:7d:37:c1:61:f5:77:01:fa:53:d1:c0:73:d6:28:84
Signer

Actual PE Digest

e5:11:d7:48:25:7d:37:c1:61:f5:77:01:fa:53:d1:c0:73:d6:28:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\buildsystem\node\sacore102_6337012463914.build\build\x64\release\McIEPlg.pdb

Imports

urlmon

CoInternetGetSession

wininet

InternetQueryOptionW

kernel32

InitializeCriticalSection
DeleteCriticalSection
LoadLibraryW
GetProcAddress
lstrlenA
MultiByteToWideChar
OutputDebugStringW
OutputDebugStringA
RaiseException
lstrcmpiW
GetLastError
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LeaveCriticalSection
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
EnterCriticalSection
GetCurrentThreadId
GlobalUnlock
ReadFile
GlobalLock
GetFileSize
GlobalAlloc
CloseHandle
CreateFileW
GlobalFree
GetModuleFileNameW
lstrlenW
CreateFileA
FlushFileBuffers
ExitProcess
IsValidCodePage
GetOEMCP
GetCPInfo
HeapCreate
HeapSetInformation
FlsAlloc
TlsSetValue
SetLastError
FlsFree
TlsFree
FlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
WriteFile
RtlVirtualUnwind
RtlUnwindEx
RtlLookupFunctionEntry
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlPcToFileHeader
FlsSetValue
GetCommandLineA

user32

GetClassNameW
ReleaseDC
UnhookWindowsHookEx
DestroyWindow
InvalidateRect
IsWindowVisible
GetDC
SendMessageW
GetFocus
GetWindowTextW
SetWindowTextW
SystemParametersInfoW
DispatchMessageW
TranslateMessage
PeekMessageW
GetWindowLongPtrW
SetFocus
EnableWindow
ShowWindow
GetParent
GetCursorPos
CallNextHookEx
DefWindowProcW
CallWindowProcW
SetWindowLongPtrW
SetWindowsHookExW
CreateWindowExW
TrackPopupMenuEx
GetClientRect
MapWindowPoints
SetWindowPos
KillTimer
SetTimer
PostMessageW

gdi32

CreateFontIndirectW
GetDeviceCaps
RealizePalette
SelectPalette
GetLayout
SetTextColor

advapi32

RegOpenKeyW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW

shell32

ShellExecuteW

ole32

CreateStreamOnHGlobal
StringFromCLSID
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CLSIDFromProgID

oleaut32

OleLoadPicture
SysFreeString
VariantClear
VariantInit
SysAllocString

shlwapi

SHDeleteKeyW
StrCmpW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_0_ /install.ini
$TEMP/$_0_ /mcinst.exe
.exe windows:4 windows x86 arch:x86

54c6519f7e70159ee1a3d529c97a6bfe

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13-09-2008 00:00

Not After

09-10-2011 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8b:d2:d8:d9:d6:8f:89:00:5f:9e:e8:38:0b:8f:b7:12:27:98:f8:00
Signer

Actual PE Digest

8b:d2:d8:d9:d6:8f:89:00:5f:9e:e8:38:0b:8f:b7:12:27:98:f8:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\BuildSystem\Node\MCINST_LI400_6336692095639.Build\build\Win32\Release\mcinst.pdb

Imports

wintrust

WinVerifyTrust

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

FindFirstFileA
CopyFileA
GetLongPathNameA
GetModuleFileNameA
GetTempPathA
SetFileAttributesA
GetFileAttributesA
WriteFile
ReadFile
GetFileSize
GetWindowsDirectoryA
WideCharToMultiByte
GetShortPathNameW
CopyFileW
GetTempFileNameW
MoveFileExW
SetFileAttributesW
GetVersionExW
RemoveDirectoryW
FindNextFileW
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
MultiByteToWideChar
GetLocalTime
OutputDebugStringA
InterlockedIncrement
InterlockedDecrement
SetThreadPriority
GetCurrentThread
LeaveCriticalSection
GetSystemDirectoryA
EnterCriticalSection
LocalAlloc
FindNextFileA
SearchPathA
lstrlenW
ResumeThread
SuspendThread
GetCurrentProcess
SetPriorityClass
GetThreadTimes
lstrcmpiA
CreateThread
DuplicateHandle
CreateEventA
LocalFree
SetEvent
GetCurrentProcessId
CreateProcessA
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetSystemInfo
GetEnvironmentVariableA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetTempFileNameA
CreateDirectoryA
GlobalFree
GlobalAlloc
lstrcpynA
MoveFileExA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetLastError
IsBadReadPtr
SystemTimeToFileTime
GetStringTypeW
GetStringTypeA
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
Sleep
GetStdHandle
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
GetExitCodeProcess
DeleteFileA
MoveFileA
GetPrivateProfileSectionNamesA
CreateMutexA
WaitForSingleObject
GetProcessHeap
HeapAlloc
GetPrivateProfileSectionA
WritePrivateProfileStringA
lstrlenA
HeapFree
ReleaseMutex
RemoveDirectoryA
GetShortPathNameA
CreateFileA
SetFilePointer
FlushFileBuffers
CloseHandle
FindFirstFileW
GetLastError
FindClose
GetFileAttributesW
LoadLibraryA
GetProcAddress
GetThreadLocale
GetLocaleInfoA
GetACP
FreeLibrary
DeleteCriticalSection
GetVersionExA
InitializeCriticalSection
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
InterlockedExchange
GetCurrentThreadId
TlsFree
GetConsoleMode
GetConsoleCP
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
GetStartupInfoA
GetCommandLineA
RaiseException
HeapDestroy
HeapReAlloc
HeapSize
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetModuleHandleA
ExitProcess
VirtualAlloc

user32

LoadStringA
PostThreadMessageA
RegisterClassA
CreateWindowExA
SetWindowRgn
ShowWindow
GetMessageA
UnregisterClassA
DispatchMessageA
DefWindowProcA
CharNextA
wsprintfA
TranslateMessage

advapi32

RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyA
RegQueryInfoKeyA
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
LockServiceDatabase
ChangeServiceConfigA
UnlockServiceDatabase
ControlService
QueryServiceConfig2A
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
ChangeServiceConfig2A
RegEnumKeyExA
GetSecurityDescriptorControl
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegDeleteValueA
OpenSCManagerA
EnumServicesStatusExA
CloseServiceHandle
OpenServiceA
QueryServiceConfigA
DeleteService
CreateServiceA
RegEnumValueA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExW

shell32

SHGetFolderPathA

ole32

CoUninitialize
CoCreateGuid
CoInitialize
CoTaskMemFree
StringFromCLSID

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString

shlwapi

PathAppendA
PathRemoveFileSpecA
SHDeleteValueA

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/$_0_ /mcplgui.dll
.dll windows:4 windows x86 arch:x86

83de6ab458b2ed172d0e8cf7bb074273

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13-09-2008 00:00

Not After

09-10-2011 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:ca:61:c3:16:b2:74:72:e6:df:1e:c2:bb:19:7f:c2:57:64:bd:79
Signer

Actual PE Digest

25:ca:61:c3:16:b2:74:72:e6:df:1e:c2:bb:19:7f:c2:57:64:bd:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\buildsystem\node\sacore102_6337012463914.build\build\win32\release\McPlgUI.pdb

Imports

kernel32

OutputDebugStringA
GetModuleFileNameW
FlushInstructionCache
GetCurrentProcess
LockResource
MultiByteToWideChar
lstrcmpW
GlobalLock
GlobalUnlock
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
LoadResource
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
WriteFile
HeapCreate
HeapDestroy
IsValidCodePage
GetOEMCP
GetCPInfo
ExitProcess
HeapSize
Sleep
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
RtlUnwind
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GlobalFree
FindResourceW
GlobalAlloc
OutputDebugStringW
lstrlenW
GlobalHandle
GetLastError
SetLastError
MulDiv
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedIncrement
InitializeCriticalSection
RaiseException
InterlockedDecrement
GetTickCount
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

SetWindowPos
GetWindow
OffsetRect
GetWindowLongW
SetCapture
SetLayeredWindowAttributes
SetFocus
IsChild
GetWindowRect
GetParent
GetClientRect
InflateRect
GetSysColor
SystemParametersInfoW
MoveWindow
SetWindowLongW
KillTimer
SetRect
GetClassNameW
SetTimer
PtInRect
GetCursorPos
RedrawWindow
IsRectEmpty
IsWindow
EndDialog
CopyRect
ReleaseCapture
CreateAcceleratorTableW
SetWindowRgn
GetWindowTextLengthW
GetWindowRgn
ShowWindow
GetWindowTextW
FillRect
SetWindowTextW
InvalidateRgn
CallWindowProcW
GetFocus
PostMessageW
GetKeyState
DestroyAcceleratorTable
InvalidateRect
SendMessageW
GetDesktopWindow
SetWindowContextHelpId
RegisterClassExW
DestroyWindow
LoadCursorW
CharNextW
ReleaseDC
GetClassInfoExW
CreateWindowExW
RegisterWindowMessageW
GetDC
EndPaint
MapDialogRect
CreateDialogIndirectParamW
BeginPaint
DialogBoxIndirectParamW
ScreenToClient
ClientToScreen
DefWindowProcW
GetDlgItem
SetParent
UnregisterClassA

gdi32

CreateRectRgn
RoundRect
CreatePen
FillRgn
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
GetObjectW
GetStockObject
DeleteObject
SelectObject
GetDeviceCaps
CombineRgn
CreatePolygonRgn
CreateRoundRectRgn

ole32

CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
OleLockRunning
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
SysStringByteLen
SysStringLen
OleCreateFontIndirect
LoadTypeLi
SysAllocStringLen
LoadRegTypeLi
SafeArrayCreate
VariantInit
SafeArrayPutElement
SafeArrayDestroy
VariantClear

Exports

Exports

CreateBalloonDlg

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_0_ /mcsacins.dll
.dll windows:4 windows x86 arch:x86

1473255eed133f754512dcda8ebb6f5a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13-09-2008 00:00

Not After

09-10-2011 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

eb:6c:ce:4c:e7:c8:1e:2d:40:f5:05:85:62:e8:8c:0f:79:a3:04:f7
Signer

Actual PE Digest

eb:6c:ce:4c:e7:c8:1e:2d:40:f5:05:85:62:e8:8c:0f:79:a3:04:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\BuildSystem\Node\SITEADVISOR290_6336994582464.Build\build\win32\release\McSacIns.pdb

Imports

psapi

GetModuleBaseNameW
EnumProcesses

shlwapi

StrStrIW
StrRChrW

kernel32

GetModuleFileNameW
LoadLibraryW
FreeLibrary
OpenProcess
TerminateProcess
CloseHandle
GetProcAddress
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
GetProcessHeap
HeapFree
DebugBreak

advapi32

RegDeleteKeyW
RegCloseKey
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW

user32

MessageBoxW

Exports

Exports

DetectIncompatible
PostInstall
PreInstall
SetInstallDate
StartApplication
UninstallIncompatible

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 330B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_0_ /msac.ico
$TEMP/$_0_ /msacmain.cab
.cab
install.ini
mcsacins.dll
.dll windows:4 windows x86 arch:x86

1473255eed133f754512dcda8ebb6f5a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13-09-2008 00:00

Not After

09-10-2011 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

eb:6c:ce:4c:e7:c8:1e:2d:40:f5:05:85:62:e8:8c:0f:79:a3:04:f7
Signer

Actual PE Digest

eb:6c:ce:4c:e7:c8:1e:2d:40:f5:05:85:62:e8:8c:0f:79:a3:04:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\BuildSystem\Node\SITEADVISOR290_6336994582464.Build\build\win32\release\McSacIns.pdb

Imports

psapi

GetModuleBaseNameW
EnumProcesses

shlwapi

StrStrIW
StrRChrW

kernel32

GetModuleFileNameW
LoadLibraryW
FreeLibrary
OpenProcess
TerminateProcess
CloseHandle
GetProcAddress
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
GetProcessHeap
HeapFree
DebugBreak

advapi32

RegDeleteKeyW
RegCloseKey
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW

user32

MessageBoxW

Exports

Exports

DetectIncompatible
PostInstall
PreInstall
SetInstallDate
StartApplication
UninstallIncompatible

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 330B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msacmain.inf
saInst.exe
.exe windows:4 windows x86 arch:x86

e86a1cc518914ebbd4e9fe8ae0c381aa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13-09-2008 00:00

Not After

09-10-2011 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:3b:f3:09:c3:35:25:e8:b5:f9:a5:8e:08:0e:f0:d5:5d:ca:ab:4c
Signer

Actual PE Digest

32:3b:f3:09:c3:35:25:e8:b5:f9:a5:8e:08:0e:f0:d5:5d:ca:ab:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\BuildSystem\Node\SITEADVISOR290_6336994582464.Build\build\win32\release\saInst.pdb

Imports

shlwapi

StrCmpIW
StrCmpW
StrRChrW

kernel32

GetProcAddress
RaiseException
LoadLibraryW
FreeLibrary
CreateProcessW
GetCurrentThreadId
lstrcmpW
SetEvent
GetCurrentProcess
GetCommandLineW
CloseHandle
TerminateProcess
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
CreateEventW
CreateMutexW
GetLastError
OpenMutexW
GetModuleFileNameW
GetVersionExW
LCMapStringA
WideCharToMultiByte
InterlockedIncrement
SetFilePointer
GetConsoleCP
RtlUnwind
InitializeCriticalSection
LoadLibraryA
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetFileAttributesW
MoveFileExW
CreateFileW
lstrlenW
GetExitCodeProcess
ExpandEnvironmentStringsW
GetModuleHandleW
LoadLibraryExW
FindResourceExW
GetUserDefaultLangID
GetUserDefaultLCID
GetSystemDefaultLangID
GetSystemDefaultLCID
SizeofResource
LoadResource
LockResource
InterlockedDecrement
WriteFile
FlushFileBuffers
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
HeapSize
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
LCMapStringW

user32

SetWindowPos
IsWindow
GetDlgItem
CallNextHookEx
SetFocus
SetWindowTextW
RedrawWindow
UnhookWindowsHookEx
SetWindowsHookExW
MessageBoxW
GetWindowRect
PeekMessageW
TranslateMessage
DispatchMessageW
ExitWindowsEx
GetDesktopWindow
MsgWaitForMultipleObjects

advapi32

LookupPrivilegeValueW
FreeSid
CheckTokenMembership
OpenProcessToken
AllocateAndInitializeSid
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
AdjustTokenPrivileges

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

oleaut32

VariantInit
SysAllocStringLen
VariantClear
SysStringByteLen
VariantCopy
SysStringLen
VarBstrCat
SysFreeString
SysAllocString

ole32

StringFromCLSID
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/$_0_ /msacmain.inf
$TEMP/$_0_ /saInst.exe
.exe windows:4 windows x86 arch:x86

e86a1cc518914ebbd4e9fe8ae0c381aa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13-09-2008 00:00

Not After

09-10-2011 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:3b:f3:09:c3:35:25:e8:b5:f9:a5:8e:08:0e:f0:d5:5d:ca:ab:4c
Signer

Actual PE Digest

32:3b:f3:09:c3:35:25:e8:b5:f9:a5:8e:08:0e:f0:d5:5d:ca:ab:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\BuildSystem\Node\SITEADVISOR290_6336994582464.Build\build\win32\release\saInst.pdb

Imports

shlwapi

StrCmpIW
StrCmpW
StrRChrW

kernel32

GetProcAddress
RaiseException
LoadLibraryW
FreeLibrary
CreateProcessW
GetCurrentThreadId
lstrcmpW
SetEvent
GetCurrentProcess
GetCommandLineW
CloseHandle
TerminateProcess
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
CreateEventW
CreateMutexW
GetLastError
OpenMutexW
GetModuleFileNameW
GetVersionExW
LCMapStringA
WideCharToMultiByte
InterlockedIncrement
SetFilePointer
GetConsoleCP
RtlUnwind
InitializeCriticalSection
LoadLibraryA
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetFileAttributesW
MoveFileExW
CreateFileW
lstrlenW
GetExitCodeProcess
ExpandEnvironmentStringsW
GetModuleHandleW
LoadLibraryExW
FindResourceExW
GetUserDefaultLangID
GetUserDefaultLCID
GetSystemDefaultLangID
GetSystemDefaultLCID
SizeofResource
LoadResource
LockResource
InterlockedDecrement
WriteFile
FlushFileBuffers
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
HeapSize
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
LCMapStringW

user32

SetWindowPos
IsWindow
GetDlgItem
CallNextHookEx
SetFocus
SetWindowTextW
RedrawWindow
UnhookWindowsHookEx
SetWindowsHookExW
MessageBoxW
GetWindowRect
PeekMessageW
TranslateMessage
DispatchMessageW
ExitWindowsEx
GetDesktopWindow
MsgWaitForMultipleObjects

advapi32

LookupPrivilegeValueW
FreeSid
CheckTokenMembership
OpenProcessToken
AllocateAndInitializeSid
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
AdjustTokenPrivileges

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

oleaut32

VariantInit
SysAllocStringLen
VariantClear
SysStringByteLen
VariantCopy
SysStringLen
VarBstrCat
SysFreeString
SysAllocString

ole32

StringFromCLSID
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/$_0_ /sac.cab
.cab
mcbrwctl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

8fe67ab3491e176877d5e3cb9e41c368

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13-09-2008 00:00

Not After

09-10-2011 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

eb:a0:25:8a:1a:8d:d7:b8:60:bf:ff:f0:76:4e:61:ae:81:e6:e2:5d
Signer

Actual PE Digest

eb:a0:25:8a:1a:8d:d7:b8:60:bf:ff:f0:76:4e:61:ae:81:e6:e2:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\BuildSystem\Node\SITEADVISOR290_6336994582464.Build\build\win32\release\McBrwCtl.pdb

Imports

urlmon

CoInternetParseUrl

kernel32

CreateFileA
FreeLibrary
GetFileSize
GetLongPathNameW
ReleaseMutex
CreateFileW
SetFilePointer
WideCharToMultiByte
GetThreadLocale
FindNextFileW
LoadLibraryW
SetFileAttributesW
CreateMutexW
GetProcAddress
DisableThreadLibraryCalls
CloseHandle
GetFileAttributesW
WritePrivateProfileStructA
GetWindowsDirectoryA
GetLocaleInfoA
InterlockedIncrement
CreateDirectoryW
DeleteFileW
GetACP
GetCurrentProcessId
FindClose
GetVersionExW
GetPrivateProfileStringA
MoveFileExW
MultiByteToWideChar
WaitForSingleObject
ReadFile
OutputDebugStringW
GetLocalTime
GetModuleFileNameW
WaitForMultipleObjects
SetEvent
CreateEventW
GetSystemDefaultLCID
GetUserDefaultLangID
GetSystemDefaultLangID
FindResourceExW
LoadResource
GetPrivateProfileStructA
GetUserDefaultLCID
LockResource
LoadLibraryExW
lstrcmpW
FindResourceW
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
OpenMutexW
RaiseException
FlushFileBuffers
OutputDebugStringA
lstrcmpiW
lstrlenA
GetConsoleMode
GetConsoleCP
RtlUnwind
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
Sleep
ExitProcess
GetModuleFileNameA
GetStdHandle
SetLastError
GetStringTypeA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RemoveDirectoryW
GetCurrentDirectoryW
GetModuleHandleW
IsValidCodePage
GetCurrentThreadId
GetLastError
GetShortPathNameW
lstrlenW
GetCurrentProcess
WriteFile
FindFirstFileW
InterlockedDecrement
GetConsoleOutputCP
WriteConsoleW
SizeofResource
GetOEMCP
GetCPInfo
WriteConsoleA
SetStdHandle
LoadLibraryA
GetStringTypeW
VirtualFree
HeapCreate
GetCommandLineA
CreateThread
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualAlloc
VirtualProtect
GetProcessHeap
HeapSize
HeapReAlloc
InterlockedExchange
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree

user32

UnregisterClassA
GetSystemMetrics
RedrawWindow
CallNextHookEx
UnhookWindowsHookEx
SetWindowTextW
IsWindow
MessageBoxW
GetDlgItem
GetSubMenu
EnableMenuItem
ModifyMenuW
DestroyMenu
DeleteMenu
GetParent
GetClassNameW
LoadMenuIndirectW
DispatchMessageW
GetWindowRect
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
GetDesktopWindow
SetWindowsHookExW

advapi32

RegCreateKeyExW
RegEnumKeyW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW

ole32

CoUninitialize
CoGetInterfaceAndReleaseStream
CoTaskMemFree
StringFromCLSID
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CLSIDFromProgID
CoCreateInstance

oleaut32

VariantCopy
SysAllocStringByteLen
SysAllocStringLen
VariantClear
SysStringByteLen
SysFreeString
VarBstrCat
VarBstrCmp
SysStringLen
VariantInit
SysAllocString

shlwapi

StrRChrW
StrStrW
StrCmpIW
StrCmpW

Exports

Exports

DllRegisterServer
DllUnregisterServer
GetEventHandlerFactory

Sections

.text
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SAC_SHAR
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mcsacore.exe
.exe windows:4 windows x86 arch:x86

cc320de4604927c9951c5534d46c7bbd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13-09-2008 00:00

Not After

09-10-2011 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:5b:34:36:66:09:69:d3:f6:46:36:eb:29:dc:db:c7:1a:f2:dd:33
Signer

Actual PE Digest

93:5b:34:36:66:09:69:d3:f6:46:36:eb:29:dc:db:c7:1a:f2:dd:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\BuildSystem\Node\SITEADVISOR290_6336994582464.Build\build\win32\release\McSACore.pdb

Imports

urlmon

CoInternetParseUrl

userenv

CreateEnvironmentBlock

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

ws2_32

inet_addr
inet_ntoa

kernel32

GetUserDefaultLangID
GetUserDefaultLCID
GetSystemDefaultLangID
GetSystemDefaultLCID
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
WriteFile
VirtualAlloc
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
HeapFree
SetCurrentDirectoryW
LocalFree
LoadLibraryW
GetProcAddress
LoadLibraryExW
OutputDebugStringW
GetCurrentThread
GetCurrentProcess
lstrcmpiW
FreeLibrary
GetVersionExW
OpenEventW
GetTickCount
GetModuleFileNameW
CreateFileW
SetFilePointer
ReadFile
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCommandLineW
GetLastError
InterlockedDecrement
InterlockedIncrement
SetEvent
GetCurrentThreadId
GetModuleHandleW
OpenProcess
CreateThread
Sleep
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WaitForSingleObject
CloseHandle
IsValidCodePage
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetOEMCP
GetCPInfo
ExitProcess
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
RtlUnwind
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetFileType
GetExitCodeProcess
CreateProcessW
lstrcmpW
WaitForMultipleObjects
HeapAlloc
IsBadReadPtr
IsBadCodePtr
CreateEventW
GetProcessHeap
GetStartupInfoA
SetHandleCount

user32

UnregisterClassA
MsgWaitForMultipleObjects
MessageBoxW
CharUpperW
CharNextW
CharLowerBuffW
LoadStringW
PostThreadMessageW
GetMessageW
DispatchMessageW
TranslateMessage
PeekMessageW

advapi32

ConvertSidToStringSidW
ImpersonateLoggedOnUser
CreateProcessAsUserW
DuplicateTokenEx
RegEnumValueW
RegisterServiceCtrlHandlerExW
ChangeServiceConfig2W
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorDacl
RegEnumKeyExW
ControlService
DeleteService
CreateServiceW
InitializeAcl
AddAccessAllowedAce
GetAclInformation
AddAce
GetAce
LookupAccountNameW
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyW
RegCreateKeyW
GetSecurityDescriptorLength
RegSetValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ChangeServiceConfigW
StartServiceCtrlDispatcherW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoResumeClassObjects
CoImpersonateClient
CoTaskMemAlloc
CoSuspendClassObjects
CoInitializeEx
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoInitializeSecurity
CoRevokeClassObject
CoRevertToSelf
CoRegisterClassObject

oleaut32

SysAllocString
SysFreeString
SysStringLen
VarBstrCmp
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantCopy
VariantClear
VariantInit

shlwapi

StrSpnW
StrRChrW
StrCmpW

crypt32

CertGetCertificateChain
CertGetCertificateContextProperty
CryptDecodeObject
CertCloseStore
CertFreeCertificateContext
CryptMsgClose
CertFreeCertificateChain
CertGetSubjectCertificateFromStore
CryptMsgGetParam
CryptQueryObject
CertGetNameStringW
CertVerifyCertificateChainPolicy

wintrust

WinVerifyTrust

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mcsacoreps.dll
.dll regsvr32 windows:4 windows x86 arch:x86

0a1396a4c40548211d8c43afa8274e9d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13-09-2008 00:00

Not After

09-10-2011 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:58:1a:b6:91:97:ad:bc:90:aa:70:fc:d9:3f:1d:53:9e:dc:a4:4b
Signer

Actual PE Digest

2a:58:1a:b6:91:97:ad:bc:90:aa:70:fc:d9:3f:1d:53:9e:dc:a4:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\BuildSystem\Node\SITEADVISOR290_6336994582464.Build\build\win32\release\McSACorePS.pdb

Imports

kernel32

LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
MultiByteToWideChar
HeapSize
RtlUnwind
HeapReAlloc
VirtualAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
DisableThreadLibraryCalls
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSection

rpcrt4

NdrOleAllocate
NdrOleFree
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy

oleaut32

BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree

advapi32

OpenServiceW
ControlService
CloseServiceHandle
OpenSCManagerW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sac.inf
saupkeep.dll
.dll regsvr32 windows:4 windows x86 arch:x86

0f181fd1fdbb0b6006038d70fe674825

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13-09-2008 00:00

Not After

09-10-2011 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:9c:6b:70:89:ce:dc:13:93:99:7e:6e:23:37:a1:b3:73:bd:52:4f
Signer

Actual PE Digest

65:9c:6b:70:89:ce:dc:13:93:99:7e:6e:23:37:a1:b3:73:bd:52:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\BuildSystem\Node\SITEADVISOR290_6336994582464.Build\build\win32\release\saUpKeep.pdb

Imports

winhttp

WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpConnect
WinHttpSetOption
WinHttpCloseHandle
WinHttpReadData
WinHttpOpenRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpAddRequestHeaders

ws2_32

inet_addr

psapi

GetModuleBaseNameW
EnumProcesses

wintrust

WinVerifyTrust

kernel32

GetLocalTime
FindResourceW
lstrlenW
OutputDebugStringW
GetCurrentDirectoryW
lstrcmpiW
SizeofResource
InitializeCriticalSection
LoadResource
CreateEventW
FreeLibrary
FindFirstFileW
CreateMutexW
DeleteCriticalSection
EnterCriticalSection
FindNextFileW
FindClose
GetFileAttributesW
LoadLibraryW
LeaveCriticalSection
WaitForMultipleObjects
SetProcessWorkingSetSize
CreateDirectoryW
GetProcAddress
WaitForSingleObject
SetFileAttributesW
DeleteFileW
RaiseException
ReleaseMutex
DisableThreadLibraryCalls
RemoveDirectoryW
InterlockedIncrement
MoveFileExW
InterlockedDecrement
GetTempFileNameW
GetModuleHandleW
CopyFileW
GetModuleFileNameW
GetWindowsDirectoryA
LoadLibraryExW
GetLongPathNameW
LockResource
FindResourceExW
lstrlenA
GlobalFree
OpenProcess
MoveFileW
CreateProcessW
GetDateFormatW
LocalFree
GetSystemDefaultLangID
GetSystemDefaultLCID
GetUserDefaultLangID
GetUserDefaultLCID
GetPrivateProfileStringW
GetPrivateProfileStructW
FlushFileBuffers
GlobalAlloc
GlobalLock
GlobalUnlock
GetACP
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
Sleep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetVersionExA
LoadLibraryA
WriteConsoleA
SetStdHandle
GetModuleFileNameA
GetStringTypeW
WriteFile
GetLocaleInfoA
GetCurrentThreadId
GetShortPathNameW
GetThreadLocale
GetVersionExW
CreateFileW
CloseHandle
MultiByteToWideChar
GetCurrentProcessId
WideCharToMultiByte
SetFilePointer
ReadFile
WritePrivateProfileStructA
GetFileSize
CreateFileA
GetPrivateProfileStringA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetTimeZoneInformation
LCMapStringW
ExitThread
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualAlloc
VirtualProtect
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InterlockedExchange
DuplicateHandle
GetCurrentThread
lstrcmpW
ExpandEnvironmentStringsW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetPrivateProfileStructA
GetCurrentProcess
GetLastError
LCMapStringA
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
GetCPInfo
GetConsoleOutputCP
WriteConsoleW
RtlUnwind
ExitProcess
GetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
SystemTimeToFileTime

user32

PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjects
CharNextW
UnregisterClassA
TranslateMessage

advapi32

RegEnumKeyExW
RegLoadKeyW
GetTokenInformation
OpenThreadToken
DuplicateTokenEx
OpenProcessToken
ConvertSidToStringSidW
CreateProcessAsUserW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExW
RegCreateKeyW
ImpersonateLoggedOnUser
RevertToSelf
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExW
RegQueryValueExA

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFolderPathW
ShellExecuteW

ole32

CoRegisterClassObject
CoGetClassObject
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
StringFromCLSID
CoCreateInstance
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
CoRevokeClassObject
CoUninitialize
CoImpersonateClient
CoRevertToSelf
CoTaskMemFree

oleaut32

SystemTimeToVariantTime
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantTimeToSystemTime
SafeArrayPutElement
SafeArrayCreate
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantCopy
VariantChangeType
VarCmp
LoadTypeLi
LoadRegTypeLi
SysFreeString
SysStringLen
VarUI4FromStr
VariantClear
SysAllocString
VariantInit
UnRegisterTypeLi
RegisterTypeLi

shlwapi

wnsprintfW
StrCmpW
StrStrIW
StrRChrW
StrCmpIW
SHDeleteKeyW

crypt32

CertGetCertificateContextProperty
CryptDecodeObject
CertVerifyCertificateChainPolicy
CertGetNameStringW
CryptQueryObject
CryptMsgGetParam
CertGetSubjectCertificateFromStore
CertFreeCertificateChain
CryptMsgClose
CertGetCertificateChain
CertCloseStore
CertFreeCertificateContext

userenv

CreateEnvironmentBlock

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW

Exports

Exports

CheckUpdate
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MsacThreadMain
ScanUpSell
SendInstallPing
saReg
saSync

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe
.exe windows:4 windows x86 arch:x86

1530aa20c45a9e14732bc972eef00d8f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13-09-2008 00:00

Not After

09-10-2011 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a7:21:5a:dd:6b:5b:1a:69:76:2a:58:aa:26:97:cc:6b:92:10:2d:d2
Signer

Actual PE Digest

a7:21:5a:dd:6b:5b:1a:69:76:2a:58:aa:26:97:cc:6b:92:10:2d:d2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\BuildSystem\Node\SITEADVISOR290_6336994582464.Build\build\win32\release\Uninstall.pdb

Imports

psapi

GetModuleBaseNameW
EnumProcesses

shlwapi

StrStrIW
StrRChrW

kernel32

TerminateProcess
CloseHandle
GetCommandLineW
CreateProcessW
CreateEventW
OpenProcess
GetLastError
LoadLibraryW
CreateMutexW
GetVersionExW
GetCurrentThreadId
WaitForSingleObject
InterlockedIncrement
RaiseException
GetProcAddress
SetEvent
GetModuleFileNameW
lstrcmpW
FreeLibrary
GetLocaleInfoA
OpenMutexW
UnhandledExceptionFilter
CreateFileA
WriteConsoleW
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
RtlUnwind
InitializeCriticalSection
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
InterlockedDecrement
LoadLibraryExW
FindResourceExW
GetUserDefaultLangID
GetUserDefaultLCID
GetSystemDefaultLangID
GetSystemDefaultLCID
SizeofResource
LoadResource
LockResource
GetModuleHandleW
MoveFileExW
CreateFileW
FlushFileBuffers
SetFilePointer
WriteFile
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
GetCurrentProcess
LoadLibraryA
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

user32

SetWindowTextW
CallNextHookEx
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
GetWindowRect
GetDesktopWindow
UnhookWindowsHookEx
MessageBoxW
SetWindowsHookExW
GetDlgItem
SetFocus

advapi32

RegCloseKey
CheckTokenMembership
RegOpenKeyExW
AllocateAndInitializeSid
RegQueryValueExW
FreeSid

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit
VariantCopy
SysAllocStringLen

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/$_0_ /sac64.cab
.cab
sac64.inf
x64/mcbrwctl.dll
.dll regsvr32 windows:4 windows x64 arch:x64

dc2fa159e879dc4a33798295298972f5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13-09-2008 00:00

Not After

09-10-2011 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:09:7a:09:fc:d5:ed:40:93:26:1d:0d:aa:14:b2:ba:df:06:67:b3
Signer

Actual PE Digest

4b:09:7a:09:fc:d5:ed:40:93:26:1d:0d:aa:14:b2:ba:df:06:67:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\BuildSystem\Node\SITEADVISOR290_6336994582464.Build\build\x64\release\McBrwCtl.pdb

Imports

urlmon

CoInternetParseUrl

kernel32

GetCurrentThreadId
lstrlenW
WideCharToMultiByte
SetFilePointer
GetLongPathNameW
GetPrivateProfileStructA
CreateFileW
ReleaseMutex
RemoveDirectoryW
CreateMutexW
FindNextFileW
LoadLibraryW
GetThreadLocale
GetProcAddress
SetFileAttributesW
DisableThreadLibraryCalls
GetWindowsDirectoryA
CloseHandle
WritePrivateProfileStructA
CreateDirectoryW
GetLocaleInfoA
GetFileAttributesW
DeleteFileW
FindClose
MoveFileExW
GetACP
GetPrivateProfileStringA
GetCurrentProcessId
WaitForSingleObject
GetVersionExW
OutputDebugStringW
SetEvent
CreateEventW
WaitForMultipleObjects
GetUserDefaultLCID
LoadLibraryExW
SizeofResource
LockResource
GetSystemDefaultLCID
GetUserDefaultLangID
GetSystemDefaultLangID
FindResourceExW
LoadResource
lstrcmpW
FindResourceW
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
OpenMutexW
RaiseException
GetModuleHandleW
FlushFileBuffers
lstrcmpiW
lstrlenA
OutputDebugStringA
GetConsoleMode
GetConsoleCP
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
RtlLookupFunctionEntry
RtlVirtualUnwind
GetModuleFileNameA
GetStdHandle
RtlPcToFileHeader
IsValidCodePage
GetOEMCP
GetCPInfo
HeapCreate
HeapSetInformation
GetCurrentDirectoryW
GetShortPathNameW
GetLastError
FreeLibrary
GetFileSize
CreateFileA
GetModuleFileNameW
GetLocalTime
MultiByteToWideChar
ExitProcess
ReadFile
FindFirstFileW
WriteFile
GetConsoleOutputCP
WriteConsoleW
Sleep
FlsAlloc
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LoadLibraryA
TlsSetValue
SetLastError
FlsFree
TlsFree
FlsGetValue
RtlUnwindEx
GetCommandLineA
FlsSetValue
CreateThread
ExitThread
GetSystemTimeAsFileTime
RtlCaptureContext
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualProtect
VirtualAlloc
GetModuleHandleA
GetSystemInfo
VirtualQuery

user32

UnregisterClassA
RedrawWindow
SetWindowsHookExW
UnhookWindowsHookEx
SetWindowTextW
MessageBoxW
IsWindow
GetDlgItem
CallNextHookEx
DeleteMenu
ModifyMenuW
DestroyMenu
GetSubMenu
EnableMenuItem
GetClassNameW
GetParent
LoadMenuIndirectW
TranslateMessage
PeekMessageW
GetDesktopWindow
DispatchMessageW
GetWindowRect
MsgWaitForMultipleObjects
GetSystemMetrics

advapi32

RegEnumKeyW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
RegCloseKey

ole32

CoUninitialize
CoGetInterfaceAndReleaseStream
CoTaskMemFree
StringFromCLSID
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CLSIDFromProgID
CoCreateInstance

oleaut32

VariantClear
SysAllocStringByteLen
SysAllocString
SysStringByteLen
SysFreeString
VarBstrCat
VarBstrCmp
SysStringLen
VariantCopy
VariantInit
SysAllocStringLen

shlwapi

StrCmpIW
StrStrW
StrRChrW
StrCmpW

Exports

Exports

DllRegisterServer
DllUnregisterServer
GetEventHandlerFactory

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

SAC_SHAR
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/mcsacoreps.dll
.dll regsvr32 windows:4 windows x64 arch:x64

0a4e4fa888e49e2bfe47d0d49c3ebca8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13-09-2008 00:00

Not After

09-10-2011 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

eb:0c:c2:3b:e3:a2:80:d3:b8:17:f1:8e:1f:65:0f:66:13:2f:35:7e
Signer

Actual PE Digest

eb:0c:c2:3b:e3:a2:80:d3:b8:17:f1:8e:1f:65:0f:66:13:2f:35:7e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\BuildSystem\Node\SITEADVISOR290_6336994582464.Build\build\x64\release\McSACorePS.pdb

Imports

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
MultiByteToWideChar
HeapSize
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
DisableThreadLibraryCalls
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
FlsGetValue
TlsFree
FlsFree
SetLastError
GetLastError
TlsSetValue
FlsAlloc
Sleep
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
RtlUnwindEx
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
LoadLibraryA
InitializeCriticalSection

rpcrt4

NdrOleAllocate
NdrOleFree
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy

oleaut32

BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree

advapi32

OpenServiceW
ControlService
CloseServiceHandle
OpenSCManagerW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 199B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 914B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_0_ /sachook.cab
.cab
$TEMP/$_0_ /sacimg.cab
.cab
$TEMP/$_0_ /sacomm.cab
.cab
$TEMP/$_0_ /sacomm64.cab
.cab
$TEMP/$_0_ /sacore.cab
.cab
$TEMP/$_0_ /sacore64.cab
.cab
$TEMP/$_0_ /sacorinf.cab
.cab
$TEMP/$_0_ /sacres.cab
.cab
$TEMP/$_0_ /sacres.inf
$TEMP/$_0_ /safeff.cab
.cab
$TEMP/$_0_ /safeie.cab
.cab
$TEMP/$_0_ /safelocalization.cab
.cab
$TEMP/$_0_ /sares.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13-09-2008 00:00

Not After

09-10-2011 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:ca:6a:f5:26:f9:ab:51:97:ce:69:d5:26:8d:ac:ba:55:02:8d:e3
Signer

Actual PE Digest

0f:ca:6a:f5:26:f9:ab:51:97:ce:69:d5:26:8d:ac:ba:55:02:8d:e3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\BuildSystem\Node\SITEADVISOR290_6336520389914.Build\build\win32\release\saRes.pdb

Sections

.rdata
Size: 512B - Virtual size: 137B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_0_ /subst.cab
.cab
$TEMP/$_0_ /uc.cab
.cab
$TEMP/$_0_ /ytb_inst.exe
.exe windows:4 windows x86 arch:x86

afe04f6b32f7770e9292abfe4124f932

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:2d:0e:95:59:2b:51:5a:5c:f3:f5:c5:d5:9c:88:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11-08-2006 00:00

Not After

03-09-2009 23:59

Subject

CN=Yahoo! Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Yahoo! Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
CreateDialogParamW
DestroyWindow
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18bc6fa81e19f21156316b1ae696ed6b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

09:26:8b:05:66:db:e6:30:0e:2c:5f:17:9d:79:b6:04:bd:f6:88:efSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 109KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 26KB - Virtual size: 26KB

875f3d29a72178886b5f5fce35edf194

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

58:af:ef:6b:58:92:2c:78:53:07:c6:53:3d:23:16:27:e3:30:ed:2cSigner

Headers

File Characteristics

PDB Paths

Imports

xpcom

nspr4

kernel32

user32

advapi32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 58KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 5KB - Virtual size: 11KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 7KB - Virtual size: 7KB

7fe3a292f540c06839b903f705cbf563

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

09:26:8b:05:66:db:e6:30:0e:2c:5f:17:9d:79:b6:04:bd:f6:88:ef
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 109KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 26KB - Virtual size: 26KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

58:af:ef:6b:58:92:2c:78:53:07:c6:53:3d:23:16:27:e3:30:ed:2c
Signer

.text
Size: 58KB - Virtual size: 58KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 5KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 7KB - Virtual size: 7KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

ec:dc:02:3e:19:33:d5:a0:1f:80:e0:6a:da:68:5b:6a:8f:98:6f:bc
Signer

.text
Size: 97KB - Virtual size: 96KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 6KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

e5:11:d7:48:25:7d:37:c1:61:f5:77:01:fa:53:d1:c0:73:d6:28:84
Signer

.text
Size: 126KB - Virtual size: 126KB

.rdata
Size: 41KB - Virtual size: 40KB