70fd98825ac825de8a27e7cd3445a03a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

70fd98825ac825de8a27e7cd3445a03a_JaffaCakes118
Size

1.5MB
MD5

70fd98825ac825de8a27e7cd3445a03a
SHA1

8004d3aefb2f466d5bbec7f55ebbf99c834ff40a
SHA256

592989e07252caa5501c53583b85c4efac94e0d90e0cb1e837d4314db2dbe2c2
SHA512

eeaacf1c48a0f08f1ec0afc7f8a218a5d4af84e8a7cf69c6dcf674407c2166339771b64f8a0b24baaabb5e5dd3ec20dff83dd6ae9b408ae9e15074fe6308bd8f
SSDEEP

24576:JFuHw5UE3FlQPJ466jZUMzehzZc7WvGQW903bGqI5X8gkc25+nDrToXmgcDxHXtB:nGw5Ue6NaU/M7VWqP5MkQ+nDPoXw3IIR

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
70fd98825ac825de8a27e7cd3445a03a_JaffaCakes118
unpack001/$PLUGINSDIR/NSISdl.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/inetc.dll
unpack002/$PLUGINSDIR/nsExec.dll
unpack002/bin/bcdboot.exe
unpack002/bin/bcdedit.exe
unpack002/bin/udefrag-kernel.dll
unpack002/bin/udefrag.dll
unpack002/bin/udefrag.exe
unpack002/bin/zenwinx.dll

NSIS installer 3 IoCs

installer

resource	yara_rule
sample	nsis_installer_2
static1/unpack001/$TEMP/easybcd-2.1.1.exe	nsis_installer_1
static1/unpack001/$TEMP/easybcd-2.1.1.exe	nsis_installer_2

Files

70fd98825ac825de8a27e7cd3445a03a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

28a099a911237a28521d8b7ea250f089

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 150KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

826f63babc644cdb846b4d888d102fa0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateFileA
CreateSemaphoreA
CreateThread
DeleteFileA
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetTickCount
GlobalAlloc
GlobalFree
InterlockedDecrement
InterlockedIncrement
MulDiv
ReleaseSemaphore
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WriteFile
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

msvcrt

_write
__dllonexit
_errno
_iob
abort
fflush
fputc
fputs
free
fwrite
malloc
memcpy
realloc
strcmp
strcpy
strlen

user32

CallWindowProcA
CharPrevA
CreateWindowExA
DestroyWindow
EnableWindow
FindWindowExA
GetClientRect
GetDlgItem
GetFocus
GetWindowLongA
GetWindowRect
IsWindowVisible
RegisterWindowMessageA
SendMessageA
SetDlgItemTextA
SetWindowLongA
SetWindowTextA
ShowWindow
wsprintfA

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
closesocket
connect
gethostbyname
getsockname
htons
inet_addr
ioctlsocket
recv
select
send
shutdown
socket

Exports

Exports

download
download_quiet

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 95B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/easybcd-2.1.1.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:17:f7:e7:e2:fa:2c:79:fc:ec:1f:6e:54:62:27:a3
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28-10-2011 00:00

Not After

27-10-2014 23:59

Subject

CN=NeoSmart Technologies,O=NeoSmart Technologies,POSTALCODE=60634,STREET=4038 N McVicker Ave,L=Chicago,ST=IL,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:10:32:04:d1:a9:cb:1f:bd:e3:67:20:56:8f:5e:b2:ed:f9:d3:cf
Signer

Actual PE Digest

9e:10:32:04:d1:a9:cb:1f:bd:e3:67:20:56:8f:5e:b2:ed:f9:d3:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$0/The NeoSmart Files.url
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

5bdcdde5acd7b395f3f3d19ebbb8c6cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

GlobalFree
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
GetFileSize
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx
SetFilePointer
GetTickCount

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
IsWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
GetWindowLongA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EasyBCD.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:17:f7:e7:e2:fa:2c:79:fc:ec:1f:6e:54:62:27:a3
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28-10-2011 00:00

Not After

27-10-2014 23:59

Subject

CN=NeoSmart Technologies,O=NeoSmart Technologies,POSTALCODE=60634,STREET=4038 N McVicker Ave,L=Chicago,ST=IL,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b8:81:c1:5d:23:d2:27:92:9c:8e:6c:5a:3b:70:50:7c:9f:80:44:7f
Signer

Actual PE Digest

b8:81:c1:5d:23:d2:27:92:9c:8e:6c:5a:3b:70:50:7c:9f:80:44:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\GIT\EasyBCD\EasyBCD\bin\optimized\EasyBCD.pdb

Imports

mscoree

_CorExeMain

Sections

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LICENSE
bin/BootGrabber.exe
.exe windows:5 windows x86 arch:x86

07b659182a584c08b0f10d705a07a73f

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:17:f7:e7:e2:fa:2c:79:fc:ec:1f:6e:54:62:27:a3
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28-10-2011 00:00

Not After

27-10-2014 23:59

Subject

CN=NeoSmart Technologies,O=NeoSmart Technologies,POSTALCODE=60634,STREET=4038 N McVicker Ave,L=Chicago,ST=IL,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e5:3e:60:8c:24:e9:9d:b6:32:01:79:fd:7e:a5:cc:76:69:14:93:b6
Signer

Actual PE Digest

e5:3e:60:8c:24:e9:9d:b6:32:01:79:fd:7e:a5:cc:76:69:14:93:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\GIT\EasyBCD\Release\BootGrabber.pdb

Imports

kernel32

ReadFile
CreateFileW
WriteFile
DefineDosDeviceW
WaitForSingleObject
GetFileAttributesW
GetModuleFileNameW
WideCharToMultiByte
SizeofResource
GetLastError
LoadResource
FindResourceW
FindResourceExW
GetCurrentProcess
LocalFree
GetExitCodeProcess
CreatePipe
DuplicateHandle
CreateProcessW
DeviceIoControl
FindVolumeClose
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
GetVolumeInformationW
FindFirstVolumeW
CloseHandle
FreeLibrary
GetProcAddress
LockResource
LoadLibraryW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCommandLineW
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
GetModuleHandleW
ExitProcess
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetStdHandle
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
FlushFileBuffers

advapi32

LookupPrivilegeValueW
FreeSid
OpenProcessToken
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
RegCloseKey
RegEnumValueW
RegOpenKeyExW
AdjustTokenPrivileges

shlwapi

PathRemoveFileSpecW
PathAddBackslashW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/NST Downloader.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:17:f7:e7:e2:fa:2c:79:fc:ec:1f:6e:54:62:27:a3
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28-10-2011 00:00

Not After

27-10-2014 23:59

Subject

CN=NeoSmart Technologies,O=NeoSmart Technologies,POSTALCODE=60634,STREET=4038 N McVicker Ave,L=Chicago,ST=IL,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

df:86:23:f0:f7:1c:4e:eb:ad:23:fd:d4:c5:62:b6:1b:6e:1b:4b:4c
Signer

Actual PE Digest

df:86:23:f0:f7:1c:4e:eb:ad:23:fd:d4:c5:62:b6:1b:6e:1b:4b:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SVN\NST Downloader\trunk\NST Downloader\obj\Release\NST Downloader.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/NetTest.exe
.exe windows:5 windows x86 arch:x86

91039a2d0de1619d95e387015cf0c6dc

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:17:f7:e7:e2:fa:2c:79:fc:ec:1f:6e:54:62:27:a3
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28-10-2011 00:00

Not After

27-10-2014 23:59

Subject

CN=NeoSmart Technologies,O=NeoSmart Technologies,POSTALCODE=60634,STREET=4038 N McVicker Ave,L=Chicago,ST=IL,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

96:35:fc:7e:31:77:f9:e4:be:48:ce:e7:a1:ed:70:17:b7:10:7b:b4
Signer

Actual PE Digest

96:35:fc:7e:31:77:f9:e4:be:48:ce:e7:a1:ed:70:17:b7:10:7b:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Mahmoud Al-Qudsi\Documents\Visual Studio 2010\Projects\InternetTest\Release\NetTest.pdb

Imports

wininet

InternetGetConnectedState

kernel32

GetStringTypeW
GetCommandLineW
HeapSetInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
HeapFree
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
WideCharToMultiByte
HeapSize
HeapAlloc
HeapReAlloc
IsProcessorFeaturePresent
LCMapStringW
MultiByteToWideChar

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/UtfRedirect.exe
.exe windows:5 windows x86 arch:x86

47e3a1b97d6d2b733a4b554f5929f21c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:17:f7:e7:e2:fa:2c:79:fc:ec:1f:6e:54:62:27:a3
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28-10-2011 00:00

Not After

27-10-2014 23:59

Subject

CN=NeoSmart Technologies,O=NeoSmart Technologies,POSTALCODE=60634,STREET=4038 N McVicker Ave,L=Chicago,ST=IL,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

14:b0:d2:7d:f9:a6:b7:26:a1:33:5f:48:23:7c:1e:e9:ea:20:e3:80
Signer

Actual PE Digest

14:b0:d2:7d:f9:a6:b7:26:a1:33:5f:48:23:7c:1e:e9:ea:20:e3:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\GIT\UtfRedirect\Release\UtfRedirect.pdb

Imports

kernel32

MultiByteToWideChar
LoadLibraryW
GetProcAddress
CloseHandle
WaitForSingleObject
FreeLibrary
SetConsoleCP
SetConsoleOutputCP
GetStdHandle
SetStdHandle
CreateProcessW
GetExitCodeProcess
GetLastError
HeapFree
GetCommandLineW
HeapSetInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
HeapAlloc
IsProcessorFeaturePresent
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
Sleep
HeapSize
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoW
HeapReAlloc
WriteConsoleW
LCMapStringW
GetStringTypeW
CreateFileW
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSection
GetProcessHeap
ReadFile

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/bcdboot.exe
.exe windows:6 windows x86 arch:x86

1a16d1b3988c58f85caa16730bac4ae7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

bcdboot.pdb

Imports

kernel32

SetUnhandledExceptionFilter
OutputDebugStringA
GetModuleHandleA
Sleep
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
GetStdHandle
GetFileType
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
WideCharToMultiByte
GetProcessHeap
HeapAlloc
WriteFile
HeapFree
GetModuleFileNameW
GetLastError
InterlockedCompareExchange
SetLastError
UnhandledExceptionFilter
LoadLibraryExW
QueryDosDeviceW
LocalFree
GetFileAttributesW
GetVolumeInformationW
GetVolumePathNameW
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
CreateFileW
GetCurrentThread
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSizeEx
GetLocaleInfoW
DeviceIoControl
CopyFileExW
GetFullPathNameW
CreateDirectoryW
GetVersionExW
GetCurrentProcess
SearchPathW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
LoadResource
FindResourceExW

msvcrt

bsearch
wcsstr
strncmp
wcsncmp
ungetc
_isatty
_write
_lseeki64
_fileno
_wcsnicmp
__pioinfo
__badioinfo
realloc
wcstombs
ferror
wctomb
_itoa
_snprintf
localeconv
isxdigit
isleadbyte
mbtowc
isdigit
calloc
fwprintf
fflush
_read
wcsrchr
_controlfp
?terminate@@YAXXZ
iswctype
free
malloc
memcpy
memset
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_iob
__mb_cur_max
wcschr
_vsnwprintf
_wcsupr
_wcslwr
_errno
_wsetlocale
_wcsicmp
wcstoul

imagehlp

CheckSumMappedFile

shlwapi

PathRemoveBackslashW

ntdll

NtAllocateUuids
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlGetVersion
NtResetEvent
LdrGetDllHandle
RtlInitAnsiString
LdrGetProcedureAddress
NtDeleteKey
NtCreateFile
NtSaveKey
NtSetValueKey
NtQueryValueKey
NtDeleteValueKey
NtCreateKey
NtSetSecurityObject
RtlAllocateAndInitializeSid
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
NtOpenThreadToken
NtOpenProcessToken
NtAdjustPrivilegesToken
NtLoadKey
NtUnloadKey
NtQueryAttributesFile
NtQueryKey
NtEnumerateKey
NtOpenKey
RtlFreeUnicodeString
RtlStringFromGUID
RtlAllocateHeap
RtlFreeHeap
NtSetInformationFile
LdrFindResource_U
LdrAccessResource
NtQueryInformationFile
NtOpenProcess
NtQueryInformationProcess
NtSetInformationThread
NtOpenFile
NtCreateEvent
NtDeviceIoControlFile
NtWaitForSingleObject
NtQueryInformationThread
NtClose
NtQuerySystemInformation
RtlNtStatusToDosError
RtlCompareMemory
RtlUnwind
RtlInitUnicodeString
RtlGUIDFromString
RtlFreeSid

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

advapi32

LookupPrivilegeValueW
OpenThreadToken
SetNamedSecurityInfoW
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
ConvertStringSecurityDescriptorToSecurityDescriptorW
AdjustTokenPrivileges
ConvertSidToStringSidW
GetTokenInformation
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/bcdedit.exe
.exe windows:6 windows x86 arch:x86

aea7ec4000ea25c8f07648a3a844869b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

bcdedit.pdb

Imports

kernel32

GetConsoleOutputCP
WriteConsoleW
GetConsoleMode
GetFileType
GetStdHandle
DeviceIoControl
CloseHandle
CreateFileW
GetModuleFileNameW
SetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
LocalFree
FormatMessageW
WideCharToMultiByte
LoadLibraryExW
LoadResource
FindResourceExW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
WriteFile
QueryDosDeviceW
GetLastError
CreateFileMappingW
GetVersionExW
GetLocaleInfoW
UnmapViewOfFile
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SearchPathW
MapViewOfFile

msvcrt

__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
__setusermatherr
__p__commode
__set_app_type
memmove
malloc
free
iswctype
?terminate@@YAXXZ
_controlfp
calloc
isdigit
mbtowc
isleadbyte
isxdigit
localeconv
_snprintf
_itoa
wctomb
ferror
wcstombs
realloc
__badioinfo
__pioinfo
_read
_fileno
_lseeki64
_write
_isatty
ungetc
bsearch
wcsncmp
strncmp
wcsstr
wcsrchr
_iob
__mb_cur_max
_wcsupr
_wcslwr
_errno
_wsetlocale
iswspace
towupper
_vsnwprintf
memcpy
memset
wcschr
_wcsicmp
wcstoul
_wcsnicmp
__p__fmode

ntdll

RtlUnwind
RtlStringFromGUID
NtOpenFile
NtClose
RtlGUIDFromString
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlFreeUnicodeString
RtlCompareMemory
RtlAllocateHeap
RtlNtStatusToDosError
RtlFreeHeap
NtQuerySystemInformation
NtWaitForSingleObject
NtDeviceIoControlFile
NtCreateEvent
NtOpenKey
NtEnumerateKey
NtQueryKey
NtQueryAttributesFile
NtUnloadKey
NtLoadKey
NtAdjustPrivilegesToken
NtOpenProcessToken
NtOpenThreadToken
RtlFreeSid
RtlSetOwnerSecurityDescriptor
RtlLengthSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAceEx
RtlCreateAcl
RtlLengthSid
RtlAllocateAndInitializeSid
NtSetSecurityObject
NtCreateKey
NtDeleteValueKey
NtQueryValueKey
NtSetValueKey
NtSaveKey
NtCreateFile
NtDeleteKey
LdrGetProcedureAddress
RtlInitAnsiString
LdrGetDllHandle
NtDeleteFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtResetEvent
RtlGetVersion
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtAllocateUuids

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/bootsect.exe
.exe windows:6 windows x86 arch:x86

11ee6a8ad6acd010c04212b386d12fef

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-10-2008 21:24

Not After

22-01-2010 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d9:8e:7d:0d:f8:29:2c:ea:42:c7:27:f4:f8:69:06:2b:a5:d3:6e:d0
Signer

Actual PE Digest

d9:8e:7d:0d:f8:29:2c:ea:42:c7:27:f4:f8:69:06:2b:a5:d3:6e:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

bootsect.pdb

Imports

kernel32

SetFilePointer
LocalFree
FormatMessageW
GetModuleFileNameW
ReadFile
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
WriteFile
GetLastError
QueryDosDeviceW
FindResourceExW
LoadResource
SetLastError
LoadLibraryExW
MapViewOfFile
CloseHandle
CreateFileMappingW
CreateFileW
GetVersionExW
GetLocaleInfoW
FreeLibrary
UnmapViewOfFile
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SearchPathW
UnhandledExceptionFilter

msvcrt

exit
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
malloc
_XcptFilter
iswctype
?terminate@@YAXXZ
_controlfp
calloc
isdigit
mbtowc
isleadbyte
isxdigit
localeconv
_snprintf
_itoa
wctomb
ferror
wcstombs
realloc
__badioinfo
__pioinfo
_read
_fileno
_lseeki64
_write
_isatty
ungetc
wcsstr
bsearch
wcsncmp
_exit
_cexit
__getmainargs
_iob
__mb_cur_max
_wcslwr
_errno
iswxdigit
memset
printf
_vsnwprintf
_stricmp
isalpha
_wcsnicmp
_wcsicmp
memcpy
free

ntdll

RtlUnwind
NtOpenDirectoryObject
NtQueryDirectoryObject
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtCreateEvent
NtDeviceIoControlFile
NtWaitForSingleObject
NtResetEvent
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError
RtlInitUnicodeString
NtOpenFile
NtClose
NtFsControlFile
NtQueryVolumeInformationFile
NtQuerySystemInformation
NtOpenKey
NtQueryValueKey

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/udefrag-kernel.dll
.dll windows:5 windows x86 arch:x86

15cf95070b7a4df0085c336ce6867741

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\vc\myprojects\ultradefrag\src\archive\4.4.0\ultradefrag-4.4.0\src\obj\udefrag-kernel\objfre_wnet_x86\i386\udefrag-kernel.pdb

Imports

ntdll

NtSetEvent
_strupr
NtClearEvent
NtWaitForSingleObject
_wcslwr
wcslen
wcsstr
_wtol
_snprintf
_snwprintf
RtlFreeUnicodeString
_allmul
_aulldiv
_wcsupr
wcscmp
NtClose
RtlCreateUnicodeString
wcschr
NtCreateFile
NtFsControlFile
wcscpy
wcsncpy
NtQueryDirectoryFile
RtlInitUnicodeString
_alldiv
NtReadFile
_aullrem

zenwinx

winx_dbg_print
winx_list_insert_item
winx_heap_alloc_ex
winx_list_destroy
winx_heap_free
winx_dfbsize
winx_query_env_variable
winx_create_event
winx_destroy_event
winx_get_os_version
winx_dbg_print_ex
winx_xtime
winx_get_volume_information
winx_list_remove_item
winx_wcsistr
winx_delete_file
winx_fwrite
winx_fclose
winx_fopen
winx_fbopen
winx_fflush

Exports

Exports

udefrag_kernel_get_statistic
udefrag_kernel_native_init
udefrag_kernel_native_unload
udefrag_kernel_start
udefrag_kernel_stop

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/udefrag.dll
.dll windows:5 windows x86 arch:x86

2001b5029c259349dd1e19901149c84b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\vc\myprojects\ultradefrag\src\archive\4.4.0\ultradefrag-4.4.0\src\obj\udefrag\objfre_wnet_x86\i386\udefrag.pdb

Imports

ntdll

_wtoi
_snprintf
_allmul
strncpy
NtClose

zenwinx

winx_str2time
winx_query_env_variable
winx_dbg_print
winx_printf
winx_heap_alloc_ex
winx_heap_free
winx_sleep
winx_create_thread
winx_get_volume_information
winx_get_drive_type
winx_set_system_error_mode
winx_create_event
zenwinx_native_unload
zenwinx_native_init
winx_fbsize
winx_dfbsize
winx_exit_thread

udefrag-kernel

udefrag_kernel_get_statistic
udefrag_kernel_stop
udefrag_kernel_start
udefrag_kernel_native_unload
udefrag_kernel_native_init

Exports

Exports

udefrag_dfbsize
udefrag_fbsize
udefrag_get_default_formatted_results
udefrag_get_error_description
udefrag_get_map
udefrag_get_progress
udefrag_get_vollist
udefrag_init
udefrag_monolithic_native_app_init
udefrag_monolithic_native_app_unload
udefrag_release_default_formatted_results
udefrag_release_vollist
udefrag_start
udefrag_stop
udefrag_unload
udefrag_validate_volume

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/udefrag.exe
.exe windows:5 windows x86 arch:x86

ec78e763b737542e59bca1ba11251c3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\vc\myprojects\ultradefrag\src\archive\4.4.0\ultradefrag-4.4.0\src\obj\console\objfre_wnet_x86\i386\udefrag.pdb

Imports

msvcrt

__set_app_type
_except_handler3
_controlfp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
printf
__getmainargs
__initenv
_cexit
_XcptFilter
_exit
_c_exit
remove
time
srand
rand
_snprintf
exit
strstr
sscanf
atoi
strncmp
_iob
getenv
malloc
fprintf
free

kernel32

Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
CreateThread
CloseHandle
LoadLibraryA
GetProcAddress
OutputDebugStringA
GetCurrentThread
SetThreadPriority
SetConsoleWindowInfo
SetConsoleCursorPosition
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
GetLastError
FormatMessageA
LocalFree
SetConsoleTextAttribute

udefrag

udefrag_get_error_description
udefrag_release_vollist
udefrag_fbsize
udefrag_get_vollist
udefrag_stop
udefrag_unload
udefrag_release_default_formatted_results
udefrag_get_default_formatted_results
udefrag_get_progress
udefrag_start
udefrag_init
udefrag_validate_volume
udefrag_get_map

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/zenwinx.dll
.dll windows:5 windows x86 arch:x86

7dadb6686767d26b6d5e23898bb41f51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\vc\myprojects\ultradefrag\src\archive\4.4.0\ultradefrag-4.4.0\src\obj\zenwinx\objfre_wnet_x86\i386\zenwinx.pdb

Imports

ntdll

NtCreateEvent
RtlInitUnicodeString
NtOpenEvent
NtClose
NtWaitForSingleObject
NtDeviceIoControlFile
NtCancelIoFile
NtReadFile
NtCreateFile
_snwprintf
NtAllocateVirtualMemory
NtFreeVirtualMemory
RtlAllocateHeap
RtlFreeHeap
RtlCreateHeap
RtlDestroyHeap
NtDisplayString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
_vsnprintf
_snprintf
DbgBreakPoint
RtlNormalizeProcessParams
NtTerminateProcess
NtShutdownSystem
NtDelayExecution
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtSetInformationProcess
NtLoadDriver
NtUnloadDriver
NtQueryValueKey
NtOpenKey
wcsstr
_wcsupr
strncat
LdrGetProcedureAddress
LdrGetDllHandle
RtlCreateUserThread
ZwTerminateThread
NtAdjustPrivilegesToken
NtOpenProcessToken
NtSetValueKey
NtFlushKey
wcscpy
wcscmp
wcslen
_atoi64
strchr
_strupr
_allmul
NtQueryVolumeInformationFile
NtQueryInformationProcess
toupper
strstr
wcsncpy
NtWriteFile
NtFsControlFile
NtFlushBuffersFile
NtQueryInformationFile
NtDeleteFile
RtlQueryEnvironmentVariable_U
RtlSetEnvironmentVariable
NtSetEvent
strncpy
NtUnmapViewOfSection
NtMapViewOfSection
NtOpenSection
NtQueryPerformanceCounter
_alldiv
towlower
NtQueryDirectoryFile
_aulldiv

Exports

Exports

winx_breakhit
winx_create_directory
winx_create_event
winx_create_thread
winx_dbg_print
winx_dbg_print_ex
winx_delete_file
winx_destroy_event
winx_destroy_history
winx_dfbsize
winx_enable_privilege
winx_exit
winx_exit_thread
winx_fbopen
winx_fbsize
winx_fclose
winx_fflush
winx_fopen
winx_fread
winx_fsize
winx_ftw
winx_ftw_release
winx_fwrite
winx_get_drive_type
winx_get_file_contents
winx_get_os_version
winx_get_proc_address
winx_get_volume_information
winx_get_windows_boot_options
winx_get_windows_directory
winx_getch
winx_getche
winx_gets
winx_heap_alloc_ex
winx_heap_free
winx_init
winx_init_history
winx_ioctl
winx_kb_read
winx_kbhit
winx_list_destroy
winx_list_insert_item
winx_list_remove_item
winx_load_driver
winx_open_event
winx_print_array_of_strings
winx_printf
winx_prompt
winx_prompt_ex
winx_putch
winx_puts
winx_query_env_variable
winx_query_symbolic_link
winx_reboot
winx_register_boot_exec_command
winx_release_file_contents
winx_scan_disk
winx_set_env_variable
winx_set_system_error_mode
winx_shutdown
winx_sleep
winx_str2time
winx_time2str
winx_unload_driver
winx_unregister_boot_exec_command
winx_virtual_alloc
winx_virtual_free
winx_wcsistr
winx_windows_in_safe_mode
winx_xtime
zenwinx_native_init
zenwinx_native_unload

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
profiles/NeoSmart.bcd
profiles/boot0
profiles/easyldr
profiles/grldr
profiles/grldr.mbr
profiles/menu.txt
profiles/nst_mac.iso
.iso
Extra/Extensions/AHCIPortInjector.kext/Contents/Info.plist
.xml
Extra/Extensions/ATAPortInjector.kext/Contents/Info.plist
.xml
Extra/Extensions/Disabler.kext/Contents/Info.plist
.xml
Extra/Extensions/Disabler.kext/Contents/MacOS/Disabler
Extra/Extensions/IOAHCIBlockStorageInjector.kext/Contents/Info.plist
.xml
Extra/Extensions/JMicronATAInjector.kext/Contents/Info.plist
.xml
Extra/com.apple.Boot.plist
.xml
[BOOT]/Boot-NoEmul.img
usr/standalone/i386/boot
usr/standalone/i386/boot0
usr/standalone/i386/boot1f32
usr/standalone/i386/boot1h
usr/standalone/i386/boot1he
usr/standalone/i386/boot1hp
usr/standalone/i386/cdboot
usr/standalone/i386/chain0
usr/standalone/i386/fdisk
.macho macos arch:x86
profiles/nst_mac.mbr
profiles/ntdetect.com
profiles/plop.iso
.iso
[BOOT]/Boot-NoEmul.img
boot.catalog
isolinux.bin
isolinux.cfg
licence.txt
liesmich.txt
plpbt.bin
readme.txt
profiles/pmbr
uninstall.exe.nsis

Sharing

General

Malware Config

Signatures

Files

28a099a911237a28521d8b7ea250f089

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

version

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 512B - Virtual size: 144B

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 150KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 1024B - Virtual size: 32KB

.rsrc Size: 2KB - Virtual size: 2KB

826f63babc644cdb846b4d888d102fa0

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ws2_32

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 42KB

.data Size: 16KB - Virtual size: 16KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: - Virtual size: 24KB

.edata Size: 512B - Virtual size: 95B

.idata Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

099c0646ea7282d232219f8807883be0

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

70:17:f7:e7:e2:fa:2c:79:fc:ec:1f:6e:54:62:27:a3Certificate

Extended Key Usages

Key Usages

9e:10:32:04:d1:a9:cb:1f:bd:e3:67:20:56:8f:5e:b2:ed:f9:d3:cfSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 19KB - Virtual size: 18KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 512B - Virtual size: 144B

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 150KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 1024B - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 43KB - Virtual size: 42KB

.data
Size: 16KB - Virtual size: 16KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: - Virtual size: 24KB

.edata
Size: 512B - Virtual size: 95B

.idata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

70:17:f7:e7:e2:fa:2c:79:fc:ec:1f:6e:54:62:27:a3
Certificate

9e:10:32:04:d1:a9:cb:1f:bd:e3:67:20:56:8f:5e:b2:ed:f9:d3:cf
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 19KB - Virtual size: 18KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 410B

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

70:17:f7:e7:e2:fa:2c:79:fc:ec:1f:6e:54:62:27:a3
Certificate