740eea962508a6f81f932a392aef27f8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

740eea962508a6f81f932a392aef27f8_JaffaCakes118
Size

1.1MB
MD5

740eea962508a6f81f932a392aef27f8
SHA1

6946082661e3a638d813b5b772a0b0aa37f3a80d
SHA256

7d2912a8dfe3292d9ceff01c319210ab58aff8a4a06d0367df1039db59b38e73
SHA512

c5a5f25e5cb4dc9629b356b65f614376c1aecc2064e991103b02ed638351ac78563ce97b0eee5c95ffe4512546b32351dcaeb7fc4c4a6680dcbb0e2d828c06aa
SSDEEP

24576:DlTnvfQWtvRGy3Ec24aun+pd6vMyCBlxa8deXoyTDH9tLSlZYgFiN:DlTnvo1aEB4au+pdF9a8dKhvLwYgFk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Keygen.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Keygen.exe
unpack003/$PLUGINSDIR/DsHelper.dll
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack003/$PLUGINSDIR/System.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/setup.exe	nsis_installer_1

Files

740eea962508a6f81f932a392aef27f8_JaffaCakes118
.rar
Keygen.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 316KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 228KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
setup.exe
.exe windows:4 windows x86 arch:x86

9c523d8653da5455667e3f82274f2f88

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0a:dc:41:e0:1d:57:e3:fd:25:11:74:f7:12:1d:05:f7
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

11-09-2006 00:00

Not After

11-09-2007 23:59

Subject

CN=Noël Danjou,O=Noël Danjou,POSTALCODE=50320,STREET=29 rue Jean de la Fontaine,L=Saint Jean des Champs,ST=Basse Normandie,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:a3:de:dd:8c:f0:9e:fc:ba:4a:60:23:9d:91:75:ec:bf:3b:e2:fd
Signer

Actual PE Digest

ca:a3:de:dd:8c:f0:9e:fc:ba:4a:60:23:9d:91:75:ec:bf:3b:e2:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
lstrcmpiA
CopyFileA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCurrentProcess

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DsHelper.dll
.dll windows:4 windows x86 arch:x86

b16a23d294d5a06bed4ee86b075c8086

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Sources\Personal\DynSite\Setup\DsHelper\Release\DsHelper.pdb

Imports

kernel32

InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
LoadLibraryA
InitializeCriticalSection
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
VirtualAlloc
GetProcAddress
GetModuleHandleA
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

RegisterWindowMessageA
EnumWindows
SendMessageA
PostMessageA

Exports

Exports

Close
Validate

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/options.ini
2mydns.dns
3322.dns
3domain.dns
ConstantTime.dns
CtrlAltDel.dns
DNSKing.dns
DipDNS.dns
DnsWizard.dns
DomainMonger.dns
DsResBR.dll
.dll windows:4 windows x86 arch:x86

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0a:dc:41:e0:1d:57:e3:fd:25:11:74:f7:12:1d:05:f7
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

11-09-2006 00:00

Not After

11-09-2007 23:59

Subject

CN=Noël Danjou,O=Noël Danjou,POSTALCODE=50320,STREET=29 rue Jean de la Fontaine,L=Saint Jean des Champs,ST=Basse Normandie,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

eb:32:b2:f3:e4:71:ed:61:1c:09:15:08:75:7d:54:6f:06:cd:32:35
Signer

Actual PE Digest

eb:32:b2:f3:e4:71:ed:61:1c:09:15:08:75:7d:54:6f:06:cd:32:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 384KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DsResCHS.dll
.dll windows:4 windows x86 arch:x86

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0a:dc:41:e0:1d:57:e3:fd:25:11:74:f7:12:1d:05:f7
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

11-09-2006 00:00

Not After

11-09-2007 23:59

Subject

CN=Noël Danjou,O=Noël Danjou,POSTALCODE=50320,STREET=29 rue Jean de la Fontaine,L=Saint Jean des Champs,ST=Basse Normandie,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

12:f9:bb:ed:74:ec:11:57:98:a3:e0:28:cb:bf:df:75:54:27:f8:b9
Signer

Actual PE Digest

12:f9:bb:ed:74:ec:11:57:98:a3:e0:28:cb:bf:df:75:54:27:f8:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 352KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DsResCHT.dll
.dll windows:4 windows x86 arch:x86

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0a:dc:41:e0:1d:57:e3:fd:25:11:74:f7:12:1d:05:f7
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

11-09-2006 00:00

Not After

11-09-2007 23:59

Subject

CN=Noël Danjou,O=Noël Danjou,POSTALCODE=50320,STREET=29 rue Jean de la Fontaine,L=Saint Jean des Champs,ST=Basse Normandie,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:d4:80:72:5d:27:99:cc:9d:29:81:aa:7d:e8:19:e2:32:20:eb:3c
Signer

Actual PE Digest

9e:d4:80:72:5d:27:99:cc:9d:29:81:aa:7d:e8:19:e2:32:20:eb:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 352KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DsResDE.dll
.dll windows:4 windows x86 arch:x86

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0a:dc:41:e0:1d:57:e3:fd:25:11:74:f7:12:1d:05:f7
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

11-09-2006 00:00

Not After

11-09-2007 23:59

Subject

CN=Noël Danjou,O=Noël Danjou,POSTALCODE=50320,STREET=29 rue Jean de la Fontaine,L=Saint Jean des Champs,ST=Basse Normandie,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9d:42:90:a5:77:ea:89:9d:16:43:f3:4d:a3:fb:5b:fa:16:3d:2c:d9
Signer

Actual PE Digest

9d:42:90:a5:77:ea:89:9d:16:43:f3:4d:a3:fb:5b:fa:16:3d:2c:d9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 384KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DsResFR.dll
.dll windows:4 windows x86 arch:x86

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0a:dc:41:e0:1d:57:e3:fd:25:11:74:f7:12:1d:05:f7
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

11-09-2006 00:00

Not After

11-09-2007 23:59

Subject

CN=Noël Danjou,O=Noël Danjou,POSTALCODE=50320,STREET=29 rue Jean de la Fontaine,L=Saint Jean des Champs,ST=Basse Normandie,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1f:51:25:f0:fd:68:66:5b:21:8c:a4:b1:e1:bc:d2:15:fc:5f:45:f3
Signer

Actual PE Digest

1f:51:25:f0:fd:68:66:5b:21:8c:a4:b1:e1:bc:d2:15:fc:5f:45:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 392KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DsResHU.dll
.dll windows:4 windows x86 arch:x86

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0a:dc:41:e0:1d:57:e3:fd:25:11:74:f7:12:1d:05:f7
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

11-09-2006 00:00

Not After

11-09-2007 23:59

Subject

CN=Noël Danjou,O=Noël Danjou,POSTALCODE=50320,STREET=29 rue Jean de la Fontaine,L=Saint Jean des Champs,ST=Basse Normandie,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:f3:c0:b4:61:7e:9b:62:ed:a0:50:f1:92:23:e8:66:db:ec:54:11
Signer

Actual PE Digest

38:f3:c0:b4:61:7e:9b:62:ed:a0:50:f1:92:23:e8:66:db:ec:54:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 380KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DsResIT.dll
.dll windows:4 windows x86 arch:x86

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0a:dc:41:e0:1d:57:e3:fd:25:11:74:f7:12:1d:05:f7
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

11-09-2006 00:00

Not After

11-09-2007 23:59

Subject

CN=Noël Danjou,O=Noël Danjou,POSTALCODE=50320,STREET=29 rue Jean de la Fontaine,L=Saint Jean des Champs,ST=Basse Normandie,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:94:98:b7:b3:2c:87:63:dc:3e:7a:60:97:12:cf:91:09:f7:e3:08
Signer

Actual PE Digest

08:94:98:b7:b3:2c:87:63:dc:3e:7a:60:97:12:cf:91:09:f7:e3:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 388KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DsResNL.dll
.dll windows:4 windows x86 arch:x86

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0a:dc:41:e0:1d:57:e3:fd:25:11:74:f7:12:1d:05:f7
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

11-09-2006 00:00

Not After

11-09-2007 23:59

Subject

CN=Noël Danjou,O=Noël Danjou,POSTALCODE=50320,STREET=29 rue Jean de la Fontaine,L=Saint Jean des Champs,ST=Basse Normandie,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9a:02:fa:45:d7:2a:7a:9d:d8:5e:a2:cc:92:f4:6c:d7:b1:4b:f6:17
Signer

Actual PE Digest

9a:02:fa:45:d7:2a:7a:9d:d8:5e:a2:cc:92:f4:6c:d7:b1:4b:f6:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DsResPL.dll
.dll windows:4 windows x86 arch:x86

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0a:dc:41:e0:1d:57:e3:fd:25:11:74:f7:12:1d:05:f7
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

11-09-2006 00:00

Not After

11-09-2007 23:59

Subject

CN=Noël Danjou,O=Noël Danjou,POSTALCODE=50320,STREET=29 rue Jean de la Fontaine,L=Saint Jean des Champs,ST=Basse Normandie,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

57:4b:9e:a9:be:95:3e:33:52:2a:e4:16:d3:1e:b8:e5:5d:a1:15:85
Signer

Actual PE Digest

57:4b:9e:a9:be:95:3e:33:52:2a:e4:16:d3:1e:b8:e5:5d:a1:15:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 380KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DsResRU.dll
.dll windows:4 windows x86 arch:x86

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0a:dc:41:e0:1d:57:e3:fd:25:11:74:f7:12:1d:05:f7
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

11-09-2006 00:00

Not After

11-09-2007 23:59

Subject

CN=Noël Danjou,O=Noël Danjou,POSTALCODE=50320,STREET=29 rue Jean de la Fontaine,L=Saint Jean des Champs,ST=Basse Normandie,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:ae:a9:e5:a5:79:dd:c7:96:a4:32:89:cb:dc:30:82:3c:73:72:ac
Signer

Actual PE Digest

1d:ae:a9:e5:a5:79:dd:c7:96:a4:32:89:cb:dc:30:82:3c:73:72:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DsResSE.dll
.dll windows:4 windows x86 arch:x86

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0a:dc:41:e0:1d:57:e3:fd:25:11:74:f7:12:1d:05:f7
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

11-09-2006 00:00

Not After

11-09-2007 23:59

Subject

CN=Noël Danjou,O=Noël Danjou,POSTALCODE=50320,STREET=29 rue Jean de la Fontaine,L=Saint Jean des Champs,ST=Basse Normandie,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

79:f6:70:29:06:d8:1b:92:48:7c:41:bf:e2:b7:3e:86:61:0a:28:3f
Signer

Actual PE Digest

79:f6:70:29:06:d8:1b:92:48:7c:41:bf:e2:b7:3e:86:61:0a:28:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 380KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DynDNSdk.dns
DynDNSit.dns
DynSite.chm
.chm
DynSite.exe
.exe windows:4 windows x86 arch:x86

4241a891c91fdb60be0ac2f923a1c5f5

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0a:dc:41:e0:1d:57:e3:fd:25:11:74:f7:12:1d:05:f7
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

11-09-2006 00:00

Not After

11-09-2007 23:59

Subject

CN=Noël Danjou,O=Noël Danjou,POSTALCODE=50320,STREET=29 rue Jean de la Fontaine,L=Saint Jean des Champs,ST=Basse Normandie,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:1c:46:13:bf:b4:18:91:f4:d8:21:b5:1d:a0:4f:32:eb:51:ac:ab
Signer

Actual PE Digest

27:1c:46:13:bf:b4:18:91:f4:d8:21:b5:1d:a0:4f:32:eb:51:ac:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Sources\Personal\DynSite\Client\Release\DynSite.pdb

Imports

wininet

InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetCreateUrlA
InternetQueryOptionA
InternetOpenA
InternetSetOptionA
InternetCloseHandle
InternetGetLastResponseInfoA
InternetConnectA
FtpPutFileA
InternetDial
InternetHangUp
InternetCanonicalizeUrlA

setupapi

SetupOpenInfFileA
SetupFindFirstLineA
SetupFindNextMatchLineA
SetupFindNextLine
SetupGetIntField
SetupGetStringFieldA
SetupIterateCabinetA
SetupCloseInfFile

winmm

PlaySoundA

kernel32

EnumResourceLanguagesA
ConvertDefaultLocale
WritePrivateProfileStringA
InterlockedIncrement
GetThreadLocale
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
GetVolumeInformationA
GetFullPathNameA
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileAttributesA
GetFileTime
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
FindResourceExA
SetErrorMode
RtlUnwind
HeapAlloc
HeapFree
RaiseException
GetDateFormatA
HeapReAlloc
VirtualAlloc
VirtualQuery
GetCommandLineA
GetProcessHeap
GetStartupInfoA
ExitThread
CreateThread
SetStdHandle
SuspendThread
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetACP
IsValidCodePage
LCMapStringW
GetStringTypeA
GetStringTypeW
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
SetThreadPriority
InterlockedDecrement
GetModuleFileNameW
VirtualProtect
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
lstrcmpA
GlobalFree
MulDiv
GetCurrentProcessId
ExpandEnvironmentStringsA
FormatMessageA
LocalFree
GlobalAlloc
GetTempPathA
GetTempFileNameA
FindFirstFileA
FindNextFileA
FindClose
GetWindowsDirectoryA
FreeResource
GetSystemTimeAsFileTime
GetCurrentThread
CreateFileA
GetSystemInfo
CompareStringW
CompareStringA
GetVersion
InterlockedExchange
GetTimeZoneInformation
GetTimeFormatA
GetSystemTime
GlobalLock
GlobalUnlock
GetPrivateProfileIntA
GetUserDefaultLCID
GetLocaleInfoA
LCMapStringA
GetCurrentProcess
DuplicateHandle
FileTimeToSystemTime
GetSystemDirectoryA
GetTickCount
CreateMutexA
GetModuleFileNameA
CreateDirectoryA
DeleteFileA
GetExitCodeThread
GetPrivateProfileStringA
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
CompareFileTime
GetLocalTime
SystemTimeToFileTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
CreateEventA
CloseHandle
WaitForSingleObject
WaitForMultipleObjects
ResumeThread
SetEvent
lstrcmpiA
GetLastError
SetLastError
WideCharToMultiByte
GetVersionExA
GetComputerNameA
Sleep
MultiByteToWideChar
FindResourceA
LoadResource
LockResource
SizeofResource
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
TlsAlloc
GetFileType

user32

SetWindowContextHelpId
CharNextA
GetSysColorBrush
UnregisterClassA
CopyAcceleratorTableA
IsRectEmpty
SetRect
InvalidateRgn
GetNextDlgGroupItem
RegisterClipboardFormatA
PostThreadMessageA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
TrackPopupMenu
GetMenu
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
SetWindowPlacement
DefWindowProcA
IntersectRect
GetWindowPlacement
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuStringA
CreateIcon
GetDlgCtrlID
EmptyClipboard
SetClipboardData
EnumWindows
SetWindowPos
GetDlgItem
ShowWindow
MsgWaitForMultipleObjects
WindowFromPoint
SetWindowLongA
CallWindowProcA
CharUpperA
SetMenuItemBitmaps
GetActiveWindow
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
OpenClipboard
GetWindow
ReleaseCapture
GetFocus
SetCapture
RedrawWindow
MapWindowPoints
DrawFocusRect
LoadCursorA
CopyIcon
SetCursor
DestroyCursor
GetMenuItemID
DestroyIcon
GetSubMenu
DestroyMenu
SystemParametersInfoA
LoadMenuA
GetMenuItemInfoA
DrawEdge
FrameRect
LoadBitmapA
CopyRect
DrawStateA
GetAsyncKeyState
GetWindowLongA
InvalidateRect
InflateRect
BringWindowToTop
LoadStringA
MapDialogRect
SetForegroundWindow
GetSystemMenu
InsertMenuA
OffsetRect
MessageBeep
UpdateWindow
RegisterWindowMessageA
LoadImageA
LoadIconA
KillTimer
SetTimer
IsIconic
DrawIcon
keybd_event
GetKeyState
GetDesktopWindow
PtInRect
GetSystemMetrics
GetCursorPos
LoadAcceleratorsA
TranslateAcceleratorA
SetMenuDefaultItem
CheckMenuItem
GetSysColor
IsWindowVisible
ReleaseDC
GetDC
GetClientRect
GetWindowRect
PostQuitMessage
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMessageA
TranslateMessage
FillRect
ModifyMenuA
ValidateRect
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckRadioButton
PeekMessageA
GetClassNameA
SetMenuItemInfoA
GetMenuItemCount
EnableMenuItem
AppendMenuA
DeleteMenu
CreatePopupMenu
IsWindow
PostMessageA
SendMessageA
EnableWindow
GetParent
GetMenuCheckMarkDimensions
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA

gdi32

TextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
CreateBitmap
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
RectVisible
CreatePen
CreateSolidBrush
GetMapMode
EnumFontFamiliesExA
GetRgnBox
DeleteObject
PtVisible
GetWindowExtEx
GetViewportExtEx
SetBkMode
RestoreDC
SaveDC
ExtTextOutA
GetDeviceCaps
GetObjectA
CreateFontIndirectA
CreateRectRgnIndirect
SetBkColor
SetTextColor
GetClipBox
GetTextColor
GetBkColor
GetTextExtentPoint32A
GetStockObject
BitBlt
PatBlt
Rectangle
CreateCompatibleDC
CreateCompatibleBitmap
MoveToEx
LineTo
SetMapMode

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

ChangeServiceConfigA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
StartServiceA
GetUserNameA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
RegEnumValueA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

shell32

SHGetPathFromIDListA
DragFinish
DragQueryFileA
SHChangeNotify
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderPathA
Shell_NotifyIconA
DragAcceptFiles

comctl32

ord17

shlwapi

PathRemoveFileSpecA
PathFindFileNameA
PathFindExtensionA
PathAppendA
SHDeleteKeyA
SHCopyKeyA
StrStrIA
ChrCmpIA
PathIsDirectoryA
PathStripToRootA
PathIsUNCA
PathFileExistsA
UrlUnescapeA

oledlg

ord8

ole32

CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoTaskMemAlloc
CLSIDFromString
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SafeArrayCreate
SysAllocStringLen
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCopy
VariantInit
SysFreeString
SafeArrayGetVartype
SafeArrayUnlock
SafeArrayLock
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocStringByteLen
VariantChangeType
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy
SysAllocString

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

wldap32

ord48
ord143
ord16
ord60
ord46

snmpapi

SnmpUtilOidFree
SnmpUtilVarBindFree
SnmpUtilVarBindListFree
SnmpUtilOidCpy
SnmpUtilMemReAlloc
SnmpUtilVarBindCpy
SnmpUtilMemFree

ws2_32

closesocket
shutdown
recv
WSAEnumNetworkEvents
WSAConnect
WSAEventSelect
WSARecv
WSASend
WSASocketA
ioctlsocket
WSAGetLastError
WSAGetOverlappedResult
WSAResetEvent
WSAWaitForMultipleEvents
bind
setsockopt
WSACloseEvent
WSAStartup
gethostname
WSACreateEvent
inet_ntoa
ntohl
htons
ntohs
htonl
WSACleanup
gethostbyname
inet_addr
WSAAsyncGetHostByName
WSACancelAsyncRequest
WSASetLastError

Sections

.text
Size: 676KB - Virtual size: 673KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 380KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DynZone.dns
FrostByte.dns
Loopia.dns
Lostweyr.dns
MyIP.us.dns
StaticCling.dns
ZoneEdit.dns
adsldns.dns
agat.dns
armann.dns
bellnet.dns
blrf.dns
blueline.dns
canadacomputes.dns
changeip.dns
cheapnet.dns
cjb.dns
companity.dns
ddns.nu.dns
ddo.jp.dns
dhs.dns
dipserver.dns
dnip.dns
dns.widge.dns
dns4biz-business-eu.dns
dns4biz-business-us.dns
dns4biz-free-eu.dns
dns4biz-free-us.dns
dns4biz-gs-eu.dns
dns4biz-gs-us.dns
dnsart.dns
dnsd.dns
dnsdyn.dns
dnsexit.dns
dnsmadeeasy.dns
dnspark.dns
domain-dns.dns
domaine4you.dns
dslcity.dns
dslr.dns
dslreports.dns
dtdns.dns
dyfi.dns
dynaccess.dns
dynaip.dns
dynamx.dns
dynca.dns
dyndns.dns
dyndsl.dns
dynee.dns
dynpl.dns
dyns.dns
dynu_basic.dns
dynu_premium.dns
dynup.dns
eNom.dns
easyDNS.dns
editdns.dns
ehostcanada.dns
enamic.dns
eurodns.dns
everydns.dns
fdns.dns
firstlink.dns
freedns.dns
gplhosting.dns
gratisdns.de.dns
gupac.dns
hdyn.dns
history.txt
hk-ddns.dns
hk-pc.dns
hkddns.dns
hkservice.dns
hn.dns
inside.dns
interdominios.dns
ipactive.dns
ipupdater.dns
kontent.dns
microtech.dns
mindriot.dns
minidns.dns
myddns.dns
mydyndns.dns
mydynip.dns
myip.dns
myserver.dns
namecheap.dns
nerdcamp.dns
nerdie.dns
netstep.dns
nettica.dns
no-ip.dns
nols.dns
ods.dns
opendns.com.dns
opendns.dns
ovh.dns
ownip.dns
pcadsl.dns
pimpdomain.dns
plugins.ver
prout.dns
readme.txt
regfish.dns
registerfly.dns
rimuhosting.dns
routers.cfg
scripts.cfg
sdk.ca.dns
selfhost.dns
selfhostde.dns
shnu.dns
sitelutions.dns
staticip.de.dns
stech.dns
superdns.dns
syndicat.dns
tekdns.dns
tekea.dns
thatip.dns
tigerdirect.dns
tucny.dns
tzo.dns
uninst.exe.nsis
waffull.dns
wwdns_new.dns
xpertdns.dns
yi.dns
yiml.dns
zdnic.dns
znet.dns
zone.be.dns
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 316KB

UPX1 Size: 228KB - Virtual size: 232KB

.rsrc Size: 4KB - Virtual size: 4KB

9c523d8653da5455667e3f82274f2f88

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

0a:dc:41:e0:1d:57:e3:fd:25:11:74:f7:12:1d:05:f7Certificate

Extended Key Usages

Key Usages

ca:a3:de:dd:8c:f0:9e:fc:ba:4a:60:23:9d:91:75:ec:bf:3b:e2:fdSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 110KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 29KB - Virtual size: 28KB

b16a23d294d5a06bed4ee86b075c8086

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1016B

.reloc Size: 8KB - Virtual size: 5KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

UPX0
Size: - Virtual size: 316KB

UPX1
Size: 228KB - Virtual size: 232KB

.rsrc
Size: 4KB - Virtual size: 4KB

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

0a:dc:41:e0:1d:57:e3:fd:25:11:74:f7:12:1d:05:f7
Certificate

ca:a3:de:dd:8c:f0:9e:fc:ba:4a:60:23:9d:91:75:ec:bf:3b:e2:fd
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 110KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 29KB - Virtual size: 28KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1016B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

0a:dc:41:e0:1d:57:e3:fd:25:11:74:f7:12:1d:05:f7
Certificate

eb:32:b2:f3:e4:71:ed:61:1c:09:15:08:75:7d:54:6f:06:cd:32:35
Signer

.rsrc
Size: 384KB - Virtual size: 381KB

.reloc
Size: 4KB - Virtual size: 8B

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

0a:dc:41:e0:1d:57:e3:fd:25:11:74:f7:12:1d:05:f7
Certificate

12:f9:bb:ed:74:ec:11:57:98:a3:e0:28:cb:bf:df:75:54:27:f8:b9
Signer

.rsrc
Size: 352KB - Virtual size: 348KB

.reloc
Size: 4KB - Virtual size: 8B

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

0a:dc:41:e0:1d:57:e3:fd:25:11:74:f7:12:1d:05:f7
Certificate

9e:d4:80:72:5d:27:99:cc:9d:29:81:aa:7d:e8:19:e2:32:20:eb:3c
Signer

.rsrc
Size: 352KB - Virtual size: 350KB

.reloc
Size: 4KB - Virtual size: 8B

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

0a:dc:41:e0:1d:57:e3:fd:25:11:74:f7:12:1d:05:f7
Certificate

9d:42:90:a5:77:ea:89:9d:16:43:f3:4d:a3:fb:5b:fa:16:3d:2c:d9
Signer

.rsrc
Size: 384KB - Virtual size: 380KB

.reloc
Size: 4KB - Virtual size: 8B

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

0a:dc:41:e0:1d:57:e3:fd:25:11:74:f7:12:1d:05:f7
Certificate