7417801446e0c8704cfadb48ed00a233_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7417801446e0c8704cfadb48ed00a233_JaffaCakes118
Size

2.6MB
MD5

7417801446e0c8704cfadb48ed00a233
SHA1

7e9748a34379abd63e8024bb66f6c0d945ab1c05
SHA256

d4635b2c62bb9758fe1547c4446f42af5a7257e89b2562e25c484f06bef23c37
SHA512

139fb4b66b5666c1cd151d950cc3b8a6d13aee075618e6e58ac47bf5988f073a2914379ba667ce4be551f83dedb33f82d09fd3b79c7c8f3b2d8bad85a2a5978b
SSDEEP

49152:Ta4Ay98J2qvww+XCs6f2aNhrYJf1J74yEx3y6oOQ+hoe4JylRy+G:Ta442qYXCvflNh+f1J7xEx3PoOzSBMa

Score

3^/10

Malware Config

Signatures

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LiteUnzip.dll
unpack001/LiteZip.dll
unpack001/P2POver.exe
unpack001/bwtest.exe
unpack001/core.dll
unpack001/cssrhplus.dll
unpack001/lang/chs/config.dll
unpack001/lang/chs/rsc.dll
unpack001/modules/dlctrl.dll
unpack001/modules/imctrl.dll
unpack001/modules/p2pctrl.dll
unpack001/modules/sitectrl.dll
unpack001/npptools.dll
unpack001/optimizer.exe
unpack001/p2pfilter.sys
unpack001/pthreadVC.dll
unpack001/pvt.dll
unpack001/stat.dll

Files

7417801446e0c8704cfadb48ed00a233_JaffaCakes118
.rar
155绿色软件站.url
.url
@卸载.bat
@绿化.bat
LiteUnzip.dll
.dll windows:4 windows x86 arch:x86

39d9f1f80dba9c8cd529de9f5dcfb84e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalAlloc
ReadFile
CreateDirectoryA
GetLastError
CreateDirectoryW
CloseHandle
SetFileTime
WriteFile
CreateFileA
CreateFileW
IsBadReadPtr
SetFilePointer
lstrcmpA
LocalFileTimeToFileTime
MultiByteToWideChar
lstrlenA
lstrcpyA
SystemTimeToFileTime
lstrcmpiA
WideCharToMultiByte
GetCurrentDirectoryA
DuplicateHandle
GetCurrentProcess
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
DisableThreadLibraryCalls
FlushFileBuffers
LoadLibraryA
GetCommandLineA
GetProcAddress
GetVersion
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
SetStdHandle

user32

LoadStringA
LoadStringW

Exports

Exports

UnzipClose
UnzipFindItemA
UnzipFindItemW
UnzipFormatMessageA
UnzipFormatMessageW
UnzipGetItemA
UnzipGetItemW
UnzipItemToBuffer
UnzipItemToFileA
UnzipItemToFileW
UnzipItemToHandle
UnzipOpenBuffer
UnzipOpenBufferRaw
UnzipOpenFileA
UnzipOpenFileRawA
UnzipOpenFileRawW
UnzipOpenFileW
UnzipOpenHandle
UnzipOpenHandleRaw
UnzipSetBaseDirA
UnzipSetBaseDirW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 709B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ZIPSHARE
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LiteZip.dll
.dll windows:4 windows x86 arch:x86

d106e627907a9a6d85cce365108761b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrlenA
lstrcpyA
WideCharToMultiByte
GlobalAlloc
CloseHandle
CreateFileA
CreateFileW
IsBadReadPtr
SystemTimeToFileTime
GetLocalTime
FileTimeToSystemTime
WriteFile
SetFilePointer
ReadFile
GetFileSize
GetFileInformationByHandle
lstrcmpiA
lstrlenW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
lstrcpyW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
DuplicateHandle
GetCurrentProcess
DisableThreadLibraryCalls
GetTickCount
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
ExitProcess
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
IsBadWritePtr
HeapValidate
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
UnhandledExceptionFilter
RtlUnwind
HeapAlloc
DebugBreak
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
HeapReAlloc
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
SetConsoleCtrlHandler
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
Sleep
SetStdHandle
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
FlushFileBuffers
SetEnvironmentVariableA

user32

LoadStringW
LoadStringA
GetDesktopWindow

Exports

Exports

ZipAddBufferA
ZipAddBufferRaw
ZipAddBufferW
ZipAddDirA
ZipAddDirW
ZipAddFileA
ZipAddFileRawA
ZipAddFileRawW
ZipAddFileW
ZipAddFolderA
ZipAddFolderW
ZipAddHandleA
ZipAddHandleRaw
ZipAddHandleW
ZipAddPipeA
ZipAddPipeRaw
ZipAddPipeW
ZipClose
ZipCreateBuffer
ZipCreateFileA
ZipCreateFileW
ZipCreateHandle
ZipFormatMessageA
ZipFormatMessageW
ZipGetMemory
ZipOptions
ZipResetMemory

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
P2POver.exe
.exe windows:4 windows x86 arch:x86

ec3e5c12386c1a1e26b1fa0b094e88d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CompareStringW
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetDriveTypeA
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
GetProfileStringA
LocalSize
GetExitCodeThread
LoadLibraryExW
LoadLibraryW
GetSystemInfo
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
LoadLibraryExA
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
VirtualAlloc
VirtualFree
HeapSize
ExitThread
CreateThread
GetACP
GetSystemTime
GetTimeZoneInformation
RaiseException
GetCommandLineA
GetStartupInfoA
ExitProcess
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
GlobalSize
SetErrorMode
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileSize
GetCurrentDirectoryA
FindResourceExA
lstrlenW
SizeofResource
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
FindNextFileA
GetShortPathNameA
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindClose
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
GetCurrentProcess
DuplicateHandle
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetFullPathNameA
GetTempFileNameA
GetFileAttributesA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GlobalAlloc
GetCurrentThread
VirtualProtect
WritePrivateProfileStringA
SuspendThread
SetThreadPriority
ResumeThread
FileTimeToLocalFileTime
FileTimeToSystemTime
GetThreadLocale
GlobalFree
LocalFree
lstrcmpA
lstrcpynA
lstrlenA
GlobalLock
GlobalUnlock
MulDiv
SetLastError
FindResourceA
LoadResource
LockResource
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalFindAtomA
lstrcpyA
GetTickCount
InterlockedDecrement
InterlockedIncrement
ReleaseSemaphore
CreateSemaphoreA
GetComputerNameA
GetLastError
OpenProcess
TerminateProcess
GetCurrentProcessId
GetSystemDirectoryA
MoveFileExA
CopyFileA
GetSystemDefaultLangID
WriteFile
IsBadWritePtr
VirtualQuery
FormatMessageA
GetLocalTime
CreateFileA
SetFilePointer
CloseHandle
SetUnhandledExceptionFilter
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GlobalDeleteAtom
GlobalAddAtomA
WinExec
FreeLibrary
LoadLibraryA
GetProcAddress
Sleep
CompareStringA
WaitForSingleObject
TerminateThread
SetEvent
CreateEventA
CreateDirectoryA
DeleteFileA
GetPrivateProfileIntA
GetPrivateProfileStringA
SetCurrentDirectoryA
GetModuleHandleA

user32

AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
GetScrollRange
SetScrollRange
PostThreadMessageA
InvertRect
GetSystemMenu
SetParent
DefWindowProcA
GetWindowRect
RedrawWindow
GetParent
GetClientRect
InvalidateRect
EnableWindow
SendMessageA
DispatchMessageA
GetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetDlgItem
GetWindowTextLengthA
GetDlgCtrlID
SetWindowsHookExA
CallNextHookEx
GetClassLongA
UnhookWindowsHookEx
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
OffsetRect
IsIconic
GetWindowPlacement
ShowScrollBar
GetWindowTextA
PeekMessageA
SendDlgItemMessageA
GetAsyncKeyState
SystemParametersInfoA
DrawTextA
ClientToScreen
SetWindowTextA
MapWindowPoints
SetScrollInfo
DrawFrameControl
CallWindowProcA
SetActiveWindow
CreateWindowExA
GetWindowLongA
SetDlgItemTextA
DestroyWindow
SetWindowLongA
IsWindowEnabled
SetFocus
BeginPaint
EndPaint
IsDialogMessageA
GetNextDlgTabItem
GetDC
LoadIconA
IsWindowVisible
PostMessageA
SetForegroundWindow
RegisterWindowMessageA
MessageBoxA
SetTimer
ReleaseDC
LoadImageA
SetPropA
SetWindowPos
IsZoomed
IntersectRect
RegisterHotKey
UnregisterHotKey
GetDesktopWindow
KillTimer
GetWindow
GetFocus
GetSysColor
IsWindow
GetSystemMetrics
UpdateWindow
wvsprintfA
GetPropA
ShowWindow
UnregisterClassA
DrawMenuBar
EnableMenuItem
CheckMenuItem
InflateRect
CreateDialogIndirectParamA
GetActiveWindow
EndDialog
CharNextA
SetRectEmpty
LoadAcceleratorsA
TranslateAcceleratorA
ReleaseCapture
SetCursor
DestroyMenu
SetMenu
ReuseDDElParam
UnpackDDElParam
BringWindowToTop
ValidateRect
TranslateMessage
GetMessageA
SetCapture
PtInRect
SetCursorPos
DestroyCursor
MapDialogRect
WindowFromPoint
PostQuitMessage
ShowOwnedPopups
GetNextDlgGroupItem
MessageBeep
SetWindowContextHelpId
CopyAcceleratorTableA
FillRect
CharUpperA
FindWindowA
IsRectEmpty
GetClassNameA
TranslateMDISysAccel
ExcludeUpdateRgn
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
GetWindowDC
TabbedTextOutA
MoveWindow
GrayStringA
GetTabbedTextExtentA
IsClipboardFormatAvailable
GetDCEx
LockWindowUpdate
InsertMenuA
DeleteMenu
GetMenuStringA
RegisterClipboardFormatA
AppendMenuA
GetClipboardFormatNameA
OpenClipboard
EmptyClipboard
CloseClipboard
GetDoubleClickTime
CreatePopupMenu
UnionRect
SetClassLongA
GetKeyboardLayoutList
GetKeyboardState
ToAsciiEx
GetKeyboardLayout
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
GetWindowRgn
HideCaret
ShowCaret
GetMenuItemInfoA
IsMenu
GetMenuDefaultItem
RegisterClassW
DefMDIChildProcW
DefMDIChildProcA
DefDlgProcW
ScreenToClient
SetScrollPos
LoadMenuA
GetCursorPos
TrackPopupMenu
SetWindowRgn
LoadCursorA
GetSysColorBrush
RegisterClassExA
SetRect
DestroyIcon
LoadStringA
GetKeyState
LoadBitmapA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
EnumWindows
SetMenuDefaultItem
GetCursor
DrawFocusRect
CreateIconFromResourceEx
DrawStateA
DrawIconEx
GetIconInfo
CreateIconIndirect
CopyIcon
SetClipboardData
MapVirtualKeyA
WaitMessage
LookupIconIdFromDirectoryEx
GetMenuStringW
DrawEdge
SendMessageTimeoutA
SetWindowLongW
GetWindowLongW
IsWindowUnicode
GetWindowThreadProcessId
EnableScrollBar
CallWindowProcW
DefWindowProcW
DefFrameProcA
DefFrameProcW
DefDlgProcA

gdi32

GetCurrentPositionEx
GetClipRgn
ExtSelectClipRgn
GetObjectType
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
CreatePatternBrush
PtVisible
RectVisible
TextOutA
Escape
GetMapMode
PatBlt
SetRectRgn
CreateRectRgnIndirect
DPtoLP
GetTextColor
GetBkColor
LPtoDP
GetViewportOrgEx
AbortDoc
GetRgnBox
EndPage
StartPage
SetAbortProc
CreateDCA
GetCharWidthA
EnumFontFamiliesExA
GetNearestColor
GetStretchBltMode
GetPolyFillMode
GetTextAlign
GetBkMode
GetROP2
GetWindowOrgEx
CopyMetaFileA
GetTextMetricsA
SetBkMode
Rectangle
GetDeviceCaps
GetDIBits
CreateFontA
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetTextExtentPoint32A
CreatePen
SelectObject
GetObjectA
CreateFontIndirectA
GetStockObject
DeleteObject
CombineRgn
CreateRectRgn
GetPixel
ExtCreatePen
ExtTextOutA
SetBkColor
SetTextColor
SetTextAlign
DeleteDC
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SelectPalette
RestoreDC
StretchBlt
CreateDIBSection
SetPixel
ExtCreateRegion
Polygon
GetCurrentObject
StretchDIBits
GetTextCharsetInfo
OffsetRgn
PtInRegion
GetBitmapBits
Polyline
SetBrushOrgEx
CreatePalette
CreateDIBitmap
CreatePolygonRgn
RoundRect
ExtTextOutW
SaveDC
StartDocA
CreateBitmap
GetClipBox
MoveToEx
GetTextFaceA
LineTo
EndDoc
GetTextExtentPointA
Ellipse
ExtFloodFill
GetTextExtentPoint32W
SetDIBits

comdlg32

PrintDlgA
GetFileTitleA
CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA
ChooseColorA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueA
GetFileSecurityA
SetFileSecurityA
RegEnumKeyA
RegQueryValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
DeleteService
CreateServiceA
ChangeServiceConfigA
ControlService
StartServiceA
OpenServiceA
QueryServiceConfigA
QueryServiceStatus
OpenSCManagerA
CloseServiceHandle
RegOpenKeyA
RegSetValueExA
RegCloseKey
RegCreateKeyA
RegQueryValueExA
RegDeleteValueA

shell32

DragFinish
DragQueryFileA
ExtractIconA
SHGetFileInfoA
ShellExecuteA
Shell_NotifyIconA
SHAppBarMessage

comctl32

_TrackMouseEvent
ImageList_DrawEx
ImageList_Add
FlatSB_GetScrollProp
ImageList_GetBkColor
ImageList_DrawIndirect
ImageList_Remove
CreatePropertySheetPageA
DestroyPropertySheetPage
PropertySheetA
ImageList_LoadImageA
ord17
ImageList_Draw
ImageList_Create
ImageList_Destroy
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_GetIconSize

oledlg

ord1
ord8

ole32

OleDuplicateData
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoDisconnectObject
CoInitialize
CoUninitialize
CoRegisterMessageFilter
ReleaseStgMedium
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleGetClipboard

olepro32

ord253

oleaut32

OleLoadPicturePath
SysStringLen
LoadTypeLi
VarDateFromStr
SysStringByteLen
SysAllocStringByteLen
VariantCopy
VariantChangeType
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
SysAllocString
VariantInit

urlmon

URLDownloadToFileA

shlwapi

StrTrimA
PathFindFileNameA
SHRegSetUSValueA
SHRegGetUSValueA
PathFileExistsA
SHSetValueA
PathFindExtensionA

litezip

ZipAddDirA
ZipAddFileA
ZipClose
ZipCreateFileA

liteunzip

UnzipGetItemA
UnzipOpenFileA
UnzipClose
UnzipItemToFileA

iphlpapi

GetAdaptersInfo
SendARP

ws2_32

ntohl
inet_addr

core

NetCore_AccessHostsFile
NetCore_RegisterHander
NetCore_SetComment
NetCore_Init
NetCore_PVT
NetCore_StartControl
NetCore_IsEngineStart
NetCore_IsControlStart
NetCore_Discovery
NetCore_ReloadConfig
NetCore_SetHostFlag
NetCore_StartEngine
NetCore_SetRule

stat

GetStat

imagehlp

ImageDirectoryEntryToData

winmm

PlaySoundA

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Packet.dll
.dll windows:4 windows x86 arch:x86

088fedd367765cf098ba8150e3ad9014

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:96:13:e7:dd:69:64:b1:52:a4:e8:f7:18:13:e7:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/05/2008, 00:00

Not After

07/05/2011, 23:59

Subject

CN=CACE Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CACE Technologies\, Inc.,L=Davis,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:2b:4c:d0:55:36:6f:64:40:20:44:42:ed:e9:1b:79:79:ce:20:64
Signer

Actual PE Digest

24:2b:4c:d0:55:36:6f:64:40:20:44:42:ed:e9:1b:79:79:ce:20:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\releases\winpcap_4_1_0_2001\winpcap\packetNtx\Dll\Project\Release\x86\Packet.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

npptools

DestroyBlob
CreateBlob
CreateNPPInterface
GetNPPBlobTable
SetBoolInBlob

ws2_32

inet_addr

iphlpapi

GetAdaptersInfo

kernel32

GlobalFree
GlobalAlloc
GlobalHandle
ReleaseMutex
GlobalLock
WaitForSingleObject
GlobalUnlock
GetFullPathNameW
GetLastError
SetLastError
CreateFileA
GetProcAddress
CreateMutexW
CreateEventW
QueryPerformanceCounter
DeviceIoControl
SetEvent
QueryPerformanceFrequency
FlushFileBuffers
WriteFile
CloseHandle
GetVersion
WideCharToMultiByte
LoadLibraryW
ReadFile
GetModuleFileNameW
MultiByteToWideChar
DeleteCriticalSection
GetSystemTimeAsFileTime
OutputDebugStringA
InitializeCriticalSection
Sleep
GetVersionExW
LeaveCriticalSection
EnterCriticalSection
ResetEvent
LoadLibraryA
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetModuleHandleW
HeapSize
GetConsoleOutputCP
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetTickCount
GetCurrentProcessId
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
WriteConsoleA

advapi32

CreateServiceA
ControlService
OpenSCManagerW
CloseServiceHandle
OpenServiceA
QueryServiceStatus
StartServiceW
RegEnumKeyW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA

ole32

CoInitialize
CoUninitialize
CoInitializeEx

Exports

Exports

PacketAllocatePacket
PacketCloseAdapter
PacketFreePacket
PacketGetAdapterNames
PacketGetAirPcapHandle
PacketGetDriverVersion
PacketGetNetInfoEx
PacketGetNetType
PacketGetReadEvent
PacketGetStats
PacketGetStatsEx
PacketGetVersion
PacketInitPacket
PacketIsDumpEnded
PacketLibraryVersion
PacketOpenAdapter
PacketReceivePacket
PacketRequest
PacketSendPacket
PacketSendPackets
PacketSetBpf
PacketSetBuff
PacketSetDumpLimits
PacketSetDumpName
PacketSetHwFilter
PacketSetLoopbackBehavior
PacketSetMinToCopy
PacketSetMode
PacketSetNumWrites
PacketSetReadTimeout
PacketSetSnapLen
PacketStopDriver

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PacketVista.dll
.dll windows:4 windows x64 arch:x64

fbdbce61e242b8c1914dd1e6606925d0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:96:13:e7:dd:69:64:b1:52:a4:e8:f7:18:13:e7:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/05/2008, 00:00

Not After

07/05/2011, 23:59

Subject

CN=CACE Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CACE Technologies\, Inc.,L=Davis,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

00:c0:cf:c9:66:fb:e1:ec:9f:cf:71:d8:4c:a9:40:33:bc:a2:83:32
Signer

Actual PE Digest

00:c0:cf:c9:66:fb:e1:ec:9f:cf:71:d8:4c:a9:40:33:bc:a2:83:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\releases\winpcap_4_1_0_2001\winpcap\packetNtx\Dll\Project\Release No NetMon\x64\Packet.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

inet_addr

iphlpapi

GetAdaptersInfo

kernel32

GlobalAlloc
CreateFileA
GetLastError
SetLastError
GetProcAddress
CreateMutexW
QueryPerformanceCounter
CreateEventW
SetEvent
DeviceIoControl
GlobalFree
WriteFile
QueryPerformanceFrequency
WideCharToMultiByte
CloseHandle
LoadLibraryW
GetVersion
ReadFile
GetModuleFileNameW
GetFullPathNameW
MultiByteToWideChar
ReleaseMutex
GlobalUnlock
WaitForSingleObject
GlobalLock
GlobalHandle
HeapSize
FlushFileBuffers
GetModuleHandleW
RtlLookupFunctionEntry
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlVirtualUnwind
GetModuleHandleA
ExitProcess
FlsGetValue
TlsFree
FlsFree
TlsSetValue
FlsAlloc
Sleep
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
RtlUnwindEx
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSection
HeapReAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

advapi32

OpenServiceA
StartServiceW
RegOpenKeyExA
CreateServiceA
ControlService
OpenSCManagerW
CloseServiceHandle
RegQueryValueExW
RegQueryValueExA
RegCloseKey
RegEnumKeyW
RegOpenKeyExW
QueryServiceStatus

Exports

Exports

PacketAllocatePacket
PacketCloseAdapter
PacketFreePacket
PacketGetAdapterNames
PacketGetAirPcapHandle
PacketGetDriverVersion
PacketGetNetInfoEx
PacketGetNetType
PacketGetReadEvent
PacketGetStats
PacketGetStatsEx
PacketGetVersion
PacketInitPacket
PacketIsDumpEnded
PacketLibraryVersion
PacketOpenAdapter
PacketReceivePacket
PacketRequest
PacketSendPacket
PacketSendPackets
PacketSetBpf
PacketSetBuff
PacketSetDumpLimits
PacketSetDumpName
PacketSetHwFilter
PacketSetLoopbackBehavior
PacketSetMinToCopy
PacketSetMode
PacketSetNumWrites
PacketSetReadTimeout
PacketSetSnapLen
PacketStopDriver

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WanPacket.dll
.dll windows:4 windows x86 arch:x86

c4f10a94feffedd44a2a094b559256d7

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:7c:31:88:a9:65:10:fb:5c:59:d8:41:d5:5b:b3:ab
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2006, 00:00

Not After

19/05/2007, 23:59

Subject

CN=CACE TECHNOLOGIES\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CACE TECHNOLOGIES\, LLC,L=Davis,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:0e:33:23:87:4c:7c:b1:48:de:d3:90:96:a6:3a:97:4d:ce:9c:3e
Signer

Actual PE Digest

c2:0e:33:23:87:4c:7c:b1:48:de:d3:90:96:a6:3a:97:4d:ce:9c:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

npptools

CreateNPPInterface
GetNPPBlobTable
SetBoolInBlob
CreateBlob
DestroyBlob

kernel32

GetFileType
GlobalAlloc
GlobalFree
GetSystemTimeAsFileTime
LeaveCriticalSection
SetEvent
EnterCriticalSection
LoadLibraryA
GetVersionExA
DeleteCriticalSection
CloseHandle
CreateEventA
InitializeCriticalSection
Sleep
OutputDebugStringA
WaitForSingleObject
ResetEvent
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

ole32

CoInitializeEx
CoInitialize
CoUninitialize

Exports

Exports

WanPacketCloseAdapter
WanPacketGetReadEvent
WanPacketGetStats
WanPacketOpenAdapter
WanPacketReceivePacket
WanPacketSetBpfFilter
WanPacketSetBufferSize
WanPacketSetMinToCopy
WanPacketSetMode
WanPacketSetReadTimeout
WanPacketTestAdapter

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
acl/WWW白名单[工作时间].acl
acl/WWW黑名单模版[工作时间].acl
acl/限制P2P[工作时间].acl
acl/限速[工作时间].acl
backup.ini
bwtest.exe
.exe windows:4 windows x86 arch:x86

9755d59a18ef5217a97d67fd73c2ce5f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrTrimA
PathFindFileNameA
PathFileExistsA
SHGetValueA

kernel32

GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleHandleA
GetModuleFileNameA
Sleep
lstrlenA
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
HeapSize
GetACP
GetLocalTime
GetSystemTime
GetTimeZoneInformation
ExitThread
TerminateProcess
RaiseException
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind
GetProfileStringA
LocalSize
OpenProcess
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
VirtualQuery
VirtualProtect
GetSystemInfo
GetCurrentProcessId
GetTickCount
TerminateThread
GetTempFileNameA
GetTempPathA
CloseHandle
CreateEventA
GetLastError
GetExitCodeThread
WaitForSingleObject
CreateThread
GetVersionExA
FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
WinExec
GetProcAddress
lstrcpyA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetCurrentThreadId
lstrcatA
GetVersion
LockResource
LoadResource
FindResourceA
SetLastError
MulDiv
GlobalUnlock
GlobalLock
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
lstrcpynA
lstrcmpA
SetErrorMode
SizeofResource
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
GetCurrentThread
GlobalAlloc
SetEvent
ResumeThread
SetThreadPriority
SuspendThread
GlobalFree
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
DeleteFileA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
SetFileAttributesA
CreateFileA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FindFirstFileA
FindClose
GetFileTime
GetFileSize
GetFileAttributesA
FormatMessageA
LocalFree

user32

PostThreadMessageA
RegisterClipboardFormatA
SetRectEmpty
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
CharNextA
GetWindowThreadProcessId
ReleaseCapture
SetCapture
LoadStringA
DestroyMenu
GetSysColorBrush
GetDesktopWindow
GetClassNameA
WindowFromPoint
CharUpperA
MapDialogRect
SetWindowContextHelpId
EndDialog
CreateDialogIndirectParamA
GetMessageA
TranslateMessage
GetActiveWindow
ValidateRect
GetCursorPos
PostQuitMessage
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
DefWindowProcA
GetWindowRect
RedrawWindow
GetParent
GetClientRect
InvalidateRect
EnableWindow
RegisterWindowMessageA
GetWindowDC
ClientToScreen
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
PostMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
GetFocus
LoadIconA
SendMessageA
DrawIcon
GetSystemMetrics
IsIconic
SendMessageTimeoutA
IsWindow
GetSysColor
KillTimer
SetTimer
DestroyCursor
SetWindowLongA
MessageBeep
PtInRect
ScreenToClient
GetMessagePos
SetCursor
InflateRect
ReleaseDC
GetDC
CopyIcon
LoadCursorA
GetWindowPlacement
SystemParametersInfoA
IntersectRect
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
SetActiveWindow
SetFocus
AdjustWindowRectEx
EqualRect
CopyRect
IsWindowVisible
GetScrollInfo
SetScrollInfo
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxA
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DestroyWindow
CreateWindowExA
CreateIconIndirect
LoadImageA
GetDoubleClickTime
DrawFocusRect
GetIconInfo
GetSystemMenu
SetWindowRgn
SetClassLongA
DrawStateA
DrawFrameControl
RegisterClassW
DefMDIChildProcW
DefMDIChildProcA
DefDlgProcW
DefDlgProcA
DefFrameProcW
DefFrameProcA
DefWindowProcW
CallWindowProcW
EnableScrollBar
EnumWindows
IsWindowUnicode
GetWindowLongW
SetWindowLongW
FillRect
IsRectEmpty
DrawIconEx
DrawEdge
OffsetRect
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowPos
DestroyIcon

gdi32

IntersectClipRect
MoveToEx
LineTo
DeleteObject
GetClipRgn
CreateRectRgn
ExtSelectClipRgn
GetObjectType
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
ExcludeClipRect
RectVisible
TextOutA
ExtTextOutA
Escape
GetMapMode
PatBlt
CombineRgn
DPtoLP
GetTextColor
GetBkColor
LPtoDP
SelectClipRgn
CreateFontA
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetTextExtentPoint32A
CreatePen
CreateFontIndirectA
GetObjectA
GetStockObject
CreateSolidBrush
GetClipBox
SetTextColor
SetBkColor
CreateBitmap
DeleteDC
SaveDC
RestoreDC
SelectObject
SelectPalette
SetBkMode
GetTextCharsetInfo
GetPixel
OffsetRgn
CreateDIBSection
StretchBlt
SetBrushOrgEx
Polygon
CreatePalette
ScaleWindowExtEx
GetDIBits
GetTextExtentPointA
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
PtVisible
CreateDIBitmap

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueA

shell32

ShellExecuteA

comctl32

ImageList_Destroy
ord17
FlatSB_GetScrollProp
ImageList_GetIcon
_TrackMouseEvent
ImageList_GetBkColor
ImageList_GetImageInfo
ImageList_DrawIndirect
ImageList_GetIconSize
ImageList_Draw
ImageList_GetImageCount
ImageList_Create
ImageList_Add

oledlg

ord8

ole32

CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleInitialize
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter

olepro32

ord253

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
VariantClear
VariantCopy
SysAllocString
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VariantTimeToSystemTime

iphlpapi

IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho

ws2_32

WSAConnect
WSASend
WSAEnumNetworkEvents
WSARecv
shutdown
WSAEventSelect
WSAWaitForMultipleEvents
WSASocketA
setsockopt
WSAGetLastError
WSAStartup
WSACleanup
htons
ntohs
ntohl
inet_addr
gethostbyname
inet_ntoa
htonl
closesocket

imagehlp

ImageDirectoryEntryToData

Sections

.text
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
config/ed2k.dat
config/sample.blk
config/sample.wht
core.dll
.dll windows:4 windows x86 arch:x86

116fd563a7d61c3c35d2e0ac9a61a504

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCPInfo
GetOEMCP
RtlUnwind
HeapFree
HeapReAlloc
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetCommandLineA
RaiseException
ExitProcess
TerminateProcess
CreateThread
ExitThread
HeapSize
GetACP
GetEnvironmentVariableA
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetModuleHandleA
GlobalFlags
SetLastError
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
LocalAlloc
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
lstrcmpA
LocalFree
lstrlenA
InterlockedDecrement
InterlockedIncrement
CreateFileA
GetFileAttributesA
GetWindowsDirectoryA
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
GetVersion
GetTickCount
GetCurrentProcess
GetCurrentProcessId
CreateToolhelp32Snapshot
DuplicateHandle
DeviceIoControl
UnmapViewOfFile
MapViewOfFile
GetLastError
GetVersionExA
FreeLibrary
LoadLibraryA
GetProcAddress
OpenProcess
CloseHandle
TerminateThread
Sleep
GetModuleFileNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
MultiByteToWideChar
HeapDestroy
WideCharToMultiByte

user32

WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
wsprintfA
GetWindowTextA
SetWindowTextA
ClientToScreen
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
GetWindow

gdi32

GetDeviceCaps
PtVisible
RectVisible
SetTextColor
TextOutA
ExtTextOutA
Escape
GetObjectA
SetBkColor
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetStockObject
SelectObject
RestoreDC
CreateBitmap
SaveDC
DeleteDC
DeleteObject
SetMapMode

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

ControlService
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
AdjustTokenPrivileges
StartServiceA
DeleteService
OpenSCManagerA
CreateServiceA
OpenServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA

comctl32

ord17

iphlpapi

FlushIpNetTable
CreateIpNetEntry

shlwapi

SHSetValueA
SHGetValueA
StrTrimA
PathFileExistsA

ntdll

ZwClose
_strlwr
ZwOpenSection
RtlInitUnicodeString
ZwOpenFile
ZwQuerySystemInformation

psapi

EnumProcessModules
GetModuleFileNameExA
EnumProcesses

wpcap

pcap_sendpacket
pcap_next_ex
pcap_open
pcap_setbuff
pcap_close

ws2_32

inet_addr
htons
ntohs
htonl

netapi32

Netbios

pvt

PVTRegHandler
PVTUninit
PVTHandlePkt
PVTMode
PVTInit

Exports

Exports

NetCore_AccessHostsFile
NetCore_Discovery
NetCore_Init
NetCore_IsControlStart
NetCore_IsEngineStart
NetCore_PVT
NetCore_RegisterHander
NetCore_ReloadConfig
NetCore_SendArp
NetCore_SetComment
NetCore_SetHostFlag
NetCore_SetRule
NetCore_StartControl
NetCore_StartEngine

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cssrhplus.dll
.dll .js regsvr32 windows:4 windows x86 arch:x86 polyglot

12e71ba33303c709cdbca38c05a48edb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeA
GetStringTypeW
LCMapStringW
LCMapStringA
LoadLibraryA
GetProcAddress
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
RtlUnwind

user32

wsprintfW

advapi32

RegOpenKeyA
RegQueryValueExA

oleaut32

LoadRegTypeLi
SysFreeString
SysStringLen

atl

ord32
ord57
ord18
ord30
ord16
ord21
ord23
ord58
ord15

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lang/chs/config.dll
.dll windows:4 windows x86 arch:x86

0f6f76191f0eaba8a88d06d71202c598

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA
SHGetValueA

kernel32

RtlUnwind
GetCommandLineA
HeapFree
RaiseException
ExitProcess
TerminateProcess
HeapSize
GetACP
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
HeapAlloc
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetStdHandle
IsBadReadPtr
IsBadCodePtr
HeapReAlloc
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
GetLastError
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
lstrcpynA
MulDiv
GetSystemDefaultLangID
SetLastError
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
LocalFree
CloseHandle
GlobalAlloc
GlobalDeleteAtom
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
lstrcmpA
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
CopyFileA
WinExec
LoadLibraryA
GetProcAddress
FreeLibrary
DeleteFileA
CreateDirectoryA
GetModuleFileNameA
FreeEnvironmentStringsW

user32

ScreenToClient
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
wvsprintfA
GetAsyncKeyState
MapDialogRect
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA
DestroyMenu
InvalidateRect
UnregisterClassA
LoadStringA
GetClassNameA
LoadCursorA
GetSysColorBrush
GetTopWindow
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
EnableMenuItem
GetFocus
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
SetCursor
PostQuitMessage
CopyRect
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
EnableWindow
SendMessageA
MessageBoxA
DrawTextA
DrawEdge
FillRect
LoadIconA
LoadMenuA
GetSubMenu
SetForegroundWindow
ClientToScreen
TrackPopupMenu
PostMessageA
PtInRect
UnionRect
GetDC
DrawFocusRect
ReleaseDC
RedrawWindow
GetWindowRect
GetParent
GetClientRect
CheckMenuItem

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
MoveToEx
LineTo
DeleteObject
OffsetViewportOrgEx
GetDeviceCaps
CreatePen
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
BitBlt
CreateCompatibleDC
GetTextMetricsA
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
CreateFontA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

comctl32

ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
ord17
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA

Exports

Exports

ShowDialog

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lang/chs/gui.xml
lang/chs/rsc.dll
.dll windows:4 windows x86 arch:x86

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 480KB - Virtual size: 479KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lang/string.dat
list/WWW白名单模板.wht
list/WWW黑名单模板.blk
mac-prefixes
modules/dlctrl.dll
.dll windows:4 windows x86 arch:x86

b986a2e48331012062e0fbc635631320

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrTrimA

kernel32

LeaveCriticalSection
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind
InterlockedDecrement
InterlockedIncrement

Exports

Exports

fnCtrl
fnGetSupport
fnGetVersion
fnInit

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
modules/imctrl.dll
.dll windows:4 windows x86 arch:x86

d0828209b8ce9e3c8410df6207db4861

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDefaultLangID
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind

Exports

Exports

fnCtrl
fnGetSupport
fnGetVersion
fnInit

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
modules/p2pctrl.dll
.dll windows:4 windows x86 arch:x86

c62bc5399958dccfb27611997287d5bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetSystemDefaultLangID
OutputDebugStringA
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
EnterCriticalSection
LeaveCriticalSection
GetLastError
CloseHandle
ReadFile
InitializeCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
SetStdHandle
FlushFileBuffers
SetFilePointer
CreateFileA
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Exports

Exports

fnCtrl
fnGetSupport
fnGetVersion
fnInit

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
modules/sitectrl.dll
.dll windows:4 windows x86 arch:x86

8a43421642bee18bcb50bc92f274a77c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetHandleCount
FreeLibrary
GetProcAddress
LoadLibraryA
GetStartupInfoA
GetFileType
HeapFree
HeapReAlloc
HeapAlloc
RtlUnwind
GetCommandLineA
GetVersion
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetModuleFileNameA
GetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetUnhandledExceptionFilter
SetFilePointer
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CloseHandle

wininet

InternetCrackUrlA

Exports

Exports

fnCtrl
fnGetSupport
fnGetVersion
fnInit

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
npf.sys
.sys windows:6 windows x86 arch:x86

5d756b1deabd7b6ee3f068c3a075da59

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:96:13:e7:dd:69:64:b1:52:a4:e8:f7:18:13:e7:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/05/2008, 00:00

Not After

07/05/2011, 23:59

Subject

CN=CACE Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CACE Technologies\, Inc.,L=Davis,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:6e:52:a3:58:b7:44:87:4c:85:b2:86:b6:26:1d:6a:d9:8d:e7:a1
Signer

Actual PE Digest

91:6e:52:a3:58:b7:44:87:4c:85:b2:86:b6:26:1d:6a:d9:8d:e7:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\releases\winpcap_4_1_0_2001\winpcap\packetntx\driver\bin\i386\npf.pdb

Imports

ntoskrnl.exe

MmProbeAndLockPages
IoAllocateMdl
KeResetEvent
ObfDereferenceObject
ObReferenceObjectByHandle
ExEventObjectType
IofCompleteRequest
_allmul
PsGetVersion
KeQuerySystemTime
_allrem
_alldiv
KeWaitForSingleObject
KeInitializeEvent
_aullrem
_aulldiv
ZwSetInformationThread
KeSetEvent
IoFreeMdl
KeClearEvent
KefReleaseSpinLockFromDpcLevel
MmBuildMdlForNonPagedPool
KefAcquireSpinLockAtDpcLevel
KeTickCount
KeBugCheckEx
MmUnlockPages
ExfInterlockedRemoveHeadList
ExfInterlockedInsertTailList
IoDeleteSymbolicLink
IoDeleteDevice
RtlCompareMemory
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
IoCreateDevice
IoCreateSymbolicLink
ZwOpenKey
ZwEnumerateKey
RtlInitUnicodeString
ZwQueryValueKey
ZwClose
memcpy
memset
ExAllocatePoolWithTag
RtlQueryRegistryValues
RtlWriteRegistryValue
MmMapLockedPagesSpecifyCache
ExFreePoolWithTag
RtlUnwind

hal

KfReleaseSpinLock
KeQueryPerformanceCounter
KfLowerIrql
KfRaiseIrql
KfAcquireSpinLock

ndis.sys

NdisInitializeEvent
NdisCloseAdapter
NdisSystemProcessorCount
NdisRegisterProtocol
NdisFreePacketPool
NdisRequest
NdisWaitEvent
NdisSetEvent
NdisDeregisterProtocol
NdisOpenAdapter
NdisAllocatePacketPool
NdisFreePacket
NdisAllocatePacket
NdisResetEvent
NdisUnchainBufferAtFront

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
npf64.sys
.sys windows:6 windows x64 arch:x64

4984370b0a32e217ec04e87b22d6fede

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:96:13:e7:dd:69:64:b1:52:a4:e8:f7:18:13:e7:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/05/2008, 00:00

Not After

07/05/2011, 23:59

Subject

CN=CACE Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CACE Technologies\, Inc.,L=Davis,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:e1:f5:a1:3d:f4:d0:8b:e4:e6:5d:1f:f7:d4:c0:8d:01:42:b8:4e
Signer

Actual PE Digest

50:e1:f5:a1:3d:f4:d0:8b:e4:e6:5d:1f:f7:d4:c0:8d:01:42:b8:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\releases\winpcap_4_1_0_1753\winpcap\packetntx\driver\bin\amd64\npf.pdb

Imports

ntoskrnl.exe

RtlWriteRegistryValue
MmProbeAndLockPages
PsGetVersion
ExInterlockedRemoveHeadList
RtlCompareMemory
MmUnlockPages
IoCreateSymbolicLink
ObfDereferenceObject
IoCreateDevice
DbgPrint
ZwEnumerateKey
IoAllocateMdl
ZwOpenKey
KeAcquireSpinLockRaiseToDpc
KeSetEvent
ZwSetInformationThread
RtlAssert
ObReferenceObjectByHandle
MmBuildMdlForNonPagedPool
KeReleaseSpinLockFromDpcLevel
MmMapLockedPagesSpecifyCache
KeWaitForSingleObject
KeAcquireSpinLockAtDpcLevel
KeBugCheckEx
IofCompleteRequest
RtlAppendUnicodeStringToString
ZwClose
ExEventObjectType
ExInterlockedInsertTailList
ZwQueryValueKey
IoFreeMdl
KeReleaseSpinLock
IoIs32bitProcess
RtlQueryRegistryValues
RtlAppendUnicodeToString
IoDeleteDevice
RtlInitUnicodeString
KeResetEvent
ExFreePoolWithTag
IoDeleteSymbolicLink
KeClearEvent
ExAllocatePoolWithTag
__C_specific_handler

hal

KeQueryPerformanceCounter

ndis.sys

NdisFreePacket
NdisCloseAdapter
NdisOpenAdapter
NdisAllocatePacketPool
NdisInitializeEvent
NdisFreePacketPool
NdisAllocatePacket
NdisDeregisterProtocol
NdisRegisterProtocol
NdisWaitEvent
NdisSetEvent
NdisResetEvent
NdisSystemProcessorCount
NdisRequest
NdisUnchainBufferAtFront

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
npptools.dll
.dll windows:5 windows x86 arch:x86

e3595d46c70e1f27e38882f3f0c99f72

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord823
ord825

msvcrt

_ltoa
strpbrk
_strnicmp
sprintf
_stricmp
strncpy
strncmp
memmove
__CxxFrameHandler
wcscmp
wcscpy
wcslen
setlocale
wcscat
wcschr
strrchr
free
malloc
_initterm
_adjust_fdiv
_except_handler3
__dllonexit
_onexit
sscanf

advapi32

RegCreateKeyExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegSetValueExW
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegEnumValueA
RegCloseKey
RegSetValueExA

kernel32

lstrlenA
MultiByteToWideChar
HeapSize
InitializeCriticalSection
InterlockedExchange
FreeLibrary
LeaveCriticalSection
GlobalSize
HeapReAlloc
CreateFileMappingW
GetWindowsDirectoryW
GetProcAddress
GetLastError
LoadLibraryW
GetSystemDirectoryW
GetModuleFileNameA
GetSystemDirectoryA
LoadLibraryA
FindClose
FindNextFileA
FindFirstFileA
UnmapViewOfFile
GetFileSize
EnterCriticalSection
GetCurrentProcessId
HeapFree
CreateMutexW
HeapAlloc
GetProcessHeap
ReleaseMutex
WaitForSingleObject
CreateFileA
CloseHandle
WriteFile
MapViewOfFile

ole32

CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantInit
SystemTimeToVariantTime
SysFreeString

user32

GetDlgItem
wsprintfW
GetWindowLongW
LoadStringW
wsprintfA
EndDialog
GetFocus
GetWindowRect
LoadStringA
SendMessageW
SetWindowLongW
DialogBoxParamW
UpdateWindow

Exports

Exports

ClearEventData
CreateBlob
CreateNPPInterface
DestroyBlob
DestroyNPPBlobTable
DuplicateBlob
FilterNPPBlob
FindOneOf
FindUnknownBlobCategories
FindUnknownBlobTags
GetBoolFromBlob
GetClassIDFromBlob
GetDwordFromBlob
GetMacAddressFromBlob
GetNPPAddressFilterFromBlob
GetNPPBlobFromUI
GetNPPBlobTable
GetNPPEtypeSapFilter
GetNPPMacTypeAsNumber
GetNPPPatternFilterFromBlob
GetNPPTriggerFromBlob
GetNetworkInfoFromBlob
GetStringFromBlob
GetStringsFromBlob
IsRemoteNPP
LockBlob
MarshalBlob
MergeBlob
NmAddUsedEntry
NmHeapAllocate
NmHeapFree
NmHeapReallocate
NmHeapSize
NmRemoveUsedEntry
RaiseNMEvent
ReadBlobFromFile
RegCreateBlobKey
RegOpenBlobKey
ReleaseEventSystem
RemoveFromBlob
SelectNPPBlobFromTable
SendEvent
SetBoolInBlob
SetClassIDInBlob
SetDwordInBlob
SetMacAddressInBlob
SetNPPAddressFilterInBlob
SetNPPEtypeSapFilter
SetNPPPatternFilterInBlob
SetNPPTriggerInBlob
SetNetworkInfoInBlob
SetStringInBlob
SubkeyExists
UnMarshalBlob
UnlockBlob
WriteBlobToFile
WriteCrackedBlobToFile
recursiveDeleteKey
setKeyAndValue

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FINDSHAR
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
optimizer.exe
.exe windows:4 windows x86 arch:x86

0ec5ad024dcafdfc7bf55cc4e378893f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA
SHSetValueA
SHGetValueA
StrTrimA

kernel32

LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetVersionExA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
GetStringTypeW
HeapDestroy
GetACP
HeapSize
GetTimeZoneInformation
RaiseException
ExitThread
CreateThread
TerminateProcess
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapReAlloc
RtlUnwind
HeapFree
GetProfileStringA
LocalSize
OpenProcess
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
VirtualQuery
VirtualProtect
GetSystemInfo
GetCurrentProcessId
HeapCreate
GetStringTypeA
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
CloseHandle
WaitForSingleObject
SetEvent
ResumeThread
SetThreadPriority
SuspendThread
CreateEventA
LoadResource
FindResourceA
LockResource
GlobalFree
GlobalUnlock
WideCharToMultiByte
lstrlenA
LocalFree
FormatMessageA
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
lstrcpyA
GlobalFindAtomA
GlobalAddAtomA
DeleteFileA
MoveFileExA
GlobalGetAtomNameA
lstrcatA
GetVersion
SetLastError
MulDiv
lstrlenW
GetFileTime
GetFileSize
GetFileAttributesA
GetTickCount
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
GetModuleFileNameA
GetTempFileNameA
GetTempPathA
Sleep
WinExec
CopyFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
SetErrorMode
GetOEMCP
GetCPInfo
GetThreadLocale
SizeofResource
GetProcessVersion
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
lstrcpynA
GetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime

user32

DestroyIcon
PostThreadMessageA
RegisterClipboardFormatA
CharUpperA
SetRectEmpty
DestroyMenu
MessageBeep
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
CharNextA
InflateRect
LoadStringA
GetSysColorBrush
PtInRect
GetClassNameA
GetWindowThreadProcessId
GetDesktopWindow
ReleaseCapture
SetCapture
LoadCursorA
GrayStringA
DrawTextA
RegisterWindowMessageA
LoadIconA
SendMessageA
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
PostQuitMessage
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
EnableWindow
PostMessageA
SetCursor
MessageBoxA
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
PeekMessageA
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetDlgItem
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
GetScrollInfo
SetScrollInfo
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
OffsetRect
LoadImageA
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
CopyRect
GetDC
ReleaseDC
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
DrawEdge
SendMessageTimeoutA
DrawIconEx
IsRectEmpty
SetWindowLongW
GetWindowLongW
IsWindowUnicode
EnumWindows
SetTimer
EnableScrollBar
CallWindowProcW
DefWindowProcW
DefFrameProcA
DefFrameProcW
DefDlgProcA
DefDlgProcW
DefMDIChildProcA
DefMDIChildProcW
RegisterClassW
FillRect
DrawFrameControl
DrawStateA
SetClassLongA
SetWindowRgn
KillTimer
GetSystemMenu
GetIconInfo
DrawFocusRect
GetDoubleClickTime
InvalidateRect

gdi32

SetTextColor
GetClipBox
PatBlt
CreateBitmap
DeleteObject
CreateRectRgn
GetObjectType
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
CreateSolidBrush
CreatePatternBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetBkColor
CreateFontIndirectA
GetMapMode
CombineRgn
DPtoLP
GetTextColor
GetBkColor
LPtoDP
GetObjectA
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SelectPalette
SetBkMode
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
GetTextCharsetInfo
GetPixel
CreateCompatibleBitmap
CreateCompatibleDC
OffsetRgn
CreateDIBSection
StretchBlt
BitBlt
SetBrushOrgEx
Polygon
CreatePalette
GetDIBits
GetTextExtentPointA
IntersectClipRect
GetTextExtentPoint32A
CreateDIBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

comctl32

ord17
ImageList_Create
ImageList_Destroy
FlatSB_GetScrollProp
ImageList_GetIcon
_TrackMouseEvent
ImageList_GetBkColor
ImageList_GetImageInfo
ImageList_DrawIndirect
ImageList_GetIconSize
ImageList_Draw
ImageList_GetImageCount
ImageList_Add

oledlg

ord8

ole32

OleInitialize
CoDisconnectObject
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoUninitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantCopy
SysAllocString
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VariantTimeToSystemTime
SysStringLen
LoadTypeLi

urlmon

URLDownloadToFileA

ws2_32

inet_ntoa
gethostbyname

iphlpapi

GetAdaptersInfo

imagehlp

ImageDirectoryEntryToData

Sections

.text
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
p2pfilter.sys
.sys windows:4 windows x86 arch:x86

595687010f92ae0ff547af4bee977f33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeWaitForSingleObject
IoCreateDevice
RtlInitUnicodeString
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
IoCreateSymbolicLink
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
ExAllocatePoolWithTag
ExFreePool

Sections

.text
Size: 1024B - Virtual size: 1011B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 448B - Virtual size: 426B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pthreadVC.dll
.dll windows:4 windows x86 arch:x86

90ee61357770484e2d085958b94141a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

calloc
_onexit
__dllonexit
_adjust_fdiv
_initterm
exit
longjmp
_setjmp3
_ftime
_endthreadex
_beginthreadex
_errno
malloc
free

wsock32

WSAGetLastError
WSASetLastError

kernel32

GetThreadPriority
Sleep
EnterCriticalSection
TlsFree
TlsAlloc
GetExitCodeThread
ReleaseSemaphore
CreateSemaphoreA
GetCurrentProcessId
OpenProcess
GetLastError
SetThreadPriority
GetProcessAffinityMask
CloseHandle
TlsSetValue
TlsGetValue
SetLastError
InterlockedDecrement
ResetEvent
WaitForSingleObject
SetEvent
ResumeThread
SetThreadContext
GetThreadContext
SuspendThread
LeaveCriticalSection
LoadLibraryA
GetCurrentThreadId
CreateEventA
InterlockedIncrement
DuplicateHandle
GetCurrentThread
GetCurrentProcess
FreeLibrary
WaitForMultipleObjects
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress

Exports

Exports

pthreadCancelableTimedWait
pthreadCancelableWait
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setpshared
pthread_create
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_getconcurrency
pthread_getschedparam
pthread_getspecific
pthread_getw32threadhandle_np
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getkind_np
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setkind_np
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_win32_process_attach_np
pthread_win32_process_detach_np
pthread_win32_thread_attach_np
pthread_win32_thread_detach_np
ptw32_get_exception_services_code
ptw32_pop_cleanup
ptw32_push_cleanup
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pvt.dat
pvt.dll
.dll windows:4 windows x86 arch:x86

38300414823c41469cb0d2f0f1ef8173

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessVersion
GetFileAttributesA
GetFileSize
GetFileTime
GlobalFlags
WritePrivateProfileStringA
GetCPInfo
GetOEMCP
FileTimeToSystemTime
FileTimeToLocalFileTime
RtlUnwind
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
RaiseException
CreateThread
ExitThread
ExitProcess
TerminateProcess
HeapSize
GetACP
GetTimeZoneInformation
GetEnvironmentVariableA
FreeLibrary
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetModuleHandleA
SetLastError
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
LocalAlloc
GlobalLock
GlobalAlloc
GlobalDeleteAtom
GetCurrentThread
lstrcmpiA
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
LoadLibraryA
GetProcAddress
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetLastError
CreateEventA
SuspendThread
GetCurrentThreadId
SetThreadPriority
ResumeThread
SetEvent
CloseHandle
lstrcmpA
LocalFree
lstrlenA
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
TerminateThread
Sleep
GetModuleFileNameA
GetTickCount
DeleteFileA
DeleteCriticalSection
InitializeCriticalSection
GetTempPathA
GetTempFileNameA
MultiByteToWideChar
GetVersionExA
WideCharToMultiByte

user32

CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
LoadIconA
SetWindowTextA
ShowWindow
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetClassNameA
PtInRect
ClientToScreen
TabbedTextOutA
DrawTextA
GrayStringA
DestroyMenu
GetTopWindow
GetCapture
WinHelpA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
PostMessageA
PostQuitMessage
GetSystemMetrics
CharUpperA
wsprintfA
GetMessageA
GetClassInfoA
TranslateMessage
DispatchMessageA
GetActiveWindow
SendMessageA
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
LoadBitmapA

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SelectObject
SetTextColor
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetStockObject
GetClipBox
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
CreateBitmap
SetBkColor

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

ole32

CoUninitialize
CoInitialize

urlmon

URLDownloadToFileA

shlwapi

StrTrimA

ws2_32

htons
htonl
gethostbyname

wininet

InternetCrackUrlA

Exports

Exports

PVTHandlePkt
PVTInit
PVTMode
PVTRegHandler
PVTRegL2Handler
PVTUninit

Sections

.text
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rule.dat
schedule.dat
skins/vista.ski
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/11/2006, 00:00

Not After

20/10/2008, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ee:ba:fa:a2:be:ab:a8:95:6a:07:a6:3e:be:3b:42:f2:4b:6b:e9:5d
Signer

Actual PE Digest

ee:ba:fa:a2:be:ab:a8:95:6a:07:a6:3e:be:3b:42:f2:4b:6b:e9:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 703KB - Virtual size: 702KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
stat.dll
.dll windows:4 windows x86 arch:x86

839bf7d32ff7bf3a001990de2af88107

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA
SHGetValueA
SHRegGetUSValueA

kernel32

GetCPInfo
GetOEMCP
RtlUnwind
GetCommandLineA
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
RaiseException
HeapSize
HeapReAlloc
GetACP
LCMapStringA
LCMapStringW
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetModuleFileNameA
DeleteFileA
GetSystemDefaultLangID
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
GetProcessVersion
LoadLibraryA
FreeLibrary
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetModuleHandleA
GetProcAddress
WritePrivateProfileStringA
GlobalFlags
GetLastError
SetLastError
GetVersion
lstrcpynA
lstrcpyA
lstrcatA
GetPrivateProfileIntA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
LocalFree
CloseHandle
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
SetHandleCount

user32

RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
wsprintfA
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
PostQuitMessage
PostMessageA
SendMessageA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
LoadStringA

gdi32

SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
CreateBitmap

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA

comctl32

ord17

Exports

Exports

GetStat

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
version.dat
wpcap.dll
.dll windows:4 windows x86 arch:x86

6a6ab6ea5f347cadbd2f3e8091a86bbb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:96:13:e7:dd:69:64:b1:52:a4:e8:f7:18:13:e7:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/05/2008, 00:00

Not After

07/05/2011, 23:59

Subject

CN=CACE Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CACE Technologies\, Inc.,L=Davis,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:dd:17:a5:be:1c:bc:84:63:a4:d6:24:a6:58:e8:9d:e9:13:3c:39
Signer

Actual PE Digest

76:dd:17:a5:be:1c:bc:84:63:a4:d6:24:a6:58:e8:9d:e9:13:3c:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\releases\winpcap_4_1_0_2001\winpcap\wpcap\PRJ\Release\x86\wpcap.pdb

Imports

ws2_32

WSACleanup
ntohl
gethostbyname
htons
gethostbyaddr
WSAGetLastError
htonl
getservbyname
inet_addr
getservbyport
inet_ntoa
WSASetLastError
getprotobyname
accept
closesocket
getpeername
getsockopt
setsockopt
getsockname
select
WSAStartup
shutdown
connect
listen
send
socket
bind
ntohs
recv

packet

PacketGetNetInfoEx
PacketGetAdapterNames
PacketSetMinToCopy
PacketSetLoopbackBehavior
PacketSetBuff
PacketSetHwFilter
PacketGetStats
PacketSendPacket
PacketSetReadTimeout
PacketReceivePacket
PacketSetMode
PacketOpenAdapter
PacketSetBpf
PacketAllocatePacket
PacketInitPacket
PacketCloseAdapter
PacketFreePacket
PacketGetNetType
PacketGetVersion
PacketSetDumpName
PacketSendPackets
PacketIsDumpEnded
PacketGetReadEvent
PacketSetDumpLimits
PacketGetAirPcapHandle
PacketGetStatsEx

kernel32

HeapFree
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ReadFile
MultiByteToWideChar
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
HeapSize
SetFilePointer
CloseHandle
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetModuleFileNameA
WriteFile
GetLastError
GetSystemDirectoryA
FreeLibrary
GetProcAddress
EnterCriticalSection
LoadLibraryA
LeaveCriticalSection
GetVersion
FindNextFileA
FormatMessageA
FindFirstFileA
FindClose
Sleep
InterlockedExchange
InterlockedCompareExchange
InitializeCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapAlloc
RtlUnwind
SetStdHandle
GetFileType
HeapReAlloc
GetModuleHandleA
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection

Exports

Exports

bpf_dump
bpf_filter
bpf_image
bpf_validate
endservent
eproto_db
getservent
install_bpf_program
pcap_activate
pcap_breakloop
pcap_close
pcap_compile
pcap_compile_nopcap
pcap_create
pcap_createsrcstr
pcap_datalink
pcap_datalink_name_to_val
pcap_datalink_val_to_description
pcap_datalink_val_to_name
pcap_dispatch
pcap_dump
pcap_dump_close
pcap_dump_file
pcap_dump_flush
pcap_dump_ftell
pcap_dump_open
pcap_file
pcap_fileno
pcap_findalldevs
pcap_findalldevs_ex
pcap_free_datalinks
pcap_freealldevs
pcap_freecode
pcap_get_airpcap_handle
pcap_geterr
pcap_getevent
pcap_getnonblock
pcap_hopen_offline
pcap_is_swapped
pcap_lib_version
pcap_list_datalinks
pcap_live_dump
pcap_live_dump_ended
pcap_lookupdev
pcap_lookupnet
pcap_loop
pcap_major_version
pcap_minor_version
pcap_next
pcap_next_etherent
pcap_next_ex
pcap_offline_filter
pcap_offline_read
pcap_open
pcap_open_dead
pcap_open_live
pcap_open_offline
pcap_parsesrcstr
pcap_perror
pcap_read
pcap_remoteact_accept
pcap_remoteact_cleanup
pcap_remoteact_close
pcap_remoteact_list
pcap_sendpacket
pcap_sendqueue_alloc
pcap_sendqueue_destroy
pcap_sendqueue_queue
pcap_sendqueue_transmit
pcap_set_buffer_size
pcap_set_datalink
pcap_set_promisc
pcap_set_snaplen
pcap_set_timeout
pcap_setbuff
pcap_setdirection
pcap_setfilter
pcap_setmintocopy
pcap_setmode
pcap_setnonblock
pcap_setsampling
pcap_setuserbuffer
pcap_snapshot
pcap_stats
pcap_stats_ex
pcap_strerror
wsockinit

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39d9f1f80dba9c8cd529de9f5dcfb84e

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 1024B - Virtual size: 709B

.data Size: 4KB - Virtual size: 8KB

.idata Size: 2KB - Virtual size: 1KB

ZIPSHARE Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

d106e627907a9a6d85cce365108761b2

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 20KB - Virtual size: 25KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 6KB

ec3e5c12386c1a1e26b1fa0b094e88d2

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

urlmon

shlwapi

litezip

liteunzip

iphlpapi

ws2_32

core

stat

imagehlp

winmm

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 260KB - Virtual size: 260KB

.data Size: 69KB - Virtual size: 96KB

.rsrc Size: 357KB - Virtual size: 357KB

088fedd367765cf098ba8150e3ad9014

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 1024B - Virtual size: 709B

.data
Size: 4KB - Virtual size: 8KB

.idata
Size: 2KB - Virtual size: 1KB

ZIPSHARE
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 20KB - Virtual size: 25KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 260KB - Virtual size: 260KB

.data
Size: 69KB - Virtual size: 96KB

.rsrc
Size: 357KB - Virtual size: 357KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

48:96:13:e7:dd:69:64:b1:52:a4:e8:f7:18:13:e7:6a
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

24:2b:4c:d0:55:36:6f:64:40:20:44:42:ed:e9:1b:79:79:ce:20:64
Signer

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

48:96:13:e7:dd:69:64:b1:52:a4:e8:f7:18:13:e7:6a
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

00:c0:cf:c9:66:fb:e1:ec:9f:cf:71:d8:4c:a9:40:33:bc:a2:83:32
Signer

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 5KB - Virtual size: 13KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 728B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate