8293d57bba2ada60ecd641bf8fd3aa1c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8293d57bba2ada60ecd641bf8fd3aa1c_JaffaCakes118
Size

2.2MB
MD5

8293d57bba2ada60ecd641bf8fd3aa1c
SHA1

cfad72aa5c1ee39763552f39e41f28d41f5ab5eb
SHA256

3bc0ab6ff6afb47bd89dbf6fb5eb161ccdb99db42eaf1285080e27fe74b9448e
SHA512

72916008ef03712a92547304ae38e688b446da5e679d87c841e8c2b2a23db194c588cf7343bf3959f8919a94e1c9df4e0930d14b2d76268589cc1ff518bd9a5f
SSDEEP

49152:CKBl3KZs3AZRqe/uigvyBODkFwOHr4WODdGmKJvQE634iuc49cTq:CKiPmv9kFwarSDdiQEB5c4STq

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/FTBUSUI.dll
unpack001/K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/FTD2XX.dll
unpack001/K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/FTDIBUS.sys
unpack001/K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/FTDIUNIN.exe
unpack001/K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/FTLang.dll
unpack001/K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/ftcserco.dll
unpack001/K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/ftser2k.sys
unpack001/K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/ftserui2.dll
unpack001/K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/RCMicroDogSetup.dll
unpack001/K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/VWTester.exe

Files

8293d57bba2ada60ecd641bf8fd3aa1c_JaffaCakes118
.rar
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/DPInst.exe
.exe windows:5 windows x86 arch:x86

2f37bd2cfc60f22d94e4856bdefb22d6

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

11-10-2005 21:55

Not After

26-04-2010 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:10:c3:52:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-10-2005 23:24

Not After

11-01-2007 23:34

Subject

CN=Microsoft Windows Component Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d6:ac:c4:be:67:64:23:a2:b1:30:b7:8a:4b:62:7f:c4:57:d9:89:97
Signer

Actual PE Digest

d6:ac:c4:be:67:64:23:a2:b1:30:b7:8a:4b:62:7f:c4:57:d9:89:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\difx\source\base\pnp\dfx\dpinst\obj\i386\DpInst.pdb

Imports

advapi32

FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
IsTextUnicode
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegDeleteKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
ControlService
StartServiceW
DeleteService
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CheckTokenMembership

kernel32

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
LocalFree
FormatMessageW
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
GetTempFileNameW
lstrcmpiW
lstrcmpW
lstrlenW
GetFileAttributesW
DeleteFileW
ReadFile
SetFilePointer
ReleaseMutex
WaitForSingleObject
HeapFree
GetProcessHeap
SetEndOfFile
HeapAlloc
InterlockedCompareExchange
CreateMutexW
CreateEventW
SetEvent
InterlockedExchangeAdd
ResetEvent
FreeLibrary
SetConsoleCursorPosition
FillConsoleOutputCharacterW
ReadConsoleOutputW
GetConsoleScreenBufferInfo
SetConsoleMode
GetConsoleMode
FreeConsole
GetStdHandle
GetProcAddress
LoadLibraryW
WriteConsoleOutputW
WriteConsoleW
QueryPerformanceCounter
GetTickCount
InterlockedDecrement
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExA
GetStartupInfoW
MultiByteToWideChar
HeapReAlloc
ExitProcess
GetModuleHandleA
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetThreadLocale
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualQuery
VirtualAlloc
IsBadWritePtr
Sleep
HeapSize
LCMapStringA
WideCharToMultiByte
LCMapStringW
VirtualProtect
GetSystemInfo
LoadLibraryA
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
CreateThread
CreateFileW
WriteFile
GetCommandLineW
GlobalFree
GetUserDefaultUILanguage
GetCurrentThreadId
IsValidLocale
WaitForMultipleObjects
lstrcpyW
LocalReAlloc
DeviceIoControl
GetSystemDirectoryW
LocalAlloc
VerSetConditionMask
VerifyVersionInfoW
CompareStringW
GetEnvironmentVariableW
GetCurrentDirectoryW
GetSystemWindowsDirectoryW
SetLastError
CopyFileW
GetShortPathNameW
MoveFileExW
RemoveDirectoryW
CreateDirectoryW
GetFullPathNameW
lstrcpynW
GetModuleHandleW
GetCurrentProcess
GetLastError
CloseHandle
FindResourceExW
FindResourceW
LoadResource
EnumResourceLanguagesW
GetLocalTime
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetWindowsDirectoryW
SetHandleCount
SetCurrentDirectoryW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
RtlUnwind

gdi32

EndPage
StartDocW
EndDoc
GetTextMetricsW
GetDeviceCaps
CreateFontIndirectW
DeleteObject
StartPage

user32

DrawTextExW
LoadImageW
LoadBitmapW
GetSystemMetrics
GetSysColor
LoadIconW
LoadStringW
DestroyWindow
GetWindowLongW
SendDlgItemMessageW
InvalidateRect
SystemParametersInfoW
GetDC
ReleaseDC
SetWindowLongW
SetWindowTextW
SetDlgItemTextW
GetParent
PostMessageW
IsDlgButtonChecked
CheckDlgButton
SetFocus
CallWindowProcW
DestroyIcon
DialogBoxParamW
EndDialog
GetDlgItem
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
SendMessageW
CharLowerW
CharPrevW

ntdll

memset

shell32

ord59
CommandLineToArgvW
SHGetFolderPathW

setupapi

SetupDefaultQueueCallbackW
SetupCommitFileQueueW
SetupInitDefaultQueueCallbackEx
SetupOpenFileQueue
SetupCloseFileQueue
SetupGetTargetPathW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupCopyOEMInfW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoList
CM_Get_DevNode_Status
SetupDiGetDeviceInstanceIdW
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiSetClassInstallParamsW
SetupDiOpenDeviceInfoW
SetupTermDefaultQueueCallback
SetupOpenInfFileW
SetupCloseInfFile
SetupDiGetActualSectionToInstallW
SetupGetLineCountW
SetupOpenAppendInfFileW
SetupFindFirstLineW
SetupInstallServicesFromInfSectionW
SetupInstallFromInfSectionW
SetupPromptReboot
SetupInstallFilesFromInfSectionW
SetupFindNextMatchLineW
SetupFindNextLine
SetupGetStringFieldW
SetupGetIntField
SetupGetFieldCount
pSetupGetGlobalFlags
pSetupSetGlobalFlags
SetupDiClassNameFromGuidW
SetupDiOpenClassRegKey
CM_Locate_DevNodeW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW
CM_Setup_DevNode
CM_Query_And_Remove_SubTreeW
CM_Enumerate_Classes
CM_Get_Device_IDW
SetupQueueCopyIndirectW
SetupQueueCopyW
SetupDiSetSelectedDevice
CMP_WaitNoPendingInstallEvents

wintrust

CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust

ole32

CoTaskMemFree
StringFromCLSID
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear
VariantChangeType
SysAllocString
VariantInit
SysFreeString

crypt32

CertFreeCTLContext
CryptQueryObject
CertFreeCertificateContext
CertGetCTLContextProperty

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/FTBUSUI.dll
.dll windows:4 windows x86 arch:x86

98d4b5ce88c34a933c0d00ed38da29f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Development\DLL\FTBUSUI\Release\FTBUSUI.pdb

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceInterfaceDetailA

kernel32

GetCurrentThread
CompareStringW
CompareStringA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
OutputDebugStringA
LocalFree
LoadLibraryA
LoadLibraryW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
GetLastError
SetLastError
GetModuleFileNameW
LocalAlloc
CloseHandle
DeviceIoControl
CreateFileA
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetLocaleInfoW
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetEnvironmentVariableA
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
HeapSize
MultiByteToWideChar
GetLocaleInfoA

user32

SetWindowLongA
EnableWindow
SetCursor
LoadCursorA
IsDlgButtonChecked
GetWindowLongA
GetDlgItem
CheckDlgButton

Exports

Exports

DllMain
FTBUSUIPropPageProvider

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/FTD2XX.H
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/FTD2XX.dll
.dll windows:4 windows x86 arch:x86

504f669c51295b957c555c183ec79ebf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Development\DLL\d2xxdll\Release\FTD2XX.pdb

Imports

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList

kernel32

TlsFree
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
IsValidCodePage
DeviceIoControl
CloseHandle
ReadFile
WriteFile
CreateFileA
GetLastError
GetOverlappedResult
CancelIo
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
SetEnvironmentVariableA
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
GetTimeZoneInformation
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
InitializeCriticalSection
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
HeapSize
GetCPInfo
GetACP
GetOEMCP
GetLocaleInfoA
GetLocaleInfoW
SetEndOfFile
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale

Exports

Exports

FT_Close
FT_ClrDtr
FT_ClrRts
FT_CreateDeviceInfoList
FT_CyclePort
FT_EE_Program
FT_EE_ProgramEx
FT_EE_Read
FT_EE_ReadEx
FT_EE_UARead
FT_EE_UASize
FT_EE_UAWrite
FT_EraseEE
FT_GetBitMode
FT_GetDeviceInfo
FT_GetDeviceInfoDetail
FT_GetDeviceInfoList
FT_GetDriverVersion
FT_GetEventStatus
FT_GetLatencyTimer
FT_GetLibraryVersion
FT_GetModemStatus
FT_GetQueueStatus
FT_GetStatus
FT_IoCtl
FT_ListDevices
FT_Open
FT_OpenEx
FT_Purge
FT_Read
FT_ReadEE
FT_ResetDevice
FT_ResetPort
FT_RestartInTask
FT_SetBaudRate
FT_SetBitMode
FT_SetBreakOff
FT_SetBreakOn
FT_SetChars
FT_SetDataCharacteristics
FT_SetDeadmanTimeout
FT_SetDivisor
FT_SetDtr
FT_SetEventNotification
FT_SetFlowControl
FT_SetLatencyTimer
FT_SetResetPipeRetryCount
FT_SetRts
FT_SetTimeouts
FT_SetUSBParameters
FT_SetWaitMask
FT_StopInTask
FT_W32_CancelIo
FT_W32_ClearCommBreak
FT_W32_ClearCommError
FT_W32_CloseHandle
FT_W32_CreateFile
FT_W32_EscapeCommFunction
FT_W32_GetCommModemStatus
FT_W32_GetCommState
FT_W32_GetCommTimeouts
FT_W32_GetLastError
FT_W32_GetOverlappedResult
FT_W32_PurgeComm
FT_W32_ReadFile
FT_W32_SetCommBreak
FT_W32_SetCommMask
FT_W32_SetCommState
FT_W32_SetCommTimeouts
FT_W32_SetupComm
FT_W32_WaitCommEvent
FT_W32_WriteFile
FT_WaitOnMask
FT_Write
FT_WriteEE

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/FTD2XX.lib
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/FTDIBUS.INF
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/FTDIBUS.sys
.sys windows:5 windows x86 arch:x86

a4f776922d9b75fb7c4571d75d8595da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeSpinLock
PoSetPowerState
KeInitializeDpc
IoAttachDeviceToDeviceStack
IofCallDriver
RtlFreeUnicodeString
IofCompleteRequest
KeInitializeEvent
IoBuildDeviceIoControlRequest
ExFreePool
ExAllocatePoolWithTag
KeInitializeTimer
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoCreateDevice
InterlockedIncrement
RtlWriteRegistryValue
RtlQueryRegistryValues
ObfReferenceObject
KeWaitForSingleObject
KeSetEvent
IoDeleteDevice
IoDetachDevice
ObfDereferenceObject
IoGetDeviceProperty
RtlInitUnicodeString
PoCallDriver
PoStartNextPowerIrp
PoRequestPowerIrp
ExQueueWorkItem
InterlockedExchange
InterlockedDecrement
IoCancelIrp
IoIsWdmVersionAvailable
ExEventObjectType
KeCancelTimer
KeSetTimer
IoFreeMdl
IoBuildPartialMdl
IoAllocateMdl
MmMapLockedPagesSpecifyCache
ZwClose
PsCreateSystemThread
PsTerminateSystemThread
KeClearEvent
KeWaitForMultipleObjects
KeSetPriorityThread
KeGetCurrentThread
RtlCompareUnicodeString
RtlUnicodeStringToInteger
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
ObReferenceObjectByPointer
IoGetDeviceObjectPointer
RtlCompareMemory
IoOpenDeviceRegistryKey
ZwOpenKey
ZwEnumerateKey
ZwQueryKey
ZwQueryValueKey
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ZwSetValueKey
IoInvalidateDeviceRelations
ZwEnumerateValueKey
swprintf
IoReleaseCancelSpinLock
ObReferenceObjectByHandle

hal

KeGetCurrentIrql
KfAcquireSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KfReleaseSpinLock

usbd.sys

_USBD_CreateConfigurationRequestEx@8
_USBD_ParseConfigurationDescriptorEx@28
USBD_GetUSBDIVersion

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 448B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 765B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 800B - Virtual size: 785B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 864B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/FTDIPORT.INF
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/FTDIUN2K.INI
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/FTDIUNIN.exe
.exe windows:4 windows x86 arch:x86

bea23ef2baf06b93fa89f7195e770437

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Development\Util\Unin\4.00.04\Release\FTDIUNIN.pdb

Imports

shlwapi

SHDeleteKeyA

kernel32

CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
FreeLibrary
SetFilePointer
CreateFileA
InitializeCriticalSection
ReadFile
FlushFileBuffers
GetConsoleMode
HeapCreate
HeapDestroy
GetVersionExA
GetLastError
RemoveDirectoryA
GetSystemDirectoryA
FindClose
GetModuleHandleA
GetProcAddress
GetCurrentProcess
FindFirstFileA
FindNextFileA
SetFileAttributesA
GetWindowsDirectoryA
CompareStringW
InterlockedExchange
TlsFree
RtlUnwind
DeleteFileA
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
SetEnvironmentVariableA
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
CloseHandle
SetHandleCount
GetFileType
DeleteCriticalSection
Sleep
ExitProcess
FatalAppExitA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
HeapSize
SetConsoleCtrlHandler
LoadLibraryA
MultiByteToWideChar
GetLocaleInfoA
GetLocaleInfoW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
GetConsoleCP

user32

GetSysColor
GetSysColorBrush
EndDialog
SetWindowTextA
SetFocus
DialogBoxParamA
GetDC
ReleaseDC
GetDlgItem
SendMessageA
LoadStringA
wsprintfA
EnableWindow

gdi32

GetTextMetricsA
CreateFontIndirectA
SelectObject
SetBkColor

advapi32

RegEnumKeyExA
RegOpenKeyA
InitializeSecurityDescriptor
RegSetKeySecurity
RegQueryInfoKeyA
RegEnumValueA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/FTLang.dll
.dll windows:4 windows x86 arch:x86

8c3a16551d585a8847403d33eb5f90fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Development\DLL\FTLang\Release\FTLang.pdb

Imports

user32

LoadStringW

kernel32

GetSystemTimeAsFileTime
SetEnvironmentVariableA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
GetCurrentThread
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
WriteFile
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetLocaleInfoW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeZoneInformation
CompareStringA
CompareStringW

Exports

Exports

??0CFTLang@@QAE@XZ
??4CFTLang@@QAEAAV0@ABV0@@Z
FTGetText
nFTLang

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/dpinst.xml
.xml
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/ftcserco.dll
.dll windows:5 windows x86 arch:x86

331fdfe7bf5ac00fa0ee4d8f02d54c91

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupOpenInfFileW
SetupDiGetActualSectionToInstallW
SetupDiGetDriverInfoDetailW
SetupInstallFromInfSectionW
SetupDiGetSelectedDriverW
SetupDiCreateDevRegKeyW
SetupCloseInfFile
CM_Get_Device_IDW

kernel32

VirtualFree
GetLastError
lstrlenW
LocalFree
LocalAlloc
WideCharToMultiByte
MultiByteToWideChar
VirtualAlloc
HeapFree
HeapAlloc
LCMapStringA
LCMapStringW

advapi32

RegOpenKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey

user32

wsprintfW

msports

ComDBClose
ComDBClaimPort
ComDBReleasePort
ComDBClaimNextFreePort
ComDBOpen

Exports

Exports

FTCSERCoInstaller

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/ftdibus.cat
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/ftdiport.cat
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/ftser2k.sys
.sys windows:5 windows x86 arch:x86

274589354590468b338a50282519c7bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_except_handler3
InterlockedDecrement
KeRemoveQueueDpc
ExFreePool
PoSetPowerState
KeWaitForSingleObject
IoWMIRegistrationControl
IoDeleteDevice
IoDetachDevice
KeDelayExecutionThread
IoCancelIrp
KeInitializeDpc
KeInitializeTimer
KeInitializeSpinLock
MmLockPagableDataSection
MmUnmapIoSpace
IofCallDriver
KeWaitForMultipleObjects
MmLockPagableSectionByHandle
MmQuerySystemSize
InterlockedIncrement
ZwClose
IoOpenDeviceRegistryKey
KeQuerySystemTime
KeInsertQueueDpc
KeSetTimer
KeCancelTimer
PoCallDriver
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
ExAllocatePoolWithQuotaTag
IoCreateDevice
KefAcquireSpinLockAtDpcLevel
KeInitializeEvent
ExAllocatePoolWithTag
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlInitUnicodeString
RtlAppendUnicodeToString
IoAttachDeviceToDeviceStack
IoGetConfigurationInformation
wcslen
RtlDeleteRegistryValue
IoDeleteSymbolicLink
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
RtlWriteRegistryValue
IoCreateSymbolicLink
ObfDereferenceObject
RtlQueryRegistryValues
ZwQueryValueKey
PoRequestPowerIrp
PoStartNextPowerIrp
KeClearEvent
IoFreeIrp
IoAllocateIrp
ObReferenceObjectByHandle
PsCreateSystemThread
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
memmove
DbgBreakPoint
MmUnlockPagableImageSection
KeSetEvent
_allmul
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
InterlockedExchange
IofCompleteRequest
KefReleaseSpinLockFromDpcLevel

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql
READ_PORT_UCHAR
ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock
KfReleaseSpinLock

wmilib.sys

WmiCompleteRequest
WmiSystemControl

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 288B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGESRP0
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESER
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 160B - Virtual size: 143B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/CDM_Setup/ftserui2.dll
.dll windows:5 windows x86 arch:x86

d8f41154f2c3f1f5f8a953afcd7ad722

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcscpy
wcslen
_wcsupr
wcsspn
wcscspn
wcscat
wcscmp
wcsstr
wcschr
_itoa

setupapi

CM_Get_Res_Des_Data
CM_Get_Next_Res_Des
CM_Get_First_Log_Conf
SetupDiInstallDevice
CM_Get_DevNode_Status
SetupDiGetDeviceInstanceIdW
CM_Free_Res_Des_Handle
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupCloseInfFile
SetupDiGetDeviceInfoListDetailW
SetupDiGetActualSectionToInstallW
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiCreateDevRegKeyW
CM_Free_Log_Conf_Handle
SetupDiGetSelectedDriverW
SetupDiGetDriverInfoDetailW
SetupOpenInfFileW
SetupDiRemoveDevice
SetupDiSetDeviceRegistryPropertyW
SetupInstallFromInfSectionW
SetupDiGetClassInstallParamsW
SetupDiMoveDuplicateDevice

user32

CheckDlgButton
CharNextW
CheckRadioButton
GetWindowTextW
CharPrevW
MessageBoxW
SendMessageTimeoutW
wvsprintfW
GetWindowTextLengthW
ShowWindow
GetDlgCtrlID
SetDlgItemTextW
DialogBoxParamW
IsDlgButtonChecked
SendDlgItemMessageW
LoadStringW
SetWindowLongW
GetDlgItem
EnableWindow
WinHelpW
GetWindowLongW
EndDialog
GetParent
SendMessageW
GetFocus
SetWindowTextW
wsprintfW

advapi32

RegQueryValueExW
RegSetValueExW
RegCloseKey
RegEnumValueW
RegOpenKeyExW

kernel32

CreateFileW
CloseHandle
DefineDosDeviceW
GetProfileStringW
QueryDosDeviceW
DisableThreadLibraryCalls
GetLastError
lstrcmpW
lstrcmpiW
lstrcatW
GetUserDefaultLCID
GetLocaleInfoW
lstrcpyW
LocalFree
LocalAlloc
SetLastError
MultiByteToWideChar
lstrlenW
WriteProfileStringW

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW

msports

ComDBClaimNextFreePort
ComDBReleasePort
ComDBClose
ComDBOpen
ComDBGetCurrentPortUsage
ComDBClaimPort

Exports

Exports

LibMain
ParallelPortPropPageProvider
PortsClassInstaller
SerialPortPropPageProvider

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/FixDiag.ini
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/MWB.TXT
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/MWB_de.TXT
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/RCMicroDogSetup.dll
.dll windows:4 windows x86 arch:x86

c3a04bf4069ea70bcba6a6cd75fde90d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
RaiseException
ExitProcess
TerminateProcess
HeapSize
HeapReAlloc
GetACP
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
GetCurrentProcess
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
GlobalAlloc
lstrcmpA
GetCurrentThread
GetModuleFileNameA
GlobalFree
lstrcpynA
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalUnlock
FreeLibrary
MulDiv
GetVersion
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
FindResourceA
LoadResource
LockResource
CreateFileA
SizeofResource
WriteFile
SetFileAttributesA
Sleep
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
LocalAlloc
LocalFree
SetLastError
GetProcAddress
GetVersionExA
CreateMutexA
GetLastError
ReleaseMutex
CloseHandle
GetSystemDirectoryA
lstrcatA
lstrlenA
WinExec
lstrcpyA
GetWindowsDirectoryA
LoadLibraryA
GetFileType

user32

SetActiveWindow
GetFocus
DispatchMessageA
PeekMessageA
MapWindowPoints
SendDlgItemMessageA
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
ShowWindow
IsWindowEnabled
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA
GetCursorPos
LoadStringA
CreateDialogIndirectParamA
EndDialog
PostQuitMessage
ValidateRect
TranslateMessage
GetMessageA
UnregisterClassA
GetClassNameA
GetSysColorBrush
IsWindowVisible
GetTopWindow
GetCapture
WinHelpA
SetFocus
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
GetWindow
RegisterWindowMessageA
SystemParametersInfoA
GetWindowPlacement
MessageBoxA
PostMessageA
SetWindowPos
LoadBitmapA
DrawTextA
RedrawWindow
UpdateWindow
IsIconic
GetSystemMetrics
DrawIcon
GetSystemMenu
AppendMenuA
LoadIconA
LoadCursorA
CopyIcon
GetDC
ReleaseDC
IsWindow
GetMessagePos
ScreenToClient
PtInRect
SetTimer
MessageBeep
SetWindowLongA
KillTimer
EnableWindow
FillRect
GetIconInfo
LoadImageA
DrawStateA
GetClientRect
CopyRect
DestroyMenu
DestroyCursor
AdjustWindowRectEx
wsprintfA
FrameRect
InflateRect
GetSysColor
OffsetRect
DrawFocusRect
GetSubMenu
GetWindowRect
TrackPopupMenuEx
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
SendMessageA
GetWindowLongA
DestroyIcon
SetForegroundWindow

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
MoveToEx
LineTo
SetBkMode
GetDeviceCaps
CreatePen
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
RestoreDC
SaveDC
GetClipBox
GetTextExtentPoint32A
CreateFontIndirectA
CreateSolidBrush
GetObjectA
CreateBitmap
SetBkColor
SetTextColor
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetStockObject
DeleteObject

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegDeleteValueA
RegQueryValueA
CreateServiceA
StartServiceA
RegDeleteKeyA
QueryServiceStatus
ControlService
DeleteService
RegCloseKey
RegCreateKeyExA
RegSetValueExA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA
ShellExecuteA

comctl32

_TrackMouseEvent
ord17

Exports

Exports

DriverDialog
ForInstallSheild
GetDogDriverInfo
InstDriver
NotifyPullOutAndPlugInUsbDog
UninstallDriver

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/Tester.ini
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/VAG.txt
K+CAN VAG COMMANDER 1.4/K+CAN VAG COMMANDER/VWTester.exe
.exe windows:4 windows x86 arch:x86

30552c68d160b9674b7d52c52452a650

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostThreadMessageA
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteFile
WaitForSingleObject
WaitForMultipleObjects
WaitCommEvent
VirtualQuery
VirtualAlloc
SizeofResource
SetupComm
SetThreadPriority
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
SetCommTimeouts
SetCommState
SetCommMask
ResumeThread
ResetEvent
ReadFile
PurgeComm
MulDiv
LockResource
LocalFree
LocalAlloc
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalFindAtomA
GlobalDeleteAtom
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetOverlappedResult
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileType
GetFileAttributesA
GetExitCodeThread
GetEnvironmentVariableA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCommTimeouts
GetCommState
GetCommProperties
GetCommMask
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CreateDirectoryA
CompareStringA
CloseHandle
ClearCommError
Sleep

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

shell32

ShellExecuteA

Sections

.text
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
K+CAN VAG COMMANDER 1.4/Read me.doc
.doc windows office2003

Sharing

General

Malware Config

Signatures

Files

2f37bd2cfc60f22d94e4856bdefb22d6

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88Certificate

Extended Key Usages

Key Usages

61:10:c3:52:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

d6:ac:c4:be:67:64:23:a2:b1:30:b7:8a:4b:62:7f:c4:57:d9:89:97Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

ntdll

shell32

setupapi

wintrust

ole32

oleaut32

crypt32

version

Sections

.text Size: 394KB - Virtual size: 393KB

.data Size: 3KB - Virtual size: 12KB

Shared Size: 512B - Virtual size: 8B

.rsrc Size: 103KB - Virtual size: 102KB

98d4b5ce88c34a933c0d00ed38da29f2

Headers

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

504f669c51295b957c555c183ec79ebf

Headers

File Characteristics

PDB Paths

Imports

setupapi

kernel32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 125KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 988B

.reloc Size: 8KB - Virtual size: 5KB

a4f776922d9b75fb7c4571d75d8595da

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

61:10:c3:52:00:00:00:00:00:03
Certificate

d6:ac:c4:be:67:64:23:a2:b1:30:b7:8a:4b:62:7f:c4:57:d9:89:97
Signer

.text
Size: 394KB - Virtual size: 393KB

.data
Size: 3KB - Virtual size: 12KB

Shared
Size: 512B - Virtual size: 8B

.rsrc
Size: 103KB - Virtual size: 102KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 128KB - Virtual size: 125KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 988B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 448B - Virtual size: 424B

.data
Size: 768B - Virtual size: 765B

PAGE
Size: 800B - Virtual size: 785B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 864B - Virtual size: 856B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 66KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 1024B - Virtual size: 624B

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 512B - Virtual size: 488B

.data
Size: 288B - Virtual size: 276B

PAGESRP0
Size: 12KB - Virtual size: 12KB

PAGESER
Size: 13KB - Virtual size: 13KB

PAGE
Size: 160B - Virtual size: 143B