36096d4b30cf0f34cd0be564688532d8b36cc4b374457f66e463f8aefb66c908

Sharing

Copy URL

Twitter E-mail

General

Target

36096d4b30cf0f34cd0be564688532d8b36cc4b374457f66e463f8aefb66c908
Size

4.1MB
MD5

f9587c2c9b8b1ca649dca88ce4ff24bb
SHA1

f14efa88b53ce1abf5dbb5ae1e7349a8c591792c
SHA256

36096d4b30cf0f34cd0be564688532d8b36cc4b374457f66e463f8aefb66c908
SHA512

618a50efa435f47a02cdb4a4bfa4713d0b9b963c2b027d9fc7205f9160f708187343d0da6c0dc153960e5d4dfdf2699f5a0ae61a6234a91c0176fbd9d5bd47d0
SSDEEP

98304:adbC6ysjtI76xn6RZ0WZW2Ng0O2lTZ05Nxep5bfQieUxn5tkp:axCVspxDWZBS0cxejb4F0mp

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
36096d4b30cf0f34cd0be564688532d8b36cc4b374457f66e463f8aefb66c908
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/Uninstall.exe

Files

36096d4b30cf0f34cd0be564688532d8b36cc4b374457f66e463f8aefb66c908
.exe windows:4 windows x86 arch:x86

61259b55b8912888e90f516ca08dc514

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$DOCUMENTS/Fund Manager/Samples/cost.mm4
$DOCUMENTS/Fund Manager/Samples/dis.dat
$DOCUMENTS/Fund Manager/Samples/dji.dat
$DOCUMENTS/Fund Manager/Samples/fb.dat
$DOCUMENTS/Fund Manager/Samples/goog.dat
$DOCUMENTS/Fund Manager/Samples/ibm.dat
$DOCUMENTS/Fund Manager/Samples/intc.dat
$DOCUMENTS/Fund Manager/Samples/ioverlay.mm4
$DOCUMENTS/Fund Manager/Samples/javtx.dat
$DOCUMENTS/Fund Manager/Samples/jawwx.dat
$DOCUMENTS/Fund Manager/Samples/jnrfx.dat
$DOCUMENTS/Fund Manager/Samples/maverage.mm4
$DOCUMENTS/Fund Manager/Samples/pie.mm4
$DOCUMENTS/Fund Manager/Samples/poverlay.mm4
$DOCUMENTS/Fund Manager/Samples/price.mm4
$DOCUMENTS/Fund Manager/Samples/reports.mm4
$DOCUMENTS/Fund Manager/Samples/spx.dat
$DOCUMENTS/Fund Manager/Samples/stacked.mm4
$DOCUMENTS/Fund Manager/Samples/vgstx.dat
$DOCUMENTS/Fund Manager/Samples/volume.mm4
$DOCUMENTS/Fund Manager/Samples/vwnfx.dat
$DOCUMENTS/Fund Manager/Samples/yields.mm4
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

4b45b7e00344a87332fbd12653854d1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
SetCurrentDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc
WriteFile
SetFilePointer

user32

LoadCursorW
SetWindowRgn
GetDlgCtrlID
CloseClipboard
DrawFocusRect
OpenClipboard
DrawTextW
SetCursor
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
GetClientRect
ShowWindow
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
CallWindowProcW
PostMessageW
MessageBoxW
GetSysColor
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
GetWindowLongW
EnableMenuItem
PtInRect
MapWindowPoints
GetClipboardData

gdi32

SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectW

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Repair.ini
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
Fm.exe
.exe windows:6 windows x86 arch:x86

406db5d6a78ef795ba01776eada66a03

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:29:bc:c8:1b:ad:6d:d8:e6:da:ea:08:47:92:e1:1e
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30/11/2021, 00:00

Not After

29/11/2024, 23:59

Subject

CN=Beiley Software\, Inc.,O=Beiley Software\, Inc.,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

00:c7:9c:5e:e7:0d:60:c5:61:95:b4:57:ca:c6:ca:13:32:f7:17:43
Signer

Actual PE Digest

00:c7:9c:5e:e7:0d:60:c5:61:95:b4:57:ca:c6:ca:13:32:f7:17:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Data\Code\fm32\WinRelGold\Fm.pdb

Imports

comctl32

ImageList_DragEnter
ImageList_BeginDrag
ImageList_Add
ImageList_Draw
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_EndDrag
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Destroy
PropertySheetA
ImageList_ReplaceIcon
ImageList_Create
ord380

winmm

PlaySoundA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

WSAGetLastError
WSAStartup
gethostbyname
gethostbyaddr
socket
setsockopt
send
recv
ioctlsocket
htons
connect
closesocket
WSACleanup

wininet

InternetWriteFile
InternetErrorDlg
HttpSendRequestExA
InternetCloseHandle
InternetConnectA
InternetReadFile
HttpEndRequestA
HttpQueryInfoA
InternetOpenA
HttpOpenRequestA
HttpSendRequestA
InternetSetOptionA
HttpAddRequestHeadersA

kernel32

LocalFree
GetFileSize
VerSetConditionMask
CreateMutexA
GetTickCount
VerifyVersionInfoW
CreateProcessA
lstrlenA
MultiByteToWideChar
FindClose
FindFirstFileA
FindNextFileA
FileTimeToLocalFileTime
GetFileTime
FileTimeToSystemTime
GetTimeFormatA
GetProfileStringA
lstrcpyA
LocalAlloc
GetFileAttributesA
_lopen
_lcreat
_lread
_lwrite
_lclose
GlobalFlags
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetErrorMode
lstrcmpA
CompareFileTime
SetFilePointer
LoadLibraryExA
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
SetLastError
RaiseException
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
FormatMessageA
RtlUnwind
FlushConsoleInputBuffer
GlobalMemoryStatus
GetFileType
GetStdHandle
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
SetStdHandle
HeapSize
ExitProcess
GetACP
GetModuleHandleA
GetSystemTime
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
CompareStringW
LCMapStringW
DecodePointer
GetFileAttributesExW
ReadConsoleW
GetConsoleCP
WaitForSingleObject
GetLastError
ExpandEnvironmentStringsA
IsBadReadPtr
GetTimeZoneInformation
WriteFile
ReadFile
GetProcessHeap
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetDateFormatA
CopyFileA
GetLocaleInfoA
WritePrivateProfileStructA
GetPrivateProfileStructA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetWindowsDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetModuleFileNameA
WideCharToMultiByte
LoadLibraryA
GetProcAddress
FreeLibrary
GetLocalTime
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCPInfo
GetCurrentProcess
SetUnhandledExceptionFilter
CloseHandle
CreateFileA
CreateDirectoryA
GetTempFileNameA
GetTempPathA
GlobalFree
GlobalAlloc
DeleteFileA
GlobalUnlock
GlobalLock
GlobalReAlloc
GetPrivateProfileSectionA
MulDiv
Sleep
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
SetFilePointerEx
CreateFileW
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
EncodePointer

user32

SetWindowPos
EqualRect
CopyRect
ScrollWindow
GetMenuItemInfoA
InsertMenuItemA
SetScrollRange
SetScrollPos
GetSystemMenu
SetDlgItemInt
SetScrollInfo
DefWindowProcA
ModifyMenuA
LoadBitmapA
GetSysColorBrush
TabbedTextOutA
LoadImageA
DestroyIcon
GetScrollPos
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
IsDialogMessageA
LoadIconA
FindWindowA
IntersectRect
FillRect
RedrawWindow
EndPaint
BeginPaint
GetMenuItemID
DrawMenuBar
GetMenuStringA
GetMenu
TranslateAcceleratorA
LoadAcceleratorsA
GetFocus
OpenIcon
UnregisterClassA
SetWindowRgn
GetMessageA
DrawEdge
InflateRect
GetUpdateRect
TrackMouseEvent
SetForegroundWindow
AppendMenuA
GetMenuItemCount
GetWindowPlacement
GetComboBoxInfo
DeleteMenu
InsertMenuA
CreateWindowExA
PostQuitMessage
LoadCursorA
GetCapture
PtInRect
RemovePropA
GetPropA
SetPropA
InvalidateRect
UpdateWindow
GetDlgCtrlID
CallWindowProcA
GetWindow
GetTopWindow
EnumChildWindows
GetClientRect
ValidateRect
CheckMenuItem
PeekMessageA
DispatchMessageA
TranslateMessage
GetCursorPos
SendDlgItemMessageA
IsZoomed
IsIconic
GetWindowLongA
GetSysColor
MapWindowPoints
GetMessagePos
SystemParametersInfoA
SetParent
GetMonitorInfoA
RegisterClassA
MonitorFromWindow
ClientToScreen
SetCursor
SetWindowTextA
TrackPopupMenu
GetSubMenu
EnableMenuItem
DestroyMenu
LoadMenuA
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetKeyState
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
CreateDialogParamA
DestroyWindow
MapDialogRect
GetParent
GetDesktopWindow
SetWindowLongA
ScreenToClient
MessageBoxA
GetWindowRect
ReleaseDC
GetDC
GetSystemMetrics
EnableWindow
SetFocus
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
EndDialog
DialogBoxParamA
MoveWindow
ShowWindow
IsWindow
PostMessageA
SendMessageA
LoadStringA
GetProcessWindowStation
GetUserObjectInformationW
IsWindowVisible
RegisterClipboardFormatA

gdi32

SelectObject
SetTextColor
SetTextAlign
MoveToEx
Arc
CreateSolidBrush
GetStockObject
Rectangle
SetBkMode
TextOutA
GetObjectA
DeleteDC
SetROP2
CreateDCA
SetBkColor
StartDocA
EndDoc
SetAbortProc
ExtTextOutA
SelectClipRgn
EndPage
ExtCreatePen
CreateBitmap
CreatePatternBrush
GetBkColor
GetTextColor
Ellipse
Pie
Polygon
GetCurrentObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDIBits
PatBlt
StretchDIBits
CombineRgn
CreateRectRgnIndirect
SetRectRgn
LineTo
GetTextExtentPoint32A
CreateRectRgn
CreatePen
CreateFontIndirectA
GetTextMetricsA
GetDeviceCaps
StartPage
CreateFontA
DeleteObject

winspool.drv

OpenPrinterA
ClosePrinter
EnumPrintersA
DeviceCapabilitiesA
DocumentPropertiesA

comdlg32

PrintDlgA
GetSaveFileNameA
CommDlgExtendedError
ChooseColorA
ChooseFontA
GetOpenFileNameA

advapi32

ReportEventA
RegOpenKeyExA
RegQueryInfoKeyA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
GetUserNameA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegRestoreKeyA
RegisterEventSourceA
DeregisterEventSource
RegEnumValueA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderPathA
Shell_NotifyIconA

ole32

CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize

crypt32

CertGetNameStringW

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Order.txt
ReadMe.txt
Uninstall.exe
.exe windows:4 windows x86 arch:x86

61259b55b8912888e90f516ca08dc514

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fm.chm
.chm
fmadmin.exe
.exe windows:6 windows x86 arch:x86

852c716c4ef1be9fa7fbbdd52475e424

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:29:bc:c8:1b:ad:6d:d8:e6:da:ea:08:47:92:e1:1e
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30/11/2021, 00:00

Not After

29/11/2024, 23:59

Subject

CN=Beiley Software\, Inc.,O=Beiley Software\, Inc.,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:69:51:3e:f6:22:5e:05:0d:2b:4d:34:e9:d8:53:d3:82:b8:5c:14
Signer

Actual PE Digest

62:69:51:3e:f6:22:5e:05:0d:2b:4d:34:e9:d8:53:d3:82:b8:5c:14

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Data\Code\fm32\fmadmin\Release\fmadmin.pdb

Imports

wsock32

WSACleanup
closesocket
gethostbyname
WSAStartup
ioctlsocket
gethostbyaddr
send
socket
connect
recv
htons
setsockopt
WSAGetLastError

wininet

InternetReadFile
InternetConnectA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
HttpAddRequestHeadersA
InternetErrorDlg
HttpOpenRequestA

kernel32

SetEndOfFile
HeapReAlloc
HeapSize
WriteConsoleW
SetFilePointerEx
CreateFileW
FlushFileBuffers
GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
GetModuleFileNameA
GetModuleHandleA
Sleep
CopyFileA
GetLastError
LoadLibraryA
DeleteFileA
DecodePointer
GlobalFree
GetProcAddress
GlobalLock
LocalFree
FreeLibrary
FormatMessageA
GlobalUnlock
FindNextFileA
FindFirstFileExA
FindClose
GetConsoleCP
GetFileType
LCMapStringW
GetStringTypeW
ReadConsoleW
GlobalAlloc
GetStartupInfoW
GetConsoleMode
ReadFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RaiseException
GetModuleHandleW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CloseHandle
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
WriteFile
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetACP
HeapFree
HeapAlloc

user32

GetWindowRect
GetDC
LoadStringA
PostMessageA
EndDialog
DialogBoxParamA
SetTimer
ClientToScreen
SetWindowTextA
MessageBoxA
MoveWindow
SetDlgItemTextA
SendMessageA
GetClientRect
GetDlgItem
KillTimer
GetDesktopWindow
ReleaseDC
EnableWindow

gdi32

GetDeviceCaps

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fmsprt.dll
.dll windows:6 windows x86 arch:x86

46d3d8ce9bf66d53f4515515678b92bf

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:29:bc:c8:1b:ad:6d:d8:e6:da:ea:08:47:92:e1:1e
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30/11/2021, 00:00

Not After

29/11/2024, 23:59

Subject

CN=Beiley Software\, Inc.,O=Beiley Software\, Inc.,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:50:cd:c3:7b:63:69:f4:b1:27:29:51:cc:5f:c6:ae:3e:69:d5:0e
Signer

Actual PE Digest

2a:50:cd:c3:7b:63:69:f4:b1:27:29:51:cc:5f:c6:ae:3e:69:d5:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Data\Code\fm32\fmsprt\WinRelGold\fmsprt.pdb

Imports

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
OutputDebugStringA
OutputDebugStringW
CloseHandle
WaitForSingleObjectEx
CreateThread
WriteConsoleW
EncodePointer
DecodePointer
CreateFileW
RaiseException

Exports

Exports

FM_initstatbar
FM_inittoolbar

Sections

.text
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
inteng14x.dll
.dll windows:6 windows x86 arch:x86

38bd68828ee9de223c7edb6f95b3f562

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:29:bc:c8:1b:ad:6d:d8:e6:da:ea:08:47:92:e1:1e
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30/11/2021, 00:00

Not After

29/11/2024, 23:59

Subject

CN=Beiley Software\, Inc.,O=Beiley Software\, Inc.,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:8c:3d:cd:f7:04:06:73:a8:b5:d9:c3:8a:43:fb:65:bf:fa:08:e7
Signer

Actual PE Digest

75:8c:3d:cd:f7:04:06:73:a8:b5:d9:c3:8a:43:fb:65:bf:fa:08:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Data\Code\fm32\fminteng\Release\inteng.pdb

Imports

wininet

InternetGetCookieA
InternetSetCookieA

kernel32

GetModuleFileNameW
LocalAlloc
LocalFree
WritePrivateProfileStringA
HeapSize
CreateThread
OutputDebugStringW
GetPrivateProfileStringA
GetModuleFileNameA
Sleep
CloseHandle
CreateFileA
CopyFileA
WriteConsoleW
SetEndOfFile
WideCharToMultiByte
InterlockedPushEntrySList
OutputDebugStringA
GetConsoleCP
FlushFileBuffers
SetConsoleCtrlHandler
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
GetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
DecodePointer
InterlockedFlushSList
SetLastError
EncodePointer
SetStdHandle
GetFileType
CreateFileW
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
HeapFree
HeapAlloc
GetStringTypeW
GetCurrentThread
GetACP
GetStdHandle
ReadFile
SetFilePointerEx
HeapReAlloc
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WriteFile
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW

user32

MessageBoxA
LoadStringA

advapi32

RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

crypt32

CertGetNameStringW

wintrust

WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

Exports

Exports

fillin_asset_request
fillin_sector_request
fillin_symb_request
fillin_symb_request_wininit
get_14x_serverinfo
get_14xgold_serverinfo
get_fminteng_version
get_server_long_desc
get_server_supinfo
get_single_serverinfo
parse_asset_html
parse_retrieved_html
parse_sector_html
set_caller_version

Sections

.text
Size: 422KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
smtpsend.dll
.dll windows:6 windows x86 arch:x86

890bcbaaf0cf84262ad2032dbd288442

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:29:bc:c8:1b:ad:6d:d8:e6:da:ea:08:47:92:e1:1e
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30/11/2021, 00:00

Not After

29/11/2024, 23:59

Subject

CN=Beiley Software\, Inc.,O=Beiley Software\, Inc.,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:92:ac:df:e0:b9:eb:a3:40:bb:de:b5:87:2e:08:fd:a4:18:2d:08
Signer

Actual PE Digest

fd:92:ac:df:e0:b9:eb:a3:40:bb:de:b5:87:2e:08:fd:a4:18:2d:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Data\Code\smtpsend\Release\smtpsend.pdb

Imports

ws2_32

WSASetLastError
htonl
accept
bind
getsockopt
setsockopt
WSAGetLastError
WSACleanup
WSAStartup
getservbyname
gethostname
gethostbyname
socket
send
listen
ntohl
shutdown
ntohs
select
recv
inet_ntoa
inet_addr
htons
getpeername
ioctlsocket
connect
closesocket
__WSAFDIsSet

kernel32

CreateThread
OutputDebugStringW
SetEndOfFile
WriteConsoleW
HeapSize
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetStdHandle
OutputDebugStringA
GetTimeZoneInformation
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
GetLastError
GetSystemTime
GetLocalTime
LocalFree
FormatMessageA
GetComputerNameA
GetComputerNameExA
GetConsoleCP
FlushFileBuffers
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindFirstFileExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FormatMessageW
WideCharToMultiByte
MultiByteToWideChar
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SystemTimeToFileTime
GetStdHandle
GetFileType
WriteFile
GetModuleHandleA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
LoadLibraryA
GlobalMemoryStatus
FlushConsoleInputBuffer
RaiseException
RtlUnwind
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
ReadFile
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
HeapAlloc
HeapFree
HeapReAlloc
SetConsoleCtrlHandler
CreateFileW
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
GetCurrentThread
GetACP
ReadConsoleW
SetFilePointerEx
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
ReleaseDC
GetDC

shell32

SHGetSpecialFolderPathA

gdi32

GetObjectA
GetDIBits
GetDeviceCaps
DeleteObject
CreateCompatibleBitmap

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource

Exports

Exports

send_mail

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tranretr.dll
.dll windows:6 windows x86 arch:x86

c10a0e52e4002e5816841f9db56f392d

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:29:bc:c8:1b:ad:6d:d8:e6:da:ea:08:47:92:e1:1e
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30/11/2021, 00:00

Not After

29/11/2024, 23:59

Subject

CN=Beiley Software\, Inc.,O=Beiley Software\, Inc.,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:83:e6:40:5f:e4:ef:39:d2:1b:d0:2e:11:59:13:b4:66:26:33:8d
Signer

Actual PE Digest

d9:83:e6:40:5f:e4:ef:39:d2:1b:d0:2e:11:59:13:b4:66:26:33:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Data\Code\fm32\tranretr\Release\tranretr.pdb

Imports

wininet

InternetErrorDlg
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
InternetConnectA
InternetCloseHandle
InternetOpenA

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
GetModuleFileNameA
CreateFileA
CloseHandle
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
GetTimeZoneInformation
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
ReadConsoleW
GetConsoleMode
ReadFile
LocalFree
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
LocalAlloc
GetModuleFileNameW
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetDateFormatW
GetStdHandle
GetACP
WideCharToMultiByte
MoveFileA
GetLocalTime
FindResourceA
FormatMessageA
SizeofResource
LockResource
LoadResource
GetModuleHandleA
FreeResource
GetSystemTime
Sleep
GetLastError
GetStringTypeW
DeleteFileA
SetEndOfFile
WriteConsoleW
HeapSize
OutputDebugStringW
OutputDebugStringA
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
SetConsoleCtrlHandler
GetProcessHeap
HeapReAlloc
DecodePointer
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
CreateFileW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetStdHandle
ExitProcess
MultiByteToWideChar
HeapFree
HeapAlloc
GetCommandLineW

user32

ClientToScreen
GetWindowRect
GetClientRect
ReleaseDC
GetDC
MoveWindow
LoadStringA
SetForegroundWindow
GetDlgItem
SendMessageA
GetDesktopWindow
MessageBoxA
GetDlgItemTextA
SetDlgItemTextA
EndDialog
DialogBoxParamA
PostMessageA

gdi32

GetDeviceCaps

advapi32

RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

httpapi

HttpSetUrlGroupProperty
HttpRemoveUrlFromUrlGroup
HttpAddUrlToUrlGroup
HttpCloseUrlGroup
HttpCreateUrlGroup
HttpReceiveHttpRequest
HttpCreateServerSession
HttpShutdownRequestQueue
HttpCloseRequestQueue
HttpCreateRequestQueue
HttpTerminate
HttpInitialize
HttpCloseServerSession
HttpSendHttpResponse

ws2_32

WSACleanup
WSAStartup
ntohs
htons
htonl
getsockname
closesocket
bind
socket

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust

Exports

Exports

cancel_broker_retrieve
cleanup_broker
fdx_top_request
freeTopFDXRequestmemory
get_brokerinfo
get_supplemental_broker_info
get_tranretr_version
retrieve_broker_portfolio
validate_calling_version

Sections

.text
Size: 396KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61259b55b8912888e90f516ca08dc514

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 92KB

.rsrc Size: 54KB - Virtual size: 53KB

4b45b7e00344a87332fbd12653854d1a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 662B

406db5d6a78ef795ba01776eada66a03

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

9c:29:bc:c8:1b:ad:6d:d8:e6:da:ea:08:47:92:e1:1eCertificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

00:c7:9c:5e:e7:0d:60:c5:61:95:b4:57:ca:c6:ca:13:32:f7:17:43Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 92KB

.rsrc
Size: 54KB - Virtual size: 53KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

9c:29:bc:c8:1b:ad:6d:d8:e6:da:ea:08:47:92:e1:1e
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

00:c7:9c:5e:e7:0d:60:c5:61:95:b4:57:ca:c6:ca:13:32:f7:17:43
Signer

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 282KB - Virtual size: 281KB

.data
Size: 19KB - Virtual size: 98KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 268B

_RDATA
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

.reloc
Size: 218KB - Virtual size: 217KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 92KB

.rsrc
Size: 54KB - Virtual size: 53KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

9c:29:bc:c8:1b:ad:6d:d8:e6:da:ea:08:47:92:e1:1e
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

62:69:51:3e:f6:22:5e:05:0d:2b:4d:34:e9:d8:53:d3:82:b8:5c:14
Signer