UnityWebPlayer64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

UnityWebPlayer64.exe
Size

1.1MB
MD5

91f13553199476b42f09f282dda0c3e5
SHA1

767ef4c7ade407b44e75c3dca39bdd1f3f831d6f
SHA256

1467437442a4b1449fc973e1a59658edee111b52b61a6a77b4dd31419e0c6b34
SHA512

a0065071be12b4b276c16f76de0fb5ca19bd5924a0d08ce6c45f40a574586ad1edd470b3bcd7249cf1c453ed99158d91d19809c0be9714634e9627b30d046962
SSDEEP

12288:cQzI4QwDX6GdXJUTCKw1DkTMSTeN4mECV9TMHiqk463j:cYIZwmGwTCfJ+MSycW9ICqez

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/UtilsPlugin.dll

Files

UnityWebPlayer64.exe
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:8c:ad:a3:bd:09:4a:b8:e3:5b:ee:e8:01:43:12:ef
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

03/07/2013, 00:00

Not After

06/08/2015, 23:59

Subject

CN=Unity Technologies ApS,OU=SECURE APPLICATION DEVELOPMENT,O=Unity Technologies ApS,L=Copenhagen,ST=Copenhagen,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ae:e6:67:f6:1e:02:e6:2f:6c:28:19:ec:54:cd:e7:f2:b1:0a:41:3f
Signer

Actual PE Digest

ae:e6:67:f6:1e:02:e6:2f:6c:28:19:ec:54:cd:e7:f2:b1:0a:41:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 558KB - Virtual size: 558KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetModuleHandleW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrcpynW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc

user32

OpenClipboard
DestroyIcon
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
MessageBoxW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyWindow

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

2a2e0e82c0dc9890f9201e8bd8ecbff2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
lstrlenW
lstrcpynW
GetVersionExW
lstrcmpiW
GetCurrentThreadId
LoadLibraryW
FreeLibrary
GetProcAddress
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
DuplicateHandle
Sleep
GetCurrentProcessId
CreateThread
GetCommandLineW
OpenProcess
GetLastError
FormatMessageW
LocalFree
GlobalFree
CloseHandle
SetLastError
GetModuleFileNameW
GetPrivateProfileIntW
GetPrivateProfileStringW
LoadLibraryA
GetModuleHandleW

user32

DialogBoxParamW
CharNextW
UnhookWindowsHookEx
CallNextHookEx
GetClassNameW
SetWindowsHookExW
SendMessageTimeoutW
WaitForInputIdle
DefWindowProcW
PostMessageW
GetLastActivePopup
PostQuitMessage
SetForegroundWindow
DispatchMessageW
GetMessageW
CreateWindowExW
RegisterClassW
UnregisterClassW
GetWindowTextW
TranslateMessage
IsDialogMessageW
PeekMessageW
MsgWaitForMultipleObjects
IsWindow
GetWindowThreadProcessId
MessageBoxW
SetWindowLongW
LoadImageW
DestroyWindow
GetWindowLongW
EnableWindow
ShowWindow
SetWindowTextW
wsprintfW
GetDlgItem
SendMessageW
LoadStringW
EndDialog

advapi32

RegCloseKey
QueryServiceStatus
OpenServiceW
CloseServiceHandle
OpenSCManagerW
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteExW

ole32

CoInitialize
CoUninitialize

Exports

Exports

Exec
ExecCodeSegment
ExecWait
GetElevationType
GetOuterHwnd
GetShellFolderPath
IsAdmin
RunElevated
ShellExec
ShellExecWait
StackPush
SupportsUAC
Unload

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:5 windows x86 arch:x86

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UtilsPlugin.dll
.dll windows:5 windows x86 arch:x86

cf004cd94e3a66570f5f88f32d604eee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\UnitySources\Unity3.5_Trunk_build\PlatformDependent\WinWebPlugin\installer\UtilsPlugin\UtilsPlugin.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer

shlwapi

PathCombineW

ws2_32

connect
WSAStartup
htonl
htons
WSACleanup
socket
closesocket
send

kernel32

lstrcpyW
GetProcessHeap
GlobalAlloc
lstrlenW
GlobalFree
lstrcmpiW
HeapFree
HeapAlloc
Module32NextW
FreeLibrary
GetCurrentProcess
LoadLibraryW
GetLastError
GetProcAddress
CloseHandle
GetUserDefaultLangID
OpenProcess
lstrcpynW
GetLongPathNameW
Process32FirstW
Module32FirstW
Process32NextW
CreateToolhelp32Snapshot

user32

SetTimer
GetWindowRect
CopyRect
DialogBoxParamW
GetParent
SetFocus
KillTimer
SendMessageW
SetWindowPos
GetDesktopWindow
EndDialog
GetDlgItem
OffsetRect
wsprintfW

advapi32

GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

ole32

CoTaskMemFree

Exports

Exports

GetLocalAppDataLow
HasProcessesInUse
NSDone
NSInit
ShowProcessesInUse

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 734B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$_8_/$_8_/Uninstall.exe.nsis
UnityBugReporter.exe
.exe windows:5 windows x64 arch:x64

5ddf2a139651d7769f1d9215c86c6408

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:8c:ad:a3:bd:09:4a:b8:e3:5b:ee:e8:01:43:12:ef
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

03/07/2013, 00:00

Not After

06/08/2015, 23:59

Subject

CN=Unity Technologies ApS,OU=SECURE APPLICATION DEVELOPMENT,O=Unity Technologies ApS,L=Copenhagen,ST=Copenhagen,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a7:1a:9d:dd:3f:24:bc:d0:31:6f:d9:ba:1a:3e:3b:17:b8:b6:7c:89
Signer

Actual PE Digest

a7:1a:9d:dd:3f:24:bc:d0:31:6f:d9:ba:1a:3e:3b:17:b8:b6:7c:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\buildslave\unity\build\build\Windows64Webplugin\UnityBugReporter.pdb

Imports

kernel32

lstrlenW
SetFileAttributesW
DeleteFileW
GetLastError
RemoveDirectoryW
GetCurrentProcess
GetVersion
CreateDirectoryW
lstrcmpiW
lstrlenA
WriteFile
FlushInstructionCache
lstrcpyW
ReadFile
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
SetLastError
WaitForSingleObject
CreateEventW
CreateThread
SetEvent
FileTimeToDosDateTime
GetFileSize
SetFilePointer
SystemTimeToFileTime
FileTimeToSystemTime
GetLocalTime
GetFileType
GetFileInformationByHandle
GetPrivateProfileStringW
WritePrivateProfileStringW
lstrcpynW
lstrcpyA
ExpandEnvironmentStringsA
GetModuleHandleW
GetSystemInfo
GetVersionExA
SetFilePointerEx
GetFileTime
SetFileTime
GetTickCount
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
GetProcessHeap
FlushFileBuffers
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
Sleep
GetModuleFileNameW
GetStdHandle
RtlUnwindEx
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LCMapStringW
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
HeapReAlloc
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
CloseHandle
GetFileSizeEx
CreateFileW
GetLocaleInfoW
GetUserDefaultLCID
GlobalMemoryStatusEx
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
WideCharToMultiByte
LocalFree
FormatMessageA
HeapDestroy
HeapCreate
HeapSetInformation
TerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlPcToFileHeader
GetStartupInfoW
GetCommandLineW
HeapAlloc
GetTimeZoneInformation
EncodePointer
DecodePointer
ExitProcess
HeapFree

user32

SendMessageW
GetClientRect
FillRect
BeginPaint
DestroyWindow
GetWindowTextW
ReleaseDC
GetSysColor
CallWindowProcW
SetWindowLongPtrW
DefWindowProcW
GetWindowLongPtrW
GetSystemMetrics
GetDesktopWindow
MonitorFromWindow
GetDC
GetWindowTextLengthW
GetWindowLongW
DrawTextW
EndPaint
GetDlgItem
SetWindowTextW
EndDialog
CreateWindowExW
DrawIcon
wsprintfA
SetWindowLongW
PostMessageW
EnableWindow
MessageBoxW
SendDlgItemMessageW
DialogBoxParamW
GetActiveWindow
DestroyIcon
LoadIconW
SetWindowPos
LoadCursorW
GetSysColorBrush
SetCursor
TrackMouseEvent
UnregisterClassA

gdi32

SetPixelFormat
CreateFontIndirectW
GetTextExtentPoint32W
SelectObject
SetBkMode
SetBkColor
SetTextColor
CreateSolidBrush
GetObjectW
DeleteObject
ChoosePixelFormat

advapi32

RegCreateKeyExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW

shell32

SHGetFolderPathW

ole32

CoInitialize
CoSetProxyBlanket
CoCreateInstance
CoCreateGuid
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString

shlwapi

PathAppendW
PathCompactPathW
PathCombineW
UrlEscapeW
PathFindFileNameW

opengl32

wglCreateContext
wglDeleteContext
glGetString
wglMakeCurrent

wininet

HttpOpenRequestW
InternetSetStatusCallbackW
InternetSetOptionW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetCrackUrlW
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoW
HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
HttpAddRequestHeadersW

version

VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 554KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UnityWebPlayerUpdate.exe
.exe windows:5 windows x64 arch:x64

184bd514c0a05ba85e7579c29b19fe7d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:8c:ad:a3:bd:09:4a:b8:e3:5b:ee:e8:01:43:12:ef
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

03/07/2013, 00:00

Not After

06/08/2015, 23:59

Subject

CN=Unity Technologies ApS,OU=SECURE APPLICATION DEVELOPMENT,O=Unity Technologies ApS,L=Copenhagen,ST=Copenhagen,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:4d:ae:a5:54:9c:81:c9:b6:74:87:15:11:27:d5:b8:96:be:20:e8
Signer

Actual PE Digest

68:4d:ae:a5:54:9c:81:c9:b6:74:87:15:11:27:d5:b8:96:be:20:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\buildslave\unity\build\build\Windows64WebPlugin\UnityWebPlayerUpdate.pdb

Imports

shlwapi

PathCombineW
PathStripToRootW
PathSkipRootW
PathAppendW
PathGetArgsW
PathRemoveFileSpecW

kernel32

LocalFree
LocalAlloc
GetCurrentProcess
GetLastError
GetCurrentThread
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
CloseHandle
DeleteCriticalSection
HeapAlloc
HeapFree
lstrlenW
ExitProcess
GetProcessHeap
GetCommandLineW
lstrcatW
lstrcpyW
CreateNamedPipeW
GetOverlappedResult
WaitForSingleObject
ReadFile
CreateEventW
WriteFile
InitializeCriticalSection
FindClose
EnterCriticalSection
LeaveCriticalSection
GetVolumeInformationW
CopyFileExW
MoveFileExW
CreateDirectoryW
ReleaseMutex
lstrcmpiW
OpenMutexW
CreateMutexW
FindNextFileW
FindFirstFileExW
GetFullPathNameW
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
TerminateThread
WaitForMultipleObjects
CreateThread
ConnectNamedPipe

user32

wsprintfW
MessageBoxW

advapi32

GetLengthSid
GetSidSubAuthority
GetSidSubAuthorityCount
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
OpenProcessToken
GetTokenInformation

shell32

CommandLineToArgvW
ShellExecuteExW

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 551KB - Virtual size: 551KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
loader-x64/UnityWebPlayerNP.map
loader-x64/UnityWebPluginAX.ocx
.dll regsvr32 windows:5 windows x64 arch:x64

f0ed724060e08df7e6c601fccee7cdcc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:8c:ad:a3:bd:09:4a:b8:e3:5b:ee:e8:01:43:12:ef
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

03/07/2013, 00:00

Not After

06/08/2015, 23:59

Subject

CN=Unity Technologies ApS,OU=SECURE APPLICATION DEVELOPMENT,O=Unity Technologies ApS,L=Copenhagen,ST=Copenhagen,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4c:3a:3a:46:7a:ce:9e:ca:79:a9:95:37:0d:a7:6f:13:b1:79:11:e5
Signer

Actual PE Digest

4c:3a:3a:46:7a:ce:9e:ca:79:a9:95:37:0d:a7:6f:13:b1:79:11:e5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\buildslave\unity\build\build\Windows64Webplugin\loader-x64\UnityWebPluginAX.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
GetThreadLocale
SetThreadLocale
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
SetLastError
LoadLibraryW
GlobalAlloc
GlobalFree
lstrlenA
GetFileType
SetHandleCount
TerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetProcAddress
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
GetVersion
HeapSetInformation
GetStdHandle
WriteFile
RtlUnwindEx
ExitProcess
Sleep
LCMapStringW
FlsAlloc
FlsFree
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlPcToFileHeader
GetCommandLineA
FlsSetValue
VirtualQuery
lstrlenW
FreeLibrary
DeleteCriticalSection
GetLastError
GetEnvironmentStringsW
RaiseException
InitializeCriticalSectionAndSpinCount
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LocalFree
FormatMessageW
WideCharToMultiByte
GetModuleFileNameW
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
IsDebuggerPresent
VirtualProtect
DecodePointer
FlushFileBuffers
CloseHandle
CreateFileW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemInfo
GetStringTypeW
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetThreadStackGuarantee

user32

BeginPaint
MessageBoxW
ShowWindow
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
GetKeyState
IsWindow
InvalidateRect
IsChild
UnregisterClassA
GetClientRect
EndPaint
SendMessageW
GetFocus
DrawTextW
SetFocus
EnumChildWindows
CallWindowProcW
DefWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
DestroyWindow
CharNextW

gdi32

CreateRectRgnIndirect
SetTextAlign
TextOutW
SetTextColor
Rectangle
GetStockObject
SelectObject
SetBkMode

advapi32

RegOverridePredefKey
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyW

shell32

ShellExecuteW

ole32

OleRegGetMiscStatus
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoGetMalloc
CreateBindCtx
OleSaveToStream
WriteClassStm
ReadClassStm
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
StringFromGUID2

oleaut32

LoadRegTypeLi
OleCreatePropertyFrame
VariantChangeType
VarBstrCmp
UnRegisterTypeLi
LoadTypeLi
SysStringLen
RegisterTypeLi
VarUI4FromStr
SafeArrayUnlock
SafeArrayLock
SafeArrayCreate
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
SysFreeString
SysAllocStringLen

urlmon

CoInternetCombineUrl
RegisterBindStatusCallback
CreateURLMonikerEx
CoInternetParseUrl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
loader-x64/info.plist
.xml
loader-x64/npUnity3D64.dll
.dll windows:5 windows x64 arch:x64

42b5ec8d3667c0a438013eb184c7500e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:8c:ad:a3:bd:09:4a:b8:e3:5b:ee:e8:01:43:12:ef
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

03/07/2013, 00:00

Not After

06/08/2015, 23:59

Subject

CN=Unity Technologies ApS,OU=SECURE APPLICATION DEVELOPMENT,O=Unity Technologies ApS,L=Copenhagen,ST=Copenhagen,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c5:5a:4c:e0:a3:8e:49:a0:60:25:47:bb:63:40:6d:36:a9:cc:fc:33
Signer

Actual PE Digest

c5:5a:4c:e0:a3:8e:49:a0:60:25:47:bb:63:40:6d:36:a9:cc:fc:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\buildslave\unity\build\build\Windows64WebPlugin\loader-x64\npUnity3D64.pdb

Imports

kernel32

DisableThreadLibraryCalls
GetTickCount
GetProcessHeap
SetEndOfFile
CreateFileA
WritePrivateProfileStringW
lstrcpynW
lstrcpynA
SetErrorMode
CreateProcessW
lstrcpyA
GlobalMemoryStatus
GetSystemInfo
VirtualQuery
GetFileSize
GetFileTime
lstrlenA
FileTimeToLocalFileTime
FileTimeToDosDateTime
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
CompareStringW
CreateTimerQueue
DeleteTimerQueueEx
FreeLibrary
GetCurrentProcess
SetEvent
GetCurrentThread
WideCharToMultiByte
LoadLibraryW
GetModuleFileNameW
ChangeTimerQueueTimer
GetProcAddress
CreateTimerQueueTimer
CreateEventW
SetCurrentDirectoryW
WaitForMultipleObjects
GetCurrentThreadId
CloseHandle
GetVersion
DeleteFileW
FindResourceW
LoadResource
SizeofResource
LockResource
QueryPerformanceCounter
GetVersionExW
QueryPerformanceFrequency
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
WaitNamedPipeW
Sleep
ReadFile
GetOverlappedResult
GetLastError
LocalAlloc
LocalFree
CreateThread
CopyFileW
WaitForSingleObjectEx
CreateMutexA
ReleaseMutex
ConnectNamedPipe
CreateNamedPipeW
WriteFile
CreateFileW
SetNamedPipeHandleState
lstrcatW
lstrcpyW
FindFirstFileW
MoveFileExW
CreateDirectoryW
GetTempPathW
FindClose
RemoveDirectoryW
FindNextFileW
SetFileAttributesW
GetModuleHandleW
GetFullPathNameW
CreateMutexW
CopyFileExW
FindFirstFileExW
TerminateThread
lstrlenW
OpenMutexW
lstrcmpiW
GetVolumeInformationW
ExpandEnvironmentStringsA
EncodePointer
DecodePointer
FlsSetValue
GetCommandLineA
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
HeapReAlloc
RaiseException
RtlPcToFileHeader
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
HeapSize
ExitProcess
RtlUnwindEx
LCMapStringW
GetStdHandle
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeZoneInformation
SetFilePointer
GetStringTypeW
MultiByteToWideChar

user32

GetWindowTextW
LoadCursorW
SetCursor
GetForegroundWindow
GetParent
MessageBoxW
wsprintfW
RemoveMenu
CreatePopupMenu
AppendMenuW
GetSubMenu
EnableMenuItem
LoadMenuW
GetAsyncKeyState
GetWindowRect
MessageBoxA
GetClientRect
GetWindowLongW
SetWindowLongW
DrawTextW
InflateRect
GetSysColorBrush
FillRect
GetSysColor
InvalidateRect
PtInRect
AdjustWindowRectEx
CopyRect
ReleaseDC
SetRect
GetSystemMetrics
GetMenuItemInfoW
GetMenuItemCount
EndPaint
BeginPaint
ShowWindow
SetWindowPos
DestroyWindow
CreateWindowExW
wvsprintfA
wsprintfA
CallWindowProcW
IsRectEmpty
PostMessageW
IsWindow
LoadBitmapW
SystemParametersInfoW
GetWindowLongPtrW
SetWindowLongPtrW
DestroyMenu
GetClassLongW
GetAncestor
ClientToScreen
WindowFromPoint
UnregisterClassW
RegisterClassExW
LoadImageW
DefWindowProcW
SendMessageW
SetCapture
SendInput
ReleaseCapture
GetDC

gdi32

Rectangle
CreateSolidBrush
CreateCompatibleBitmap
DeleteDC
BitBlt
Polygon
Polyline
CreatePen
CreateCompatibleDC
SetTextColor
SetBkMode
GetObjectW
GetTextExtentPoint32W
GetTextMetricsW
SelectObject
DeleteObject
CreateFontIndirectW
CreateFontW
CreateDIBSection
GetCurrentObject

shlwapi

PathSkipRootW
PathRemoveFileSpecW
PathCombineW
PathAppendW
PathStripToRootW

advapi32

GetUserNameA
OpenProcessToken
OpenThreadToken
GetTokenInformation
RegQueryValueExW
RegOpenKeyW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegCloseKey
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptGetHashParam
CryptAcquireContextW
CryptVerifySignatureW
CryptReleaseContext
CryptImportKey
CryptCreateHash
CryptDestroyKey
CryptDestroyHash
RegOpenKeyExA
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
GetLengthSid
GetSidSubAuthorityCount
GetSidSubAuthority
CryptHashData

winmm

timeGetTime

shell32

ShellExecuteExW
SHGetFolderPathW

ole32

CoTaskMemFree
CoCreateGuid
StringFromGUID2

msimg32

AlphaBlend

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown
UT_Uninstall

Sections

.text
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 555KB - Virtual size: 554KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1e:8c:ad:a3:bd:09:4a:b8:e3:5b:ee:e8:01:43:12:efCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

ae:e6:67:f6:1e:02:e6:2f:6c:28:19:ec:54:cd:e7:f2:b1:0a:41:3fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 129KB

.ndata Size: - Virtual size: 84KB

.rsrc Size: 558KB - Virtual size: 558KB

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

2a2e0e82c0dc9890f9201e8bd8ecbff2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Exports

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1e:8c:ad:a3:bd:09:4a:b8:e3:5b:ee:e8:01:43:12:ef
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

ae:e6:67:f6:1e:02:e6:2f:6c:28:19:ec:54:cd:e7:f2:b1:0a:41:3f
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 129KB

.ndata
Size: - Virtual size: 84KB

.rsrc
Size: 558KB - Virtual size: 558KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 13KB - Virtual size: 12KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1024B - Virtual size: 696B

.rdata
Size: 1024B - Virtual size: 753B

.data
Size: 512B - Virtual size: 48B

.reloc
Size: 512B - Virtual size: 240B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 734B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1e:8c:ad:a3:bd:09:4a:b8:e3:5b:ee:e8:01:43:12:ef
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

a7:1a:9d:dd:3f:24:bc:d0:31:6f:d9:ba:1a:3e:3b:17:b8:b6:7c:89
Signer