file | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file
Size

144.3MB
MD5

715d67ac2702f9a2070b1b988c04d5ad
SHA1

f2462de1598545c4d51e252829dc1ef2f0dd5ce1
SHA256

b9936f1813df469381a11798a1ca43873efd9f1d5bb00cad406a238648a78f68
SHA512

cf8a7cb73cd48e38fe2f291cda699f28d9730584499de0f52117a843dd84cafc2ca26621d8d5770f8874411c276c00097c314312967077ba7ff12ac5b778b0c5
SSDEEP

3145728:GhnTw0oWdHVnSJWCzVS20HIEtMrPMa2O6TRUJGE6+U0ClrzXb8hce9vu1:Ghw0FV0xS206MvOKWP6+U02zXb8hL4

Score

3^/10

Malware Config

Signatures

Unsigned PE 23 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PAV_32bit/Windows/Common Files/Disk32.dll
unpack001/PAV_32bit/Windows/Common Files/DiskSerial.DLL
unpack001/PAV_32bit/Windows/Common Files/GetDateDiff.dll
unpack001/PAV_32bit/Windows/Common Files/HDkey.dll
unpack001/PAV_32bit/Windows/Common Files/PSAPI.DLL
unpack001/PAV_32bit/Windows/Common Files/Registration.exe
unpack001/PAV_32bit/Windows/Common Files/VDMDBG.DLL
unpack001/PAV_32bit/Windows/DLP/FileRecovery9x.exe
unpack001/PAV_32bit/Windows/DLP/GetDateDiff.dll
unpack001/PAV_32bit/Windows/DLP/Lookup.exe
unpack001/PAV_32bit/WindowsVista/Common Files/Disk32.dll
unpack001/PAV_32bit/WindowsVista/Common Files/DiskSerial.DLL
unpack001/PAV_32bit/WindowsVista/Common Files/GetDateDiff.dll
unpack001/PAV_32bit/WindowsVista/Common Files/HDkey.dll
unpack001/PAV_32bit/WindowsVista/Common Files/IdleTrac.dll
unpack001/PAV_32bit/WindowsVista/Common Files/PSAPI.DLL
unpack001/PAV_32bit/WindowsVista/Common Files/Registration.exe
unpack001/PAV_32bit/WindowsVista/Common Files/SchedularUDC.exe
unpack001/PAV_32bit/WindowsVista/Common Files/VDMDBG.DLL
unpack001/PAV_32bit/WindowsVista/DLP/Extract.dll
unpack001/PAV_32bit/WindowsVista/DLP/GetDateDiff.dll
unpack001/PAV_32bit/WindowsVista/DLP/IdleTrac.dll
unpack001/PAV_32bit/WindowsVista/DLP/Lookup.exe

Files

file
.zip
PAV_32bit/Anti-Virus/Setup32b.exe
.exe windows:5 windows x86 arch:x86

483f0c4259a9148c34961abbda6146c1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:1f:b0:a4:00:00:00:00:00:1d
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:31

Not After

22/02/2021, 19:41

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f2:a1:25:ea:d6:d5:b3:c9:26:c4:55:e5:93:31:96:7f:70:5c:b1:8f
Signer

Actual PE Digest

f2:a1:25:ea:d6:d5:b3:c9:26:c4:55:e5:93:31:96:7f:70:5c:b1:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GetWindowsDirectoryW
GetVersionExW
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAV_32bit/Setup.exe
.exe windows:5 windows x86 arch:x86

f97ff9bc947d5432a465b3b9e0aacd3c

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

96:74:ad:59:51:8f:7f:ed:d5:45:d3:d1:2b:b6:7b:ce:41:b9:56:75
Signer

Actual PE Digest

96:74:ad:59:51:8f:7f:ed:d5:45:d3:d1:2b:b6:7b:ce:41:b9:56:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapFree
RaiseException
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
ExitProcess
Sleep
GetStartupInfoW
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
lstrlenA
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
WritePrivateProfileStringW
GetModuleHandleA
InterlockedDecrement
FormatMessageW
LocalFree
MulDiv
lstrlenW
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GlobalUnlock
FreeResource
GlobalFree
GetCurrentProcessId
GetLastError
SetLastError
GlobalAddAtomW
CloseHandle
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
CompareStringA
MultiByteToWideChar
WideCharToMultiByte
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GetModuleHandleW
GetProcAddress
GetCurrentProcess
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetCurrentDirectoryW
IsDebuggerPresent
SetCurrentDirectoryW

user32

RegisterClipboardFormatW
PostThreadMessageW
ReleaseCapture
LoadCursorW
SetCapture
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
SetFocus
GetWindowTextW
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
OffsetRect
MessageBoxW
SendMessageW
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetWindowThreadProcessId
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharNextW
CharUpperW
RemovePropW
GetSysColorBrush
IsIconic
GetClientRect
EnableWindow
LoadIconW
GetSystemMetrics
GetWindowRect
UpdateWindow
InvalidateRect
GetParent
PostQuitMessage
PostMessageW
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
SetCursor
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
SendDlgItemMessageA

gdi32

ExtSelectClipRgn
DeleteDC
CreateRectRgnIndirect
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
GetStockObject
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutW
GetDeviceCaps
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleFlushClipboard
CoRegisterMessageFilter
CoGetClassObject

oleaut32

SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
SysFreeString

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAV_32bit/Windows/BMP/AboutUs.bmp
PAV_32bit/Windows/BMP/CP/AgreementHelp.BMP
.png
PAV_32bit/Windows/BMP/CP/CommonBusiness.bmp
PAV_32bit/Windows/BMP/CP/Commonbmp.bmp
PAV_32bit/Windows/BMP/CP/DateHelp.BMP
PAV_32bit/Windows/BMP/CP/DiskHelp.BMP
PAV_32bit/Windows/BMP/CP/OptionHelp.bmp
PAV_32bit/Windows/BMP/CP/PartHelp.BMP
PAV_32bit/Windows/BMP/CP/RecoverHelp.BMP
PAV_32bit/Windows/BMP/CP/SchedulerSettingsHelp.bmp
PAV_32bit/Windows/BMP/CP/SetupDLP.bmp
PAV_32bit/Windows/BMP/CP/Thumbs.db
PAV_32bit/Windows/BMP/CP/UnistalsCrashProof.bmp
PAV_32bit/Windows/BMP/CP/UnistalsDLP.bmp
PAV_32bit/Windows/BMP/Common/AgreementHelp.BMP
PAV_32bit/Windows/BMP/Common/CommonBusiness.bmp
PAV_32bit/Windows/BMP/Common/InstallingPrds.BMP
PAV_32bit/Windows/BMP/Common/OptionInstall.bmp
PAV_32bit/Windows/BMP/Common/ProductHelp.bmp
PAV_32bit/Windows/BMP/Common/Thumbs.db
PAV_32bit/Windows/BMP/CommonUnistal.bmp
PAV_32bit/Windows/BMP/DLPSettings.BMP
PAV_32bit/Windows/BMP/KeyNoCommon.bmp
PAV_32bit/Windows/BMP/ProductHelp.bmp
PAV_32bit/Windows/BMP/Renewal.bmp
PAV_32bit/Windows/BMP/SetupDLP.BMP
PAV_32bit/Windows/BMP/Thumbs.db
PAV_32bit/Windows/BMP/UninstallHelp.bmp
PAV_32bit/Windows/BMP/UnistalsRescueDiskette.bmp
PAV_32bit/Windows/BMP/keyNoHelp.bmp
PAV_32bit/Windows/Common Files/CommonFilesexists.dat
PAV_32bit/Windows/Common Files/DLPSettings.exe
.exe windows:4 windows x86 arch:x86

b826ad729edadeae2541d22b1523c430

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dd:51:d0:8a:78:6d:5b:e4:23:3c:e8:ff:e9:50:48:34:df:eb:d4:1c
Signer

Actual PE Digest

dd:51:d0:8a:78:6d:5b:e4:23:3c:e8:ff:e9:50:48:34:df:eb:d4:1c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetEnvironmentStrings
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetProfileStringA
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetTimeZoneInformation
GetACP
HeapReAlloc
HeapSize
RaiseException
GetStartupInfoA
GetCurrentProcessId
ExitProcess
RtlUnwind
HeapAlloc
HeapFree
GetFileTime
GetFileSize
GetFileAttributesA
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
SetErrorMode
GetThreadLocale
SizeofResource
WritePrivateProfileStringA
GetOEMCP
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalFlags
GlobalFree
GetModuleFileNameA
GlobalAlloc
GetCurrentThread
lstrcmpA
CloseHandle
LoadLibraryA
FreeLibrary
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
lstrcpynA
FormatMessageA
LocalFree
GlobalLock
GlobalUnlock
MulDiv
GetModuleHandleA
GetProcAddress
SetLastError
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
OpenProcess
TerminateProcess
GetLocalTime
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA

user32

CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
SetParent
CharUpperA
RegisterClipboardFormatA
PostThreadMessageA
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
IsWindow
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
IsWindowVisible
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
TrackPopupMenu
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
SetCapture
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
GetWindowPlacement
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
DestroyMenu
IsIconic
DrawIcon
GetSystemMenu
EnableMenuItem
LoadIconA
FindWindowA
MessageBoxA
FrameRect
LoadImageA
GetIconInfo
CreateIconIndirect
DrawStateA
OffsetRect
GetClientRect
InflateRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
SendMessageA
GetWindowLongA
GetMenuItemInfoA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode
SetRect
DestroyCursor
EnableWindow
GetSubMenu
GrayStringA
TabbedTextOutA
LoadBitmapA
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
LockWindowUpdate
GetDCEx
GetLastActivePopup
GetMenuState
ModifyMenuA
GetMenuItemCount
AppendMenuA
GetSystemMetrics
GetDesktopWindow
GetDC
DrawTextA
ReleaseDC
DrawIconEx
DestroyIcon
SystemParametersInfoA
GetSysColor
CopyRect
FillRect
DrawEdge
ReleaseCapture
LoadCursorA
GetClassNameA
MapDialogRect
SetWindowContextHelpId
EndDialog
CreateDialogIndirectParamA
PostQuitMessage
LoadStringA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
KillTimer
SetTimer
PtInRect
SetRectEmpty
UpdateWindow
TranslateMessage
ValidateRect
IntersectRect
GetCursorPos
GetMessageA

gdi32

CreateRectRgnIndirect
SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
CreateBitmap
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
StretchDIBits
GetCharWidthA
CreateFontA
GetTextMetricsA
GetTextColor
GetBkColor
LPtoDP
SetBkColor
SetTextColor
GetStockObject
Escape
PatBlt
ExtTextOutA
TextOutA
GetObjectA
GetPixel
SetPixel
RectVisible
PtVisible
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetBkMode
CreateDIBitmap
GetTextExtentPointA
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA

shell32

ShellExecuteExA

comctl32

ImageList_GetIcon
ImageList_AddMasked
ImageList_Draw
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_Destroy
ImageList_Create
ImageList_GetImageCount
ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize

olepro32

ord253

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen

winmm

PlaySoundA

Sections

.text
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAV_32bit/Windows/Common Files/Disk16.dll
PAV_32bit/Windows/Common Files/Disk32.dll
.dll windows:4 windows x86 arch:x86

98815d72cf50591382834e656918e630

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
ThunkConnect32
SUnMapLS_IP_EBP_28
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
SMapLS_IP_EBP_28
FatalAppExitA
UnhandledExceptionFilter
HeapAlloc
DebugBreak
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
HeapReAlloc
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
SetConsoleCtrlHandler
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetFilePointer
RtlUnwind
SetStdHandle
Sleep
FlushFileBuffers
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
CloseHandle
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

CheckInt13Extension32
Disk_ThunkData32
ReadDisk32
WriteDisk32

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PAV_32bit/Windows/Common Files/DiskSerial.DLL
.dll windows:4 windows x86 arch:x86

ed02738b1ec663583e7130d6921f9270

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
DeviceIoControl
GetVersionExA
DeleteFileA
SetPriorityClass
GetCurrentProcess
FreeResource
WriteFile
SizeofResource
LockResource
lstrlenA
FindResourceA
GetCurrentDirectoryA
CopyFileA
GetSystemDirectoryA
CloseHandle
CreateFileA
GetLocalTime
WinExec
lstrcpyA
LoadResource
OpenFile
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
LCMapStringA
LCMapStringW
FlushFileBuffers

user32

MessageBoxIndirectA
LoadStringA

advapi32

RegQueryValueA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

Exports

Exports

GetBufferSize
GetCPUSerialNumber
GetDiskCylinders
GetDiskHeads
GetDiskSerial
GetModelNumber
GetRevisionNumber
GetSectorsOfTrack
GetSerialNumber

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PAV_32bit/Windows/Common Files/FilesexistsCrashProof.dat
PAV_32bit/Windows/Common Files/GetDateDiff.dll
.dll windows:4 windows x86 arch:x86

ce6ef31899b31809ae0c71c094c6f083

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1253
ord342
ord823
ord1182
ord1168

msvcrt

free
_initterm
malloc
_adjust_fdiv

Exports

Exports

GetDiffDate

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 302B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PAV_32bit/Windows/Common Files/Getdisk.exe
.exe windows:4 windows x86 arch:x86

ddc9ae36a140e8c49cc8f26e81dfafdf

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d3:04:5d:41:42:49:7e:3e:a4:67:eb:7f:0c:28:df:cb:c4:de:4e:95
Signer

Actual PE Digest

d3:04:5d:41:42:49:7e:3e:a4:67:eb:7f:0c:28:df:cb:c4:de:4e:95

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
ord626
__vbaForEachCollAd
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaObjVar
DllFunctionCall
__vbaVarOr
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaInStrVar
__vbaVarCat
__vbaI2Var
ord537
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaVarDup
__vbaStrToAnsi
__vbaVarCopy
__vbaLateMemCallLd
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaNextEachCollAd
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAV_32bit/Windows/Common Files/HDkey.dll
.dll windows:4 windows x86 arch:x86

f2f9ab97622dcd25e853528c19f4fd63

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle

mfc42

ord823
ord1182
ord5710
ord858
ord1228
ord540
ord800
ord941
ord342
ord860
ord535
ord537
ord1168
ord1253
ord825

msvcrt

__dllonexit
_unlink
_except_handler3
?terminate@@YAXXZ
free
_initterm
malloc
_adjust_fdiv
_strupr
strncmp
isalnum
strstr
strncpy
__CxxFrameHandler
_access
ispunct
_onexit
sprintf
atol

kernel32

SetPriorityClass
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
GetVersionExA
GetCurrentProcess
SetCurrentDirectoryA
DeviceIoControl
SetFileAttributesA
Sleep
SetFilePointer
GetLastError
CreateFileA
CloseHandle
ReadFile
GetCurrentDirectoryA

user32

FindWindowA
MessageBoxA

shell32

ShellExecuteA

Exports

Exports

InitGetHDKey
checkInternetCon
getHDKey
getHDSerialNumber
getRegNum

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PAV_32bit/Windows/Common Files/IDE21201.VXD
PAV_32bit/Windows/Common Files/IMAGEDLP.TXT
PAV_32bit/Windows/Common Files/MonitorRestoreUDC.exe
.exe windows:4 windows x86 arch:x86

e2a881df6b447d32c962413b3e8396d8

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:9d:d2:c6:d0:3c:7e:b1:e2:45:4b:2e:8f:9b:fd:ed:76:36:5f:af
Signer

Actual PE Digest

1c:9d:d2:c6:d0:3c:7e:b1:e2:45:4b:2e:8f:9b:fd:ed:76:36:5f:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapFree
RaiseException
HeapReAlloc
HeapSize
GetACP
GetTimeZoneInformation
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetCurrentProcessId
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
RtlUnwind
GetProfileStringA
GetFileTime
GetFileSize
GetFileAttributesA
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
DuplicateHandle
SetErrorMode
GetOEMCP
GetCPInfo
GetThreadLocale
SizeofResource
GetProcessVersion
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
lstrcpynA
FormatMessageA
LocalFree
MulDiv
SetLastError
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetCurrentProcess
GetVersionExA
OpenProcess
TerminateProcess
GetWindowsDirectoryA
SetFilePointer
GetLastError
CreateFileA
CloseHandle
FreeEnvironmentStringsW
ReadFile

user32

GetNextDlgGroupItem
MessageBeep
InvalidateRect
CharUpperA
InflateRect
RegisterClipboardFormatA
PostThreadMessageA
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
CopyRect
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
SetRect
GetForegroundWindow
SetForegroundWindow
PtInRect
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
MessageBoxA
LoadIconA
SetTimer
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SetCursor
PostQuitMessage
PostMessageA
EnableWindow
KillTimer
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
GetMessagePos
GetSystemMenu
AppendMenuA
DefDlgProcA
IsWindowUnicode
SendMessageA
GetClassNameA
GetDesktopWindow
LoadCursorA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
DestroyMenu
LoadStringA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
MapWindowPoints
GetDlgItem
UpdateWindow
SetWindowLongA
SendDlgItemMessageA

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
SetMapMode
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
PatBlt
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegOpenKeyExA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

comctl32

ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleUninitialize

olepro32

ord253

oleaut32

VariantTimeToSystemTime
SysAllocStringLen
SysFreeString
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen
VariantClear

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAV_32bit/Windows/Common Files/Nodisk.exe
PAV_32bit/Windows/Common Files/PSAPI.DLL
.dll windows:4 windows x86 arch:x86

3b5b4bad881057af15fc35648ebcf206

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ntdll

NtAllocateVirtualMemory
RtlNtStatusToDosError
_stricmp
RtlUnwind
atoi
_chkstk
NtStopProfile
sprintf
RtlMultiByteToUnicodeN
RtlAdjustPrivilege
RtlUnicodeToOemN
NtCreateProfile
NtSetIntervalProfile
NtStartProfile
DbgPrint
NtWriteFile
NtSetInformationProcess
NtQueryInformationProcess
NtQueryVirtualMemory
NtQuerySystemInformation

kernel32

MultiByteToWideChar
GetProcessWorkingSetSize
WideCharToMultiByte
ReadProcessMemory
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
CreateFileA
CloseHandle
DisableThreadLibraryCalls
lstrcpyA
GetProcessHeap
LocalFree
SetLastError
LocalAlloc
SetProcessWorkingSetSize
lstrlenA
GetSystemInfo
HeapAlloc

imagehlp

SymLoadModule
SymGetModuleInfo
SymGetSymFromAddr
SymUnloadModule
SymSetOptions
SymInitialize
SymGetSearchPath

Exports

Exports

EmptyWorkingSet
EnumDeviceDrivers
EnumProcessModules
EnumProcesses
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetMappedFileNameA
GetMappedFileNameW
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleInformation
GetProcessMemoryInfo
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 914B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PAV_32bit/Windows/Common Files/ReadmeCrashProof.chm
.chm
PAV_32bit/Windows/Common Files/RegCheck.exe
.exe windows:4 windows x86 arch:x86

4f78bd700251d2fe453f2403c4438594

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:65:53:02:63:30:6f:ee:28:67:e1:01:c9:ee:2f:44:ff:e9:89:4f
Signer

Actual PE Digest

79:65:53:02:63:30:6f:ee:28:67:e1:01:c9:ee:2f:44:ff:e9:89:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetStringTypeA
GetStringTypeW
VirtualFree
IsBadCodePtr
CompareStringA
CompareStringW
HeapCreate
GetProfileStringA
HeapDestroy
GetACP
HeapSize
HeapReAlloc
GetFileType
SetStdHandle
GetCommandLineA
GetStartupInfoA
ExitProcess
RaiseException
HeapAlloc
HeapFree
GetTimeZoneInformation
GetCurrentProcessId
RtlUnwind
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringA
SetErrorMode
GetFileTime
GetFileSize
GetFileAttributesA
GetOEMCP
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
SizeofResource
GlobalFlags
GlobalAlloc
GetCurrentThread
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DeleteFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
DuplicateHandle
lstrcmpA
lstrcpynA
FormatMessageA
LocalFree
MulDiv
SetLastError
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GlobalLock
GlobalUnlock
GlobalFree
GetCurrentProcess
Sleep
SetFilePointer
GetLastError
ReadFile
GetEnvironmentVariableA
SetEnvironmentVariableA
GetModuleHandleA
WinExec
lstrcpyA
GetWindowsDirectoryA
CreateFileA
CloseHandle
lstrcatA
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetCPInfo
lstrlenW
lstrlenA
GetVersion
CopyFileA
SetFileAttributesA
GetLocalTime
LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
TerminateProcess
IsBadReadPtr
GetVersionExA

user32

CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
SetParent
RegisterClipboardFormatA
PostThreadMessageA
PeekMessageA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
IsWindowVisible
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
TrackPopupMenu
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowPos
RegisterWindowMessageA
IntersectRect
GetWindowPlacement
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
IsIconic
DrawIcon
LoadIconA
FindWindowA
KillTimer
GetCursorPos
PtInRect
RedrawWindow
CopyIcon
IsWindow
SetWindowLongA
SetTimer
FrameRect
LoadImageA
GetIconInfo
CreateIconIndirect
DrawStateA
OffsetRect
GetClientRect
InflateRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
GetParent
GetNextDlgTabItem
IsMenu
SendMessageA
GetWindowLongA
EnableWindow
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode
MessageBoxA
DestroyCursor
GetSubMenu
GrayStringA
TabbedTextOutA
LoadBitmapA
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuA
GetMenuItemCount
SetCapture
LockWindowUpdate
GetDCEx
EndDialog
ReleaseCapture
AppendMenuA
GetSystemMetrics
GetDesktopWindow
GetDC
DrawTextA
ReleaseDC
DrawIconEx
DestroyIcon
SystemParametersInfoA
GetSysColor
CopyRect
FillRect
DrawEdge
SetRect
GetMenuItemInfoA
LoadCursorA
SetCursor
GetClassNameA
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
CharUpperA
LoadStringA
SetRectEmpty
GetMessageA
TranslateMessage
ValidateRect
EndPaint
BeginPaint
GetWindowDC
DestroyMenu
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
GetDlgItemTextA
MapWindowPoints
EnableMenuItem
SendDlgItemMessageA
UpdateWindow

gdi32

SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
CreateRectRgnIndirect
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
StretchDIBits
GetCharWidthA
CreateFontA
GetTextMetricsA
GetTextColor
GetBkColor
LPtoDP
GetClipBox
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
Escape
PatBlt
ExtTextOutA
TextOutA
GetObjectA
GetPixel
SetPixel
RectVisible
PtVisible
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetBkMode
CreateDIBitmap
GetTextExtentPointA
GetDeviceCaps

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueA
RegCloseKey

shell32

ShellExecuteExA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Create

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize

olepro32

ord253

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen

winmm

PlaySoundA

Sections

.text
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAV_32bit/Windows/Common Files/RegisterComponent.exe
.exe windows:4 windows x86 arch:x86

fd2e8a76db55902e611ff2b4e4a67efe

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

86:b4:38:e5:eb:98:58:e4:74:c6:12:d3:16:22:fb:b9:1c:15:46:7c
Signer

Actual PE Digest

86:b4:38:e5:eb:98:58:e4:74:c6:12:d3:16:22:fb:b9:1c:15:46:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetStringTypeA
GetStringTypeW
HeapDestroy
IsBadCodePtr
GetExitCodeProcess
CreateProcessA
CompareStringA
CompareStringW
LCMapStringW
GetProfileStringA
LCMapStringA
GetACP
HeapSize
HeapReAlloc
GetFileType
SetStdHandle
GetStartupInfoA
ExitProcess
RaiseException
HeapAlloc
HeapFree
GetTimeZoneInformation
GetCurrentProcessId
RtlUnwind
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringA
SetErrorMode
GetFileTime
GetFileSize
GetFileAttributesA
GetOEMCP
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
SizeofResource
GlobalFlags
GlobalAlloc
GetCurrentThread
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DeleteFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
DuplicateHandle
lstrcmpA
WaitForSingleObject
lstrcpynA
FormatMessageA
LocalFree
MulDiv
SetLastError
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GlobalLock
GlobalUnlock
GlobalFree
GetCurrentProcess
Sleep
SetFilePointer
GetLastError
ReadFile
GetEnvironmentVariableA
SetEnvironmentVariableA
GetModuleHandleA
lstrcatA
WinExec
lstrcpyA
GetWindowsDirectoryA
CreateFileA
CloseHandle
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetCommandLineA
CopyFileA
SetFileAttributesA
GetLocalTime
LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
TerminateProcess
IsBadReadPtr
GetVersionExA

user32

SetCapture
CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
SetParent
RegisterClipboardFormatA
PostThreadMessageA
PeekMessageA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
IsWindowVisible
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
TrackPopupMenu
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowPos
RegisterWindowMessageA
IntersectRect
LockWindowUpdate
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
IsIconic
EnableMenuItem
LoadIconA
ExitWindowsEx
FindWindowA
KillTimer
GetCursorPos
PtInRect
RedrawWindow
CopyIcon
IsWindow
SetWindowLongA
SetTimer
FrameRect
LoadImageA
GetIconInfo
CreateIconIndirect
DrawStateA
OffsetRect
GetClientRect
InflateRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
GetParent
GetNextDlgTabItem
IsMenu
SendMessageA
GetWindowLongA
EnableWindow
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode
MessageBoxA
DestroyCursor
GetSubMenu
GrayStringA
TabbedTextOutA
LoadBitmapA
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuA
GetMenuItemCount
GetDCEx
GetWindowPlacement
ReleaseCapture
AppendMenuA
GetSystemMetrics
GetDesktopWindow
GetDC
DrawTextA
ReleaseDC
DrawIconEx
DestroyIcon
SystemParametersInfoA
GetSysColor
CopyRect
FillRect
DrawEdge
SetRect
GetMenuItemInfoA
LoadCursorA
SetCursor
GetClassNameA
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
CharUpperA
LoadStringA
SetRectEmpty
GetMessageA
TranslateMessage
ValidateRect
EndPaint
BeginPaint
GetWindowDC
DestroyMenu
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
GetDlgItemTextA
UpdateWindow
DrawIcon
SendDlgItemMessageA
MapWindowPoints

gdi32

SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
CreateRectRgnIndirect
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
StretchDIBits
GetCharWidthA
CreateFontA
GetTextMetricsA
GetTextColor
GetBkColor
LPtoDP
GetClipBox
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
Escape
PatBlt
ExtTextOutA
TextOutA
GetObjectA
GetPixel
SetPixel
RectVisible
PtVisible
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetBkMode
CreateDIBitmap
GetTextExtentPointA
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey

shell32

ShellExecuteExA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Create

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize

olepro32

ord253

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen

winmm

PlaySoundA

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 260KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAV_32bit/Windows/Common Files/Registration.exe
.exe windows:4 windows x86 arch:x86

42c4a344a7ba485224c75fa7d4830ab1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
GetACP
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
GetCommandLineA
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetStartupInfoA
TerminateProcess
ExitProcess
GetProfileStringA
RtlUnwind
FormatMessageA
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
SetErrorMode
GetFileTime
GetFileSize
GetFileAttributesA
GetOEMCP
GetCPInfo
SizeofResource
GetProcessVersion
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
lstrcpynA
GetLastError
MulDiv
SetLastError
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
VirtualAlloc
GetCurrentDirectoryA

user32

SetRect
GetNextDlgGroupItem
MessageBeep
InvalidateRect
InflateRect
RegisterClipboardFormatA
PostThreadMessageA
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
CopyRect
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
CopyAcceleratorTableA
GetMessagePos
GetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
PtInRect
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
LoadIconA
SendMessageA
AppendMenuA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SetCursor
PostQuitMessage
PostMessageA
EnableWindow
MessageBoxA
IsIconic
GetSystemMetrics
CharNextA
GetSysColorBrush
GetMessageTime
GetClientRect
DrawIcon
DefDlgProcA
IsWindowUnicode
GetSystemMenu
GetDesktopWindow
LoadCursorA
CharUpperA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
DestroyMenu
LoadStringA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
MapWindowPoints
DestroyWindow
GetClassNameA
UpdateWindow
SetForegroundWindow
SendDlgItemMessageA

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
PatBlt
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA

shell32

ShellExecuteA

comctl32

ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleUninitialize

olepro32

ord253

oleaut32

VariantTimeToSystemTime
SysAllocStringLen
SysFreeString
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen
VariantClear

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAV_32bit/Windows/Common Files/RepairWMI.exe
.exe windows:4 windows x86 arch:x86

7261283430a24d292bfd7338bb496c63

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:7f:a8:b9:07:13:08:c5:84:0a:3a:42:57:2a:86:a6:14:e0:80:97
Signer

Actual PE Digest

3d:7f:a8:b9:07:13:08:c5:84:0a:3a:42:57:2a:86:a6:14:e0:80:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA

kernel32

DeviceIoControl
CloseHandle
CreateFileA
GetLastError
SetPriorityClass
GetCurrentProcess
GetVersionExA
GetWindowsDirectoryA
RemoveDirectoryA
SetCurrentDirectoryA
GetSystemDirectoryA
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
InterlockedIncrement
InterlockedDecrement
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
LocalFree
FormatMessageA
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
GetModuleFileNameA
WaitForSingleObject
SetEvent
SuspendThread
CreateEventA
FreeResource
LoadResource
FindResourceA
LockResource
GlobalFree
GlobalUnlock
GetProcAddress
GetModuleHandleA
lstrcpyA
GlobalFindAtomA
GetProfileStringA
SetEnvironmentVariableA
SetStdHandle
CreateProcessA
GetExitCodeProcess
IsBadCodePtr
SetUnhandledExceptionFilter
VirtualAlloc
HeapReAlloc
HeapAlloc
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
VirtualFree
HeapFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
GetLocalTime
GetSystemTime
GetTimeZoneInformation
GetStdHandle
DebugBreak
RaiseException
ExitThread
CreateThread
HeapValidate
GetCommandLineA
GetStartupInfoA
TerminateProcess
ExitProcess
RtlUnwind
lstrcpyW
CopyFileA
GlobalSize
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileSize
GetTickCount
lstrlenW
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetTempFileNameA
GetFileAttributesA
GetShortPathNameA
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
DeleteFileA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DuplicateHandle
SetErrorMode
GetOEMCP
GetCPInfo
OutputDebugStringA
GetThreadLocale
SizeofResource
GetProcessVersion
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetProfileIntA
GlobalAddAtomA
VirtualProtect
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpynA
IsBadReadPtr
IsBadWritePtr
IsBadStringPtrA
IsBadStringPtrW
MulDiv
SetLastError
ResumeThread
GetThreadPriority
SetThreadPriority
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA

user32

IsClipboardFormatAvailable
InSendMessage
wvsprintfA
RegisterClipboardFormatA
DestroyIcon
MessageBeep
CopyAcceleratorTableA
CharNextA
GetDialogBaseUnits
GetClipboardFormatNameA
UnpackDDElParam
ReuseDDElParam
DestroyMenu
TranslateAcceleratorA
LoadAcceleratorsA
GetWindowThreadProcessId
WaitMessage
DestroyCursor
SetCursorPos
ReleaseCapture
GetAsyncKeyState
LoadStringA
CheckMenuRadioItem
GetMenuContextHelpId
SetMenuContextHelpId
LoadMenuIndirectA
LoadMenuA
RemoveMenu
ModifyMenuA
InsertMenuA
GetSubMenu
GetMenuItemInfoA
GetMenuStringA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
SetMenuDefaultItem
EnableMenuItem
CheckMenuItem
AppendMenuA
DeleteMenu
IsMenu
CreatePopupMenu
CreateMenu
ScrollDC
GrayStringA
GetTabbedTextExtentA
DrawTextA
DrawFocusRect
DrawFrameControl
DrawEdge
DrawStateA
DrawIcon
InvertRect
FrameRect
FillRect
ExcludeUpdateRgn
WindowFromDC
GetSysColorBrush
SubtractRect
UnionRect
InflateRect
SetRectEmpty
SetRect
PtInRect
IsRectEmpty
OpenIcon
CloseWindow
LoadCursorA
PostThreadMessageA
GetWindowContextHelpId
SendNotifyMessageA
GetForegroundWindow
SetForegroundWindow
ShowCaret
HideCaret
SetCaretPos
GetCaretPos
CreateCaret
GetClipboardViewer
GetClipboardOwner
GetOpenClipboardWindow
OpenClipboard
SetClipboardViewer
ChangeClipboardChain
FlashWindow
WindowFromPoint
SetParent
FindWindowA
ChildWindowFromPointEx
ChildWindowFromPoint
ShowScrollBar
GetNextDlgTabItem
GetNextDlgGroupItem
DlgDirSelectComboBoxExA
DlgDirSelectExA
DlgDirListComboBoxA
DlgDirListA
GetDesktopWindow
SetCapture
KillTimer
SetTimer
EnableScrollBar
RedrawWindow
LockWindowUpdate
GetDCEx
ShowOwnedPopups
IsWindowVisible
ValidateRgn
InvalidateRgn
InvalidateRect
GetUpdateRgn
GetUpdateRect
UpdateWindow
ReleaseDC
GetWindowDC
GetDC
EndPaint
BeginPaint
ClientToScreen
BringWindowToTop
GetWindowRgn
SetWindowRgn
ArrangeIconicWindows
IsZoomed
HiliteMenuItem
GetSystemMenu
DrawMenuBar
SetMenu
GetMenu
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
MessageBoxA
UnregisterClassA
DefDlgProcA
IsWindowUnicode
GetSystemMetrics
CharToOemA
OemToCharA
SendMessageA
IsWindow
PostMessageA
TabbedTextOutA
PostQuitMessage
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
LoadIconA
SendDlgItemMessageA
GetClientRect
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
GetClassNameA
GetDlgCtrlID
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
SetCursor
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetParent
GetWindowLongA
SetWindowsHookExA
GetCursorPos
PeekMessageA
ValidateRect
CallNextHookEx
GetKeyState
DispatchMessageA
TranslateMessage
GetMessageA
GetFocus
SetMenuItemBitmaps
LoadBitmapA
GetMenuCheckMarkDimensions
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
EndDialog
SetWindowContextHelpId
GetWindow
SetWindowPos
MapDialogRect
GetWindowRect
GetWindowPlacement
IsIconic
CharUpperA

gdi32

SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateBitmap
ExtTextOutA
CloseEnhMetaFile
CreateEnhMetaFileA
CloseMetaFile
CreateMetaFileA
GetBrushOrgEx
SetBrushOrgEx
EnumObjects
SelectObject
GetNearestColor
RealizePalette
UpdateColors
GetBkColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextColor
GetMapMode
GetViewportOrgEx
GetViewportExtEx
GetWindowOrgEx
GetWindowExtEx
DPtoLP
LPtoDP
FillRgn
FrameRgn
InvertRgn
PaintRgn
PtVisible
RectVisible
GetCurrentPositionEx
Arc
Polyline
Chord
Ellipse
Pie
Polygon
PolyPolygon
Rectangle
RoundRect
PatBlt
BitBlt
StretchBlt
GetPixel
SetPixel
FloodFill
ExtFloodFill
TextOutA
GetTextExtentPoint32A
GetTextAlign
GetTextFaceA
GetTextMetricsA
GetTextCharacterExtra
GetCharWidthA
GetAspectRatioFilterEx
Escape
SetBoundsRect
GetBoundsRect
ResetDCA
GetOutlineTextMetricsA
GetCharABCWidthsA
GetFontData
GetKerningPairsA
GetGlyphOutlineA
StartDocA
StartPage
EndPage
SetAbortProc
GetObjectA
EndDoc
MaskBlt
PlgBlt
SetPixelV
AngleArc
GetArcDirection
PolyPolyline
GetColorAdjustment
GetCurrentObject
PolyBezier
DrawEscape
ExtEscape
GetCharABCWidthsFloatA
GetCharWidthFloatA
AbortPath
BeginPath
CloseFigure
EndPath
FillPath
FlattenPath
GetMiterLimit
GetPath
SetMiterLimit
StrokeAndFillPath
StrokePath
WidenPath
GdiComment
PlayEnhMetaFile
DeleteDC
SaveDC
RestoreDC
SelectPalette
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
GetTextExtentPointA
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
DeleteObject
GetClipRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
EnumMetaFile
PlayMetaFile
StretchDIBits
CopyMetaFileA
DeleteMetaFile
GetStockObject
UnrealizeObject
GetObjectType
CreatePen
CreatePenIndirect
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreateBrushIndirect
CreatePatternBrush
CreateDIBPatternBrushPt
CreateFontIndirectA
CreateFontA
CreateBitmapIndirect
SetBitmapBits
GetBitmapBits
SetBitmapDimensionEx
GetBitmapDimensionEx
CreateCompatibleBitmap
CreateDiscardableBitmap
CreatePalette
CreateHalftonePalette
GetPaletteEntries
SetPaletteEntries
AnimatePalette
GetNearestPaletteIndex
ResizePalette
CreateRectRgn
CreateRectRgnIndirect
CreateEllipticRgn
CreateEllipticRgnIndirect
CreatePolygonRgn
CreatePolyPolygonRgn
CreateDIBitmap
CreateRoundRectRgn
PathToRegion
ExtCreateRegion
GetRegionData
SetRectRgn
CombineRgn
EqualRgn
OffsetRgn
GetRgnBox
PtInRegion
RectInRegion
CreateDCA
CreateICA
CreateCompatibleDC
AbortDoc
GetDeviceCaps

comdlg32

PrintDlgA
PageSetupDlgA
GetFileTitleA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

GetFileSecurityA
SetFileSecurityA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegCreateKeyA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegSetValueA
RegQueryValueA
RegCloseKey

shell32

DragQueryFileA
ExtractIconA
SHGetFileInfoA
DragAcceptFiles
DragFinish

comctl32

ImageList_GetImageCount
ImageList_Add
ImageList_AddMasked
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Draw
ImageList_SetBkColor
ImageList_Write
ImageList_SetOverlayImage
ImageList_GetImageInfo
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragMove
ImageList_SetDragCursorImage
ImageList_DragShowNolock
ImageList_GetDragImage
ImageList_DragEnter
ImageList_DragLeave
ImageList_Read
ImageList_Merge
ImageList_LoadImageA
ImageList_Create
ImageList_Destroy
ord13
CreatePropertySheetPageA
DestroyPropertySheetPage
PropertySheetA
ord8
ord17
ImageList_GetBkColor
ord14

oledlg

ord3
ord7
ord6
ord5
ord9
ord4
ord8

ole32

CoGetMalloc
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
OleLockRunning
OleSetContainedObject
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateFromFile
OleCreateLinkToFile
OleCreate
OleLoad
OleSave
StgIsStorageILockBytes
GetHGlobalFromILockBytes
OleGetIconOfClass
WriteClassStm
OleSaveToStream
OleIsRunning
OleQueryCreateFromData
OleQueryLinkFromData
OleGetClipboard
OleSetMenuDescriptor
DoDragDrop
OleRegEnumVerbs
OleRegGetMiscStatus
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CreateStreamOnHGlobal
CreateDataAdviseHolder
OleTranslateAccelerator
IsAccelerator
GetRunningObjectTable
CoLockObjectExternal
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CreateBindCtx
OleDuplicateData
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoDisconnectObject
OleRun
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
GetClassFile
CreateFileMoniker
CreateGenericComposite
CreateItemMoniker
OleFlushClipboard
OleSetClipboard
CoRevokeClassObject
OleIsCurrentClipboard
CoRegisterClassObject
CoRegisterMessageFilter
ReleaseStgMedium
CreateOleAdviseHolder
CoTreatAsClass

olepro32

ord253

oleaut32

SafeArrayRedim
LoadTypeLi
SysStringLen
DosDateTimeToVariantTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromDate
VarDateFromStr
VarBstrFromCy
VarCyFromStr
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate
SysFreeString
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysReAllocStringLen
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen

Sections

.text
Size: 916KB - Virtual size: 914KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 56KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAV_32bit/Windows/Common Files/SchedularUDC.exe
.exe windows:4 windows x86 arch:x86

8db258f6e8f3f330da17edea92fc9fb5

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b1:2a:f1:63:8c:91:4a:c0:df:ba:04:32:57:07:f9:3d:ab:d5:00:a8
Signer

Actual PE Digest

b1:2a:f1:63:8c:91:4a:c0:df:ba:04:32:57:07:f9:3d:ab:d5:00:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadWritePtr
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
VirtualAlloc
IsBadCodePtr
GetExitCodeProcess
CreateProcessA
SetStdHandle
CompareStringA
CompareStringW
VirtualFree
GetProfileStringA
HeapCreate
HeapDestroy
GetTimeZoneInformation
GetACP
HeapSize
HeapReAlloc
ExitThread
CreateThread
RaiseException
GetCommandLineA
GetStartupInfoA
GetCurrentProcessId
ExitProcess
HeapAlloc
HeapFree
RtlUnwind
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
SetErrorMode
GetFileTime
GetFileSize
GetFileAttributesA
WritePrivateProfileStringA
GetOEMCP
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
SizeofResource
GlobalFlags
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
GetModuleFileNameA
GlobalAlloc
GetCurrentThread
lstrcmpA
CreateEventA
SuspendThread
SetThreadPriority
SetEvent
WaitForSingleObject
lstrcpynA
FormatMessageA
LocalFree
MulDiv
SetLastError
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GlobalLock
GlobalUnlock
GlobalFree
ResumeThread
QueryDosDeviceA
GetDriveTypeA
OpenProcess
TerminateProcess
GetModuleHandleA
FreeLibrary
GetLocalTime
GetCurrentProcess
GetWindowsDirectoryA
GetSystemDirectoryA
CopyFileA
Sleep
SetFilePointer
GetLastError
WriteFile
ReadFile
GetEnvironmentVariableA
SetEnvironmentVariableA
LoadLibraryA
GetProcAddress
SetFileAttributesA
DeleteFileA
DeviceIoControl
CloseHandle
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateFileA
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetCPInfo
lstrlenW
lstrlenA
GetVersion
IsBadReadPtr
GetVersionExA

user32

CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
SetParent
RegisterClipboardFormatA
PostThreadMessageA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
IsWindowVisible
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
TrackPopupMenu
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
IntersectRect
GetWindowPlacement
EndDialog
SetCapture
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
LoadCursorA
ExitWindowsEx
KillTimer
TranslateAcceleratorA
DrawIcon
SetTimer
LoadIconA
FindWindowA
SetMenuDefaultItem
GetCursorPos
SetForegroundWindow
GetMenuDefaultItem
LoadMenuA
GetMenu
SetMenu
FrameRect
GetIconInfo
CreateIconIndirect
DrawStateA
OffsetRect
GetClientRect
InflateRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
GetWindowLongA
DestroyCursor
GetSubMenu
SendMessageA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode
LoadImageA
GrayStringA
TabbedTextOutA
LoadBitmapA
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuState
ModifyMenuA
GetMenuItemCount
InsertMenuA
AppendMenuA
GetSystemMetrics
GetDesktopWindow
LockWindowUpdate
GetDCEx
GetClassNameA
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
SetActiveWindow
ReleaseCapture
GetDC
DrawTextA
ReleaseDC
DrawIconEx
DestroyIcon
SystemParametersInfoA
GetSysColor
CopyRect
FillRect
DrawEdge
SetRect
GetMenuItemInfoA
EnableWindow
MessageBoxA
GetSystemMenu
GetMenuItemID
EnableMenuItem
LoadAcceleratorsA
CharUpperA
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
LoadStringA
PtInRect
SetRectEmpty
GetMessageA
TranslateMessage
ValidateRect
EndPaint
BeginPaint
GetWindowDC
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
UpdateWindow
SendDlgItemMessageA
IsIconic
MapWindowPoints
PeekMessageA

gdi32

SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
CreateRectRgnIndirect
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
StretchDIBits
GetCharWidthA
CreateFontA
GetTextMetricsA
GetTextColor
GetBkColor
LPtoDP
GetClipBox
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
Escape
ExtTextOutA
TextOutA
PatBlt
RectVisible
PtVisible
GetObjectA
GetPixel
SetPixel
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetBkMode
CreateDIBitmap
GetTextExtentPointA
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey

shell32

DragQueryFileA
DragFinish
ShellExecuteA
Shell_NotifyIconA
ShellExecuteExA

comctl32

ImageList_Draw
ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Create

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize

olepro32

ord253

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen

winmm

PlaySoundA

Sections

.text
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAV_32bit/Windows/Common Files/UniExecuteUDC.exe
.exe windows:4 windows x86 arch:x86

58214266ce6df59eb3a4c569ebfac8b2

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a6:81:c5:2b:75:b5:74:1a:34:0a:0e:0d:c0:d3:81:a4:f6:f2:90:34
Signer

Actual PE Digest

a6:81:c5:2b:75:b5:74:1a:34:0a:0e:0d:c0:d3:81:a4:f6:f2:90:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLineInputStr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaExitProc
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
ord632
__vbaVargVarMove
ord525
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
ord717
__vbaStrVarVal
__vbaVarCat
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
__vbaVarCopy
__vbaVarLateMemCallLd
ord617
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
ord619
_allmul
_CItan
_CIexp
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAV_32bit/Windows/Common Files/Uninstall.exe
.exe windows:4 windows x86 arch:x86

2448b590f7b7fc311fa279bc68edc182

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e3:1f:df:8f:3b:cc:96:36:96:dc:0f:81:83:a2:25:d2:7b:65:43:1e
Signer

Actual PE Digest

e3:1f:df:8f:3b:cc:96:36:96:dc:0f:81:83:a2:25:d2:7b:65:43:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA

kernel32

SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetExitCodeProcess
CreateProcessA
CompareStringA
CompareStringW
GetProfileStringA
TerminateProcess
OpenProcess
GetVersionExA
CopyFileA
SetFileAttributesA
GetTimeZoneInformation
CloseHandle
ReadFile
CreateFileA
GetFileAttributesA
SetEndOfFile
WriteFile
SetFilePointer
GetFileSize
RemoveDirectoryA
Sleep
GetDriveTypeA
FindClose
FindNextFileA
FindFirstFileA
GetDiskFreeSpaceExA
GetVersion
lstrlenA
lstrlenW
GetCPInfo
LockResource
LoadResource
FindResourceA
lstrcmpiA
GetProcAddress
LoadLibraryA
SetEnvironmentVariableA
GetEnvironmentVariableA
GetLastError
DeviceIoControl
GetSystemDirectoryA
GetWindowsDirectoryA
HeapReAlloc
HeapSize
GetACP
ExitThread
CreateThread
RaiseException
GetFileType
SetStdHandle
GetCommandLineA
GetStartupInfoA
ExitProcess
HeapFree
HeapAlloc
GetCurrentProcessId
RtlUnwind
GetTickCount
GetCurrentDirectoryA
GetCurrentProcess
FreeLibrary
GetModuleHandleA
DeleteFileA
InterlockedIncrement
InterlockedDecrement
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringA
SizeofResource
GetOEMCP
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
SetErrorMode
GetFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalAlloc
GetCurrentThread
GlobalFree
lstrcmpA
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GlobalLock
GlobalUnlock
MulDiv
SetLastError
GetModuleFileNameA
GetThreadLocale
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
lstrcpyA
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
FormatMessageA
LocalFree
WideCharToMultiByte
MultiByteToWideChar

user32

CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
SetParent
RegisterClipboardFormatA
PostThreadMessageA
SetCapture
LockWindowUpdate
GetDCEx
ReleaseCapture
LoadCursorA
GetClassNameA
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
EndDialog
CreateDialogIndirectParamA
LoadStringA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
KillTimer
SetTimer
PtInRect
SetRectEmpty
GetMessageA
TranslateMessage
ValidateRect
GetCursorPos
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
DispatchMessageA
GetFocus
SetActiveWindow
IsWindow
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
IsWindowVisible
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
TrackPopupMenu
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
MessageBoxA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode
SetDlgItemTextA
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
GetWindowPlacement
IntersectRect
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
DestroyMenu
CharUpperA
wsprintfA
IsIconic
DrawIcon
LoadIconA
GetSystemMenu
EnableMenuItem
ExitWindowsEx
FrameRect
LoadImageA
GetIconInfo
CreateIconIndirect
DrawStateA
OffsetRect
GetClientRect
InflateRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
FindWindowA
GetMenuItemInfoA
SetRect
DrawEdge
FillRect
CopyRect
GetSysColor
SystemParametersInfoA
DestroyIcon
DrawIconEx
ReleaseDC
DrawTextA
GetDC
GetDesktopWindow
GetSystemMetrics
AppendMenuA
GetMenuItemCount
ModifyMenuA
GetMenuState
GetMenuItemID
CreatePopupMenu
CreateMenu
GetMenuStringA
GetSysColorBrush
LoadBitmapA
TabbedTextOutA
GrayStringA
GetSubMenu
EnableWindow
DestroyCursor
GetWindowLongA
SendMessageA
GetParent
GetNextDlgTabItem
IsMenu
PeekMessageA

gdi32

RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SaveDC
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
StretchDIBits
GetCharWidthA
CreateFontA
GetTextMetricsA
GetTextColor
GetBkColor
LPtoDP
CreateRectRgnIndirect
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
Escape
PatBlt
ExtTextOutA
TextOutA
GetObjectA
GetPixel
SetPixel
RectVisible
PtVisible
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetBkMode
CreateDIBitmap
GetDeviceCaps
GetTextExtentPointA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegDeleteValueA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey

shell32

ShellExecuteExA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_Destroy
ImageList_Create
ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize

olepro32

ord253

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen

winmm

PlaySoundA

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAV_32bit/Windows/Common Files/VDMDBG.DLL
.dll windows:4 windows x86 arch:x86

67615df65c833ecc28acdadedd67ac28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
CreateFileMappingA
CreateMutexA
GetThreadSelectorEntry
ReadProcessMemory
OpenProcess
WriteProcessMemory
TerminateThread
ContinueDebugEvent
WaitForDebugEvent
CreateRemoteThread
OutputDebugStringA
UnmapViewOfFile
MapViewOfFile
MultiByteToWideChar
CloseHandle
WideCharToMultiByte
LCMapStringW
HeapFree
HeapAlloc
GetStringTypeA
GetStringTypeW
VirtualFree
VirtualAlloc
ReleaseMutex
GlobalAddAtomA
LCMapStringA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

user32

GetWindowThreadProcessId
FindWindowExA
PostMessageA

Exports

Exports

VDMBreakThread
VDMDetectWOW
VDMEnumProcessWOW
VDMEnumTaskWOW
VDMEnumTaskWOWEx
VDMGetModuleSelector
VDMGetPointer
VDMGetSelectorModule
VDMGetThreadContext
VDMGetThreadSelectorEntry
VDMGlobalFirst
VDMGlobalNext
VDMKillWOW
VDMModuleFirst
VDMModuleNext
VDMProcessException
VDMSetThreadContext
VDMStartTaskInWOW
VDMTerminateTaskWOW

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PAV_32bit/Windows/Common Files/startup.exe
.exe windows:4 windows x86 arch:x86

5bb4df51db2c7fbc096f8040ff870ab2

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:7b:a4:be:a8:bc:da:dd:67:e7:ac:35:12:a8:5e:88:d9:0a:51:f0
Signer

Actual PE Digest

3a:7b:a4:be:a8:bc:da:dd:67:e7:ac:35:12:a8:5e:88:d9:0a:51:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
LCMapStringW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
LCMapStringA
IsBadWritePtr
HeapCreate
HeapDestroy
GetVersionExA
GetTimeZoneInformation
GetACP
HeapReAlloc
HeapSize
ExitThread
CreateThread
RaiseException
GetStartupInfoA
GetCurrentProcessId
ExitProcess
RtlUnwind
HeapAlloc
HeapFree
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringA
SetErrorMode
GetFileTime
GetFileSize
GetFileAttributesA
GetOEMCP
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalFlags
GlobalAlloc
GetCurrentThread
GetModuleFileNameA
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DeleteFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
GlobalFree
lstrcmpA
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
LoadLibraryA
FreeLibrary
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
lstrcpynA
FormatMessageA
LocalFree
GlobalLock
GlobalUnlock
MulDiv
GetModuleHandleA
GetProcAddress
SetLastError
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
OpenProcess
TerminateProcess
GetCommandLineA
SetFileAttributesA
CopyFileA
GetWindowsDirectoryA
WriteFile
SetFilePointer
GetLastError
VirtualAlloc
ReadFile
VirtualFree
CloseHandle
CreateFileA
DeviceIoControl
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetCPInfo
lstrlenW
lstrlenA
GetVersion
IsBadCodePtr

user32

GetDCEx
LockWindowUpdate
SetCapture
CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
SetParent
RegisterClipboardFormatA
PostThreadMessageA
GetClassNameA
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
CharUpperA
EndDialog
CreateDialogIndirectParamA
LoadStringA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetDlgItemInt
KillTimer
SetTimer
PtInRect
SetRectEmpty
GetMessageA
TranslateMessage
ValidateRect
GetCursorPos
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
IsWindowVisible
GetTopWindow
IsChild
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
TrackPopupMenu
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
GetWindowPlacement
IntersectRect
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
DestroyMenu
RedrawWindow
IsWindow
IsIconic
DrawIcon
GetSystemMenu
EnableMenuItem
LoadIconA
FindWindowA
MessageBoxA
FrameRect
LoadImageA
GetIconInfo
CreateIconIndirect
DrawStateA
OffsetRect
GetClientRect
ReleaseCapture
LoadCursorA
InflateRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
SendMessageA
GetWindowLongA
DestroyCursor
EnableWindow
GetSubMenu
GrayStringA
TabbedTextOutA
LoadBitmapA
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuA
GetMenuItemCount
AppendMenuA
GetSystemMetrics
GetDesktopWindow
GetDC
DrawTextA
ReleaseDC
DrawIconEx
DestroyIcon
SystemParametersInfoA
GetSysColor
CopyRect
FillRect
DrawEdge
SetRect
GetMenuItemInfoA
GetCapture
UnregisterClassA

gdi32

GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
GetCharWidthA
CreateFontA
GetTextMetricsA
GetTextColor
GetBkColor
LPtoDP
SetBkMode
RestoreDC
SaveDC
CreateRectRgnIndirect
CreateRectRgn
CreateBitmap
LineTo
MoveToEx
IntersectClipRect
ExcludeClipRect
SelectClipRgn
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
StretchDIBits
GetDeviceCaps
SetBkColor
SetTextColor
GetStockObject
Escape
ExtTextOutA
PatBlt
TextOutA
GetObjectA
GetPixel
SetPixel
RectVisible
PtVisible
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetBkMode

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCloseKey
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA

shell32

ShellExecuteExA

comctl32

ImageList_GetIcon
ImageList_AddMasked
ImageList_Draw
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_Destroy
ImageList_Create
ImageList_GetImageCount
ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
OleInitialize

olepro32

ord253

oleaut32

SysStringLen
VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString

winmm

PlaySoundA

Sections

.text
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAV_32bit/Windows/Common Files/unfixwmi.bat
PAV_32bit/Windows/CommonFilesexists.dat
PAV_32bit/Windows/DLP/Crash Proof Help1.chm
.chm
PAV_32bit/Windows/DLP/Crash Proof Help2.chm
.chm
PAV_32bit/Windows/DLP/Crash Proof Help3.chm
.chm
PAV_32bit/Windows/DLP/Crash Proof Help4.chm
.chm
PAV_32bit/Windows/DLP/Crash Proof Help5.chm
.chm
PAV_32bit/Windows/DLP/DRIVEGE.EXE
PAV_32bit/Windows/DLP/FileRecovery9x.exe
.exe windows:4 windows x86 arch:x86

cb2bcee03375547844319a4641aa8364

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
LCMapStringW
GetProfileStringA
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetTimeZoneInformation
GetACP
ExitThread
CreateThread
RaiseException
GetCommandLineA
GetStartupInfoA
ExitProcess
CreateDirectoryA
GetCurrentProcessId
RtlUnwind
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringA
SetErrorMode
GetFileTime
SizeofResource
GetOEMCP
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GlobalAlloc
GetCurrentThread
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DeleteFileA
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
GlobalFree
lstrcmpA
CreateEventA
SetThreadPriority
SetEvent
WaitForSingleObject
FormatMessageA
LocalFree
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
FreeLibrary
GetCurrentThreadId
GlobalFindAtomA
GlobalDeleteAtom
MulDiv
GetModuleHandleA
SetLastError
lstrcatA
lstrcpyA
GlobalLock
lstrcpynA
GlobalUnlock
GlobalGetAtomNameA
GlobalAddAtomA
GetWindowsDirectoryA
GetLocalTime
GetFileSize
WriteFile
GetLastError
ReadFile
GetEnvironmentVariableA
SetEnvironmentVariableA
LoadLibraryA
GetProcAddress
DeviceIoControl
SuspendThread
ResumeThread
CreateFileA
Sleep
SetFilePointer
SetEndOfFile
CloseHandle
HeapReAlloc
GetCurrentDirectoryA
HeapFree
GetProcessHeap
HeapAlloc
HeapSize
OpenProcess
TerminateProcess
TerminateThread
GetFileAttributesA
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA

user32

MessageBeep
SetParent
RegisterClipboardFormatA
PostThreadMessageA
GetTopWindow
IsChild
RegisterClassA
TrackPopupMenu
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
IntersectRect
GetWindowPlacement
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
GetLastActivePopup
BringWindowToTop
IsWindowVisible
GetFocus
EqualRect
GetDlgItem
SetWindowLongA
wsprintfA
GetKeyState
SetWindowPos
GetDlgCtrlID
UpdateWindow
UnpackDDElParam
ReuseDDElParam
SetActiveWindow
WinHelpA
SetMenu
GetClassInfoA
LoadMenuA
DestroyMenu
SetFocus
ShowWindow
GetWindow
IsWindowEnabled
PeekMessageA
CopyAcceleratorTableA
LoadAcceleratorsA
RegisterWindowMessageA
GetNextDlgGroupItem
ReleaseCapture
GetCapture
GetCursorPos
SetRectEmpty
ShowOwnedPopups
LoadCursorA
IsIconic
DrawIcon
LoadIconA
FindWindowA
GetMenu
MessageBoxA
GetSystemMenu
EnableMenuItem
FrameRect
LoadImageA
GetIconInfo
CreateIconIndirect
DrawStateA
OffsetRect
InflateRect
DrawFocusRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
SendMessageA
GetWindowLongA
DestroyCursor
EnableWindow
GetSubMenu
GrayStringA
TabbedTextOutA
GetSystemMetrics
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode
GetWindowRect
LoadBitmapA
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuA
GetMenuItemCount
AppendMenuA
GetDesktopWindow
CharNextA
SetCapture
LockWindowUpdate
GetDCEx
GetClassNameA
MapDialogRect
TranslateAcceleratorA
SetWindowContextHelpId
GetDC
DrawTextA
ReleaseDC
DrawIconEx
DestroyIcon
SystemParametersInfoA
GetSysColor
CopyRect
FillRect
DrawEdge
SetRect
GetMenuItemInfoA
IsWindow
GetClientRect
SetWindowRgn
KillTimer
SetTimer
PostQuitMessage
CharUpperA
EndDialog
CreateDialogIndirectParamA
LoadStringA
PtInRect
GetMessageA
TranslateMessage
ValidateRect
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
MapWindowPoints
DispatchMessageA
AdjustWindowRectEx
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
RedrawWindow

gdi32

GetStockObject
SetTextColor
SetBkColor
CreateBitmap
StretchDIBits
SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
Escape
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
CreateRectRgnIndirect
GetMapMode
SetRectRgn
DPtoLP
GetCharWidthA
CreateFontA
GetTextMetricsA
GetTextColor
GetBkColor
LPtoDP
ExtTextOutA
TextOutA
PatBlt
RectVisible
PtVisible
GetObjectA
GetPixel
SetPixel
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreatePen
GetBkMode
GetDeviceCaps
CreateSolidBrush
FillRgn
FrameRgn
GetTextExtentPoint32A
CreateRoundRectRgn
CreatePolygonRgn
CreateRectRgn
CombineRgn
CreateDIBitmap
GetTextExtentPointA
CreateFontIndirectA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA

shell32

DragQueryFileA
DragFinish
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteExA

comctl32

ImageList_GetIcon
ImageList_AddMasked
ImageList_Draw
ImageList_ReplaceIcon
_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Create
ImageList_GetImageCount

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize

olepro32

ord253

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen

winmm

PlaySoundA

Sections

.text
Size: 324KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAV_32bit/Windows/DLP/FileRecoveryNt.exe
.exe windows:4 windows x86 arch:x86

b3560085094bc81255a48d30c2fda8f7

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:36:98:64:3f:b8:80:18:9d:3d:b5:6f:31:ea:ed:ef:1c:6d:e8:73
Signer

Actual PE Digest

09:36:98:64:3f:b8:80:18:9d:3d:b5:6f:31:ea:ed:ef:1c:6d:e8:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
GetModuleFileNameA
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetCommandLineW
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
GetEnvironmentStrings
GetEnvironmentStringsW
FindResourceA
GlobalAddAtomA
GetProfileStringA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetTimeZoneInformation
ExitThread
CreateThread
RaiseException
GetFileAttributesA
DeleteFileA
CreateDirectoryW
GetCurrentProcessId
RtlUnwind
ExitProcess
GetStartupInfoW
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringW
SetErrorMode
GetFileTime
SizeofResource
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
lstrcmpW
GlobalAlloc
lstrcmpiA
GetCurrentThread
GetThreadLocale
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DeleteFileW
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
GlobalFree
lstrcmpA
CreateEventW
SetThreadPriority
SetEvent
WaitForSingleObject
FormatMessageW
LocalFree
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
FreeLibrary
MultiByteToWideChar
GetCurrentThreadId
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleW
MulDiv
GetModuleHandleA
SetLastError
lstrcatW
lstrcpyW
GlobalLock
lstrcpynW
GlobalUnlock
GlobalGetAtomNameW
GlobalAddAtomW
GetWindowsDirectoryW
GetLocalTime
WideCharToMultiByte
GetFileSize
WriteFile
GetLastError
ReadFile
GetEnvironmentVariableW
SetEnvironmentVariableW
LoadLibraryW
GetProcAddress
DeviceIoControl
SuspendThread
ResumeThread
CreateFileW
Sleep
SetFilePointer
SetEndOfFile
CloseHandle
HeapReAlloc
GetCurrentDirectoryW
HeapFree
GetProcessHeap
HeapAlloc
HeapSize
OpenProcess
TerminateProcess
TerminateThread
GetFileAttributesW
lstrlenW
lstrcmpiW
FindResourceW
LoadResource
LockResource
GetCPInfo
lstrlenA
GetVersion
GetVersionExW

user32

RegisterClipboardFormatW
PostThreadMessageW
GetTopWindow
IsChild
RegisterClassW
TrackPopupMenu
GetWindowTextLengthW
GetWindowTextW
DefWindowProcW
DestroyWindow
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
IntersectRect
GetWindowPlacement
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
GetLastActivePopup
BringWindowToTop
IsWindowVisible
GetFocus
EqualRect
GetDlgItem
SetWindowLongW
wsprintfW
GetKeyState
SetWindowPos
GetDlgCtrlID
UpdateWindow
UnpackDDElParam
ReuseDDElParam
SetActiveWindow
WinHelpW
SetMenu
GetClassInfoW
LoadMenuW
DestroyMenu
SetFocus
ShowWindow
GetWindow
IsWindowEnabled
TranslateAcceleratorW
LoadAcceleratorsW
RegisterWindowMessageW
GetNextDlgGroupItem
ReleaseCapture
GetCapture
GetCursorPos
SetRectEmpty
RedrawWindow
LoadCursorW
IsIconic
DrawIcon
LoadIconW
FindWindowW
GetMenu
MessageBoxW
GetSystemMenu
MapDialogRect
FrameRect
LoadImageW
GetIconInfo
CreateIconIndirect
DrawStateW
OffsetRect
InflateRect
GetDCEx
PostMessageW
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
SendMessageW
GetWindowLongW
DestroyCursor
EnableWindow
GetSubMenu
EndDeferWindowPos
GetSystemMetrics
GetWindowRect
UnregisterClassW
GetWindowTextLengthA
HideCaret
ShowCaret
ExcludeUpdateRgn
GrayStringW
DrawTextW
TabbedTextOutW
LoadBitmapW
GetSysColorBrush
GetMenuStringW
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuW
SetParent
MessageBeep
CopyAcceleratorTableW
CharNextW
SetCapture
PeekMessageW
LockWindowUpdate
GetMenuItemCount
AppendMenuW
GetDesktopWindow
GetDC
ReleaseDC
DrawIconEx
DestroyIcon
SystemParametersInfoW
GetSysColor
CopyRect
FillRect
DrawEdge
SetRect
GetMenuItemInfoW
IsWindow
GetClientRect
GetWindowTextA
DrawTextA
GetClassInfoA
DefDlgProcA
DefWindowProcA
CharNextA
CallWindowProcA
RemovePropA
SetWindowsHookExA
GetWindowLongA
SendMessageA
IsWindowUnicode
GetClassNameA
SetWindowLongA
SetPropA
GetPropA
SetTimer
KillTimer
SetWindowRgn
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
CharUpperW
EndDialog
CreateDialogIndirectParamW
LoadStringW
PtInRect
GetMessageW
TranslateMessage
ValidateRect
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
MoveWindow
DrawFocusRect
GetClassNameW
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SetDlgItemInt
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
DispatchMessageW
AdjustWindowRectEx
DeferWindowPos
BeginDeferWindowPos
EnableMenuItem

gdi32

GetStockObject
SetTextColor
SetBkColor
CreateBitmap
StretchDIBits
SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
CreateRectRgnIndirect
GetMapMode
SetRectRgn
DPtoLP
GetCharWidthW
CreateFontW
GetTextMetricsW
GetTextColor
GetBkColor
LPtoDP
Escape
ExtTextOutW
TextOutW
PatBlt
RectVisible
PtVisible
GetObjectW
GetPixel
SetPixel
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreatePen
GetBkMode
GetDeviceCaps
CreateSolidBrush
FillRgn
FrameRgn
GetTextExtentPoint32W
CreateRoundRectRgn
CreatePolygonRgn
CreateRectRgn
CombineRgn
CreateDIBitmap
ExtTextOutA
GetTextExtentPointA
CreateFontIndirectW

comdlg32

GetOpenFileNameW
GetFileTitleW
GetSaveFileNameW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegCloseKey
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW

shell32

DragQueryFileW
DragFinish
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW

comctl32

ImageList_GetIcon
ImageList_AddMasked
ImageList_Draw
ImageList_ReplaceIcon
_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Create
ImageList_GetImageCount

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoFreeUnusedLibraries

olepro32

ord253

oleaut32

SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen

winmm

PlaySoundW

Sections

.text
Size: 320KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAV_32bit/Windows/DLP/GetDateDiff.dll
.dll windows:4 windows x86 arch:x86

ce6ef31899b31809ae0c71c094c6f083

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1253
ord342
ord823
ord1182
ord1168

msvcrt

free
_initterm
malloc
_adjust_fdiv

Exports

Exports

GetDiffDate

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 302B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PAV_32bit/Windows/DLP/Lfn.exe
.exe windows:4 windows x86 arch:x86

2663423149f72cd4d6756343ab92e19c

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:39:7b:4c:43:43:4d:9a:8b:0d:14:16:99:fa:00:95:89:0d:9e:70
Signer

Actual PE Digest

09:39:7b:4c:43:43:4d:9a:8b:0d:14:16:99:fa:00:95:89:0d:9e:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
CreateFileA
LCMapStringW
LCMapStringA
GetCPInfo
FlushFileBuffers
GetOEMCP
HeapReAlloc
VirtualAlloc
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetProcAddress
LoadLibraryA
SetEndOfFile
GetShortPathNameA
OpenProcess
SetStdHandle
TerminateProcess
GetLastError
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
CloseHandle
ExitProcess
GetCurrentProcess
GetFileAttributesA
GetCurrentProcessId
MoveFileA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
GetCurrentThreadId
TlsAlloc
SetLastError
HeapAlloc
UnhandledExceptionFilter
RtlUnwind
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WriteFile
InterlockedDecrement
InterlockedIncrement
ReadFile
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW

user32

PostMessageA
GetDC
ReleaseDC
GetDlgItemTextA
SetDlgItemTextA
GetSystemMenu
GetMenuItemID
EnableMenuItem
LoadImageA
EndDialog
DefWindowProcA
DestroyWindow
BeginPaint
GetClientRect
DrawTextA
EndPaint
PostQuitMessage
MessageBoxA
CreateWindowExA
DialogBoxParamA
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA

gdi32

CreateCompatibleDC
SelectObject
GetObjectA
BitBlt
DeleteDC
DeleteObject
CreateSolidBrush

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAV_32bit/Windows/DLP/Lookup.exe
.exe windows:4 windows x86 arch:x86

6682b0e20b2632afb9503df27043643a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
FormatMessageA
GetLastError
CreateFileA
WaitForSingleObject
CloseHandle
SetFileAttributesA
Sleep
GetProcAddress
GetModuleHandleA
GetFileAttributesA
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
FlushFileBuffers
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapAlloc
HeapFree
SetFilePointer
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
SetStdHandle
VirtualAlloc
HeapReAlloc
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
ReadFile
SetEndOfFile
LCMapStringA
LCMapStringW

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAV_32bit/Windows/DLP/REVIVE.EXE
PAV_32bit/Windows/DLP/protect.exe
.exe windows:4 windows x86 arch:x86

ae9b1b087ce32039b7702068c9527323

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:1d:ae:54:71:51:4a:72:6a:e8:8c:ce:cb:76:62:1a:15:09:f4:61
Signer

Actual PE Digest

99:1d:ae:54:71:51:4a:72:6a:e8:8c:ce:cb:76:62:1a:15:09:f4:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
WriteFile
GetFileSize
SetFilePointer
ReadFile
SetEndOfFile
GetSystemDirectoryA
CreateDirectoryA
FreeLibrary
WaitForSingleObject
SetEvent
ResumeThread
SetThreadPriority
GetCurrentThreadId
SuspendThread
CreateEventA
GetModuleHandleA
lstrcpyA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
lstrcatA
GetVersion
InterlockedIncrement
InterlockedDecrement
lstrlenA
HeapReAlloc
MultiByteToWideChar
LocalAlloc
LocalFree
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalFree
GlobalUnlock
GlobalHandle
LeaveCriticalSection
GlobalLock
GlobalReAlloc
GlobalAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
SetLastError
lstrcpynA
GetProcessVersion
lstrcmpA
GlobalFlags
GetCPInfo
GetOEMCP
GetModuleFileNameA
GetCurrentProcess
FlushFileBuffers
DeleteFileA
GetFileAttributesA
GetCurrentProcessId
ExitProcess
RtlUnwind
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
RaiseException
GetACP
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetExitCodeProcess
CreateProcessA
SetStdHandle
IsBadReadPtr
IsBadCodePtr
CreateFileA
DeviceIoControl
CloseHandle
CopyFileA
GetProcAddress
LoadLibraryA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetLocalTime
Sleep
SetFileAttributesA
GetProcessHeap
HeapAlloc
HeapSize
HeapFree
OpenProcess
TerminateProcess
GetVersionExA
WideCharToMultiByte
GetWindowsDirectoryA

user32

CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
GetDlgCtrlID
GetWindowTextA
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetParent
GetTopWindow
CopyRect
AdjustWindowRectEx
GetFocus
GetSysColor
MapWindowPoints
RemovePropA
SetWindowTextA
IsWindowEnabled
GetNextDlgTabItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetSysColorBrush
GetClassNameA
PtInRect
ClientToScreen
DestroyMenu
GetMessagePos
TabbedTextOutA
DrawTextA
GrayStringA
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
EnableWindow
SetFocus
SendMessageA
GetDC
GetClientRect
ReleaseDC
SetDlgItemTextA
PostMessageA
BeginPaint
ShowWindow
LoadImageA
EndPaint
GetSystemMenu
GetMenuItemID
EnableMenuItem
GetDlgItem
SetTimer
KillTimer
EndDialog
PostQuitMessage
DefWindowProcA
DestroyWindow
DialogBoxParamA
MessageBoxA
FindWindowA
CreateWindowExA
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
DispatchMessageA
TranslateMessage
SetForegroundWindow

gdi32

SetMapMode
OffsetViewportOrgEx
GetStockObject
ScaleViewportExtEx
GetClipBox
SetViewportOrgEx
SetWindowExtEx
ScaleWindowExtEx
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
SetViewportExtEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
SelectObject
CreateSolidBrush
DeleteDC
BitBlt
GetObjectA
CreateCompatibleDC

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA

shell32

ShellExecuteA

shlwapi

SHDeleteKeyA

comctl32

ord17

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAV_32bit/Windows/FilesexistsCrashProof.dat
PAV_32bit/Windows/ReadmeCrashProof.chm
.chm
PAV_32bit/Windows/Setup.exe
.exe windows:4 windows x86 arch:x86

66449b25a680e0a3223796c7d82bf05f

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d9:67:7e:3c:af:ed:34:5e:77:19:9e:1f:14:ac:57:4f:1d:39:9b:5c
Signer

Actual PE Digest

d9:67:7e:3c:af:ed:34:5e:77:19:9e:1f:14:ac:57:4f:1d:39:9b:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA

kernel32

GetACP
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetExitCodeProcess
CreateProcessA
CompareStringA
CompareStringW
HeapSize
GetProfileStringA
GetCurrentDirectoryA
TerminateProcess
OpenProcess
GetVersionExA
CreateDirectoryA
HeapReAlloc
CopyFileA
MultiByteToWideChar
CloseHandle
SetFileAttributesA
ReadFile
GetFileSize
CreateFileA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
SetEnvironmentVariableA
LoadLibraryA
GetProcAddress
GetFileAttributesA
GetSystemDirectoryA
GetWindowsDirectoryA
GetLocalTime
DeleteFileA
GetTempPathA
GetCommandLineA
Sleep
GetVersion
lstrlenA
lstrlenW
GetCPInfo
LockResource
LoadResource
FindResourceA
lstrcmpiA
GetSystemInfo
ExitThread
CreateThread
GetFileType
SetStdHandle
RaiseException
GetStartupInfoA
ExitProcess
HeapAlloc
HeapFree
GetSystemTime
GetTimeZoneInformation
GetCurrentProcessId
RtlUnwind
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleA
GetCurrentProcess
FreeLibrary
GetLastError
SetFilePointer
ResumeThread
TerminateThread
WritePrivateProfileStringA
SetErrorMode
GetFileTime
GetOEMCP
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
SizeofResource
GlobalFlags
GlobalAlloc
GetCurrentThread
GetModuleFileNameA
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
DuplicateHandle
lstrcmpA
lstrcpynA
MulDiv
SetLastError
CreateEventA
SetThreadPriority
SetEvent
WaitForSingleObject
FormatMessageA
LocalFree
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GlobalLock
GlobalUnlock
GlobalFree
SuspendThread

user32

CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
SetParent
RegisterClipboardFormatA
PostThreadMessageA
SetCapture
LockWindowUpdate
GetDCEx
ReleaseCapture
LoadCursorA
GetClassNameA
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
CharUpperA
LoadStringA
KillTimer
SetTimer
PtInRect
SetRectEmpty
EndPaint
BeginPaint
GetWindowDC
GetMessageA
TranslateMessage
ValidateRect
GetCursorPos
DestroyMenu
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
GetDlgItemTextA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
IsWindowVisible
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
TrackPopupMenu
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
SendMessageA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode
LoadImageA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
IntersectRect
GetWindowPlacement
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
RedrawWindow
IsWindow
ExitWindowsEx
IsIconic
DrawIcon
LoadIconA
FrameRect
GetIconInfo
CreateIconIndirect
DrawStateA
OffsetRect
GetClientRect
InflateRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
GetWindowLongA
EnableMenuItem
GetMenuItemID
GetSystemMenu
EnableWindow
MessageBoxA
SetDlgItemTextA
InvalidateRect
GetMenuItemInfoA
SetRect
DrawEdge
FillRect
CopyRect
GetSysColor
SystemParametersInfoA
DestroyIcon
DrawIconEx
ReleaseDC
DrawTextA
GetDC
GetDesktopWindow
GetSystemMetrics
AppendMenuA
GetMenuItemCount
ModifyMenuA
GetMenuState
CreatePopupMenu
CreateMenu
GetMenuStringA
GetSysColorBrush
LoadBitmapA
TabbedTextOutA
GrayStringA
DestroyCursor
GetSubMenu

gdi32

SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
GetClipBox
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
CreateRectRgnIndirect
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
StretchDIBits
GetCharWidthA
CreateFontA
GetTextMetricsA
GetTextColor
GetBkColor
LPtoDP
CreateRectRgn
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
Escape
PatBlt
ExtTextOutA
TextOutA
GetObjectA
GetPixel
SetPixel
RectVisible
PtVisible
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetBkMode
CreateDIBitmap
GetDeviceCaps
GetTextExtentPointA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey

shell32

ShellExecuteExA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Create

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoInitialize
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen

winmm

PlaySoundA

Sections

.text
Size: 272KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAV_32bit/Windows/SetupfilesAv.dat
PAV_32bit/Windows/SetupfilesCrashProof.dat
PAV_32bit/Windows/Uninstall.exe
.exe windows:4 windows x86 arch:x86

2448b590f7b7fc311fa279bc68edc182

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e3:1f:df:8f:3b:cc:96:36:96:dc:0f:81:83:a2:25:d2:7b:65:43:1e
Signer

Actual PE Digest

e3:1f:df:8f:3b:cc:96:36:96:dc:0f:81:83:a2:25:d2:7b:65:43:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA

kernel32

SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetExitCodeProcess
CreateProcessA
CompareStringA
CompareStringW
GetProfileStringA
TerminateProcess
OpenProcess
GetVersionExA
CopyFileA
SetFileAttributesA
GetTimeZoneInformation
CloseHandle
ReadFile
CreateFileA
GetFileAttributesA
SetEndOfFile
WriteFile
SetFilePointer
GetFileSize
RemoveDirectoryA
Sleep
GetDriveTypeA
FindClose
FindNextFileA
FindFirstFileA
GetDiskFreeSpaceExA
GetVersion
lstrlenA
lstrlenW
GetCPInfo
LockResource
LoadResource
FindResourceA
lstrcmpiA
GetProcAddress
LoadLibraryA
SetEnvironmentVariableA
GetEnvironmentVariableA
GetLastError
DeviceIoControl
GetSystemDirectoryA
GetWindowsDirectoryA
HeapReAlloc
HeapSize
GetACP
ExitThread
CreateThread
RaiseException
GetFileType
SetStdHandle
GetCommandLineA
GetStartupInfoA
ExitProcess
HeapFree
HeapAlloc
GetCurrentProcessId
RtlUnwind
GetTickCount
GetCurrentDirectoryA
GetCurrentProcess
FreeLibrary
GetModuleHandleA
DeleteFileA
InterlockedIncrement
InterlockedDecrement
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringA
SizeofResource
GetOEMCP
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
SetErrorMode
GetFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalAlloc
GetCurrentThread
GlobalFree
lstrcmpA
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GlobalLock
GlobalUnlock
MulDiv
SetLastError
GetModuleFileNameA
GetThreadLocale
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
lstrcpyA
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
FormatMessageA
LocalFree
WideCharToMultiByte
MultiByteToWideChar

user32

CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
SetParent
RegisterClipboardFormatA
PostThreadMessageA
SetCapture
LockWindowUpdate
GetDCEx
ReleaseCapture
LoadCursorA
GetClassNameA
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
EndDialog
CreateDialogIndirectParamA
LoadStringA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
KillTimer
SetTimer
PtInRect
SetRectEmpty
GetMessageA
TranslateMessage
ValidateRect
GetCursorPos
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
DispatchMessageA
GetFocus
SetActiveWindow
IsWindow
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
IsWindowVisible
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
TrackPopupMenu
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
MessageBoxA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode
SetDlgItemTextA
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
GetWindowPlacement
IntersectRect
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
DestroyMenu
CharUpperA
wsprintfA
IsIconic
DrawIcon
LoadIconA
GetSystemMenu
EnableMenuItem
ExitWindowsEx
FrameRect
LoadImageA
GetIconInfo
CreateIconIndirect
DrawStateA
OffsetRect
GetClientRect
InflateRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
FindWindowA
GetMenuItemInfoA
SetRect
DrawEdge
FillRect
CopyRect
GetSysColor
SystemParametersInfoA
DestroyIcon
DrawIconEx
ReleaseDC
DrawTextA
GetDC
GetDesktopWindow
GetSystemMetrics
AppendMenuA
GetMenuItemCount
ModifyMenuA
GetMenuState
GetMenuItemID
CreatePopupMenu
CreateMenu
GetMenuStringA
GetSysColorBrush
LoadBitmapA
TabbedTextOutA
GrayStringA
GetSubMenu
EnableWindow
DestroyCursor
GetWindowLongA
SendMessageA
GetParent
GetNextDlgTabItem
IsMenu
PeekMessageA

gdi32

RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SaveDC
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
StretchDIBits
GetCharWidthA
CreateFontA
GetTextMetricsA
GetTextColor
GetBkColor
LPtoDP
CreateRectRgnIndirect
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
Escape
PatBlt
ExtTextOutA
TextOutA
GetObjectA
GetPixel
SetPixel
RectVisible
PtVisible
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetBkMode
CreateDIBitmap
GetDeviceCaps
GetTextExtentPointA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegDeleteValueA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey

shell32

ShellExecuteExA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_Destroy
ImageList_Create
ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize

olepro32

ord253

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen

winmm

PlaySoundA

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAV_32bit/Windows/autorun.inf
PAV_32bit/WindowsVista/BMP/AboutUs.bmp
PAV_32bit/WindowsVista/BMP/CP/AgreementHelp.BMP
.png
PAV_32bit/WindowsVista/BMP/CP/CommonBusiness.bmp
PAV_32bit/WindowsVista/BMP/CP/Commonbmp.bmp
PAV_32bit/WindowsVista/BMP/CP/DateHelp.BMP
PAV_32bit/WindowsVista/BMP/CP/DiskHelp.BMP
PAV_32bit/WindowsVista/BMP/CP/OptionHelp.bmp
PAV_32bit/WindowsVista/BMP/CP/PartHelp.BMP
PAV_32bit/WindowsVista/BMP/CP/RecoverHelp.BMP
PAV_32bit/WindowsVista/BMP/CP/SchedulerSettingsHelp.bmp
PAV_32bit/WindowsVista/BMP/CP/SetupDLP.bmp
PAV_32bit/WindowsVista/BMP/CP/Thumbs.db
PAV_32bit/WindowsVista/BMP/CP/UnistalsCrashProof.bmp
PAV_32bit/WindowsVista/BMP/CP/UnistalsDLP.bmp
PAV_32bit/WindowsVista/BMP/Common/AgreementHelp.BMP
PAV_32bit/WindowsVista/BMP/Common/CommonBusiness.bmp
PAV_32bit/WindowsVista/BMP/Common/InstallingPrds.BMP
PAV_32bit/WindowsVista/BMP/Common/OptionInstall.bmp
PAV_32bit/WindowsVista/BMP/Common/ProductHelp.bmp
PAV_32bit/WindowsVista/BMP/Common/Thumbs.db
PAV_32bit/WindowsVista/BMP/CommonUnistal.bmp
PAV_32bit/WindowsVista/BMP/DLPSettings.BMP
PAV_32bit/WindowsVista/BMP/KeyNoCommon.bmp
PAV_32bit/WindowsVista/BMP/ProductHelp.bmp
PAV_32bit/WindowsVista/BMP/Renewal.bmp
PAV_32bit/WindowsVista/BMP/SetupDLP.bmp
PAV_32bit/WindowsVista/BMP/Thumbs.db
PAV_32bit/WindowsVista/BMP/UninstallHelp.bmp
PAV_32bit/WindowsVista/BMP/UnistalsRescueDiskette.bmp
PAV_32bit/WindowsVista/BMP/keyNoHelp.bmp
PAV_32bit/WindowsVista/Common Files/CallRegCheck.exe
.exe windows:4 windows x86 arch:x86

342def0cf15338245cd3ea5e04cbc090

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d2:27:92:7b:6f:b7:e5:77:07:c4:fd:43:7f:e4:02:ae:a7:1b:3e:4d
Signer

Actual PE Digest

d2:27:92:7b:6f:b7:e5:77:07:c4:fd:43:7f:e4:02:ae:a7:1b:3e:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
TerminateProcess
GetCurrentProcessId
GetLastError
GetFileAttributesA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
Sleep
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

MessageBoxA

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAV_32bit/WindowsVista/Common Files/CallRegisterComponent.exe
.exe windows:4 windows x86 arch:x86

342def0cf15338245cd3ea5e04cbc090

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

92:91:81:eb:82:22:a7:39:b5:9b:5f:17:70:d0:48:7f:10:1b:9c:6e
Signer

Actual PE Digest

92:91:81:eb:82:22:a7:39:b5:9b:5f:17:70:d0:48:7f:10:1b:9c:6e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
TerminateProcess
GetCurrentProcessId
GetLastError
GetFileAttributesA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
Sleep
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

MessageBoxA

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAV_32bit/WindowsVista/Common Files/CommonFilesexists.dat
PAV_32bit/WindowsVista/Common Files/DLPSettings.exe
.exe windows:4 windows x86 arch:x86

b583e3f2aa802d1829e27cf73047dff1

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:03:90:2d:d2:83:fd:af:5b:11:7d:df:7f:76:af:cb:f4:d6:44:ee
Signer

Actual PE Digest

07:03:90:2d:d2:83:fd:af:5b:11:7d:df:7f:76:af:cb:f4:d6:44:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
ExitProcess
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetProcessHeap
GetStartupInfoA
RaiseException
HeapSize
GetACP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
LCMapStringA
LCMapStringW
Sleep
HeapAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
HeapFree
GetTickCount
GetFileTime
GetFileAttributesA
FileTimeToLocalFileTime
SetErrorMode
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringA
FileTimeToSystemTime
GetThreadLocale
GetOEMCP
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalFlags
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
CloseHandle
InterlockedDecrement
GetModuleFileNameW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
lstrcmpW
FreeResource
CompareStringW
CompareStringA
InterlockedExchange
GetCommandLineA
GetLocalTime
OpenProcess
TerminateProcess
lstrlenW
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetCPInfo
lstrlenA
lstrcmpiA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
GetVersion
GetVersionExA

user32

ReleaseCapture
LoadCursorA
GetDCEx
LockWindowUpdate
SetCapture
UnregisterClassA
CharNextA
CopyAcceleratorTableA
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
SetParent
RegisterClipboardFormatA
PostThreadMessageA
GetWindowDC
GetMessageA
TranslateMessage
ValidateRect
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
GetCursorPos
KillTimer
SetTimer
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
IsWindowVisible
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
IntersectRect
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
CheckMenuItem
IsWindow
SetRectEmpty
PtInRect
SetWindowLongA
GetMenuStringA
DestroyMenu
CharUpperA
EnableMenuItem
LoadIconA
IsIconic
GetSystemMenu
DrawIcon
FindWindowA
MessageBoxA
LoadImageA
PostMessageA
SetCursor
DestroyCursor
GetWindowLongA
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
GetClientRect
GetWindowRect
SendMessageA
DrawFocusRect
FrameRect
SetWindowContextHelpId
MapDialogRect
CreateDialogIndirectParamA
EndDialog
GetWindowThreadProcessId
OffsetRect
InflateRect
DrawStateA
PostQuitMessage
EndPaint
GetMessagePos
BeginPaint
GetIconInfo
CreateIconIndirect
IsMenu
GetMenuItemInfoA
DrawIconEx
DestroyIcon
GetSysColorBrush
GetSysColor
GetSystemMetrics
SystemParametersInfoA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
EnableWindow
GetDesktopWindow
ReleaseDC
GetDC
ModifyMenuA
GetSubMenu
GetMenuState
GetMenuItemID
GetMenuItemCount
AppendMenuA
CreatePopupMenu
CreateMenu
DrawEdge
FillRect
LoadBitmapA
CopyRect
SetRect
SetForegroundWindow

gdi32

SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
CreatePatternBrush
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
GetTextColor
GetRgnBox
SetBkMode
RestoreDC
SaveDC
GetBkColor
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
ExtSelectClipRgn
CreatePen
GetClipBox
StretchDIBits
CreateFontA
GetCharWidthA
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetTextExtentPoint32W
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetTextExtentPoint32A
SetPixel
GetPixel
BitBlt
PatBlt
Ellipse
GetBkMode
GetDeviceCaps
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
CreateFontIndirectA
CreateSolidBrush

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegDeleteKeyA
RegQueryValueExA
RegQueryValueA
RegEnumKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegOpenKeyExA

shell32

ShellExecuteExA

comctl32

_TrackMouseEvent

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysFreeString
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen

winmm

PlaySoundA

Sections

.text
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAV_32bit/WindowsVista/Common Files/Disk16.dll
PAV_32bit/WindowsVista/Common Files/Disk32.dll
.dll windows:4 windows x86 arch:x86

98815d72cf50591382834e656918e630

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
ThunkConnect32
SUnMapLS_IP_EBP_28
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
SMapLS_IP_EBP_28
FatalAppExitA
UnhandledExceptionFilter
HeapAlloc
DebugBreak
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
HeapReAlloc
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
SetConsoleCtrlHandler
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetFilePointer
RtlUnwind
SetStdHandle
Sleep
FlushFileBuffers
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
CloseHandle
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

CheckInt13Extension32
Disk_ThunkData32
ReadDisk32
WriteDisk32

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PAV_32bit/WindowsVista/Common Files/DiskSerial.DLL
.dll windows:4 windows x86 arch:x86

ed02738b1ec663583e7130d6921f9270

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
DeviceIoControl
GetVersionExA
DeleteFileA
SetPriorityClass
GetCurrentProcess
FreeResource
WriteFile
SizeofResource
LockResource
lstrlenA
FindResourceA
GetCurrentDirectoryA
CopyFileA
GetSystemDirectoryA
CloseHandle
CreateFileA
GetLocalTime
WinExec
lstrcpyA
LoadResource
OpenFile
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
LCMapStringA
LCMapStringW
FlushFileBuffers

user32

MessageBoxIndirectA
LoadStringA

advapi32

RegQueryValueA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

Exports

Exports

GetBufferSize
GetCPUSerialNumber
GetDiskCylinders
GetDiskHeads
GetDiskSerial
GetModelNumber
GetRevisionNumber
GetSectorsOfTrack
GetSerialNumber

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PAV_32bit/WindowsVista/Common Files/FilesexistsCrashProof.dat
PAV_32bit/WindowsVista/Common Files/GetDateDiff.dll
.dll windows:4 windows x86 arch:x86

ce6ef31899b31809ae0c71c094c6f083

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1253
ord342
ord823
ord1182
ord1168

msvcrt

free
_initterm
malloc
_adjust_fdiv

Exports

Exports

GetDiffDate

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 302B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PAV_32bit/WindowsVista/Common Files/Getdisk.exe
.exe windows:4 windows x86 arch:x86

ddc9ae36a140e8c49cc8f26e81dfafdf

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f5:9e:f8:85:2e:13:80:91:01:af:e5:56:b9:35:a6:f3:e0:99:b4:1f
Signer

Actual PE Digest

f5:9e:f8:85:2e:13:80:91:01:af:e5:56:b9:35:a6:f3:e0:99:b4:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
ord626
__vbaForEachCollAd
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaObjVar
DllFunctionCall
__vbaVarOr
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaInStrVar
__vbaVarCat
__vbaI2Var
ord537
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaVarDup
__vbaStrToAnsi
__vbaVarCopy
__vbaLateMemCallLd
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaNextEachCollAd
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAV_32bit/WindowsVista/Common Files/HDkey.dll
.dll windows:4 windows x86 arch:x86

f2f9ab97622dcd25e853528c19f4fd63

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle

mfc42

ord823
ord1182
ord5710
ord858
ord1228
ord540
ord800
ord941
ord342
ord860
ord535
ord537
ord1168
ord1253
ord825

msvcrt

__dllonexit
_unlink
_except_handler3
?terminate@@YAXXZ
free
_initterm
malloc
_adjust_fdiv
_strupr
strncmp
isalnum
strstr
strncpy
__CxxFrameHandler
_access
ispunct
_onexit
sprintf
atol

kernel32

SetPriorityClass
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
GetVersionExA
GetCurrentProcess
SetCurrentDirectoryA
DeviceIoControl
SetFileAttributesA
Sleep
SetFilePointer
GetLastError
CreateFileA
CloseHandle
ReadFile
GetCurrentDirectoryA

user32

FindWindowA
MessageBoxA

shell32

ShellExecuteA

Exports

Exports

InitGetHDKey
checkInternetCon
getHDKey
getHDSerialNumber
getRegNum

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PAV_32bit/WindowsVista/Common Files/IDE21201.VXD
PAV_32bit/WindowsVista/Common Files/IMAGEDLP.TXT
PAV_32bit/WindowsVista/Common Files/IdleTrac.dll
.dll windows:4 windows x86 arch:x86

295b30bdbaeb6270bfd2051586885edb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetTickCount

user32

SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx

Exports

Exports

?IdleTrackerGetLastTickCount@@YAKXZ
?IdleTrackerInit@@YAHXZ
?IdleTrackerTerm@@YAXXZ

Sections

.text
Size: 4KB - Virtual size: 349B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 423B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.IdleTra
Size: 4KB - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 126B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PAV_32bit/WindowsVista/Common Files/Nodisk.exe
PAV_32bit/WindowsVista/Common Files/PSAPI.DLL
.dll windows:4 windows x86 arch:x86

3b5b4bad881057af15fc35648ebcf206

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ntdll

NtAllocateVirtualMemory
RtlNtStatusToDosError
_stricmp
RtlUnwind
atoi
_chkstk
NtStopProfile
sprintf
RtlMultiByteToUnicodeN
RtlAdjustPrivilege
RtlUnicodeToOemN
NtCreateProfile
NtSetIntervalProfile
NtStartProfile
DbgPrint
NtWriteFile
NtSetInformationProcess
NtQueryInformationProcess
NtQueryVirtualMemory
NtQuerySystemInformation

kernel32

MultiByteToWideChar
GetProcessWorkingSetSize
WideCharToMultiByte
ReadProcessMemory
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
CreateFileA
CloseHandle
DisableThreadLibraryCalls
lstrcpyA
GetProcessHeap
LocalFree
SetLastError
LocalAlloc
SetProcessWorkingSetSize
lstrlenA
GetSystemInfo
HeapAlloc

imagehlp

SymLoadModule
SymGetModuleInfo
SymGetSymFromAddr
SymUnloadModule
SymSetOptions
SymInitialize
SymGetSearchPath

Exports

Exports

EmptyWorkingSet
EnumDeviceDrivers
EnumProcessModules
EnumProcesses
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetMappedFileNameA
GetMappedFileNameW
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleInformation
GetProcessMemoryInfo
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 914B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PAV_32bit/WindowsVista/Common Files/ReadmeCrashProof.chm
.chm
PAV_32bit/WindowsVista/Common Files/RegCheck.exe
.exe windows:4 windows x86 arch:x86

a83c8364d9452c7a90e4a952b855c6a4

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2f:35:e6:b7:51:bf:6c:5f:19:e1:b9:ef:3e:81:2f:7e:73:a9:0f:f0
Signer

Actual PE Digest

2f:35:e6:b7:51:bf:6c:5f:19:e1:b9:ef:3e:81:2f:7e:73:a9:0f:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
RtlUnwind
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
RaiseException
ExitProcess
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
GetStartupInfoA
SetStdHandle
GetFileType
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
LCMapStringA
LCMapStringW
WritePrivateProfileStringA
GetConsoleMode
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetFileTime
GetFileAttributesA
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
GetOEMCP
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
lstrcmpA
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GetModuleFileNameA
GlobalAlloc
FormatMessageA
LocalFree
MulDiv
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
CompareStringW
CompareStringA
InterlockedExchange
GetCurrentProcess
SetEnvironmentVariableA
Sleep
ReadFile
SetFilePointer
GetWindowsDirectoryA
WinExec
lstrcpyA
CreateFileA
CloseHandle
lstrcatA
lstrlenW
GetLastError
SetLastError
GetModuleHandleA
GetCPInfo
lstrlenA
lstrcmpiA
MultiByteToWideChar
GetVersion
GetLocalTime
LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
TerminateProcess
GetVersionExA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
GetConsoleCP
SizeofResource

user32

ReleaseCapture
GetDCEx
LockWindowUpdate
SetCapture
UnregisterClassA
CharNextA
CopyAcceleratorTableA
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
SetParent
RegisterClipboardFormatA
PostThreadMessageA
SetRectEmpty
DestroyMenu
GetWindowThreadProcessId
GetMenuStringA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
GetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
IntersectRect
GetWindowPlacement
GetWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
EndDialog
CharUpperA
EnableMenuItem
LoadIconA
IsIconic
SetWindowLongA
CopyIcon
GetCursorPos
IsWindow
KillTimer
SetTimer
RedrawWindow
PtInRect
LoadImageA
PostMessageA
DestroyCursor
GetWindowLongA
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
GetClientRect
GetWindowRect
SendMessageA
DrawFocusRect
FrameRect
OffsetRect
InflateRect
GetIconInfo
CreateIconIndirect
DrawStateA
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
EndPaint
IsMenu
GetMenuItemInfoA
DrawIconEx
BeginPaint
GetWindowDC
GetMessageA
TranslateMessage
ValidateRect
DestroyIcon
GetSysColorBrush
GetSysColor
GetSystemMetrics
SystemParametersInfoA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
ReleaseDC
GetDC
ModifyMenuA
GetSubMenu
GetMenuState
GetMenuItemID
GetMenuItemCount
AppendMenuA
CreatePopupMenu
CreateMenu
DrawEdge
FillRect
LoadBitmapA
CopyRect
SetRect
LoadCursorA
SetCursor
MessageBoxA
EnableWindow
GetClassInfoExA

gdi32

CreateRectRgn
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
GetTextColor
GetRgnBox
SetBkMode
RestoreDC
SaveDC
GetBkColor
StretchDIBits
CreateFontA
GetCharWidthA
SelectClipRgn
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
CreatePen
GetClipBox
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetTextExtentPoint32W
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetTextExtentPoint32A
SetPixel
GetPixel
BitBlt
PatBlt
Ellipse
GetBkMode
GetDeviceCaps
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
CreateFontIndirectA
CreateSolidBrush

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueExA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey
RegQueryValueA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA

shell32

ShellExecuteExA
ShellExecuteA

comctl32

_TrackMouseEvent

shlwapi

PathIsUNCA
PathFindExtensionA
PathStripToRootA
PathFindFileNameA

oledlg

ord8

ole32

OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear

winmm

PlaySoundA

Sections

.text
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 336KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAV_32bit/WindowsVista/Common Files/RegisterComponent.exe
.exe windows:4 windows x86 arch:x86

92434013891611732f0e24eade9ecf28

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:33:54:14:f0:c0:14:0b:d8:5d:9a:b5:93:c9:b7:44:c2:3b:84:87
Signer

Actual PE Digest

77:33:54:14:f0:c0:14:0b:d8:5d:9a:b5:93:c9:b7:44:c2:3b:84:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringA
GetTickCount
RtlUnwind
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
RaiseException
ExitProcess
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetProcessHeap
GetStartupInfoA
SetStdHandle
GetFileType
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
GetACP
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetExitCodeProcess
CreateProcessA
GetFileTime
GetFileAttributesA
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
GetOEMCP
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
DeleteFileA
lstrcmpA
WaitForSingleObject
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GetModuleFileNameA
GlobalAlloc
FormatMessageA
LocalFree
MulDiv
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
CompareStringW
CompareStringA
InterlockedExchange
GetCurrentProcess
GetEnvironmentVariableA
SetEnvironmentVariableA
Sleep
ReadFile
SetFilePointer
GetWindowsDirectoryA
CreateFileA
CloseHandle
lstrlenW
GetLastError
SetLastError
GetModuleHandleA
GetCPInfo
lstrlenA
lstrcmpiA
MultiByteToWideChar
GetVersion
GetCommandLineA
CopyFileA
SetFileAttributesA
GetLocalTime
LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
TerminateProcess
GetVersionExA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
LCMapStringA
SizeofResource

user32

ReleaseCapture
GetDCEx
LockWindowUpdate
SetCapture
UnregisterClassA
CharNextA
CopyAcceleratorTableA
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
SetParent
RegisterClipboardFormatA
PostThreadMessageA
SetRectEmpty
DestroyMenu
GetWindowThreadProcessId
GetMenuStringA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
IntersectRect
GetWindowPlacement
GetWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
EndDialog
CharUpperA
EnableMenuItem
LoadIconA
IsIconic
ExitWindowsEx
FindWindowA
SetWindowLongA
GetCursorPos
IsWindow
KillTimer
SetTimer
PtInRect
LoadImageA
PostMessageA
DestroyCursor
GetWindowLongA
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
GetClientRect
GetWindowRect
SendMessageA
DrawFocusRect
FrameRect
OffsetRect
InflateRect
GetIconInfo
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
EndPaint
CreateIconIndirect
DrawStateA
IsMenu
BeginPaint
GetWindowDC
GetMessageA
TranslateMessage
TrackPopupMenu
ValidateRect
GetMenuItemInfoA
DrawIconEx
DestroyIcon
GetSysColorBrush
GetSysColor
GetSystemMetrics
SystemParametersInfoA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
ReleaseDC
GetDC
ModifyMenuA
GetSubMenu
GetMenuState
GetMenuItemID
GetMenuItemCount
AppendMenuA
CreatePopupMenu
CreateMenu
DrawEdge
FillRect
LoadBitmapA
CopyRect
SetRect
LoadCursorA
SetCursor
MessageBoxA
EnableWindow
GetClassInfoA

gdi32

CreateRectRgn
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
GetTextColor
GetRgnBox
SetBkMode
RestoreDC
SaveDC
GetBkColor
StretchDIBits
CreateFontA
SelectClipRgn
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
CreatePatternBrush
CreatePen
GetCharWidthA
GetClipBox
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetTextExtentPoint32W
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetTextExtentPoint32A
SetPixel
GetPixel
BitBlt
PatBlt
Ellipse
GetBkMode
GetDeviceCaps
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
CreateFontIndirectA
CreateSolidBrush

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

AdjustTokenPrivileges
RegQueryValueExA
RegEnumKeyA
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
RegCloseKey
RegQueryValueA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA

shell32

ShellExecuteExA
ShellExecuteA

comctl32

_TrackMouseEvent

shlwapi

PathIsUNCA
PathFindExtensionA
PathStripToRootA
PathFindFileNameA

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear

winmm

PlaySoundA

Sections

.text
Size: 292KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAV_32bit/WindowsVista/Common Files/Registration.exe
.exe windows:4 windows x86 arch:x86

42c4a344a7ba485224c75fa7d4830ab1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
GetACP
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
GetCommandLineA
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetStartupInfoA
TerminateProcess
ExitProcess
GetProfileStringA
RtlUnwind
FormatMessageA
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
SetErrorMode
GetFileTime
GetFileSize
GetFileAttributesA
GetOEMCP
GetCPInfo
SizeofResource
GetProcessVersion
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
lstrcpynA
GetLastError
MulDiv
SetLastError
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
VirtualAlloc
GetCurrentDirectoryA

user32

SetRect
GetNextDlgGroupItem
MessageBeep
InvalidateRect
InflateRect
RegisterClipboardFormatA
PostThreadMessageA
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
CopyRect
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
CopyAcceleratorTableA
GetMessagePos
GetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
PtInRect
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
LoadIconA
SendMessageA
AppendMenuA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SetCursor
PostQuitMessage
PostMessageA
EnableWindow
MessageBoxA
IsIconic
GetSystemMetrics
CharNextA
GetSysColorBrush
GetMessageTime
GetClientRect
DrawIcon
DefDlgProcA
IsWindowUnicode
GetSystemMenu
GetDesktopWindow
LoadCursorA
CharUpperA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
DestroyMenu
LoadStringA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
MapWindowPoints
DestroyWindow
GetClassNameA
UpdateWindow
SetForegroundWindow
SendDlgItemMessageA

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
PatBlt
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA

shell32

ShellExecuteA

comctl32

ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleUninitialize

olepro32

ord253

oleaut32

VariantTimeToSystemTime
SysAllocStringLen
SysFreeString
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen
VariantClear

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAV_32bit/WindowsVista/Common Files/RepairWMI.exe
.exe windows:4 windows x86 arch:x86

7261283430a24d292bfd7338bb496c63

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:39:77:68:c0:69:94:64:ec:d7:5c:fe:b0:52:0b:38:f3:25:3a:6c
Signer

Actual PE Digest

2a:39:77:68:c0:69:94:64:ec:d7:5c:fe:b0:52:0b:38:f3:25:3a:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA

kernel32

DeviceIoControl
CloseHandle
CreateFileA
GetLastError
SetPriorityClass
GetCurrentProcess
GetVersionExA
GetWindowsDirectoryA
RemoveDirectoryA
SetCurrentDirectoryA
GetSystemDirectoryA
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
InterlockedIncrement
InterlockedDecrement
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
LocalFree
FormatMessageA
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
GetModuleFileNameA
WaitForSingleObject
SetEvent
SuspendThread
CreateEventA
FreeResource
LoadResource
FindResourceA
LockResource
GlobalFree
GlobalUnlock
GetProcAddress
GetModuleHandleA
lstrcpyA
GlobalFindAtomA
GetProfileStringA
SetEnvironmentVariableA
SetStdHandle
CreateProcessA
GetExitCodeProcess
IsBadCodePtr
SetUnhandledExceptionFilter
VirtualAlloc
HeapReAlloc
HeapAlloc
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
VirtualFree
HeapFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
GetLocalTime
GetSystemTime
GetTimeZoneInformation
GetStdHandle
DebugBreak
RaiseException
ExitThread
CreateThread
HeapValidate
GetCommandLineA
GetStartupInfoA
TerminateProcess
ExitProcess
RtlUnwind
lstrcpyW
CopyFileA
GlobalSize
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileSize
GetTickCount
lstrlenW
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetTempFileNameA
GetFileAttributesA
GetShortPathNameA
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
DeleteFileA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DuplicateHandle
SetErrorMode
GetOEMCP
GetCPInfo
OutputDebugStringA
GetThreadLocale
SizeofResource
GetProcessVersion
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetProfileIntA
GlobalAddAtomA
VirtualProtect
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpynA
IsBadReadPtr
IsBadWritePtr
IsBadStringPtrA
IsBadStringPtrW
MulDiv
SetLastError
ResumeThread
GetThreadPriority
SetThreadPriority
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA

user32

IsClipboardFormatAvailable
InSendMessage
wvsprintfA
RegisterClipboardFormatA
DestroyIcon
MessageBeep
CopyAcceleratorTableA
CharNextA
GetDialogBaseUnits
GetClipboardFormatNameA
UnpackDDElParam
ReuseDDElParam
DestroyMenu
TranslateAcceleratorA
LoadAcceleratorsA
GetWindowThreadProcessId
WaitMessage
DestroyCursor
SetCursorPos
ReleaseCapture
GetAsyncKeyState
LoadStringA
CheckMenuRadioItem
GetMenuContextHelpId
SetMenuContextHelpId
LoadMenuIndirectA
LoadMenuA
RemoveMenu
ModifyMenuA
InsertMenuA
GetSubMenu
GetMenuItemInfoA
GetMenuStringA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
SetMenuDefaultItem
EnableMenuItem
CheckMenuItem
AppendMenuA
DeleteMenu
IsMenu
CreatePopupMenu
CreateMenu
ScrollDC
GrayStringA
GetTabbedTextExtentA
DrawTextA
DrawFocusRect
DrawFrameControl
DrawEdge
DrawStateA
DrawIcon
InvertRect
FrameRect
FillRect
ExcludeUpdateRgn
WindowFromDC
GetSysColorBrush
SubtractRect
UnionRect
InflateRect
SetRectEmpty
SetRect
PtInRect
IsRectEmpty
OpenIcon
CloseWindow
LoadCursorA
PostThreadMessageA
GetWindowContextHelpId
SendNotifyMessageA
GetForegroundWindow
SetForegroundWindow
ShowCaret
HideCaret
SetCaretPos
GetCaretPos
CreateCaret
GetClipboardViewer
GetClipboardOwner
GetOpenClipboardWindow
OpenClipboard
SetClipboardViewer
ChangeClipboardChain
FlashWindow
WindowFromPoint
SetParent
FindWindowA
ChildWindowFromPointEx
ChildWindowFromPoint
ShowScrollBar
GetNextDlgTabItem
GetNextDlgGroupItem
DlgDirSelectComboBoxExA
DlgDirSelectExA
DlgDirListComboBoxA
DlgDirListA
GetDesktopWindow
SetCapture
KillTimer
SetTimer
EnableScrollBar
RedrawWindow
LockWindowUpdate
GetDCEx
ShowOwnedPopups
IsWindowVisible
ValidateRgn
InvalidateRgn
InvalidateRect
GetUpdateRgn
GetUpdateRect
UpdateWindow
ReleaseDC
GetWindowDC
GetDC
EndPaint
BeginPaint
ClientToScreen
BringWindowToTop
GetWindowRgn
SetWindowRgn
ArrangeIconicWindows
IsZoomed
HiliteMenuItem
GetSystemMenu
DrawMenuBar
SetMenu
GetMenu
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
MessageBoxA
UnregisterClassA
DefDlgProcA
IsWindowUnicode
GetSystemMetrics
CharToOemA
OemToCharA
SendMessageA
IsWindow
PostMessageA
TabbedTextOutA
PostQuitMessage
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
LoadIconA
SendDlgItemMessageA
GetClientRect
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
GetClassNameA
GetDlgCtrlID
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
SetCursor
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetParent
GetWindowLongA
SetWindowsHookExA
GetCursorPos
PeekMessageA
ValidateRect
CallNextHookEx
GetKeyState
DispatchMessageA
TranslateMessage
GetMessageA
GetFocus
SetMenuItemBitmaps
LoadBitmapA
GetMenuCheckMarkDimensions
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
EndDialog
SetWindowContextHelpId
GetWindow
SetWindowPos
MapDialogRect
GetWindowRect
GetWindowPlacement
IsIconic
CharUpperA

gdi32

SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateBitmap
ExtTextOutA
CloseEnhMetaFile
CreateEnhMetaFileA
CloseMetaFile
CreateMetaFileA
GetBrushOrgEx
SetBrushOrgEx
EnumObjects
SelectObject
GetNearestColor
RealizePalette
UpdateColors
GetBkColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextColor
GetMapMode
GetViewportOrgEx
GetViewportExtEx
GetWindowOrgEx
GetWindowExtEx
DPtoLP
LPtoDP
FillRgn
FrameRgn
InvertRgn
PaintRgn
PtVisible
RectVisible
GetCurrentPositionEx
Arc
Polyline
Chord
Ellipse
Pie
Polygon
PolyPolygon
Rectangle
RoundRect
PatBlt
BitBlt
StretchBlt
GetPixel
SetPixel
FloodFill
ExtFloodFill
TextOutA
GetTextExtentPoint32A
GetTextAlign
GetTextFaceA
GetTextMetricsA
GetTextCharacterExtra
GetCharWidthA
GetAspectRatioFilterEx
Escape
SetBoundsRect
GetBoundsRect
ResetDCA
GetOutlineTextMetricsA
GetCharABCWidthsA
GetFontData
GetKerningPairsA
GetGlyphOutlineA
StartDocA
StartPage
EndPage
SetAbortProc
GetObjectA
EndDoc
MaskBlt
PlgBlt
SetPixelV
AngleArc
GetArcDirection
PolyPolyline
GetColorAdjustment
GetCurrentObject
PolyBezier
DrawEscape
ExtEscape
GetCharABCWidthsFloatA
GetCharWidthFloatA
AbortPath
BeginPath
CloseFigure
EndPath
FillPath
FlattenPath
GetMiterLimit
GetPath
SetMiterLimit
StrokeAndFillPath
StrokePath
WidenPath
GdiComment
PlayEnhMetaFile
DeleteDC
SaveDC
RestoreDC
SelectPalette
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
GetTextExtentPointA
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
DeleteObject
GetClipRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
EnumMetaFile
PlayMetaFile
StretchDIBits
CopyMetaFileA
DeleteMetaFile
GetStockObject
UnrealizeObject
GetObjectType
CreatePen
CreatePenIndirect
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreateBrushIndirect
CreatePatternBrush
CreateDIBPatternBrushPt
CreateFontIndirectA
CreateFontA
CreateBitmapIndirect
SetBitmapBits
GetBitmapBits
SetBitmapDimensionEx
GetBitmapDimensionEx
CreateCompatibleBitmap
CreateDiscardableBitmap
CreatePalette
CreateHalftonePalette
GetPaletteEntries
SetPaletteEntries
AnimatePalette
GetNearestPaletteIndex
ResizePalette
CreateRectRgn
CreateRectRgnIndirect
CreateEllipticRgn
CreateEllipticRgnIndirect
CreatePolygonRgn
CreatePolyPolygonRgn
CreateDIBitmap
CreateRoundRectRgn
PathToRegion
ExtCreateRegion
GetRegionData
SetRectRgn
CombineRgn
EqualRgn
OffsetRgn
GetRgnBox
PtInRegion
RectInRegion
CreateDCA
CreateICA
CreateCompatibleDC
AbortDoc
GetDeviceCaps

comdlg32

PrintDlgA
PageSetupDlgA
GetFileTitleA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

GetFileSecurityA
SetFileSecurityA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegCreateKeyA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegSetValueA
RegQueryValueA
RegCloseKey

shell32

DragQueryFileA
ExtractIconA
SHGetFileInfoA
DragAcceptFiles
DragFinish

comctl32

ImageList_GetImageCount
ImageList_Add
ImageList_AddMasked
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Draw
ImageList_SetBkColor
ImageList_Write
ImageList_SetOverlayImage
ImageList_GetImageInfo
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragMove
ImageList_SetDragCursorImage
ImageList_DragShowNolock
ImageList_GetDragImage
ImageList_DragEnter
ImageList_DragLeave
ImageList_Read
ImageList_Merge
ImageList_LoadImageA
ImageList_Create
ImageList_Destroy
ord13
CreatePropertySheetPageA
DestroyPropertySheetPage
PropertySheetA
ord8
ord17
ImageList_GetBkColor
ord14

oledlg

ord3
ord7
ord6
ord5
ord9
ord4
ord8

ole32

CoGetMalloc
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
OleLockRunning
OleSetContainedObject
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateFromFile
OleCreateLinkToFile
OleCreate
OleLoad
OleSave
StgIsStorageILockBytes
GetHGlobalFromILockBytes
OleGetIconOfClass
WriteClassStm
OleSaveToStream
OleIsRunning
OleQueryCreateFromData
OleQueryLinkFromData
OleGetClipboard
OleSetMenuDescriptor
DoDragDrop
OleRegEnumVerbs
OleRegGetMiscStatus
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CreateStreamOnHGlobal
CreateDataAdviseHolder
OleTranslateAccelerator
IsAccelerator
GetRunningObjectTable
CoLockObjectExternal
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CreateBindCtx
OleDuplicateData
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoDisconnectObject
OleRun
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
GetClassFile
CreateFileMoniker
CreateGenericComposite
CreateItemMoniker
OleFlushClipboard
OleSetClipboard
CoRevokeClassObject
OleIsCurrentClipboard
CoRegisterClassObject
CoRegisterMessageFilter
ReleaseStgMedium
CreateOleAdviseHolder
CoTreatAsClass

olepro32

ord253

oleaut32

SafeArrayRedim
LoadTypeLi
SysStringLen
DosDateTimeToVariantTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromDate
VarDateFromStr
VarBstrFromCy
VarCyFromStr
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate
SysFreeString
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysReAllocStringLen
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen

Sections

.text
Size: 916KB - Virtual size: 914KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 56KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAV_32bit/WindowsVista/Common Files/RescueCD.exe
.exe windows:4 windows x86 arch:x86

8677b94fe5fce6fd2a77c6e10e2881cf

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a3:a6:15:a1:16:1d:b4:09:be:bd:dd:00:af:dd:22:94:7d:8e:07:82
Signer

Actual PE Digest

a3:a6:15:a1:16:1d:b4:09:be:bd:dd:00:af:dd:22:94:7d:8e:07:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitThread
CreateThread
RaiseException
ExitProcess
HeapSize
GetACP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStartupInfoA
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetProcessHeap
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
RtlUnwind
HeapAlloc
HeapFree
GetTickCount
SetErrorMode
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WritePrivateProfileStringA
GetThreadLocale
GetOEMCP
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
GetFullPathNameA
GetFileTime
GetFileAttributesA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GetCurrentProcessId
GetModuleFileNameA
lstrcmpA
SuspendThread
SetEvent
InterlockedDecrement
GetModuleFileNameW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
lstrcmpW
FreeResource
GetFileSize
ReadFile
CreateFileW
Sleep
SetThreadPriority
ResumeThread
WriteFile
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileA
GetTimeZoneInformation
GetSystemTime
GetDriveTypeA
CreateEventA
WaitForSingleObject
ResetEvent
DeviceIoControl
CreateFileA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseHandle
InitializeCriticalSection
CompareStringW
CompareStringA
InterlockedExchange
OpenProcess
TerminateProcess
lstrlenW
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetCPInfo
lstrlenA
lstrcmpiA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
GetVersion
SetHandleCount
GetVersionExA

user32

PostThreadMessageA
RegisterClipboardFormatA
LoadCursorA
ReleaseCapture
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetWindowThreadProcessId
CreateDialogIndirectParamA
EndDialog
EndPaint
BeginPaint
GetWindowDC
GetMessageA
TranslateMessage
ValidateRect
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
GetCursorPos
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
MessageBeep
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
IntersectRect
IsIconic
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
CheckMenuItem
IsWindow
SetRectEmpty
PtInRect
SetWindowLongA
GetMenuStringA
DestroyMenu
CharUpperA
MessageBoxA
EnableMenuItem
KillTimer
SetTimer
GetSystemMenu
LoadImageA
PostMessageA
SetCursor
DestroyCursor
GetWindowLongA
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
GetClientRect
GetWindowRect
SendMessageA
DrawFocusRect
FrameRect
OffsetRect
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
UnregisterClassA
InflateRect
GetIconInfo
CreateIconIndirect
SetCapture
LockWindowUpdate
GetDCEx
SetParent
GetTopWindow
IsRectEmpty
DrawStateA
IsMenu
GetMenuItemInfoA
DrawIconEx
DestroyIcon
GetSysColorBrush
GetSysColor
GetSystemMetrics
SystemParametersInfoA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
EnableWindow
GetDesktopWindow
ReleaseDC
GetDC
ModifyMenuA
GetSubMenu
GetMenuState
GetMenuItemID
GetMenuItemCount
AppendMenuA
CreatePopupMenu
CreateMenu
DrawEdge
FillRect
LoadBitmapA
CopyRect
SetRect
PeekMessageA

gdi32

CreateRectRgn
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreateRectRgnIndirect
SetRectRgn
SelectClipRgn
GetMapMode
GetTextColor
GetRgnBox
SetBkMode
RestoreDC
SaveDC
GetBkColor
GetClipBox
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
CombineRgn
CreatePen
StretchDIBits
CreateFontA
GetCharWidthA
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetTextExtentPoint32W
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetTextExtentPoint32A
SetPixel
GetPixel
BitBlt
PatBlt
Ellipse
GetBkMode
GetDeviceCaps
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
CreateFontIndirectA
CreateSolidBrush

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
RegQueryValueA
RegEnumKeyA
RegCloseKey
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

shell32

ShellExecuteExA

comctl32

_TrackMouseEvent

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleInitialize

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysFreeString
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen

winmm

PlaySoundA

Sections

.text
Size: 320KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAV_32bit/WindowsVista/Common Files/RescueCD.iso
.iso
[BOOT]/Boot-1.44M.img
PAV_32bit/WindowsVista/Common Files/SchedularUDC.exe
.exe windows:4 windows x86 arch:x86

96d52569179364b3026ccd8df5ed2d58

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

idletrac

?IdleTrackerInit@@YAHXZ
?IdleTrackerGetLastTickCount@@YAKXZ
?IdleTrackerTerm@@YAXXZ

kernel32

FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
RtlUnwind
HeapFree
HeapAlloc
ExitProcess
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RaiseException
ExitThread
CreateThread
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetErrorMode
GetExitCodeProcess
CreateProcessA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetVersionExA
GetVersion
MultiByteToWideChar
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceA
lstrcmpiA
lstrlenA
GetCPInfo
LoadLibraryA
GetModuleHandleA
GetProcAddress
SetLastError
GetLastError
lstrlenW
CloseHandle
DeviceIoControl
CreateFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
DeleteFileA
SetFileAttributesA
SetFilePointer
CopyFileA
GetSystemDirectoryA
GetWindowsDirectoryA
SetEnvironmentVariableA
GetEnvironmentVariableA
ReadFile
WriteFile
Sleep
WritePrivateProfileStringA
FileTimeToSystemTime
GetOEMCP
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcess
GetLocalTime
FreeLibrary
OpenProcess
TerminateProcess
FindClose
InterlockedIncrement
GlobalFlags
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
SetThreadPriority
InterlockedDecrement
GetModuleFileNameW
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GlobalAlloc
FormatMessageA
LocalFree
MulDiv
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
CompareStringW
CompareStringA
InterlockedExchange
GetTickCount
QueryDosDeviceA
GetDriveTypeA
ResumeThread
FindFirstFileA

user32

BringWindowToTop
InsertMenuItemA
LoadAcceleratorsA
ReleaseCapture
ReuseDDElParam
UnpackDDElParam
GetDCEx
LockWindowUpdate
SetCapture
UnregisterClassA
CharNextA
CopyAcceleratorTableA
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
SetParent
RegisterClipboardFormatA
PostThreadMessageA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
TranslateAcceleratorA
IsWindowVisible
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
IntersectRect
GetWindowPlacement
GetWindow
DestroyMenu
GetMenuStringA
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
EndDialog
CharUpperA
LoadCursorA
LoadIconA
KillTimer
SetTimer
IsIconic
DrawIcon
ExitWindowsEx
FindWindowA
GetMenu
GetCursorPos
GetMenuDefaultItem
SetForegroundWindow
SetMenu
LoadMenuA
SetMenuDefaultItem
PostMessageA
SetCursor
DestroyCursor
GetWindowLongA
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
GetClientRect
GetWindowRect
DrawFocusRect
FrameRect
OffsetRect
InflateRect
GetIconInfo
CreateIconIndirect
DrawStateA
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
ShowOwnedPopups
PostQuitMessage
EndPaint
IsMenu
GetMenuItemInfoA
DrawIconEx
BeginPaint
GetWindowDC
GetMessageA
TranslateMessage
ValidateRect
SetRectEmpty
DestroyIcon
GetSysColorBrush
GetSysColor
GetSystemMetrics
SystemParametersInfoA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
ReleaseDC
GetDC
ModifyMenuA
InsertMenuA
GetSubMenu
GetMenuState
GetMenuItemCount
AppendMenuA
CreatePopupMenu
CreateMenu
DrawEdge
FillRect
LoadBitmapA
CopyRect
SetRect
EnableMenuItem
LoadImageA
SendMessageA
EnableWindow
GetSystemMenu
GetMenuItemID
MessageBoxA
PtInRect

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextExtentPoint32W
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
GetStockObject
SetTextColor
SetBkColor
CreateBitmap
GetClipBox
GetCharWidthA
CreateFontA
StretchDIBits
GetBkColor
SaveDC
RestoreDC
SetBkMode
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
GetTextExtentPoint32A
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetTextColor
GetRgnBox
SetPixel
GetPixel
BitBlt
PatBlt
Ellipse
GetBkMode
GetDeviceCaps
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
CreateFontIndirectA
CreateSolidBrush
CreatePen

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

Shell_NotifyIconA
ShellExecuteA
DragFinish
DragQueryFileA
ShellExecuteExA

comctl32

_TrackMouseEvent

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
SHDeleteKeyA
PathIsUNCA

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear

winmm

PlaySoundA

Sections

.text
Size: 356KB - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAV_32bit/WindowsVista/Common Files/Uninstall.exe
.exe windows:4 windows x86 arch:x86

cd748f0ec99a75ee1056baa672fe090f

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:66:83:14:91:31:ca:43:e2:f4:54:b6:ca:21:1d:ad:eb:66:79:44
Signer

Actual PE Digest

10:66:83:14:91:31:ca:43:e2:f4:54:b6:ca:21:1d:ad:eb:66:79:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
SHDeleteKeyA

kernel32

GlobalFlags
GetOEMCP
WritePrivateProfileStringA
GetTickCount
RtlUnwind
HeapAlloc
HeapFree
ExitProcess
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RaiseException
SetStdHandle
GetFileType
ExitThread
CreateThread
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
GetFileTime
SetHandleCount
GetStdHandle
VirtualFree
HeapDestroy
HeapCreate
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetExitCodeProcess
CreateProcessA
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
InterlockedDecrement
GetModuleFileNameW
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
FreeResource
GetModuleFileNameA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetThreadLocale
UnlockFile
LockFile
FlushFileBuffers
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
CompareStringW
CompareStringA
InterlockedExchange
GetShortPathNameA
DeleteFileA
FreeLibrary
GetCurrentProcess
GetCurrentDirectoryA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetWindowsDirectoryA
GetSystemDirectoryA
DeviceIoControl
lstrlenW
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetCPInfo
lstrlenA
lstrcmpiA
MultiByteToWideChar
GetVersion
CopyFileA
GetVersionExA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetDiskFreeSpaceExA
GetDriveTypeA
FindFirstFileA
Sleep
FindNextFileA
FindClose
RemoveDirectoryA
CreateFileA
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
CloseHandle
GetFileAttributesA
SetFileAttributesA
OpenProcess
TerminateProcess
GetACP

user32

ReleaseCapture
GetDCEx
LockWindowUpdate
SetCapture
UnregisterClassA
CharNextA
CopyAcceleratorTableA
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
SetParent
RegisterClipboardFormatA
PostThreadMessageA
LoadCursorA
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
PostQuitMessage
CreateDialogIndirectParamA
EndDialog
EndPaint
BeginPaint
GetWindowDC
GetMessageA
TranslateMessage
ValidateRect
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
GetCursorPos
KillTimer
SetTimer
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
IntersectRect
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
CheckMenuItem
IsWindow
MessageBoxA
SetDlgItemTextA
FindWindowA
SetRect
CopyRect
LoadBitmapA
SetRectEmpty
PtInRect
SetWindowLongA
DestroyMenu
GetMenuStringA
CharUpperA
LoadIconA
IsIconic
DrawIcon
EnableMenuItem
GetSystemMenu
ExitWindowsEx
LoadImageA
PostMessageA
SetCursor
DestroyCursor
GetWindowLongA
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
FillRect
DrawEdge
CreateMenu
CreatePopupMenu
AppendMenuA
GetMenuItemCount
GetMenuItemID
GetMenuState
GetSubMenu
ModifyMenuA
GetDC
ReleaseDC
GetDesktopWindow
EnableWindow
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
SystemParametersInfoA
GetSystemMetrics
GetSysColor
GetSysColorBrush
DestroyIcon
DrawIconEx
GetMenuItemInfoA
IsMenu
DrawStateA
CreateIconIndirect
GetIconInfo
InflateRect
OffsetRect
FrameRect
DrawFocusRect
GetClientRect
GetWindowRect
SendMessageA
GetDlgItem

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
GetTextColor
GetRgnBox
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
CreateSolidBrush
CreatePen
SetBkMode
RestoreDC
SaveDC
GetBkColor
GetClipBox
StretchDIBits
CreateFontA
GetCharWidthA
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetTextExtentPoint32W
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetTextExtentPoint32A
SetPixel
GetPixel
BitBlt
PatBlt
Ellipse
GetBkMode
GetDeviceCaps
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
CreateFontIndirectA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

LookupPrivilegeValueA
RegQueryValueExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
OpenProcessToken
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA

shell32

ShellExecuteExA
ShellExecuteA

comctl32

_TrackMouseEvent

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocString
OleCreateFontIndirect
SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime

winmm

PlaySoundA

Sections

.text
Size: 336KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAV_32bit/WindowsVista/Common Files/VDMDBG.DLL
.dll windows:4 windows x86 arch:x86

67615df65c833ecc28acdadedd67ac28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
CreateFileMappingA
CreateMutexA
GetThreadSelectorEntry
ReadProcessMemory
OpenProcess
WriteProcessMemory
TerminateThread
ContinueDebugEvent
WaitForDebugEvent
CreateRemoteThread
OutputDebugStringA
UnmapViewOfFile
MapViewOfFile
MultiByteToWideChar
CloseHandle
WideCharToMultiByte
LCMapStringW
HeapFree
HeapAlloc
GetStringTypeA
GetStringTypeW
VirtualFree
VirtualAlloc
ReleaseMutex
GlobalAddAtomA
LCMapStringA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

user32

GetWindowThreadProcessId
FindWindowExA
PostMessageA

Exports

Exports

VDMBreakThread
VDMDetectWOW
VDMEnumProcessWOW
VDMEnumTaskWOW
VDMEnumTaskWOWEx
VDMGetModuleSelector
VDMGetPointer
VDMGetSelectorModule
VDMGetThreadContext
VDMGetThreadSelectorEntry
VDMGlobalFirst
VDMGlobalNext
VDMKillWOW
VDMModuleFirst
VDMModuleNext
VDMProcessException
VDMSetThreadContext
VDMStartTaskInWOW
VDMTerminateTaskWOW

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PAV_32bit/WindowsVista/Common Files/unfixwmi.bat
PAV_32bit/WindowsVista/CommonFilesexists.dat
PAV_32bit/WindowsVista/DLP/Cpservice.exe
.exe windows:4 windows x86 arch:x86

bd3fc764866fe2be393e555058db0893

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:7c:44:66:0d:c8:87:df:89:b4:17:f3:5c:30:0b:be:a4:9e:5b:8e
Signer

Actual PE Digest

2d:7c:44:66:0d:c8:87:df:89:b4:17:f3:5c:30:0b:be:a4:9e:5b:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
Sleep
OutputDebugStringA
GetCurrentDirectoryA
CloseHandle
GetFileAttributesA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
RtlUnwind
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
HeapSize
CreateFileA

user32

FindWindowA

advapi32

CreateServiceA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenServiceA
SetServiceStatus
CloseServiceHandle
StartServiceA
OpenSCManagerA
DeleteService
ControlService

shell32

ShellExecuteA

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAV_32bit/WindowsVista/DLP/Crash Proof Help1.chm
.chm
PAV_32bit/WindowsVista/DLP/Crash Proof Help2.chm
.chm
PAV_32bit/WindowsVista/DLP/Crash Proof Help3.chm
.chm
PAV_32bit/WindowsVista/DLP/Crash Proof Help4.chm
.chm
PAV_32bit/WindowsVista/DLP/Crash Proof Help5.chm
.chm
PAV_32bit/WindowsVista/DLP/DRIVEGE.EXE
PAV_32bit/WindowsVista/DLP/Extract.dll
.dll windows:4 windows x86 arch:x86

44173c239b3b39da1bf587d90e9032ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1200
ord825
ord535
ord5683
ord4129
ord1168
ord858
ord800

msvcrt

_adjust_fdiv
_initterm
sprintf
malloc
__CxxFrameHandler
free

kernel32

LoadLibraryA
FreeLibrary
SetCurrentDirectoryA
GetCurrentDirectoryA
DisableThreadLibraryCalls
GetProcAddress

Exports

Exports

ExtractZipFile

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 653B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PAV_32bit/WindowsVista/DLP/FileRecovery9x.exe
.exe windows:4 windows x86 arch:x86

c787c084da4d32ffa72765f60c92e658

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:63:48:30:08:5d:5c:e9:8a:cb:dc:89:b2:dd:e6:88
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

26/02/2007, 00:00

Not After

26/02/2008, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=Secure Application Development,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

f3:30:12:98:37:86:f3:5c:44:ff:9f:27:3a:9e:54:72:3d:29:c5:9a
Signer

Actual PE Digest

f3:30:12:98:37:86:f3:5c:44:ff:9f:27:3a:9e:54:72:3d:29:c5:9a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
CreateDirectoryA
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetStartupInfoA
ExitThread
CreateThread
GetACP
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
LCMapStringA
LCMapStringW
WritePrivateProfileStringA
GetFileType
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetFileTime
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
GetOEMCP
InterlockedIncrement
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetThreadLocale
UnlockFile
LockFile
FlushFileBuffers
DeleteFileA
lstrcmpA
CreateEventA
SetEvent
WaitForSingleObject
SetThreadPriority
InterlockedDecrement
GetModuleFileNameW
GetModuleFileNameA
GlobalFree
GlobalAlloc
FormatMessageA
LocalFree
MulDiv
GlobalLock
GlobalUnlock
GetCurrentProcessId
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
lstrcmpW
CompareStringW
CompareStringA
InterlockedExchange
GetWindowsDirectoryA
GetLocalTime
GetFileSize
WriteFile
ReadFile
GetEnvironmentVariableA
SetEnvironmentVariableA
DeviceIoControl
HeapReAlloc
CreateFileA
Sleep
SetFilePointer
SetEndOfFile
CloseHandle
SuspendThread
ResumeThread
GetCurrentDirectoryA
GetProcessHeap
HeapFree
HeapAlloc
HeapSize
TerminateThread
OpenProcess
TerminateProcess
GetFileAttributesA
lstrlenW
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetCPInfo
lstrlenA
lstrcmpiA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
GetVersion
SetHandleCount
GetVersionExA

user32

ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
IsRectEmpty
SetParent
GetDCEx
LockWindowUpdate
SetCapture
UnregisterClassA
CharNextA
CopyAcceleratorTableA
InvalidateRgn
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
SetDlgItemTextA
SetDlgItemInt
EndPaint
BeginPaint
GetWindowDC
GetMenuStringA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
GetWindowThreadProcessId
IsWindowEnabled
LoadAcceleratorsA
InsertMenuItemA
BringWindowToTop
SetMenu
ShowWindow
TranslateAcceleratorA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
PostQuitMessage
TrackPopupMenu
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
IntersectRect
GetWindowPlacement
GetWindow
GetNextDlgGroupItem
GetCursorPos
SetRectEmpty
GetCapture
ReleaseCapture
RedrawWindow
CharUpperA
LoadCursorA
LoadIconA
IsIconic
DrawIcon
FindWindowA
GetMenu
EnableMenuItem
GetSystemMenu
MessageBoxA
LoadImageA
PostMessageA
SetCursor
DestroyCursor
GetWindowLongA
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
SendMessageA
DrawFocusRect
FrameRect
OffsetRect
InflateRect
DrawStateA
GetIconInfo
CreateIconIndirect
IsMenu
CreateDialogIndirectParamA
EndDialog
GetMessageA
TranslateMessage
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
CheckMenuItem
GetMenuItemInfoA
DrawIconEx
DestroyIcon
MoveWindow
SetWindowTextA
IsDialogMessageA
GetSysColorBrush
GetSysColor
SystemParametersInfoA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
EnableWindow
GetDesktopWindow
ReleaseDC
GetDC
ModifyMenuA
GetSubMenu
GetMenuState
GetMenuItemID
GetMenuItemCount
AppendMenuA
CreatePopupMenu
CreateMenu
DrawEdge
FillRect
LoadBitmapA
CopyRect
SetRect
GetSystemMetrics
KillTimer
SetTimer
GetClientRect
GetWindowRect
SetWindowRgn
IsWindow

gdi32

SelectClipRgn
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
CreatePatternBrush
GetCharWidthA
CreateFontA
GetBkColor
CreateRectRgnIndirect
SetRectRgn
GetMapMode
DPtoLP
GetTextColor
GetRgnBox
GetClipBox
StretchDIBits
CreateBitmap
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
ExtSelectClipRgn
CreateSolidBrush
SetBkColor
SetTextColor
GetStockObject
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetTextExtentPoint32W
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetPixel
GetPixel
BitBlt
PatBlt
Ellipse
GetBkMode
GetDeviceCaps
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
CreatePen
GetTextExtentPoint32A
FrameRgn
FillRgn
CombineRgn
CreateRoundRectRgn
CreatePolygonRgn
CreateRectRgn
CreateFontIndirectA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegOpenKeyExA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
ShellExecuteExA
DragQueryFileA
DragFinish

comctl32

_TrackMouseEvent

shlwapi

PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear

winmm

PlaySoundA

Sections

.text
Size: 408KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAV_32bit/WindowsVista/DLP/FileRecoveryNt.exe
.exe windows:4 windows x86 arch:x86

cd0173e8b9145738bd26136fdeab64b6

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a3:85:8a:11:92:f3:13:c6:bc:77:37:e9:54:b1:ce:0f:93:a0:b0:32
Signer

Actual PE Digest

a3:85:8a:11:92:f3:13:c6:bc:77:37:e9:54:b1:ce:0f:93:a0:b0:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
CreateDirectoryW
ExitProcess
DeleteFileA
GetFileAttributesA
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
WritePrivateProfileStringW
GetFileTime
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
InterlockedIncrement
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
DeleteFileW
lstrcmpA
CreateEventW
SetEvent
WaitForSingleObject
SetThreadPriority
InterlockedDecrement
GetModuleFileNameW
GetModuleHandleA
GlobalFree
GlobalAlloc
FormatMessageW
LocalFree
MulDiv
GlobalLock
GlobalUnlock
GetCurrentProcessId
GlobalGetAtomNameW
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
FreeLibrary
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
GetWindowsDirectoryW
GetLocalTime
WideCharToMultiByte
GetFileSize
WriteFile
ReadFile
GetEnvironmentVariableW
SetEnvironmentVariableW
DeviceIoControl
HeapReAlloc
CreateFileW
Sleep
SetFilePointer
SetEndOfFile
CloseHandle
SuspendThread
ResumeThread
GetCurrentDirectoryW
GetProcessHeap
HeapFree
HeapAlloc
HeapSize
TerminateThread
OpenProcess
TerminateProcess
GetFileAttributesW
GetLastError
SetLastError
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetCPInfo
lstrlenA
lstrlenW
lstrcmpiW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetVersion
HeapDestroy
GetVersionExW

user32

ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
IsRectEmpty
SetParent
GetDCEx
LockWindowUpdate
SetCapture
UnregisterClassW
CharNextW
CopyAcceleratorTableW
InvalidateRgn
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
SetDlgItemTextW
SetDlgItemInt
EndPaint
BeginPaint
GetWindowDC
GetMenuStringW
UnpackDDElParam
ReuseDDElParam
LoadMenuW
DestroyMenu
GetWindowThreadProcessId
IsWindowEnabled
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
SetMenu
ShowWindow
TranslateAcceleratorW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PostQuitMessage
MapWindowPoints
TrackPopupMenu
GetKeyState
IsWindowVisible
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetNextDlgGroupItem
GetCursorPos
SetRectEmpty
GetCapture
ReleaseCapture
RedrawWindow
LoadCursorW
LoadIconW
IsIconic
DrawIcon
FindWindowW
GetMenu
EnableMenuItem
GetSystemMenu
MessageBoxW
LoadImageW
PostMessageW
SetCursor
DestroyCursor
GetWindowLongW
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
SendMessageW
DrawFocusRect
FrameRect
OffsetRect
InflateRect
GetIconInfo
CreateIconIndirect
DrawStateW
IsMenu
CharUpperW
CreateDialogIndirectParamW
EndDialog
GetMessageW
TranslateMessage
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetMenuItemInfoW
DrawIconEx
DestroyIcon
CheckMenuItem
MoveWindow
SetWindowTextW
PeekMessageW
IsDialogMessageW
GetSysColorBrush
GetSysColor
SystemParametersInfoW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
EnableWindow
GetDesktopWindow
ReleaseDC
GetDC
ModifyMenuW
GetSubMenu
GetMenuState
GetMenuItemID
GetMenuItemCount
AppendMenuW
CreatePopupMenu
CreateMenu
DrawEdge
FillRect
LoadBitmapW
CopyRect
SetRect
GetSystemMetrics
KillTimer
SetTimer
GetClientRect
GetWindowRect
SetWindowRgn
IsWindow
SetForegroundWindow
UnregisterClassA

gdi32

SelectClipRgn
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
CreatePatternBrush
GetCharWidthW
CreateFontW
GetBkColor
CreateRectRgnIndirect
SetRectRgn
GetMapMode
DPtoLP
GetTextColor
GetRgnBox
GetClipBox
StretchDIBits
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetBkMode
RestoreDC
ExtSelectClipRgn
CreateSolidBrush
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
SetPixel
GetPixel
BitBlt
PatBlt
Ellipse
GetBkMode
GetDeviceCaps
CreateCompatibleDC
GetObjectW
CreateCompatibleBitmap
CreatePen
GetTextExtentPoint32W
FrameRgn
FillRgn
CombineRgn
CreateRoundRectRgn
CreatePolygonRgn
CreateRectRgn
CreateFontIndirectW
SaveDC

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegOpenKeyExW

shell32

SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
ShellExecuteExW
DragQueryFileW
DragFinish

comctl32

_TrackMouseEvent

shlwapi

PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysFreeString
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen

winmm

PlaySoundW

Sections

.text
Size: 408KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAV_32bit/WindowsVista/DLP/GetDateDiff.dll
.dll windows:4 windows x86 arch:x86

ce6ef31899b31809ae0c71c094c6f083

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1253
ord342
ord823
ord1182
ord1168

msvcrt

free
_initterm
malloc
_adjust_fdiv

Exports

Exports

GetDiffDate

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 302B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PAV_32bit/WindowsVista/DLP/IdleTrac.dll
.dll windows:4 windows x86 arch:x86

295b30bdbaeb6270bfd2051586885edb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetTickCount

user32

SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx

Exports

Exports

?IdleTrackerGetLastTickCount@@YAKXZ
?IdleTrackerInit@@YAHXZ
?IdleTrackerTerm@@YAXXZ

Sections

.text
Size: 4KB - Virtual size: 349B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 423B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.IdleTra
Size: 4KB - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 126B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PAV_32bit/WindowsVista/DLP/Lfn.exe
.exe windows:4 windows x86 arch:x86

2663423149f72cd4d6756343ab92e19c

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:40:76:4c:13:de:ff:9c:98:40:75:ce:4b:cf:c4:a6
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

27/02/2011, 00:00

Not After

01/03/2013, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:f5:df:c6:e4:dc:63:1f:82:b3:33:a5:11:05:82:5b:56:1c:25:6c
Signer

Actual PE Digest

2c:f5:df:c6:e4:dc:63:1f:82:b3:33:a5:11:05:82:5b:56:1c:25:6c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
CreateFileA
LCMapStringW
LCMapStringA
GetCPInfo
FlushFileBuffers
GetOEMCP
HeapReAlloc
VirtualAlloc
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetProcAddress
LoadLibraryA
SetEndOfFile
GetShortPathNameA
OpenProcess
SetStdHandle
TerminateProcess
GetLastError
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
CloseHandle
ExitProcess
GetCurrentProcess
GetFileAttributesA
GetCurrentProcessId
MoveFileA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
GetCurrentThreadId
TlsAlloc
SetLastError
HeapAlloc
UnhandledExceptionFilter
RtlUnwind
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WriteFile
InterlockedDecrement
InterlockedIncrement
ReadFile
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW

user32

PostMessageA
GetDC
ReleaseDC
GetDlgItemTextA
SetDlgItemTextA
GetSystemMenu
GetMenuItemID
EnableMenuItem
LoadImageA
EndDialog
DefWindowProcA
DestroyWindow
BeginPaint
GetClientRect
DrawTextA
EndPaint
PostQuitMessage
MessageBoxA
CreateWindowExA
DialogBoxParamA
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA

gdi32

CreateCompatibleDC
SelectObject
GetObjectA
BitBlt
DeleteDC
DeleteObject
CreateSolidBrush

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAV_32bit/WindowsVista/DLP/Lookup.exe
.exe windows:4 windows x86 arch:x86

dcb186814f6798c8d068ab676491cea7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
FormatMessageA
GetLastError
CreateFileA
WaitForSingleObject
CloseHandle
SetFileAttributesA
Sleep
GetProcAddress
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesA
ExitProcess
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RtlUnwind
SetFilePointer
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetStdHandle
HeapReAlloc
VirtualAlloc
HeapSize
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ReadFile
SetEndOfFile

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAV_32bit/WindowsVista/DLP/REVIVE.EXE
PAV_32bit/WindowsVista/DLP/protect.exe
.exe windows:4 windows x86 arch:x86

b29dcc34dda1ca8db606363527e3e534

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:4f:bd:54:3b:9d:f3:4f:c0:3f:4c:d2:cc:4a:0c:b2:9e:da:29:29
Signer

Actual PE Digest

55:4f:bd:54:3b:9d:f3:4f:c0:3f:4c:d2:cc:4a:0c:b2:9e:da:29:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA

kernel32

lstrlenA
CompareStringW
CompareStringA
GetVersion
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
GetLastError
DeviceIoControl
GetFileSize
ReadFile
SetEndOfFile
GetSystemDirectoryA
CreateDirectoryA
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
lstrcmpW
SetLastError
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
LocalFree
FormatMessageA
GlobalUnlock
CreateFileA
GlobalAlloc
GlobalFree
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedDecrement
lstrcmpA
GlobalFlags
ResumeThread
WaitForSingleObject
InterlockedIncrement
GetLocaleInfoA
GetModuleFileNameA
GetCurrentProcessId
GetCPInfo
GetOEMCP
GetThreadLocale
DeleteFileA
FlushFileBuffers
GetCurrentProcess
GetFileAttributesA
ExitProcess
RtlUnwind
ExitThread
CreateThread
VirtualAlloc
GetCommandLineA
GetStartupInfoA
RaiseException
GetACP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetExitCodeProcess
CreateProcessA
SetFilePointer
WriteFile
CloseHandle
FreeLibrary
HeapReAlloc
OpenProcess
TerminateProcess
CopyFileA
GetLocalTime
GetProcessHeap
HeapAlloc
HeapSize
HeapFree
LoadLibraryA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetProcAddress
Sleep
SetFileAttributesA
GetWindowsDirectoryA
GetVersionExA
GlobalLock

user32

SetWindowTextA
IsWindowEnabled
ClientToScreen
ValidateRect
DestroyMenu
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowThreadProcessId
GetSysColorBrush
UnregisterClassA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
CheckMenuItem
RegisterWindowMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
GetMenu
GetSubMenu
GetMenuItemCount
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetParent
CopyRect
PtInRect
GetDlgCtrlID
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
UpdateWindow
CreateWindowExA
FindWindowA
MessageBoxA
EndDialog
ReleaseDC
GetSystemMetrics
GetWindow
LoadAcceleratorsA
GetClientRect
GetDC
ShowWindow
PostMessageA
SetDlgItemTextA
EnableWindow
SendMessageA
GetDlgItem
SetTimer
DialogBoxParamA
KillTimer
EnableMenuItem
GetMenuItemID
GetSystemMenu
PostQuitMessage
EndPaint
LoadImageA
BeginPaint
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassExA
LoadStringA
DefWindowProcA
DestroyWindow

gdi32

ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
GetStockObject
CreateCompatibleDC
GetObjectA
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
ExtTextOutA
SaveDC
RestoreDC
SetMapMode
PtVisible
GetClipBox
DeleteObject
SelectObject
CreateSolidBrush
DeleteDC
BitBlt

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA

shell32

ShellExecuteA

oleacc

CreateStdAccessibleObject
LresultFromObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAV_32bit/WindowsVista/FilesexistsCrashProof.dat
PAV_32bit/WindowsVista/ReadmeCrashProof.chm
.chm
PAV_32bit/WindowsVista/Setup.exe
.exe windows:4 windows x86 arch:x86

cafbee58abf423e60b6757b44016ff60

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:1d:0e:a4:e1:f6:1c:be:ec:ed:45:94:37:cc:79:d9:8f:61:b1:48
Signer

Actual PE Digest

0e:1d:0e:a4:e1:f6:1c:be:ec:ed:45:94:37:cc:79:d9:8f:61:b1:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathStripToRootA
PathIsUNCA
PathFindExtensionA
SHDeleteKeyA
PathFindFileNameA

kernel32

GetFileTime
SetErrorMode
WritePrivateProfileStringA
GetTickCount
RtlUnwind
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
ExitProcess
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
GetProcessHeap
GetStartupInfoA
RaiseException
SetStdHandle
GetFileType
ExitThread
CreateThread
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
FileTimeToLocalFileTime
GetACP
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeZoneInformation
GetExitCodeProcess
CreateProcessA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FileTimeToSystemTime
GetOEMCP
InterlockedIncrement
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GetModuleFileNameA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
lstrcmpA
InterlockedDecrement
GetModuleFileNameW
CreateEventA
SetEvent
WaitForSingleObject
SetThreadPriority
GlobalAlloc
FormatMessageA
LocalFree
MulDiv
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
CompareStringW
CompareStringA
InterlockedExchange
TerminateThread
SuspendThread
ResumeThread
SetFilePointer
FreeLibrary
GetSystemInfo
GetCurrentProcess
lstrlenW
GetLastError
SetLastError
GetModuleHandleA
GetCPInfo
lstrlenA
lstrcmpiA
GetVersion
Sleep
GetShortPathNameA
GetCommandLineA
GetTempPathA
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
MultiByteToWideChar
GetLocalTime
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
CreateFileA
GetFileSize
ReadFile
SetFileAttributesA
GetFileAttributesA
RemoveDirectoryA
CloseHandle
LoadLibraryA
SetEnvironmentVariableA
GetProcAddress
CopyFileA
CreateDirectoryA
OpenProcess
TerminateProcess
GetCurrentDirectoryA
GetConsoleMode

user32

ReleaseCapture
GetDCEx
LockWindowUpdate
SetCapture
UnregisterClassA
CharNextA
CopyAcceleratorTableA
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
SetParent
RegisterClipboardFormatA
PostThreadMessageA
LoadCursorA
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
PostQuitMessage
KillTimer
SetTimer
SetRectEmpty
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
EndPaint
BeginPaint
GetWindowDC
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
GetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
CheckMenuItem
DestroyMenu
GetMenuStringA
CreateDialogIndirectParamA
IsWindowEnabled
EndDialog
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
GetMenuItemID
GetSystemMenu
EnableWindow
SendMessageA
LoadImageA
EnableMenuItem
IntersectRect
GetWindowPlacement
GetWindow
IsWindow
RedrawWindow
CharUpperA
ExitWindowsEx
LoadIconA
IsIconic
DrawIcon
PostMessageA
SetCursor
DestroyCursor
GetWindowLongA
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
ClientToScreen
GetClientRect
GetWindowRect
DrawFocusRect
FrameRect
MessageBoxA
SetDlgItemTextA
InvalidateRect
SetRect
CopyRect
LoadBitmapA
FillRect
DrawEdge
CreateMenu
CreatePopupMenu
AppendMenuA
GetMenuItemCount
GetMenuState
GetSubMenu
ModifyMenuA
GetDC
ReleaseDC
GetDesktopWindow
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
SystemParametersInfoA
GetSystemMetrics
GetSysColor
GetSysColorBrush
DestroyIcon
DrawIconEx
GetMenuItemInfoA
IsMenu
DrawStateA
CreateIconIndirect
GetIconInfo
OffsetRect
InflateRect
GetWindowTextA

gdi32

ExtSelectClipRgn
CreatePatternBrush
GetCharWidthA
CreateFontA
StretchDIBits
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
GetTextColor
GetRgnBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
MoveToEx
LineTo
CreateSolidBrush
GetBkColor
CreatePen
IntersectClipRect
ExcludeClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetClipBox
CreateRectRgn
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetTextExtentPoint32W
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetTextExtentPoint32A
SetPixel
GetPixel
BitBlt
PatBlt
Ellipse
GetBkMode
GetDeviceCaps
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
CreateFontIndirectA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

LookupPrivilegeValueA
RegQueryValueExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
OpenProcessToken
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA

shell32

ShellExecuteExA
ShellExecuteA

comctl32

_TrackMouseEvent

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoTaskMemFree
CoInitialize
CoCreateInstance
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemAlloc

oleaut32

SysAllocString
OleCreateFontIndirect
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime

winmm

PlaySoundA

Sections

.text
Size: 356KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAV_32bit/WindowsVista/SetupfilesAv.dat
PAV_32bit/WindowsVista/SetupfilesCrashProof.dat
PAV_32bit/WindowsVista/Uninstall.exe
.exe windows:4 windows x86 arch:x86

cd748f0ec99a75ee1056baa672fe090f

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/02/2013, 00:00

Not After

01/03/2015, 23:59

Subject

CN=Unistal Systems Pvt. Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Unistal Systems Pvt. Ltd.,L=New Delhi,ST=Delhi,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:66:83:14:91:31:ca:43:e2:f4:54:b6:ca:21:1d:ad:eb:66:79:44
Signer

Actual PE Digest

10:66:83:14:91:31:ca:43:e2:f4:54:b6:ca:21:1d:ad:eb:66:79:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
SHDeleteKeyA

kernel32

GlobalFlags
GetOEMCP
WritePrivateProfileStringA
GetTickCount
RtlUnwind
HeapAlloc
HeapFree
ExitProcess
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RaiseException
SetStdHandle
GetFileType
ExitThread
CreateThread
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
GetFileTime
SetHandleCount
GetStdHandle
VirtualFree
HeapDestroy
HeapCreate
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetExitCodeProcess
CreateProcessA
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
InterlockedDecrement
GetModuleFileNameW
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
FreeResource
GetModuleFileNameA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetThreadLocale
UnlockFile
LockFile
FlushFileBuffers
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
CompareStringW
CompareStringA
InterlockedExchange
GetShortPathNameA
DeleteFileA
FreeLibrary
GetCurrentProcess
GetCurrentDirectoryA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetWindowsDirectoryA
GetSystemDirectoryA
DeviceIoControl
lstrlenW
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetCPInfo
lstrlenA
lstrcmpiA
MultiByteToWideChar
GetVersion
CopyFileA
GetVersionExA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetDiskFreeSpaceExA
GetDriveTypeA
FindFirstFileA
Sleep
FindNextFileA
FindClose
RemoveDirectoryA
CreateFileA
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
CloseHandle
GetFileAttributesA
SetFileAttributesA
OpenProcess
TerminateProcess
GetACP

user32

ReleaseCapture
GetDCEx
LockWindowUpdate
SetCapture
UnregisterClassA
CharNextA
CopyAcceleratorTableA
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
SetParent
RegisterClipboardFormatA
PostThreadMessageA
LoadCursorA
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
PostQuitMessage
CreateDialogIndirectParamA
EndDialog
EndPaint
BeginPaint
GetWindowDC
GetMessageA
TranslateMessage
ValidateRect
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
GetCursorPos
KillTimer
SetTimer
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
IntersectRect
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
CheckMenuItem
IsWindow
MessageBoxA
SetDlgItemTextA
FindWindowA
SetRect
CopyRect
LoadBitmapA
SetRectEmpty
PtInRect
SetWindowLongA
DestroyMenu
GetMenuStringA
CharUpperA
LoadIconA
IsIconic
DrawIcon
EnableMenuItem
GetSystemMenu
ExitWindowsEx
LoadImageA
PostMessageA
SetCursor
DestroyCursor
GetWindowLongA
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
FillRect
DrawEdge
CreateMenu
CreatePopupMenu
AppendMenuA
GetMenuItemCount
GetMenuItemID
GetMenuState
GetSubMenu
ModifyMenuA
GetDC
ReleaseDC
GetDesktopWindow
EnableWindow
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
SystemParametersInfoA
GetSystemMetrics
GetSysColor
GetSysColorBrush
DestroyIcon
DrawIconEx
GetMenuItemInfoA
IsMenu
DrawStateA
CreateIconIndirect
GetIconInfo
InflateRect
OffsetRect
FrameRect
DrawFocusRect
GetClientRect
GetWindowRect
SendMessageA
GetDlgItem

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
GetTextColor
GetRgnBox
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
CreateSolidBrush
CreatePen
SetBkMode
RestoreDC
SaveDC
GetBkColor
GetClipBox
StretchDIBits
CreateFontA
GetCharWidthA
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetTextExtentPoint32W
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetTextExtentPoint32A
SetPixel
GetPixel
BitBlt
PatBlt
Ellipse
GetBkMode
GetDeviceCaps
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
CreateFontIndirectA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

LookupPrivilegeValueA
RegQueryValueExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
OpenProcessToken
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA

shell32

ShellExecuteExA
ShellExecuteA

comctl32

_TrackMouseEvent

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocString
OleCreateFontIndirect
SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime

winmm

PlaySoundA

Sections

.text
Size: 336KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

483f0c4259a9148c34961abbda6146c1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:1f:b0:a4:00:00:00:00:00:1dCertificate

Key Usages

f2:a1:25:ea:d6:d5:b3:c9:26:c4:55:e5:93:31:96:7f:70:5c:b1:8fSigner

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

comctl32

Sections

.text Size: 81KB - Virtual size: 80KB

.itext Size: 3KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 21KB

.idata Size: 4KB - Virtual size: 3KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.rsrc Size: 71KB - Virtual size: 71KB

f97ff9bc947d5432a465b3b9e0aacd3c

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

96:74:ad:59:51:8f:7f:ed:d5:45:d3:d1:2b:b6:7b:ce:41:b9:56:75Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 197KB - Virtual size: 197KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 11KB - Virtual size: 26KB

.rsrc Size: 19KB - Virtual size: 18KB

b826ad729edadeae2541d22b1523c430

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

dd:51:d0:8a:78:6d:5b:e4:23:3c:e8:ff:e9:50:48:34:df:eb:d4:1cSigner

Headers

File Characteristics

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:1f:b0:a4:00:00:00:00:00:1d
Certificate

f2:a1:25:ea:d6:d5:b3:c9:26:c4:55:e5:93:31:96:7f:70:5c:b1:8f
Signer

.text
Size: 81KB - Virtual size: 80KB

.itext
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 71KB - Virtual size: 71KB

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

96:74:ad:59:51:8f:7f:ed:d5:45:d3:d1:2b:b6:7b:ce:41:b9:56:75
Signer

.text
Size: 197KB - Virtual size: 197KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 11KB - Virtual size: 26KB

.rsrc
Size: 19KB - Virtual size: 18KB

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

dd:51:d0:8a:78:6d:5b:e4:23:3c:e8:ff:e9:50:48:34:df:eb:d4:1c
Signer

.text
Size: 196KB - Virtual size: 193KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 20KB - Virtual size: 92KB

.text
Size: 160KB - Virtual size: 156KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 15KB

.idata
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 25KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 302B

.data
Size: 4KB - Virtual size: 92B

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 174B

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

38:60:ae:97:64:8d:d5:b0:58:df:c6:f8:e9:17:b8:44
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate