8779e74543b1cf1cc24fc24f9244b305_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8779e74543b1cf1cc24fc24f9244b305_JaffaCakes118
Size

1.1MB
MD5

8779e74543b1cf1cc24fc24f9244b305
SHA1

1d20e75f75fd5160e41d33604dc939d347912355
SHA256

aea65a045e9569d57ac1df4fba44f66150545863d4b5a84e51d9cf82cc578445
SHA512

cb0fa817758d54c2831c78aec126a9eb8b9025a600ee372dbc8b357b1542a54eeb973b31c644b02ffb615d19897cdba609738e2867a301efe24426960d321317
SSDEEP

24576:JsxVhYitHd/uIMPfIlCko7rKcYPmD7QrZJOAvFVA4In+EU7awB9Plc:cVySZuZPQmbYPq7UiAvFa4I+p7aOc

Score

7^/10

upx aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack002/atitray.exe	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/attsetup.exe	upx

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/AdvSplash.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/NSISArray.dll
unpack002/attext.dll
unpack002/kbdhook.dll
unpack002/out.upx
unpack002/plugins/cpuload.dll
unpack002/plugins/hddtemp.dll
unpack002/plugins/mg_hdddtemp.dll
unpack002/plugins/mg_xvlt.dll
unpack002/plugins/mongraphsexample.dll
unpack002/plugins/osdminfo.dll
unpack002/plugins/osdtime.dll
unpack002/plugins/pciinfo.dll
unpack002/plugins/pciset.dll
unpack002/raphook.dll
unpack002/support.dll

Files

8779e74543b1cf1cc24fc24f9244b305_JaffaCakes118
.rar
attsetup.exe
.exe windows:4 windows x86 arch:x86

Code Sign

68:42:3f:8b:63:f2:3b:7e:bc:ef:88:be:78:d8:f3:c5
Certificate

Issuer

CN=Root Agency

Not Before

10/03/2007, 20:15

Not After

31/12/2039, 23:59

Subject

CN=Ray Adams,OU=Certification,O=Ray Adams,1.2.840.113549.1.9.1=#0c1474726179746f6f6c73406775727533642e636f6d

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0b:44:ec:64:af:d7:10:61:f3:34:e8:a7:5f:ba:9f:92:b5:30:3b:e9
Signer

Actual PE Digest

0b:44:ec:64:af:d7:10:61:f3:34:e8:a7:5f:ba:9f:92:b5:30:3b:e9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 188KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/AdvSplash.dll
.dll windows:4 windows x86 arch:x86

741b6bafe355b63a372d737b30543a95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GetVersion
lstrcpyA
lstrcatA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree

user32

LoadCursorA
RegisterClassA
SetWindowPos
SetWindowLongA
SystemParametersInfoA
EndPaint
GetClientRect
BeginPaint
DefWindowProcA
DestroyWindow
LoadImageA
CreateWindowExA
IsWindow
GetMessageA
DispatchMessageA
UnregisterClassA
wsprintfA
PostMessageA
SetWindowRgn
EnumDisplaySettingsA

gdi32

CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectA
DeleteDC
BitBlt
DeleteObject

winmm

timeSetEvent
PlaySoundA
timeKillEvent

Exports

Exports

show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Confirm.ini
$PLUGINSDIR/Finish.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISArray.dll
.dll windows:4 windows x86 arch:x86

91596216b99c852af6e0fb1fe8192de4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyA
lstrcpynA
lstrcmpiA
lstrcmpA
lstrcatA
GlobalAlloc

user32

MessageBoxA
SendMessageA
wsprintfA
GetDlgItem
FindWindowExA
DialogBoxParamA
EnableWindow
SetWindowTextA
EndDialog
RedrawWindow
CharLowerA

Exports

Exports

ArrayCount
ArrayExists
Clear
Concat
Copy
Cut
Debug
Delete
ErrorStyle
Exists
ExistsI
FreeUnusedMem
Join
New
Pop
Push
Put
ReDim
Read
ReadToStack
Reverse
Search
SearchI
SetSize
Shift
SizeOf
Sort
Splice
Swap
Unload
Unshift
Write
WriteList
WriteListC

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.ini
$PLUGINSDIR/btmimg.bmp
$PLUGINSDIR/header.bmp
$PLUGINSDIR/ioC.ini
$PLUGINSDIR/ioC2.ini
$PLUGINSDIR/isWelcome.ini
$PLUGINSDIR/leftimg.bmp
$PLUGINSDIR/splash.bmp
3d/bench.res
3d/face_indicies.dat
3d/fur2.dds
3d/normals.dat
3d/rain2.dds
3d/vertices.dat
Database/Advanced D3D Tweaks.dtb
Database/Advanced OGL Tweaks.dtb
Database/CCC Mode Switch.dtb
Database/Compatibility Tweaks.dtb
Database/Display Tweaks.dtb
Database/Multi Thread Support.dtb
Database/New AA and AF Methods.dtb
Database/Video Tweaks.dtb
Database/Vista Avivo.dtb
Database/readme.txt
License.rtf
.rtf
Presets/OGL Balanced.reg
Presets/OGL Max Quality.reg
Presets/OGL Max Speed.reg
Presets/d3d Balanced.reg
Presets/d3d Max Quality.reg
Presets/d3d Max Speed.reg
Smart Shaders/Blur.pss
Smart Shaders/Ghost.pss
Smart Shaders/HDRish-Lite.pss
Smart Shaders/HDRish.pss
Smart Shaders/Sharpen.pss
WhatsNew.txt
atitray.exe
.exe windows:4 windows x86 arch:x86

Code Sign

68:42:3f:8b:63:f2:3b:7e:bc:ef:88:be:78:d8:f3:c5
Certificate

Issuer

CN=Root Agency

Not Before

10/03/2007, 20:15

Not After

31/12/2039, 23:59

Subject

CN=Ray Adams,OU=Certification,O=Ray Adams,1.2.840.113549.1.9.1=#0c1474726179746f6f6c73406775727533642e636f6d

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a2:4c:f1:da:32:0d:ca:43:7f:86:c5:a3:e1:e5:95:b2:10:1a:82:10
Signer

Actual PE Digest

a2:4c:f1:da:32:0d:ca:43:7f:86:c5:a3:e1:e5:95:b2:10:1a:82:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 432KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rayad
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
atitray.hlp
atitray.ini
atitray.sys
.sys windows:5 windows x86 arch:x86

38a7cd7c6e6d011eba6094edd5056880

Code Sign

68:42:3f:8b:63:f2:3b:7e:bc:ef:88:be:78:d8:f3:c5
Certificate

Issuer

CN=Root Agency

Not Before

10/03/2007, 20:15

Not After

31/12/2039, 23:59

Subject

CN=Ray Adams,OU=Certification,O=Ray Adams,1.2.840.113549.1.9.1=#0c1474726179746f6f6c73406775727533642e636f6d

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

aa:7d:f6:50:ee:c7:44:6f:f5:81:91:7a:3e:53:8a:12:df:58:65:b5
Signer

Actual PE Digest

aa:7d:f6:50:ee:c7:44:6f:f5:81:91:7a:3e:53:8a:12:df:58:65:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work\Myutils\atitray\prcmon\atitray\i386\atitray.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
ZwClose
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
MmUnmapIoSpace
MmIsAddressValid
MmMapIoSpace
RtlDeleteRegistryValue
ZwDeleteKey
ZwEnumerateValueKey
IoDeleteSymbolicLink
ZwSetValueKey
ExFreePoolWithTag
ZwQueryValueKey
ExAllocatePoolWithTag
ZwOpenKey
RtlCheckRegistryKey
RtlCreateRegistryKey
ZwUnmapViewOfSection
IoCreateSymbolicLink
IoCreateDevice
IoDeleteDevice
ZwEnumerateKey
IofCompleteRequest

hal

HalTranslateBusAddress
KeStallExecutionProcessor

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 179B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 752B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 514B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
atitray64.sys
.sys windows:5 windows x64 arch:x64

8eed4fa217e1012af389c63ca9ba78dc

Code Sign

68:42:3f:8b:63:f2:3b:7e:bc:ef:88:be:78:d8:f3:c5
Certificate

Issuer

CN=Root Agency

Not Before

10/03/2007, 20:15

Not After

31/12/2039, 23:59

Subject

CN=Ray Adams,OU=Certification,O=Ray Adams,1.2.840.113549.1.9.1=#0c1474726179746f6f6c73406775727533642e636f6d

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d3:cc:b6:6b:f6:2a:54:ea:81:32:de:51:b0:52:5a:fd:f9:13:75:fa
Signer

Actual PE Digest

d3:cc:b6:6b:f6:2a:54:ea:81:32:de:51:b0:52:5a:fd:f9:13:75:fa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work\Myutils\atitray\prcmon\atitray\amd64\atitray.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
ZwMapViewOfSection
ZwClose
ObReferenceObjectByHandle
ZwOpenSection
MmUnmapIoSpace
MmIsAddressValid
MmMapIoSpace
RtlDeleteRegistryValue
ZwDeleteKey
ZwEnumerateValueKey
IoDeleteSymbolicLink
RtlCopyMemory
ZwSetValueKey
ExFreePoolWithTag
ZwQueryValueKey
ExAllocatePoolWithTag
ZwOpenKey
RtlCheckRegistryKey
RtlCreateRegistryKey
ZwUnmapViewOfSection
IoCreateSymbolicLink
IoCreateDevice
IoDeleteDevice
ZwEnumerateKey
IofCompleteRequest

hal

HalTranslateBusAddress
KeStallExecutionProcessor

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 183B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
attext.dll
.dll regsvr32 windows:4 windows x86 arch:x86

0947436dc36820b428be7e7a7d53501b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
lstrcpyW
WideCharToMultiByte
GlobalLock
GlobalUnlock
lstrlenW
InterlockedDecrement
HeapReAlloc
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapCreate
DisableThreadLibraryCalls
GetVersionExA
DebugBreak
lstrlenA
CreateMutexA
GetLastError
CloseHandle
EnterCriticalSection
lstrcpyA
GetSystemInfo
HeapAlloc

user32

GetSystemMetrics
SetRect
LoadBitmapA
CharUpperBuffA
OffsetRect
DrawTextA
MessageBoxA
BringWindowToTop
PostMessageA
CreatePopupMenu
InsertMenuA
GetSysColor

gdi32

SetBkColor
GetTextExtentPoint32A
ExtTextOutA
SetBkMode
DeleteObject
SetTextColor

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegEnumKeyA

shell32

DragQueryFileA

ole32

ReleaseStgMedium

oleaut32

LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString

shlwapi

SHDeleteKeyA

atl

ord23
ord21
ord16
ord15
ord18
ord57
ord32
ord30
ord58

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
attsio.dll
.dll windows:4 windows x86 arch:x86

Code Sign

19:70:37:19:af:dd:08:b7:4d:45:f0:44:b2:d6:49:8e
Certificate

Issuer

CN=Ray Adams

Not Before

24/02/2007, 23:28

Not After

25/02/3007, 00:28

Subject

CN=Ray Adams

Extended Key Usages

ExtKeyUsageServerAuth

21:71:22:10:8c:09:53:ce:28:9a:f5:64:29:4b:f7:04:c9:95:62:2b
Signer

Actual PE Digest

21:71:22:10:8c:09:53:ce:28:9a:f5:64:29:4b:f7:04:c9:95:62:2b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

done_sio_library
exec_sio_library
get_monitoring_interface

Sections

CODE
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
guru3d.url
kbdhook.dll
.dll windows:4 windows x86 arch:x86

b86e049fdf9df45057132811b8059a77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateEventA
CloseHandle

user32

GetKeyState
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx

msvcrt

_adjust_fdiv
malloc
free
_initterm

Exports

Exports

InstallKBDHook
UninstallKBDHook
kbd_hook_proc

Sections

.text
Size: 4KB - Virtual size: 718B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARDAT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lng/Belarussian.ini
lng/Finnish.ini
lng/German.ini
lng/Japanese.ini
lng/Polish.ini
lng/Portugues_BR.ini
lng/Romanian.ini
lng/Russian.ini
lng/Simplified Chinese.ini
lng/Spanish.ini
lng/Ukrainian.ini
lng/czech.ini
lng/english.ini
lng/french.ini
lng/italian.ini
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins.url
plugins/api/delphi/example/plugin1/plugin1.dpr
plugins/api/delphi/example/plugin1/plugin1.res
plugins/api/delphi/plugins.pas
.js
plugins/api/readme.txt
plugins/api/vc++/example/cpuload/CpuUsage.cpp
plugins/api/vc++/example/cpuload/CpuUsage.h
plugins/api/vc++/example/cpuload/PerfCounters.h
plugins/api/vc++/example/cpuload/StdAfx.h
plugins/api/vc++/example/cpuload/cpuload.cpp
plugins/api/vc++/example/cpuload/cpuload.def
plugins/api/vc++/example/cpuload/cpuload.dsp
plugins/api/vc++/example/cpuload/cpuload.dsw
plugins/api/vc++/example/cpuload/cpuload.rc
plugins/api/vc++/example/cpuload/icon1.ico
plugins/api/vc++/example/cpuload/icon10.ico
plugins/api/vc++/example/cpuload/icon11.ico
plugins/api/vc++/example/cpuload/icon12.ico
plugins/api/vc++/example/cpuload/icon13.ico
plugins/api/vc++/example/cpuload/icon14.ico
plugins/api/vc++/example/cpuload/icon15.ico
plugins/api/vc++/example/cpuload/icon2.ico
plugins/api/vc++/example/cpuload/icon3.ico
plugins/api/vc++/example/cpuload/icon4.ico
plugins/api/vc++/example/cpuload/icon5.ico
plugins/api/vc++/example/cpuload/icon6.ico
plugins/api/vc++/example/cpuload/icon7.ico
plugins/api/vc++/example/cpuload/icon8.ico
plugins/api/vc++/example/cpuload/icon9.ico
plugins/api/vc++/example/cpuload/resource.h
plugins/api/vc++/example/mongraphs/StdAfx.cpp
plugins/api/vc++/example/mongraphs/StdAfx.h
plugins/api/vc++/example/mongraphs/mongraphsexample.cpp
plugins/api/vc++/example/mongraphs/mongraphsexample.def
plugins/api/vc++/example/mongraphs/mongraphsexample.dep
plugins/api/vc++/example/mongraphs/mongraphsexample.dsp
plugins/api/vc++/example/mongraphs/mongraphsexample.dsw
plugins/api/vc++/example/mongraphs/mongraphsexample.mak
plugins/api/vc++/example/mongraphs/mongraphsexample.rc
plugins/api/vc++/example/mongraphs/resource.h
plugins/api/vc++/example/osdtime/StdAfx.cpp
plugins/api/vc++/example/osdtime/StdAfx.h
plugins/api/vc++/example/osdtime/osdtime.cpp
plugins/api/vc++/example/osdtime/osdtime.def
plugins/api/vc++/example/osdtime/osdtime.dsp
plugins/api/vc++/example/osdtime/osdtime.dsw
plugins/api/vc++/example/osdtime/osdtime.mak
plugins/api/vc++/example/osdtime/osdtime.rc
plugins/api/vc++/example/osdtime/resource.h
plugins/api/vc++/example/pciinfo/StdAfx.cpp
plugins/api/vc++/example/pciinfo/StdAfx.h
plugins/api/vc++/example/pciinfo/pciinfo.cpp
plugins/api/vc++/example/pciinfo/pciinfo.def
plugins/api/vc++/example/pciinfo/pciinfo.dsp
plugins/api/vc++/example/pciinfo/pciinfo.dsw
plugins/api/vc++/example/pciinfo/resource.h
plugins/api/vc++/example/pciinfo/resources.rc
plugins/api/vc++/plugins.h
plugins/cpuload.dll
.dll windows:4 windows x86 arch:x86

7ace9cc1f983fc032eca6d4a232c0824

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetLastError
LocalFree
GetVersionExA

user32

KillTimer
LoadIconA
DestroyWindow
UnregisterClassA
CreateWindowExA
SetTimer
DefWindowProcA
RegisterClassExA

advapi32

RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA

shell32

Shell_NotifyIconA

oleaut32

SysAllocString
SysFreeString
VariantClear

msvcrt

_CxxThrowException
wcslen
_stricmp
_adjust_fdiv
_initterm
_onexit
__dllonexit
sprintf
ceil
_ftol
??3@YAXPAX@Z
__CxxFrameHandler
??2@YAPAXI@Z
free
malloc
realloc
??1type_info@@UAE@XZ

Exports

Exports

config_plugin
done_plugin
exec_plugin
get_plug_info
suspend_restore

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 682B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/hddtemp.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

config_plugin
done_plugin
exec_plugin
get_plug_info
suspend_restore

Sections

CODE
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 35KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/mg_hdddtemp.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

done_plugin
exec_plugin
get_mr_count
get_mr_name
get_mr_status
get_mr_value
get_plug_info
start_mr_plugin

Sections

CODE
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 35KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 242B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/mg_xvlt.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

done_plugin
exec_plugin
get_mr_count
get_mr_name
get_mr_status
get_mr_value
get_plug_info
start_mr_plugin

Sections

CODE
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 834B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 238B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/mongraphsexample.dll
.dll windows:4 windows x86 arch:x86

11efd8b2869f5c85b6be3ae234c1f411

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalMemoryStatusEx

msvcrt

free
_initterm
malloc
_adjust_fdiv

Exports

Exports

done_plugin
exec_plugin
get_mr_count
get_mr_name
get_mr_status
get_mr_value
get_plug_info
start_mr_plugin

Sections

.text
Size: 4KB - Virtual size: 894B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 471B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/osdminfo.dll
.dll windows:4 windows x86 arch:x86

6111c6ed7b4fe992a84d06710e617b75

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile

user32

SendMessageA
GetDlgItem
EndDialog
SetWindowTextA
DialogBoxParamA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

msvcrt

__dllonexit
_adjust_fdiv
malloc
_initterm
free
sprintf
_itoa
_onexit

Exports

Exports

config_plugin
done_plugin
exec_plugin
get_osd_string
get_plug_info

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 858B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/osdtime.dll
.dll windows:4 windows x86 arch:x86

86c6364f5727dbe8cc2ceff7772b4db0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLocalTime
GetTimeFormatA
GetSystemPowerStatus

user32

EnumDisplaySettingsA
IsDlgButtonChecked
CheckDlgButton
SetFocus
EndDialog
GetDlgItem
DialogBoxParamA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

msvcrt

sprintf
_adjust_fdiv
malloc
_initterm
free

Exports

Exports

config_plugin
done_plugin
exec_plugin
get_osd_string
get_plug_info

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 809B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 242B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/pciinfo.dll
.dll windows:4 windows x86 arch:x86

3ac0bb48a88649af9990fd0e3073c52a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

DialogBoxParamA
GetDlgItem
EndDialog
SetFocus
SendMessageA

msvcrt

sprintf
_adjust_fdiv
malloc
_initterm
strcpy
free

Exports

Exports

exec_plugin
get_plug_info

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/pciset.dll
.dll windows:4 windows x86 arch:x86

ba45d2fccb6d3c90b8d6ef186fa8d824

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

DialogBoxParamA
EndDialog
MessageBoxA
GetDlgItem
SendMessageA

advapi32

RegSetValueExA
RegFlushKey
RegCreateKeyExA
RegEnumValueA
RegCloseKey
RegDeleteKeyA

msvcrt

_adjust_fdiv
malloc
_initterm
sscanf
sprintf
strtoul
atoi
free

Exports

Exports

config_plugin
done_plugin
exec_plugin
get_plug_info
suspend_restore

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/shared memory/Delphi/attshmem.dof
plugins/shared memory/Delphi/attshmem.dpr
plugins/shared memory/Delphi/attshmem.res
plugins/shared memory/Delphi/uMain.dfm
plugins/shared memory/Delphi/uMain.pas
plugins/shared memory/VC/StdAfx.cpp
plugins/shared memory/VC/StdAfx.h
plugins/shared memory/VC/attsharedmem.clw
plugins/shared memory/VC/attsharedmem.cpp
plugins/shared memory/VC/attsharedmem.dsp
plugins/shared memory/VC/attsharedmem.dsw
plugins/shared memory/VC/attsharedmem.h
plugins/shared memory/VC/attsharedmem.rc
plugins/shared memory/VC/attsharedmemDlg.cpp
plugins/shared memory/VC/attsharedmemDlg.h
plugins/shared memory/VC/res/attsharedmem.ico
plugins/shared memory/VC/res/attsharedmem.rc2
plugins/shared memory/VC/resource.h
plugins/shared memory/readme.txt
plugins/shared memory/uninstall.exe.nsis
radeon.url
raphook.dll
.dll windows:4 windows x86 arch:x86

fcde7ea707e266aaa2de54907698ed77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
FindFirstFileA
GetTimeFormatA
GetLocalTime
OutputDebugStringA
Beep
FreeLibrary
GetProcAddress
GetCurrentProcess
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32First
WaitForSingleObject
ResetEvent
GetSystemDirectoryA
GetLastError
SetLastError
LoadLibraryA
CloseHandle
CreateThread
GetTickCount
GetModuleHandleA
VirtualProtect
IsBadWritePtr
GetWindowsDirectoryA
GetVersionExA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateEventA
SetEvent
IsBadReadPtr
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock

user32

SetWindowsHookExA
CharUpperBuffA
DrawTextA
GetIconInfo
ReleaseDC
GetDC
EnumDisplaySettingsA
ChangeDisplaySettingsA
CallNextHookEx
UnhookWindowsHookEx
GetDesktopWindow

gdi32

RealizePalette
GetObjectA
SetDIBitsToDevice
SetStretchBltMode
ExtSelectClipRgn
CreateFontIndirectA
CreateRectRgnIndirect
GetClipBox
StretchBlt
SetBkColor
CreateBitmap
RectVisible
StretchDIBits
SetBkMode
SetTextColor
GetStockObject
CreateDIBitmap
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
CreateDIBSection
CreateCompatibleDC
GetDIBits
DeleteDC

advapi32

RegQueryValueExA
RegCreateKeyExA
RegEnumKeyA
RegCloseKey

shlwapi

PathMatchSpecA
PathStripPathA

psapi

GetProcessMemoryInfo

shell32

SHGetFolderPathA

msvcrt

sprintf
_purecall
??3@YAXPAX@Z
fclose
fopen
fread
fwrite
fseek
ftell
fflush
fputc
getc
_itoa
ceil
_ftol
strstr
??2@YAPAXI@Z
__CxxFrameHandler
free
malloc
realloc
floor
_CxxThrowException
_mbsnbcpy
calloc
_mbslen
longjmp
_setjmp3
__CxxLongjmpUnwind
printf
strncpy
isprint
exit
abort
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ

Exports

Exports

??0CxExifInfo@CxImageJPG@@QAE@PAUtag_ExifInfo@1@@Z
??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxImage@@QAE@ABV0@_N11@Z
??0CxImage@@QAE@K@Z
??0CxImage@@QAE@KKKK@Z
??0CxImageJPG@@QAE@ABV0@@Z
??0CxImageJPG@@QAE@XZ
??0CxMemFile@@QAE@ABV0@@Z
??0CxMemFile@@QAE@PAEK@Z
??1CxExifInfo@CxImageJPG@@QAE@XZ
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??1CxImageJPG@@UAE@XZ
??1CxMemFile@@UAE@XZ
??4CxExifInfo@CxImageJPG@@QAEAAV01@ABV01@@Z
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxImage@@QAEAAV0@ABV0@@Z
??4CxImageJPG@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxImageJPG@@6B@
??_7CxMemFile@@6B@
??_FCxExifInfo@CxImageJPG@@QAEXXZ
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Alloc@CxMemFile@@IAEXK@Z
?Bitfield2RGB@CxImage@@IAEXPAEGGGE@Z
?BlendPalette@CxImage@@QAEXKJ@Z
?BlendPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@M_N@Z
?BlindGetPixelColor@CxImage@@IAE?AUtagRGBQUAD@@JJ@Z
?BlindGetPixelIndex@CxImage@@IAEEJJ@Z
?BlindGetPixelPointer@CxImage@@IAEPAXJJ@Z
?Clear@CxImage@@QAEXE@Z
?Close@CxIOFile@@UAE_NXZ
?Close@CxMemFile@@UAE_NXZ
?CompareColors@CxImage@@KAHPBX0@Z
?ConvertAnyFormat@CxExifInfo@CxImageJPG@@IAENPAXH@Z
?Copy@CxImage@@QAEXABV1@_N11@Z
?CopyInfo@CxImage@@IAEXABV1@@Z
?CopyToHandle@CxImage@@QAEPAXXZ
?Create@CxImage@@QAEPAXKKKK@Z
?CreateFromArray@CxImage@@QAE_NPAEKKKK_N@Z
?CreateFromHANDLE@CxImage@@QAE_NPAX@Z
?CreateFromHBITMAP@CxImage@@QAE_NPAUHBITMAP__@@PAUHPALETTE__@@@Z
?CreateFromHICON@CxImage@@QAE_NPAUHICON__@@@Z
?CreateFromMatrix@CxImage@@QAE_NPAPAEKKKK_N@Z
?Decode@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?Decode@CxImageJPG@@QAE_NPAVCxFile@@@Z
?DecodeExif@CxExifInfo@CxImageJPG@@QAE_NPAVCxFile@@H@Z
?DecodeExif@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?DecodeExif@CxImageJPG@@QAE_NPAVCxFile@@@Z
?Destroy@CxImage@@QAE_NXZ
?DiscardAllButExif@CxExifInfo@CxImageJPG@@QAEXXZ
?Draw2@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@@Z
?Draw2@CxImage@@QAEJPAUHDC__@@JJJJ@Z
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z
?DrawLine@CxImage@@QAEXHHHHK@Z
?DrawLine@CxImage@@QAEXHHHHUtagRGBQUAD@@_N@Z
?DrawString@CxImage@@QAEJPAUHDC__@@JJPBDUtagRGBQUAD@@1JJEE_N@Z
?DrawStringEx@CxImage@@QAEJPAUHDC__@@JJPAUtagCxTextInfo@1@_N@Z
?Enable@CxImage@@QAEX_N@Z
?Encode2RGBA@CxImage@@QAE_NAAPAEAAJ@Z
?Encode2RGBA@CxImage@@QAE_NPAVCxFile@@@Z
?Encode@CxImage@@QAE_NAAPAEAAJK@Z
?Encode@CxImage@@QAE_NPAU_iobuf@@K@Z
?Encode@CxImage@@QAE_NPAU_iobuf@@PAPAV1@HK@Z
?Encode@CxImage@@QAE_NPAVCxFile@@K@Z
?Encode@CxImage@@QAE_NPAVCxFile@@PAPAV1@HK@Z
?Encode@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?Encode@CxImageJPG@@QAE_NPAVCxFile@@@Z
?EncodeExif@CxExifInfo@CxImageJPG@@QAE_NPAVCxFile@@@Z
?EncodeSafeCheck@CxImage@@IAE_NPAVCxFile@@@Z
?Eof@CxIOFile@@UAE_NXZ
?Eof@CxMemFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Error@CxMemFile@@UAEJXZ
?FindSection@CxExifInfo@CxImageJPG@@IAEPAXH@Z
?Flush@CxIOFile@@UAE_NXZ
?Flush@CxMemFile@@UAE_NXZ
?Free@CxMemFile@@IAEXXZ
?FreeMemory@CxImage@@QAEXPAX@Z
?Get16m@CxExifInfo@CxImageJPG@@IAEHPAX@Z
?Get16u@CxExifInfo@CxImageJPG@@IAEHPAX@Z
?Get32s@CxExifInfo@CxImageJPG@@IAEJPAX@Z
?Get32u@CxExifInfo@CxImageJPG@@IAEKPAX@Z
?GetBits@CxImage@@QAEPAEK@Z
?GetBpp@CxImage@@QBEGXZ
?GetBuffer@CxMemFile@@QAEPAE_N@Z
?GetC@CxIOFile@@UAEJXZ
?GetC@CxMemFile@@UAEJXZ
?GetClrImportant@CxImage@@QBEKXZ
?GetCodecOption@CxImage@@QAEKK@Z
?GetColorType@CxImage@@QAEEXZ
?GetDIB@CxImage@@QBEPAXXZ
?GetEffWidth@CxImage@@QBEKXZ
?GetEscape@CxImage@@QBEJXZ
?GetFlags@CxImage@@QBEKXZ
?GetFrame@CxImage@@QBEJXZ
?GetFrameDelay@CxImage@@QBEKXZ
?GetHeight@CxImage@@QBEKXZ
?GetJpegQuality@CxImage@@QBEEXZ
?GetJpegScale@CxImage@@QBEEXZ
?GetLastError@CxImage@@QAEPBDXZ
?GetNearestIndex@CxImage@@QAEEUtagRGBQUAD@@@Z
?GetNumColors@CxImage@@QBEKXZ
?GetNumFrames@CxImage@@QBEJXZ
?GetOffset@CxImage@@QAEXPAJ0@Z
?GetPalette@CxImage@@QBEPAUtagRGBQUAD@@XZ
?GetPaletteColor@CxImage@@QAE?AUtagRGBQUAD@@E@Z
?GetPaletteColor@CxImage@@QAE_NEPAE00@Z
?GetPaletteSize@CxImage@@QAEKXZ
?GetPixelColor@CxImage@@QAE?AUtagRGBQUAD@@JJ_N@Z
?GetPixelGray@CxImage@@QAEEJJ@Z
?GetPixelIndex@CxImage@@QAEEJJ@Z
?GetProgress@CxImage@@QBEJXZ
?GetSize@CxImage@@QAEJXZ
?GetTransColor@CxImage@@QAE?AUtagRGBQUAD@@XZ
?GetTransIndex@CxImage@@QBEJXZ
?GetType@CxImage@@QBEKXZ
?GetVersion@CxImage@@QAEPBDXZ
?GetVersionNumber@CxImage@@QAE?BMXZ
?GetWidth@CxImage@@QBEKXZ
?GetXDPI@CxImage@@QBEJXZ
?GetYDPI@CxImage@@QBEJXZ
?Ghost@CxImage@@IAEXPAV1@@Z
?InitTextInfo@CxImage@@QAEXPAUtagCxTextInfo@1@@Z
?IsEnabled@CxImage@@QBE_NXZ
?IsGrayScale@CxImage@@QAE_NXZ
?IsIndexed@CxImage@@QBE_NXZ
?IsInside@CxImage@@QAE_NJJ@Z
?IsSamePalette@CxImage@@QAE_NAAV1@_N@Z
?IsTransparent@CxImage@@QAE_NJJ@Z
?IsTransparent@CxImage@@QBE_NXZ
?IsValid@CxImage@@QBE_NXZ
?MakeBitmap@CxImage@@QAEPAUHBITMAP__@@PAUHDC__@@@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?Open@CxMemFile@@QAE_NXZ
?ProcessExifDir@CxExifInfo@CxImageJPG@@IAE_NPAE0IQAUtag_ExifInfo@2@QAPAE@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?PutC@CxMemFile@@UAE_NE@Z
?RGBQUADtoRGB@CxImage@@SAKUtagRGBQUAD@@@Z
?RGBtoBGR@CxImage@@IAEXPAEH@Z
?RGBtoRGBQUAD@CxImage@@SA?AUtagRGBQUAD@@K@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Read@CxMemFile@@UAEIPAXII@Z
?Save@CxImage@@QAE_NPBDK@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Seek@CxMemFile@@UAE_NJH@Z
?SetClrImportant@CxImage@@QAEXK@Z
?SetCodecOption@CxImage@@QAE_NKK@Z
?SetEscape@CxImage@@QAEXJ@Z
?SetFlags@CxImage@@QAEXK_N@Z
?SetFrame@CxImage@@QAEXJ@Z
?SetFrameDelay@CxImage@@QAEXK@Z
?SetGrayPalette@CxImage@@QAEXXZ
?SetJpegQuality@CxImage@@QAEXE@Z
?SetJpegScale@CxImage@@QAEXE@Z
?SetOffset@CxImage@@QAEXJJ@Z
?SetPalette@CxImage@@QAEXKPAE00@Z
?SetPalette@CxImage@@QAEXPAUrgb_color@1@K@Z
?SetPalette@CxImage@@QAEXPAUtagRGBQUAD@@K@Z
?SetPaletteColor@CxImage@@QAEXEEEEE@Z
?SetPaletteColor@CxImage@@QAEXEK@Z
?SetPaletteColor@CxImage@@QAEXEUtagRGBQUAD@@@Z
?SetPixelColor@CxImage@@QAEXJJK@Z
?SetPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@_N@Z
?SetPixelIndex@CxImage@@QAEXJJE@Z
?SetProgress@CxImage@@QAEXJ@Z
?SetStdPalette@CxImage@@QAEXXZ
?SetTransColor@CxImage@@QAEXUtagRGBQUAD@@@Z
?SetTransIndex@CxImage@@QAEXJ@Z
?SetXDPI@CxImage@@QAEXJ@Z
?SetYDPI@CxImage@@QAEXJ@Z
?Size@CxIOFile@@UAEJXZ
?Size@CxMemFile@@UAEJXZ
?Startup@CxImage@@IAEXK@Z
?Stretch@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@K@Z
?Stretch@CxImage@@QAEJPAUHDC__@@JJJJK@Z
?SwapIndex@CxImage@@QAEXEE@Z
?Tell@CxIOFile@@UAEJXZ
?Tell@CxMemFile@@UAEJXZ
?Tile@CxImage@@QAEJPAUHDC__@@PAUtagRECT@@@Z
?Transfer@CxImage@@QAE_NAAV1@@Z
?Write@CxIOFile@@UAEIPBXII@Z
?Write@CxMemFile@@UAEIPBXII@Z
?process_COM@CxExifInfo@CxImageJPG@@IAEXPBEH@Z
?process_EXIF@CxExifInfo@CxImageJPG@@IAE_NPAEI@Z
?process_SOFn@CxExifInfo@CxImageJPG@@IAEXPBEH@Z
GetDllVersion
InstallAPPHook
SaveAsJPG
SaveAsPNG
UninstallAPPHook

Sections

.text
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.raydat
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.htm
.html
srvinst.exe
.exe windows:4 windows x86 arch:x86

3c385122a34d67d1ee34b2cc11a0b40f

Code Sign

68:42:3f:8b:63:f2:3b:7e:bc:ef:88:be:78:d8:f3:c5
Certificate

Issuer

CN=Root Agency

Not Before

10/03/2007, 20:15

Not After

31/12/2039, 23:59

Subject

CN=Ray Adams,OU=Certification,O=Ray Adams,1.2.840.113549.1.9.1=#0c1474726179746f6f6c73406775727533642e636f6d

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

66:a7:37:89:cf:73:0f:24:d4:f7:7b:0c:f2:d4:96:05:73:c2:28:59
Signer

Actual PE Digest

66:a7:37:89:cf:73:0f:24:d4:f7:7b:0c:f2:d4:96:05:73:c2:28:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord815
ord561
ord825
ord2514
ord2621
ord641
ord609
ord795
ord800
ord2818
ord540
ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord2575
ord4396
ord5289
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3402
ord4627
ord3721
ord1146
ord1168
ord567
ord324
ord2302
ord4234
ord6199
ord4710
ord2379
ord755
ord470
ord4224
ord2642
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord3574
ord4673
ord1576

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_setmbcp
__CxxFrameHandler
strcmp
_except_handler3
strcpy
strcat
strncmp
_splitpath
__dllonexit
_exit
_onexit

kernel32

GetStartupInfoA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetTickCount
Sleep
GetLastError
QueryDosDeviceA
GetModuleFileNameA

user32

EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
SendMessageA
LoadIconA
MessageBoxA
DrawIcon

advapi32

CloseServiceHandle
DeleteService
ControlService
StartServiceA
CreateServiceA
QueryServiceStatus
OpenSCManagerA
OpenServiceA

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
support.dll
.dll windows:4 windows x86 arch:x86

f5c6a44d6eec991cbebd2411151cbb5d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetConnectA
InternetCloseHandle
InternetOpenA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

ole32

CoCreateInstance

user32

CharUpperBuffA
SendMessageA

imagehlp

BindImageEx

msvcrt

fwrite
fclose
free
_initterm
_adjust_fdiv
malloc
fopen

kernel32

GlobalFree
GlobalAlloc
GetTempPathA
MultiByteToWideChar
Sleep

Exports

Exports

CreateShortcut
CreateStartUpShortcut
DetectAPIType
TurnMonitor
run_update

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 426B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

Code Sign

68:42:3f:8b:63:f2:3b:7e:bc:ef:88:be:78:d8:f3:c5Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

0b:44:ec:64:af:d7:10:61:f3:34:e8:a7:5f:ba:9f:92:b5:30:3b:e9Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 188KB

UPX1 Size: 18KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 8KB

741b6bafe355b63a372d737b30543a95

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 208B

.reloc Size: 512B - Virtual size: 412B

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

91596216b99c852af6e0fb1fe8192de4

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 24KB

.rsrc Size: 512B - Virtual size: 432B

.reloc Size: 2KB - Virtual size: 1KB

Code Sign

68:42:3f:8b:63:f2:3b:7e:bc:ef:88:be:78:d8:f3:c5Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

a2:4c:f1:da:32:0d:ca:43:7f:86:c5:a3:e1:e5:95:b2:10:1a:82:10Signer

Headers

File Characteristics

Sections

CODE Size: 432KB - Virtual size: 1.2MB

DATA Size: 5KB - Virtual size: 16KB

68:42:3f:8b:63:f2:3b:7e:bc:ef:88:be:78:d8:f3:c5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

0b:44:ec:64:af:d7:10:61:f3:34:e8:a7:5f:ba:9f:92:b5:30:3b:e9
Signer

UPX0
Size: - Virtual size: 188KB

UPX1
Size: 18KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 208B

.reloc
Size: 512B - Virtual size: 412B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 24KB

.rsrc
Size: 512B - Virtual size: 432B

.reloc
Size: 2KB - Virtual size: 1KB

68:42:3f:8b:63:f2:3b:7e:bc:ef:88:be:78:d8:f3:c5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

a2:4c:f1:da:32:0d:ca:43:7f:86:c5:a3:e1:e5:95:b2:10:1a:82:10
Signer

CODE
Size: 432KB - Virtual size: 1.2MB

DATA
Size: 5KB - Virtual size: 16KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 5KB - Virtual size: 16KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 92KB

.rsrc
Size: 48KB - Virtual size: 236KB

.rayad
Size: 13KB - Virtual size: 16KB

.adata
Size: - Virtual size: 4KB

68:42:3f:8b:63:f2:3b:7e:bc:ef:88:be:78:d8:f3:c5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

aa:7d:f6:50:ee:c7:44:6f:f5:81:91:7a:3e:53:8a:12:df:58:65:b5
Signer

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 256B - Virtual size: 236B

.data
Size: 256B - Virtual size: 179B

INIT
Size: 768B - Virtual size: 752B

.reloc
Size: 640B - Virtual size: 514B

68:42:3f:8b:63:f2:3b:7e:bc:ef:88:be:78:d8:f3:c5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

d3:cc:b6:6b:f6:2a:54:ea:81:32:de:51:b0:52:5a:fd:f9:13:75:fa
Signer

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 1024B - Virtual size: 1004B

.data
Size: 512B - Virtual size: 183B

.pdata
Size: 1024B - Virtual size: 600B

INIT
Size: 1024B - Virtual size: 896B