9523186b5196147c9f3e31e0de60cf11_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9523186b5196147c9f3e31e0de60cf11_JaffaCakes118
Size

2.6MB
MD5

9523186b5196147c9f3e31e0de60cf11
SHA1

49cc218bb10864d807a113edf756d4fcfc508e02
SHA256

f408e67b3099cead9527870a8d0aa878a16520841dfa38908ef24af0815d206b
SHA512

c0cf98d2367ace7f7bfc2c590efdb9dae0248d4d821ea78288a1dcb67f504b9d414144742c0a48988290bd18aad96dd015f6d229df7204c45c9f42a9ea0888b4
SSDEEP

49152:4rIYo874w5H9t4k/nov0n9e/2+HFzGQMQMx+0BX/B26/GYNFAa:4rVoxhk/G0nj+HFzG8u+WX/B2ANj

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/registry.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/LangDLL.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UserInfo.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/Uninst.exe	nsis_installer_1
static1/unpack001/Uninst.exe	nsis_installer_2

Files

9523186b5196147c9f3e31e0de60cf11_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2011, 23:59

Subject

CN=AltrixSoft Ltd,O=AltrixSoft Ltd,POSTALCODE=664043,STREET=Ryabikova bul.\, 35-24,L=Irkutsk,ST=Irkutsk oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:ff:c3:9c:7a:f0:34:f0:03:a9:6d:34:b5:5c:48:05:1b:77:19:8a
Signer

Actual PE Digest

71:ff:c3:9c:7a:f0:34:f0:03:a9:6d:34:b5:5c:48:05:1b:77:19:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$COMMONFILES/AltrixSoft/HDDInfoService/HDDInfo.dll
.dll regsvr32 windows:4 windows x86 arch:x86

e24c85c54b02b14edb6004bc369bf6c8

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2011, 23:59

Subject

CN=AltrixSoft Ltd,O=AltrixSoft Ltd,POSTALCODE=664043,STREET=Ryabikova bul.\, 35-24,L=Irkutsk,ST=Irkutsk oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

82:b3:1c:b6:d1:8c:fe:d6:9a:94:5e:4d:22:86:47:eb:c1:f4:12:32
Signer

Actual PE Digest

82:b3:1c:b6:d1:8c:fe:d6:9a:94:5e:4d:22:86:47:eb:c1:f4:12:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\VStudio\MyProjects\HardDriveInspector\HDDInfo\Release\HDDInfo.pdb

Imports

kernel32

VirtualAlloc
GetFileSize
WideCharToMultiByte
WriteFile
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteFileW
HeapFree
HeapAlloc
GetProcessHeap
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReleaseMutex
WaitForSingleObject
CreateMutexW
LocalAlloc
GetVersionExA
GetProcAddress
LoadLibraryW
lstrlenA
GetComputerNameW
GlobalMemoryStatus
GetLocalTime
GetTimeFormatW
GetDateFormatW
GetCurrentProcess
CreateProcessW
GetFileAttributesW
OpenProcess
GetTickCount
SetFilePointer
GlobalFree
VirtualFree
GetModuleFileNameW
SetEndOfFile
CreateProcessA
DuplicateHandle
CreatePipe
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
GetCPInfo
GetOEMCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LockResource
GetVolumeInformationW
IsBadReadPtr
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcatW
lstrcpynW
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
lstrcmpiW
RaiseException
lstrcpyW
lstrlenW
GlobalAlloc
EnterCriticalSection
LeaveCriticalSection
SetLastError
ReadFile
GetDevicePowerState
GetLogicalDrives
CloseHandle
GetVersion
IsBadWritePtr
DeleteCriticalSection
InitializeCriticalSection
GetDiskFreeSpaceExW
GetLastError
FormatMessageW
LocalFree
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetDriveTypeW
QueryDosDeviceW
Sleep
CreateFileW
DeviceIoControl
GetExitCodeProcess
GetModuleFileNameA
GetStdHandle
SetConsoleCtrlHandler
LCMapStringW
LCMapStringA
HeapSize
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
FatalAppExitA
UnhandledExceptionFilter
TerminateProcess
GetModuleHandleA
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
TlsAlloc
ExitProcess
GetCommandLineA
GetCurrentThreadId
VirtualQuery
GetSystemInfo
VirtualProtect
HeapReAlloc
RtlUnwind
CreateThread
ResumeThread
ExitThread
LoadLibraryA

user32

LoadStringW
KillTimer
SetTimer
UnregisterClassW
GetSystemMetrics
CharNextW
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
GetWindowRect
DestroyIcon
PeekMessageW
DispatchMessageW
CreateIconFromResource
UnregisterClassA
GetDC
ReleaseDC
FindWindowExW
SystemParametersInfoW
LoadCursorW
ExitWindowsEx
GetIconInfo
FillRect

gdi32

GdiFlush
CreatePen
SetROP2
Polyline
GetObjectW
CreateBitmap
DeleteObject
SelectObject
GetStockObject
BitBlt
CreateSolidBrush
GetBitmapBits
GetPixel
SetPixel
CreateCompatibleDC
GetDeviceCaps
DeleteDC
GetClipBox
GetDCOrgEx
CreateDIBSection

advapi32

RegSetValueExW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ControlService
StartServiceW
QueryServiceStatus
LookupPrivilegeValueW
GetUserNameW
RegRestoreKeyW
RegLoadKeyW
RegOpenKeyW
RegUnLoadKeyW
RegEnumValueW
RegSaveKeyW
RegQueryValueExW
IsTextUnicode
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHAppBarMessage

ole32

CoCreateInstance
StringFromGUID2
StringFromCLSID
CoTaskMemRealloc
WriteClassStm
OleSaveToStream
CoTaskMemFree
CoTaskMemAlloc
OleLoadFromStream
CoSetProxyBlanket

oleaut32

VarBstrCmp
VarBstrCat
SysAllocStringByteLen
SysReAllocString
SysStringByteLen
VariantCopy
VariantClear
VarDecCmp
VarCyCmp
VariantCopyInd
VariantChangeTypeEx
VarBstrFromR8
SafeArrayUnaccessData
SafeArrayAccessData
VarDateFromUdate
VarUdateFromDate
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayCreateVector
SetErrorInfo
SysAllocStringLen
VariantChangeType
VarBstrFromR4
GetErrorInfo
CreateErrorInfo
SysAllocString
SysStringLen
VarBstrFromUI4
VarBstrFromI4
VarBstrFromI2
VariantInit
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SafeArrayDestroy
SysFreeString

shlwapi

PathFindExtensionW

netapi32

Netbios

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 368KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/AltrixSoft/HDDInfoService/HDDSvc.exe
.exe windows:4 windows x86 arch:x86

98d564736c3b1b104fc461d27549d967

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2011, 23:59

Subject

CN=AltrixSoft Ltd,O=AltrixSoft Ltd,POSTALCODE=664043,STREET=Ryabikova bul.\, 35-24,L=Irkutsk,ST=Irkutsk oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5b:fd:33:77:e2:18:1a:40:21:96:06:4e:7b:df:a7:ef:8b:ef:84:bc
Signer

Actual PE Digest

5b:fd:33:77:e2:18:1a:40:21:96:06:4e:7b:df:a7:ef:8b:ef:84:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\VStudio\MyProjects\HardDriveInspector\HDDSvc\ReleaseUMinSize\HDDSvc.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

VirtualQuery
GetCPInfo
GetSystemTimeAsFileTime
ExitProcess
ExitThread
CreateThread
HeapSize
TerminateProcess
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
FatalAppExitA
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetCurrentProcessId
GetTimeZoneInformation
GetOEMCP
IsBadCodePtr
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
SetConsoleCtrlHandler
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileA
IsBadReadPtr
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
GetSystemInfo
GetLastError
IsBadWritePtr
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
lstrlenW
LocalFree
FormatMessageW
Sleep
GetTickCount
lstrcpyW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
lstrcmpiW
GetVersion
CloseHandle
GetCurrentProcess
GetCurrentThread
InterlockedIncrement
lstrcpynW
lstrcatW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetDriveTypeW
GetCurrentThreadId
GetCommandLineW
WideCharToMultiByte
GetLocalTime
LockResource
GetTimeFormatW
GetDateFormatW
GetComputerNameW
SetLastError
GetProcAddress
LoadLibraryW
VirtualProtect
HeapReAlloc
RtlUnwind
GetStartupInfoW
GetFileTime
SetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
GetStringTypeExW
MoveFileW
SetErrorMode
GetCurrentDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcmpiA
ConvertDefaultLocale
EnumResourceLanguagesW
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleA
LoadLibraryA
GetVersionExA
GlobalFlags
lstrcmpW
CreateEventW
SuspendThread
SetEvent
ResumeThread
CreateProcessW
SetThreadPriority
lstrcmpA
SystemTimeToFileTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GetFileAttributesW
OpenProcess
WriteFile
CreateFileW
SetFilePointer
ReadFile
GetFileSize
GlobalFree
GlobalHandle
GlobalReAlloc
LocalAlloc
CopyFileW
MulDiv
GlobalSize
GlobalLock
GlobalUnlock
CreateMutexW
ReleaseMutex
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetProcessHeap
HeapAlloc
HeapFree
DeleteFileW
VirtualAlloc
VirtualFree
GetLocaleInfoW
GetNumberFormatW
lstrlenA
SetEndOfFile
WaitForSingleObject
GetExitCodeProcess
GlobalAlloc

user32

InflateRect
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
GetClassInfoExW
GetClassLongW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageA
IsWindow
IsChild
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconW
UnregisterClassA
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetClientRect
GetMenu
PostMessageW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
GetMenuItemInfoW
GetClassInfoW
RegisterClassW
SetWindowPlacement
DefWindowProcW
CallWindowProcW
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetMenuItemBitmaps
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
SetWindowPos
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowLongW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
GetDialogBaseUnits
SendDlgItemMessageW
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
wsprintfW
GetScrollPos
SetScrollPos
SetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
PtInRect
GetFocus
GetDesktopWindow
SetWindowTextW
GetClassNameW
SetWindowsHookExW
DestroyMenu
PostQuitMessage
SetCursor
ShowOwnedPopups
CallNextHookEx
TranslateMessage
DeleteMenu
CharUpperW
EndDialog
GetNextDlgTabItem
SetScrollInfo
CreateDialogIndirectParamW
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
GetWindowTextLengthW
GetWindowTextW
GetSystemMetrics
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
PeekMessageW
CreateIconFromResource
DestroyIcon
GetDC
ReleaseDC
FindWindowExW
GetWindowRect
SystemParametersInfoW
LoadCursorW
ExitWindowsEx
GetIconInfo
FillRect
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
UnregisterClassW
SetTimer
RegisterDeviceNotificationW
GetMessageW
DispatchMessageW
KillTimer
UnregisterDeviceNotification
PostThreadMessageW
LoadStringW
MessageBoxW
CharNextW
SetDlgItemInt
OffsetRect
MapWindowPoints

gdi32

RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
PtVisible
CreatePatternBrush
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
ExtCreatePen
CreateHatchBrush
CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetTextMetricsW
StartDocW
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetPixel
GetPixel
GetBitmapBits
DeleteDC
CreateSolidBrush
BitBlt
GetStockObject
SelectObject
CreateCompatibleDC
DeleteObject
CreateBitmap
GetObjectW
Polyline
SetROP2
CreatePen
GdiFlush
CreateDIBSection
GetTextExtentExPointW
GetDeviceCaps
CopyMetaFileW
CreateDCW
GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetStretchBltMode
SetMapMode
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
CreateDIBPatternBrushPt
SetTextCharacterExtra
SetTextJustification

comdlg32

GetOpenFileNameW
GetFileTitleW
GetSaveFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

SetSecurityDescriptorGroup
RegCreateKeyW
RegQueryValueW
RegEnumKeyW
RegSetValueW
RegRestoreKeyW
RegLoadKeyW
RegOpenKeyW
RegUnLoadKeyW
RegEnumValueW
RegSaveKeyW
IsTextUnicode
GetUserNameW
LookupPrivilegeValueW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
OpenThreadToken
OpenProcessToken
RegEnumKeyExW
CreateServiceW
ChangeServiceConfig2W
StartServiceW
GetTokenInformation
CloseServiceHandle
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerW
OpenServiceW

shell32

SHGetFileInfoW
ExtractIconW
SHAppBarMessage

comctl32

ord17

shlwapi

PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

ole32

SetConvertStg
OleSaveToStream
WriteClassStm
OleLoadFromStream
StringFromCLSID
CoCreateGuid
StringFromIID
CoInitializeEx
CoInitializeSecurity
WriteFmtUserTypeStg
CoInitialize
CoUninitialize
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
OleRun
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
CreateBindCtx
ReleaseStgMedium
CoTreatAsClass
OleDuplicateData
CoDisconnectObject
CLSIDFromString
CoResumeClassObjects

oleaut32

VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDecFromStr
VarBstrFromDec
SysReAllocStringLen
VarDateFromStr
VarUdateFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayRedim
SafeArrayCreate
SafeArrayGetElemsize
VariantChangeType
VariantChangeTypeEx
VarCyCmp
VarDecCmp
SysStringByteLen
SysReAllocString
VarBstrCat
VarBstrCmp
VarBstrFromR8
VarBstrFromR4
VarBstrFromUI4
VarBstrFromI4
VarBstrFromI2
SysAllocStringByteLen
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayDestroy
SysFreeString
LoadRegTypeLi
LoadTypeLi
SysStringLen
SetErrorInfo
SysAllocStringLen
CreateErrorInfo
SysAllocString
VariantCopy
VariantInit
VariantClear
UnRegisterTypeLi
VarUI4FromStr
VarDateFromUdate
RegisterTypeLi
GetErrorInfo
VariantCopyInd

psapi

EmptyWorkingSet

Sections

.text
Size: 324KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

a648aeaa164b592c1e8892a10400b5ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrcatA
FindClose
FindNextFileA
MulDiv
GlobalFree
lstrcpynA
GlobalAlloc
lstrcmpiA
FindFirstFileA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

afa8e526425f3585465337467d0b5909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
lstrcpynA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/registry.dll
.dll windows:4 windows x86 arch:x86

cd53277eaa7bbb8fb5b2b678274dcb4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
SearchPathA
CloseHandle
CreateFileA
lstrcpynA
lstrcatA
FindFirstFileA
FindClose
lstrlenA
lstrcmpiA
lstrcpyA
GlobalFree
GlobalAlloc
WriteFile

user32

SendMessageA
FindWindowExA
GetDlgItem
wsprintfA
CharUpperA

advapi32

RegCreateKeyExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegCloseKey

Exports

Exports

_Close
_CopyKey
_CopyValue
_CreateKey
_DeleteKey
_DeleteKeyEmpty
_DeleteValue
_Find
_HexToStr
_KeyExists
_MoveKey
_MoveValue
_Open
_Read
_ReadExtra
_RestoreKey
_SaveKey
_StrToHex
_Unload
_Write
_WriteExtra

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/reinstall.ini
$TEMP/Utils.dll
.dll windows:4 windows x86 arch:x86

8978e924bf097dae5948d27b6a394e21

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2011, 23:59

Subject

CN=AltrixSoft Ltd,O=AltrixSoft Ltd,POSTALCODE=664043,STREET=Ryabikova bul.\, 35-24,L=Irkutsk,ST=Irkutsk oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:e4:d3:ef:53:bc:f3:8f:f9:d6:d9:38:c6:ef:a7:f1:eb:ea:a2:af
Signer

Actual PE Digest

52:e4:d3:ef:53:bc:f3:8f:f9:d6:d9:38:c6:ef:a7:f1:eb:ea:a2:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\VStudio\MyProjects\HardDriveInspector\Setup\Nsis\KeyCheck\Release\KeyCheck.pdb

Imports

kernel32

GetVersionExA
LocalFree
lstrlenA
GetLocalTime
Sleep
ReleaseMutex
CreateMutexA
GetVersion
DeleteFileA
HeapFree
HeapAlloc
GetProcessHeap
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
lstrlenW
WaitForSingleObject
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetComputerNameA
GetCurrentProcess
SetLastError
GetProcAddress
GetModuleHandleA
FreeLibrary
LoadLibraryA
GetLocaleInfoA
GetTickCount
IsBadWritePtr
IsBadReadPtr
SetFilePointer
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetACP
InterlockedExchange
WriteFile
WideCharToMultiByte
VirtualAlloc
VirtualFree
CloseHandle
GetLastError
MultiByteToWideChar
GetThreadLocale
GetStdHandle
SetHandleCount
HeapSize
TerminateProcess
VirtualQuery
GetSystemInfo
VirtualProtect
FlushFileBuffers
SetUnhandledExceptionFilter
GetModuleFileNameA
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
HeapDestroy
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetOEMCP
GetCPInfo
LCMapStringW
LCMapStringA
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlUnwind
ExitProcess
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
LocalAlloc

user32

IsWindow
SendMessageA

oleaut32

SysAllocString
VarDateFromUdate
VariantClear
VarBstrCat
SysStringLen
SysFreeString

Exports

Exports

Check
CurrentDate
GetRebootFlag
Install
KillHDI
MyStartService
Uninstall
UninstallSilent

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BadSmart.wav
HDInspector.exe
.exe windows:4 windows x86 arch:x86

13e1065dc70783dc7e83d7978e3597f3

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2011, 23:59

Subject

CN=AltrixSoft Ltd,O=AltrixSoft Ltd,POSTALCODE=664043,STREET=Ryabikova bul.\, 35-24,L=Irkutsk,ST=Irkutsk oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

45:90:75:aa:62:ce:76:01:6d:b5:29:44:69:d5:65:93:dd:9e:5a:cd
Signer

Actual PE Digest

45:90:75:aa:62:ce:76:01:6d:b5:29:44:69:d5:65:93:dd:9e:5a:cd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\VStudio\MyProjects\HardDriveInspector\Note_Release\HDDStateInspector.pdb

Imports

kernel32

LocalLock
LocalUnlock
IsBadWritePtr
OpenProcess
GetExitCodeProcess
FindResourceW
CreateProcessW
GetNumberFormatW
GlobalAlloc
GlobalFree
GetTimeFormatW
GetLocalTime
GlobalMemoryStatus
SystemTimeToTzSpecificLocalTime
SetFilePointer
SetEndOfFile
GetTimeZoneInformation
lstrcpynW
GetVersion
FreeResource
CreateFileA
SearchPathW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetConsoleCtrlHandler
GetFullPathNameA
GetCurrentDirectoryA
GetDriveTypeA
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
IsBadCodePtr
GetOEMCP
GetCurrentProcessId
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FatalAppExitA
HeapCreate
HeapDestroy
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
HeapSize
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
CreateThread
ExitThread
HeapReAlloc
GetCPInfo
GetSystemTimeAsFileTime
ExitProcess
RtlUnwind
GetStartupInfoW
SetErrorMode
SetFileAttributesW
LocalFileTimeToFileTime
GetFileSizeEx
DeleteFileA
lstrcatW
WinExec
lstrcpyW
GetWindowsDirectoryW
GetFullPathNameW
GetPrivateProfileStringW
FileTimeToSystemTime
QueryPerformanceCounter
QueryPerformanceFrequency
LocalAlloc
WriteFile
VirtualAlloc
VirtualFree
FlushInstructionCache
HeapAlloc
GetProcessHeap
HeapFree
MulDiv
GlobalSize
GlobalLock
GlobalUnlock
GlobalReAlloc
InterlockedIncrement
RaiseException
ResumeThread
WaitForSingleObject
GetComputerNameW
DeleteFileW
TerminateProcess
GetDriveTypeW
GetSystemDirectoryW
GetModuleHandleW
SetVolumeLabelW
IsValidLocale
GetLocaleInfoW
GetFileSize
ReadFile
SetThreadLocale
IsBadReadPtr
GetCurrentProcess
GetFileAttributesW
InterlockedDecrement
Sleep
GetTempPathW
GetCurrentThreadId
lstrcmpiW
lstrlenA
CreateMutexW
ReleaseMutex
GetModuleFileNameW
CreateDirectoryW
CreateFileW
GetUserDefaultLangID
Beep
CloseHandle
SetUnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
GetTickCount
GetShortPathNameW
GetVolumeInformationW
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
GetStringTypeExW
MoveFileW
GetCurrentDirectoryW
WritePrivateProfileStringW
GetPrivateProfileIntW
FindResourceExW
GlobalFlags
TlsFree
GetVersionExA
lstrcmpW
LoadLibraryA
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GetDateFormatW
LoadLibraryW
GetProcAddress
FreeLibrary
DeleteCriticalSection
SetLastError
InitializeCriticalSection
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExW
LocalFree
GetLastError
LoadResource
LockResource
SizeofResource
SystemTimeToFileTime
GetProfileIntW
FindFirstFileW
FileTimeToLocalFileTime
FindNextFileW
FindClose
GlobalGetAtomNameW
GetDiskFreeSpaceW
GetTempFileNameW
GetFileTime
SetFileTime
CreateEventW
SuspendThread
SetEvent
SetThreadPriority
GetCurrentThread
lstrcmpA
lstrcmpiA
ConvertDefaultLocale
EnumResourceLanguagesW
VirtualProtect
CopyFileW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleA

advapi32

LookupPrivilegeValueW
RegEnumKeyW
SetFileSecurityW
GetFileSecurityW
RegCreateKeyW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
IsTextUnicode
RegQueryValueW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegSaveKeyW
RegUnLoadKeyW
RegOpenKeyW
RegLoadKeyW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ControlService
StartServiceW
QueryServiceStatus
RegSetValueW
GetUserNameW
RegQueryInfoKeyW
RegRestoreKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW

user32

DestroyWindow
TrackPopupMenuEx
GetParent
GetWindowRect
IsWindow
GetClientRect
GetWindowThreadProcessId
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
SendNotifyMessageW
InSendMessage
WindowFromDC
GetTabbedTextExtentA
IntersectRect
DeferWindowPos
BeginDeferWindowPos
OffsetRect
GetSysColor
CharNextW
ShowWindow
SetForegroundWindow
FillRect
MapWindowPoints
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
CloseWindow
IsWindowVisible
SetParent
SetWindowPos
LoadStringA
LoadStringW
DestroyCursor
EndDeferWindowPos
DestroyMenu
GetSubMenu
GetCursorPos
InsertMenuW
CreatePopupMenu
CreateMenu
EnableWindow
DestroyIcon
DeleteMenu
GetMenuItemCount
GetMenuItemID
ModifyMenuW
LoadMenuW
ClientToScreen
PostMessageW
InvalidateRect
SendMessageW
GetSysColorBrush
GetDesktopWindow
CreateDialogIndirectParamW
DialogBoxIndirectParamW
LoadIconW
GetDialogBaseUnits
GetDlgItem
CheckDlgButton
GetSystemMenu
EnableMenuItem
EndDialog
WinHelpW
FindWindowExW
PeekMessageW
DispatchMessageW
ExitWindowsEx
CreateIconFromResource
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
RegisterWindowMessageW
CopyIcon
SetMenuDefaultItem
TrackPopupMenu
CreateIconIndirect
LoadBitmapW
MessageBeep
CharPrevW
AdjustWindowRectEx
UnionRect
RegisterClassExW
wsprintfW
GetClassInfoExW
CreateWindowExW
CallWindowProcW
GetWindowLongW
SetWindowLongW
CallNextHookEx
GetWindowDC
EndPaint
BeginPaint
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowRgn
RedrawWindow
MoveWindow
SetRectEmpty
GetWindowTextLengthW
GetWindowTextW
DrawFrameControl
SetWindowTextW
DrawIconEx
WindowFromPoint
IsRectEmpty
CopyRect
GetDoubleClickTime
DrawIcon
GetIconInfo
EqualRect
GetCapture
GetWindow
GetWindowPlacement
IsIconic
SystemParametersInfoA
GetDlgCtrlID
SetWindowPlacement
RegisterClassW
SetScrollInfo
GetScrollInfo
GetMenu
UpdateWindow
ShowScrollBar
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
ScrollWindow
GetMessageTime
SetActiveWindow
GetLastActivePopup
GetForegroundWindow
IsChild
SendDlgItemMessageA
SendDlgItemMessageW
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
GetNextDlgTabItem
IsWindowEnabled
SetTimer
GetActiveWindow
CheckRadioButton
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
IsDialogMessageW
ScrollWindowEx
GetMenuCheckMarkDimensions
CheckMenuItem
GetMenuState
SetMenuItemBitmaps
RemoveMenu
AppendMenuW
GetMenuStringW
GetAsyncKeyState
MapDialogRect
GetKeyNameTextW
MapVirtualKeyW
PostQuitMessage
ShowOwnedPopups
ValidateRect
TranslateMessage
GetMessageW
SetWindowContextHelpId
PostThreadMessageW
RegisterClipboardFormatW
TranslateAcceleratorW
SetMenu
BringWindowToTop
InsertMenuItemW
LoadAcceleratorsW
ReuseDDElParam
UnpackDDElParam
GetMenuItemInfoW
CharUpperW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
LockWindowUpdate
GetTabbedTextExtentW
UnregisterClassA
DrawFocusRect
IsZoomed
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
DestroyAcceleratorTable
CopyImage
IsMenu
GetMenuDefaultItem
DrawStateW
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
CharUpperBuffW
WaitMessage
CreateAcceleratorTableW
EnumChildWindows
SetCursorPos
EnableScrollBar
ShowCursor
SetClassLongW
IsCharLowerW
MapVirtualKeyExW
HideCaret
ReleaseCapture
SetCapture
ClipCursor
InvertRect
GetDCEx
GetSystemMetrics
IsClipboardFormatAvailable
GetKeyState
GetClassInfoW
DefWindowProcW
DrawEdge
FrameRect
SetRect
SystemParametersInfoW
ScreenToClient
GetMessagePos
GetTopWindow
GetFocus
SetFocus
UnregisterClassW
ReleaseDC
GetDC
PtInRect
LoadCursorW
SetCursor
InflateRect
LoadImageW
KillTimer
MessageBoxW

gdi32

CreateSolidBrush
Escape
GetTextExtentPoint32W
ExtTextOutW
TextOutW
BitBlt
RectVisible
GetDeviceCaps
GetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontW
CreatePatternBrush
SetBrushOrgEx
SelectObject
GetStockObject
GetObjectW
CreateFontIndirectW
CreatePen
Rectangle
SetPixel
GetTextMetricsW
GetCurrentObject
StartDocW
StartPage
GetDCOrgEx
GetClipBox
SaveDC
RestoreDC
SetPolyFillMode
SetStretchBltMode
SetMapMode
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
EndPage
AbortDoc
EndDoc
CreateBitmap
GetBitmapBits
PatBlt
SetBkColor
DeleteObject
SetTextColor
SetBkMode
CombineRgn
EqualRgn
CreateRectRgn
CreatePolygonRgn
CreateRoundRectRgn
StretchBlt
FrameRgn
OffsetRgn
ExcludeClipRect
CreateBitmapIndirect
SetBitmapBits
GetPixel
Pie
PolyBezier
DeleteDC
CreateDIBSection
SetPixelV
Polyline
SetROP2
GdiFlush
GetTextExtentExPointW
CreateDCW
GetTextAlign
DeleteMetaFile
CloseMetaFile
CreateMetaFileW
GetWindowOrgEx
SetDIBits
GetDIBits
PtVisible
PtInRegion
SetPaletteEntries
ExtFloodFill
Ellipse
GetSystemPaletteEntries
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
RealizePalette
Polygon
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
GetCharWidthW
StretchDIBits
GetRgnBox
GetTextColor
EnumFontFamiliesExW
SetAbortProc
DPtoLP
GetMapMode
SetRectRgn
CreateRectRgnIndirect
CopyMetaFileW
CreateHatchBrush
ExtCreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
CreateDIBPatternBrushPt
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
SelectClipPath
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
OffsetClipRgn

shell32

SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetFileInfoW
ExtractIconW
DragQueryFileW
DragFinish
SHAppBarMessage
Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
PageSetupDlgW
PrintDlgW
GetFileTitleW
CommDlgExtendedError
ReplaceTextW
FindTextW
ChooseColorW
ChooseFontW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

EmptyWorkingSet

netapi32

NetMessageBufferSend
Netbios

winspool.drv

OpenPrinterW
GetJobW
DocumentPropertiesW
ClosePrinter

comctl32

ImageList_DrawIndirect
ImageList_Duplicate
ImageList_Remove
ImageList_AddMasked
ImageList_Draw
ImageList_DrawEx
ImageList_GetImageInfo
ImageList_Destroy
ImageList_Create
ImageList_Add
ImageList_GetIcon
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_GetIconSize
ord17
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
ord13
ImageList_Read
ImageList_Write
ord14
ImageList_LoadImageW
ImageList_Merge
ImageList_ReplaceIcon

shlwapi

PathAddBackslashW
PathFindExtensionW
PathRemoveExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW

ole32

CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoCreateInstanceEx
OleRun
CoCreateInstance
CoInitializeSecurity
CoInitialize
CoUninitialize
CoTaskMemFree
StringFromCLSID
OleLoadFromStream
WriteClassStm
OleSaveToStream
StringFromIID
CoCreateGuid
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
CreateBindCtx
CoTaskMemAlloc
ReleaseStgMedium
OleDuplicateData
CoTreatAsClass
CreateStreamOnHGlobal
CoRevokeClassObject
CLSIDFromProgID
CLSIDFromString
CoRegisterMessageFilter
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleSetClipboard
OleIsCurrentClipboard
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleSetMenuDescriptor
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleRegEnumVerbs
OleRegGetMiscStatus
OleSave
OleSetContainedObject
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateFromFile
OleCreateLinkToFile
OleCreate
OleLoad
OleGetIconOfClass
CreateItemMoniker
CreateGenericComposite
GetHGlobalFromILockBytes
OleIsRunning
GetRunningObjectTable
CoGetMalloc
CreateOleAdviseHolder
CreateDataAdviseHolder
OleQueryCreateFromData
OleQueryLinkFromData
OleFlushClipboard
OleGetClipboard
DoDragDrop
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
StringFromGUID2
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterClassObject

oleaut32

LoadTypeLi
OleCreateFontIndirect
VarBstrFromCy
VarCyFromStr
VarDecFromStr
VarBstrFromDec
SysReAllocStringLen
VarDateFromStr
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayRedim
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayGetDim
VarBstrFromDate
CreateErrorInfo
SysAllocString
GetErrorInfo
SetErrorInfo
SysAllocStringLen
SysStringLen
SafeArrayDestroy
SafeArrayGetVartype
SysFreeString
SystemTimeToVariantTime
VarUdateFromDate
VarBstrFromI2
VarBstrFromI4
VarBstrFromUI4
VarBstrFromR4
VarBstrFromR8
VarBstrCmp
VarBstrCat
SysAllocStringByteLen
SysReAllocString
SafeArrayUnaccessData
SafeArrayAccessData
SysStringByteLen
VariantInit
VariantCopy
VariantClear
VarDecCmp
VarCyCmp
VariantCopyInd
VariantChangeTypeEx
VariantChangeType
VarDateFromUdate
SafeArrayCreateVector
SafeArrayGetUBound
SafeArrayGetLBound

oledlg

OleUIBusyW

setupapi

CM_Get_Device_ID_ExW
SetupDiGetDeviceInfoListDetailW
SetupDiOpenClassRegKeyExW
CM_Get_First_Log_Conf_Ex
CM_Free_Log_Conf_Handle
CM_Get_Next_Res_Des_Ex
CM_Free_Res_Des_Handle
SetupDiGetDriverInstallParamsW
SetupDiDestroyDeviceInfoList
CM_Get_DevNode_Status_Ex
SetupDiGetDeviceRegistryPropertyW
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Res_Des_Data_Ex
SetupDiSetSelectedDriverW
SetupOpenFileQueue
SetupDiClassGuidsFromNameExW
SetupDiGetClassDevsExW
SetupDiCreateDeviceInfoListExW
SetupDiOpenDeviceInfoW
SetupDiEnumDeviceInfo
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiOpenDevRegKey
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupCloseFileQueue
SetupScanFileQueueW
SetupDiCallClassInstaller

winmm

PlaySoundW
sndPlaySoundW

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 436KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Localization/Arabic_SA.lng
Localization/Arabic_Syr.lng
Localization/Armenian.lng
Localization/Belarusian.lng
Localization/Bulgarian.lng
Localization/Chinese.lng
Localization/Czech.lng
Localization/Dansk.lng
Localization/DutchBelg.lng
Localization/DutchNeth.lng
Localization/English.lng
Localization/Farsi.lng
Localization/Finnish.lng
Localization/French.lng
Localization/German.lng
Localization/Greek.lng
Localization/HddSI_1033.chm
.chm
Localization/HddSI_1049.chm
.chm
Localization/Hebrew.lng
Localization/Hungarian.lng
Localization/Indonesian.lng
Localization/Italian.lng
Localization/Korean.lng
Localization/Norsk.lng
Localization/Polish.lng
Localization/Romanian.lng
Localization/Russian.lng
Localization/Serbian.lng
Localization/Slovak.lng
Localization/Slovenian.lng
Localization/Spanish.lng
Localization/Turkish.lng
Localization/Ukrainian.lng
Localization/Vietnamese.lng
Localization/pt-brazil.lng
Localization/pt-portugal.lng
Localization/zh-tw.lng
Uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2011, 23:59

Subject

CN=AltrixSoft Ltd,O=AltrixSoft Ltd,POSTALCODE=664043,STREET=Ryabikova bul.\, 35-24,L=Irkutsk,ST=Irkutsk oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:23:84:2d:cc:cc:41:83:d5:5f:e7:14:01:72:75:d4:80:d8:96:12
Signer

Actual PE Digest

7b:23:84:2d:cc:cc:41:83:d5:5f:e7:14:01:72:75:d4:80:d8:96:12

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

afa8e526425f3585465337467d0b5909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
lstrcpynA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$TEMP/Utils.dll
.dll windows:4 windows x86 arch:x86

8978e924bf097dae5948d27b6a394e21

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2011, 23:59

Subject

CN=AltrixSoft Ltd,O=AltrixSoft Ltd,POSTALCODE=664043,STREET=Ryabikova bul.\, 35-24,L=Irkutsk,ST=Irkutsk oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:e4:d3:ef:53:bc:f3:8f:f9:d6:d9:38:c6:ef:a7:f1:eb:ea:a2:af
Signer

Actual PE Digest

52:e4:d3:ef:53:bc:f3:8f:f9:d6:d9:38:c6:ef:a7:f1:eb:ea:a2:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\VStudio\MyProjects\HardDriveInspector\Setup\Nsis\KeyCheck\Release\KeyCheck.pdb

Imports

kernel32

GetVersionExA
LocalFree
lstrlenA
GetLocalTime
Sleep
ReleaseMutex
CreateMutexA
GetVersion
DeleteFileA
HeapFree
HeapAlloc
GetProcessHeap
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
lstrlenW
WaitForSingleObject
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetComputerNameA
GetCurrentProcess
SetLastError
GetProcAddress
GetModuleHandleA
FreeLibrary
LoadLibraryA
GetLocaleInfoA
GetTickCount
IsBadWritePtr
IsBadReadPtr
SetFilePointer
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetACP
InterlockedExchange
WriteFile
WideCharToMultiByte
VirtualAlloc
VirtualFree
CloseHandle
GetLastError
MultiByteToWideChar
GetThreadLocale
GetStdHandle
SetHandleCount
HeapSize
TerminateProcess
VirtualQuery
GetSystemInfo
VirtualProtect
FlushFileBuffers
SetUnhandledExceptionFilter
GetModuleFileNameA
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
HeapDestroy
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetOEMCP
GetCPInfo
LCMapStringW
LCMapStringA
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlUnwind
ExitProcess
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
LocalAlloc

user32

IsWindow
SendMessageA

oleaut32

SysAllocString
VarDateFromUdate
VariantClear
VarBstrCat
SysStringLen
SysFreeString

Exports

Exports

Check
CurrentDate
GetRebootFlag
Install
KillHDI
MyStartService
Uninstall
UninstallSilent

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
file_id.diz
license.txt
order.txt
overheat.wav
readme.txt
res/bmpres.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2011, 23:59

Subject

CN=AltrixSoft Ltd,O=AltrixSoft Ltd,POSTALCODE=664043,STREET=Ryabikova bul.\, 35-24,L=Irkutsk,ST=Irkutsk oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

89:04:d7:b8:03:df:a8:c7:c9:91:5e:ed:be:f9:7d:74:89:8c:b4:d1
Signer

Actual PE Digest

89:04:d7:b8:03:df:a8:c7:c9:91:5e:ed:be:f9:7d:74:89:8c:b4:d1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\VStudio\MyProjects\HardDriveInspector\res\bmpres\Release\bmpres.pdb

Sections

.rdata
Size: 4KB - Virtual size: 123B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
res/dlgres.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2011, 23:59

Subject

CN=AltrixSoft Ltd,O=AltrixSoft Ltd,POSTALCODE=664043,STREET=Ryabikova bul.\, 35-24,L=Irkutsk,ST=Irkutsk oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:21:1f:66:b5:51:d9:8a:19:ed:9e:3c:8f:b8:ca:23:a6:ed:9a:06
Signer

Actual PE Digest

0e:21:1f:66:b5:51:d9:8a:19:ed:9e:3c:8f:b8:ca:23:a6:ed:9a:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\VStudio\MyProjects\HardDriveInspector\res\dlgres\Release\dlgres.pdb

Sections

.rdata
Size: 512B - Virtual size: 123B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
res/htmlres.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2011, 23:59

Subject

CN=AltrixSoft Ltd,O=AltrixSoft Ltd,POSTALCODE=664043,STREET=Ryabikova bul.\, 35-24,L=Irkutsk,ST=Irkutsk oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fb:87:1d:ea:e9:eb:2d:bf:82:8f:6f:02:96:bf:7a:4c:e4:63:85:ba
Signer

Actual PE Digest

fb:87:1d:ea:e9:eb:2d:bf:82:8f:6f:02:96:bf:7a:4c:e4:63:85:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\VStudio\MyProjects\HardDriveInspector\res\htmlres\Release\htmlres.pdb

Sections

.rdata
Size: 4KB - Virtual size: 125B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
res/menures.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2011, 23:59

Subject

CN=AltrixSoft Ltd,O=AltrixSoft Ltd,POSTALCODE=664043,STREET=Ryabikova bul.\, 35-24,L=Irkutsk,ST=Irkutsk oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3b:0b:4b:8e:95:ec:83:58:d4:97:45:e9:99:d6:d6:6d:51:3e:32:62
Signer

Actual PE Digest

3b:0b:4b:8e:95:ec:83:58:d4:97:45:e9:99:d6:d6:6d:51:3e:32:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\VStudio\MyProjects\HardDriveInspector\res\menures\Release\menures.pdb

Sections

.rdata
Size: 512B - Virtual size: 125B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
res/strres.dll
.dll windows:4 windows x86 arch:x86

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/07/2008, 00:00

Not After

21/07/2011, 23:59

Subject

CN=AltrixSoft Ltd,O=AltrixSoft Ltd,POSTALCODE=664043,STREET=Ryabikova bul.\, 35-24,L=Irkutsk,ST=Irkutsk oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a4:9f:40:db:29:6f:46:d9:ab:7e:c2:e9:4c:46:cc:79:f4:a8:d2:c3
Signer

Actual PE Digest

a4:9f:40:db:29:6f:46:d9:ab:7e:c2:e9:4c:46:cc:79:f4:a8:d2:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\VStudio\MyProjects\HardDriveInspector\res\strres\Release\strres.pdb

Sections

.rdata
Size: 4KB - Virtual size: 123B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
whatsnew.txt

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12Certificate

Extended Key Usages

Key Usages

71:ff:c3:9c:7a:f0:34:f0:03:a9:6d:34:b5:5c:48:05:1b:77:19:8aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 17KB - Virtual size: 17KB

e24c85c54b02b14edb6004bc369bf6c8

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12Certificate

Extended Key Usages

Key Usages

82:b3:1c:b6:d1:8c:fe:d6:9a:94:5e:4d:22:86:47:eb:c1:f4:12:32Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

netapi32

version

Exports

Exports

Sections

.text Size: 368KB - Virtual size: 365KB

.rdata Size: 92KB - Virtual size: 90KB

.data Size: 12KB - Virtual size: 81KB

.rsrc Size: 24KB - Virtual size: 21KB

.reloc Size: 28KB - Virtual size: 25KB

98d564736c3b1b104fc461d27549d967

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12Certificate

Extended Key Usages

Key Usages

5b:fd:33:77:e2:18:1a:40:21:96:06:4e:7b:df:a7:ef:8b:ef:84:bcSigner

Headers

File Characteristics

PDB Paths

Imports

version

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

71:ff:c3:9c:7a:f0:34:f0:03:a9:6d:34:b5:5c:48:05:1b:77:19:8a
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 17KB - Virtual size: 17KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

82:b3:1c:b6:d1:8c:fe:d6:9a:94:5e:4d:22:86:47:eb:c1:f4:12:32
Signer

.text
Size: 368KB - Virtual size: 365KB

.rdata
Size: 92KB - Virtual size: 90KB

.data
Size: 12KB - Virtual size: 81KB

.rsrc
Size: 24KB - Virtual size: 21KB

.reloc
Size: 28KB - Virtual size: 25KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

8a:92:77:ad:2f:86:50:62:e0:5e:a3:c5:44:93:3e:12
Certificate

5b:fd:33:77:e2:18:1a:40:21:96:06:4e:7b:df:a7:ef:8b:ef:84:bc
Signer

.text
Size: 324KB - Virtual size: 320KB

.rdata
Size: 88KB - Virtual size: 85KB

.data
Size: 16KB - Virtual size: 32KB

.rsrc
Size: 12KB - Virtual size: 10KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 320B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 518B