a940cdc01ebaa8e7600cc6d7784b9ca7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a940cdc01ebaa8e7600cc6d7784b9ca7_JaffaCakes118
Size

711KB
MD5

a940cdc01ebaa8e7600cc6d7784b9ca7
SHA1

2f1200551bc18f36f89f1d743d10dc963dad0f69
SHA256

ba2728728038ccb86bf02d6d46f0766ae4200716570f7fb5c54d9d8baf3bc5cd
SHA512

d4e735acf4ab4bfa79ae11ad644c6e31c9526a043fc39137b861a85e89acce1a98ced39d60d96517668bdff004b9cd921582e1686217621c93b82a5f1c243f05
SSDEEP

12288:twF1q+5fagzxy2Y5Db4QmTBrsGvxrJLfZkHVcmN7f4h:twFI0vhwBkAQxTQNW

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/FileHam(normal)/GuideOn__GO41.exe	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/SetupHlpr.exe
unpack001/FileHam(fast)/FileHamDownClient.dll
unpack001/FileHam(fast)/FileService.dll
unpack001/FileHam(fast)/FileService.exe
unpack002/out.upx

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

a940cdc01ebaa8e7600cc6d7784b9ca7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:08:3b:ab:8b:27:e7:56:65:48:2f:a8:4a:e0:86:c0
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

15/12/2010, 00:00

Not After

14/12/2012, 23:59

Subject

CN=fileham,O=fileham,L=geumchon-gu,ST=seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:ec:21:25:e9:4d:0a:5e:0e:c3:05:65:d7:dd:da:d6:61:b9:8c:94
Signer

Actual PE Digest

5d:ec:21:25:e9:4d:0a:5e:0e:c3:05:65:d7:dd:da:d6:61:b9:8c:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetupHlpr.exe
.exe windows:4 windows x86 arch:x86

cf208266862ad5001b16b4e38c3db833

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
lstrcmpiA
DeleteFileA
CloseHandle
WaitForSingleObject
CreateProcessA
lstrcpynA
GetFileAttributesA
Sleep
LocalFree
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
CreateEventA
GetComputerNameA
SetEvent
TerminateThread
SystemTimeToFileTime
GetSystemTime
FindClose
FindFirstFileA
ReadFile
GetFileSize
CreateFileA
HeapAlloc
HeapFree
GetLastError
GetWindowsDirectoryA
ResetEvent
MoveFileA
SetFileAttributesA
SetFileTime
FlushFileBuffers
WriteFile
GlobalFree
GlobalUnlock
GlobalLock
SetThreadPriority
CreateThread
GlobalAlloc
MoveFileExA
LocalAlloc
RemoveDirectoryA
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
SetStdHandle
LoadLibraryA
SetFilePointer
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetSystemDirectoryA
GetTempPathA
lstrcpyA
CreateDirectoryA
lstrlenA
GetFileInformationByHandle
GetLocalTime
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
RaiseException
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetProcAddress
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetStringTypeW
GetStringTypeA
HeapSize
GetCurrentProcess
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
HeapReAlloc
RtlUnwind

user32

FindWindowA
wsprintfA
PostMessageA
SendMessageA
PeekMessageA
IsWindow
DispatchMessageA
TranslateMessage

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA

shell32

SHGetSpecialFolderPathA
ShellExecuteExA

ole32

CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysStringByteLen
SysFreeString
VariantInit
VariantClear
GetErrorInfo

wininet

InternetCrackUrlA
InternetCanonicalizeUrlA
FtpRemoveDirectoryA
InternetConnectA
InternetGetLastResponseInfoA
FtpFindFirstFileA
FtpDeleteFileA
FtpRenameFileA
FtpOpenFileA
InternetOpenUrlA
InternetCloseHandle
InternetSetStatusCallback
InternetSetOptionA
InternetOpenA
FtpGetCurrentDirectoryA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetReadFile
FtpCreateDirectoryA
HttpQueryInfoA

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$SYSDIR/fileham.ico
FileHam(fast)/FileHamDown.exe
.exe windows:4 windows x86 arch:x86

542ddcc98d09b062ab997e1bb4d6d8a8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:08:3b:ab:8b:27:e7:56:65:48:2f:a8:4a:e0:86:c0
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

15/12/2010, 00:00

Not After

14/12/2012, 23:59

Subject

CN=fileham,O=fileham,L=geumchon-gu,ST=seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:23:37:80:ff:77:09:a9:39:c6:75:30:f1:42:3d:72:70:7f:f2:df
Signer

Actual PE Digest

0d:23:37:80:ff:77:09:a9:39:c6:75:30:f1:42:3d:72:70:7f:f2:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\FileHam-NOAD\Fileham.co.kr\src_client\down_client\Release\down_client.pdb

Imports

kernel32

SetErrorMode
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
TerminateProcess
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
VirtualFree
IsBadWritePtr
GetOEMCP
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetDriveTypeA
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
GetCPInfo
GetFileTime
GetFileAttributesA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
LocalAlloc
GlobalFlags
InterlockedIncrement
GetCurrentDirectoryA
WritePrivateProfileStringA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
GetFullPathNameA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalGetAtomNameA
GlobalFindAtomA
FreeResource
GlobalAddAtomA
SetLastError
FormatMessageA
LocalFree
GetCurrentThreadId
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcatW
CopyFileW
DeleteFileW
CreateDirectoryW
lstrcpynW
ResetEvent
GetModuleFileNameW
LoadLibraryW
lstrcmpW
lstrcpyW
FreeLibrary
LoadLibraryA
GetSystemDirectoryA
GetCurrentProcess
lstrcatA
GetPrivateProfileStringA
GetCommandLineA
GetTickCount
GetNumberFormatA
GetDiskFreeSpaceExA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
InterlockedDecrement
GetModuleFileNameA
CreateProcessA
GetExitCodeProcess
FindFirstFileA
FindClose
GetVolumeInformationA
lstrcmpA
WaitForSingleObject
GetExitCodeThread
TerminateThread
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateEventA
GetCurrentThread
SetThreadPriority
CreateDirectoryA
CreateFileA
CloseHandle
LoadResource
LockResource
SizeofResource
FindResourceA
lstrcpynA
MulDiv
lstrcpyA
RaiseException
DeleteCriticalSection
InitializeCriticalSection
CreateMutexA
GetLastError
Sleep
lstrlenA
lstrcmpiA
lstrcmpiW
WideCharToMultiByte
lstrlenW
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
UnhandledExceptionFilter
GetVersionExA

user32

SetMenu
TranslateAcceleratorA
GetMenuItemInfoA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
LoadCursorA
DrawIcon
IsRectEmpty
wsprintfA
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
MoveWindow
SetWindowTextA
IsDialogMessageA
ReleaseDC
RegisterWindowMessageA
WinHelpA
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
RegisterClassA
BringWindowToTop
DefWindowProcA
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
SetWindowsHookExA
CallNextHookEx
CharUpperA
MessageBoxA
GetClassInfoA
UnregisterClassA
LoadIconA
DrawIconEx
GetWindowLongA
CopyRect
PtInRect
InflateRect
LoadBitmapA
GetMessageA
IsWindowVisible
GetKeyState
ValidateRect
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostQuitMessage
wsprintfW
ExitWindowsEx
LockWindowUpdate
ReplyMessage
FindWindowA
SetWindowRgn
GetActiveWindow
SetRectEmpty
InsertMenuItemA
PostThreadMessageA
GetDC
SetRect
GetParent
GetWindowRect
IsWindow
SetWindowLongA
CallWindowProcA
UpdateWindow
SetCursor
WindowFromPoint
SetCapture
GetCapture
RegisterClipboardFormatA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
GetDlgCtrlID
FillRect
DrawFocusRect
SendMessageA
GetClientRect
GetFocus
EnableWindow
PostMessageA
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
PeekMessageA
InvalidateRect
RedrawWindow
SetForegroundWindow
ShowWindow
DestroyMenu
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
AppendMenuA
CreatePopupMenu
GetSystemMetrics
GetSysColor
ReleaseCapture
GetIconInfo
LoadImageA
DestroyIcon
OffsetRect
ClientToScreen

gdi32

CreateEllipticRgn
LPtoDP
Ellipse
GetTextColor
GetRgnBox
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
GetBkColor
CreatePen
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
CreateRectRgn
CreateFontA
CreateDIBSection
ExtCreateRegion
CombineRgn
SelectObject
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteDC
CreateFontIndirectA
DeleteObject
GetStockObject
GetTextExtentPoint32A
StretchBlt
Rectangle
GetDeviceCaps
CreateCompatibleDC
SetRectRgn
CreateRectRgnIndirect
GetObjectA
CreateSolidBrush

comdlg32

GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegOpenKeyExA
RegEnumKeyA
RegEnumValueA
RegCloseKey
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegConnectRegistryA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

SHGetFileInfoA
ShellExecuteA
SHGetSpecialFolderPathA
DragFinish
DragQueryFileA
Shell_NotifyIconA

comctl32

ord17
ImageList_Draw
ImageList_Destroy
ImageList_GetImageInfo

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
StrFormatByteSize64A
PathGetArgsA

oledlg

ord8

ole32

CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoTaskMemFree
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject

oleaut32

SysAllocStringByteLen
SysStringByteLen
VariantClear
SysAllocStringLen
VariantChangeType
VariantInit
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
OleCreateFontIndirect
SysFreeString

ws2_32

WSARecv
WSASend
WSAWaitForMultipleEvents
setsockopt
gethostbyname
WSAConnect
WSASocketA
WSAGetLastError
select
__WSAFDIsSet
recv
socket
closesocket
inet_addr
htons
connect
WSAStartup
WSACleanup

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FileHam(fast)/FileHamDownClient.dll
.dll windows:5 windows x86 arch:x86

12b58997943d125dbfe0fc7e97b3e7a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\WorkSpace\Product\Hydra\trunk\Hosting\fih\DND\GDnClient\Release\FileHamDownClient.pdb

Imports

kernel32

lstrlenW
GetLastError
EnterCriticalSection
lstrcatW
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
CreateDirectoryW
MultiByteToWideChar
GetProcAddress
GetQueuedCompletionStatus
TerminateThread
Sleep
GetExitCodeThread
PostQueuedCompletionStatus
WaitForMultipleObjects
CreateIoCompletionPort
HeapAlloc
HeapFree
CreateFileW
GetTickCount
WaitForSingleObject
FindFirstFileW
FindClose
SetEvent
ResetEvent
CreateEventW
CallNamedPipeW
WaitNamedPipeW
SetLastError
SetNamedPipeHandleState
SetEndOfFile
SetFilePointerEx
GetFileAttributesW
lstrcmpW
GetFileSizeEx
DeleteFileW
SetFileAttributesW
InterlockedDecrement
GetModuleFileNameW
lstrcpynW
LeaveCriticalSection
WideCharToMultiByte
InitializeCriticalSection
WriteFile
GetProcessHeap
InterlockedIncrement
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapReAlloc
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
GetModuleFileNameA
ExitThread
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
GetStdHandle

user32

wsprintfW

advapi32

RegCloseKey
RegOpenCurrentUser
RegCreateKeyExW
RegSetValueExW

ws2_32

WSARecv
WSASend
ioctlsocket
WSAIoctl
bind
inet_addr
htons
WSASocketW
setsockopt
recv
closesocket
gethostbyname
send
listen
WSAGetLastError
WSAStartup
WSACleanup
socket
inet_ntoa
shutdown
connect
select

wininet

InternetOpenUrlW
InternetCloseHandle
InternetOpenW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

CreateDownloadClient
DestroyDownloadClient

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FileHam(fast)/FileService.dll
.dll windows:5 windows x86 arch:x86

532021d2ef1d21d7c3b6f0936ee672f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\WorkSpace\Product\Hydra\trunk\Hosting\fih\DND\GUploadSvc\Release\FileService.pdb

Imports

kernel32

lstrcpynW
lstrcmpW
InterlockedExchange
InterlockedExchangeAdd
WaitForMultipleObjects
CreateWaitableTimerW
CloseHandle
WaitForSingleObject
SetEvent
ConnectNamedPipe
CallNamedPipeW
CreateNamedPipeW
WriteFile
ReadFile
DisconnectNamedPipe
FlushFileBuffers
GetLastError
CancelWaitableTimer
CreateEventW
GetComputerNameW
GetModuleFileNameW
GetLocalTime
GetVolumeInformationW
SetFilePointer
Sleep
GetProcessHeap
WideCharToMultiByte
lstrcatW
GetCurrentThreadId
FreeLibrary
CreateDirectoryW
LoadLibraryW
MultiByteToWideChar
GetProcAddress
GetQueuedCompletionStatus
TerminateThread
GetExitCodeThread
PostQueuedCompletionStatus
CreateIoCompletionPort
ResetEvent
MoveFileExW
GetTickCount
InterlockedDecrement
SetWaitableTimer
GlobalMemoryStatusEx
lstrlenW
InterlockedIncrement
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
HeapFree
HeapAlloc
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetConsoleMode
GetConsoleCP
SetStdHandle
GetStringTypeW
CreateFileA
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetCommandLineA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
RaiseException
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSize

user32

wsprintfW

advapi32

RegDeleteValueW
RegCreateKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW

ole32

CoCreateGuid

wininet

InternetOpenW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW

ws2_32

getsockname
getpeername
WSAIoctl
inet_addr
shutdown
listen
WSASend
WSAGetLastError
setsockopt
bind
WSAStartup
WSACleanup
gethostbyname
closesocket
WSASocketW
WSARecv
htons

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

CreateServiceClient
DestroyServiceClient

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FileHam(fast)/FileService.exe
.exe windows:5 windows x86 arch:x86

d2a178c15e25f5411e172a52a882a107

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
CreateEventW
SetFilePointerEx
GetFileSizeEx
lstrcatW
MultiByteToWideChar
GetFileSize
SetFilePointer
HeapAlloc
HeapFree
GetProcessHeap
MoveFileW
GetCurrentThreadId
WideCharToMultiByte
OpenProcess
GetVersionExW
Process32FirstW
TerminateThread
CreateToolhelp32Snapshot
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEvent
DeleteFileW
CloseHandle
GetProcAddress
CreateFileW
GetModuleFileNameW
Sleep
LoadLibraryW
GetLogicalDriveStringsW
FreeLibrary
GetDriveTypeW
lstrcpyW
FindNextFileW
FindClose
lstrlenW
lstrcmpW
GetTickCount
FindFirstFileW
ReadFile
WriteFile
DeleteCriticalSection
GetFileAttributesExW
EnterCriticalSection
lstrcpynW
LeaveCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
FlushFileBuffers
SetStdHandle
CreateFileA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetCommandLineW
WaitForSingleObject
LocalFree
lstrcmpiW
Process32NextW
GetStringTypeW
GetStringTypeA
LCMapStringA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
VirtualAlloc
VirtualFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
ExitThread
CreateThread
HeapReAlloc
GetModuleHandleW
ExitProcess
GetStartupInfoW
RaiseException
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
HeapCreate

user32

DispatchMessageW
GetMessageW
PostThreadMessageW
wsprintfW

advapi32

CreateServiceW
ImpersonateLoggedOnUser
OpenProcessToken
ControlService
RegisterServiceCtrlHandlerW
SetServiceStatus
QueryServiceStatus
StartServiceW
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
CloseServiceHandle
DuplicateTokenEx
RegSetValueExW
RegCloseKey
RegOpenCurrentUser
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
ConvertSidToStringSidW
GetTokenInformation

shell32

SHGetFolderPathW
CommandLineToArgvW

ole32

CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

fileservice

CreateServiceClient
DestroyServiceClient

iphlpapi

GetAdaptersInfo

ws2_32

send
closesocket
recv
WSACleanup
ioctlsocket
connect
sendto
setsockopt
htons
inet_addr
recvfrom
WSAStartup
inet_ntoa
socket

shlwapi

StrStrIA

wininet

InternetCrackUrlA
InternetReadFile
InternetCloseHandle
InternetOpenW
InternetOpenUrlW

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FileHam(fast)/Uninstall.exe.nsis
FileHam(fast)/fileham.ico
FileHam(fast)/sver.ini
FileHam(normal)/FileHam.ico
FileHam(normal)/FileHamDown.exe
.exe windows:4 windows x86 arch:x86

499b165ac1cb702f4627a190d68f771e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:08:3b:ab:8b:27:e7:56:65:48:2f:a8:4a:e0:86:c0
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

15/12/2010, 00:00

Not After

14/12/2012, 23:59

Subject

CN=fileham,O=fileham,L=geumchon-gu,ST=seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a2:c6:4c:70:ab:fd:1f:75:58:b5:69:6d:69:28:50:53:83:8b:df:18
Signer

Actual PE Digest

a2:c6:4c:70:ab:fd:1f:75:58:b5:69:6d:69:28:50:53:83:8b:df:18

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\PROJECT\FileHam\Fileham.co.kr\src_client\down_client\Release\down_client.pdb

Imports

kernel32

VirtualQuery
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
TerminateProcess
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
VirtualFree
IsBadWritePtr
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
VirtualAlloc
LCMapStringW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
VirtualProtect
RtlUnwind
GetVersionExA
ExitProcess
SetErrorMode
GetOEMCP
GetCPInfo
GetFileTime
GetFileAttributesA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
LocalAlloc
GlobalFlags
InterlockedIncrement
GetCurrentDirectoryA
WritePrivateProfileStringA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
GetFullPathNameA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
GlobalAddAtomA
SetLastError
FormatMessageA
LocalFree
GetCurrentThreadId
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesA
FreeLibrary
LoadLibraryA
GetSystemDirectoryA
GetCurrentProcess
lstrcatA
GetPrivateProfileStringA
GetCommandLineA
GetTickCount
GetNumberFormatA
GetDiskFreeSpaceExA
GetModuleHandleA
GetProcAddress
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
InterlockedDecrement
GetModuleFileNameA
CreateProcessA
GetExitCodeProcess
FindFirstFileA
FindClose
GetVolumeInformationA
lstrcmpA
WaitForSingleObject
GetExitCodeThread
TerminateThread
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateEventA
GetCurrentThread
SetThreadPriority
CreateDirectoryA
CreateFileA
CloseHandle
LoadResource
LockResource
SizeofResource
FindResourceA
lstrcpynA
MulDiv
lstrcpyA
RaiseException
DeleteCriticalSection
InitializeCriticalSection
CreateMutexA
GetLastError
Sleep
lstrlenA
lstrcmpiA
WideCharToMultiByte
lstrlenW
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LCMapStringA

user32

SetMenu
TranslateAcceleratorA
GetMenuItemInfoA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
LoadCursorA
DrawIcon
IsRectEmpty
wsprintfA
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
MoveWindow
SetWindowTextA
ReleaseDC
RegisterWindowMessageA
WinHelpA
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
RegisterClassA
BringWindowToTop
GetDlgCtrlID
DefWindowProcA
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
SetWindowsHookExA
CharUpperA
MessageBoxA
GetClassInfoA
UnregisterClassA
LoadIconA
DrawIconEx
GetWindowLongA
CopyRect
PtInRect
InflateRect
LoadBitmapA
CallNextHookEx
GetMessageA
GetKeyState
ValidateRect
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostQuitMessage
IsWindowVisible
ExitWindowsEx
LockWindowUpdate
ReplyMessage
FindWindowA
GetActiveWindow
GetDC
SetRectEmpty
InsertMenuItemA
PostThreadMessageA
IsWindow
SetWindowLongA
CallWindowProcA
UpdateWindow
SetCursor
SetRect
GetParent
GetWindowRect
SetWindowRgn
WindowFromPoint
SetCapture
GetCapture
RegisterClipboardFormatA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
FillRect
DrawFocusRect
SendMessageA
GetClientRect
GetFocus
EnableWindow
PostMessageA
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
PeekMessageA
InvalidateRect
RedrawWindow
SetForegroundWindow
ShowWindow
DestroyMenu
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
AppendMenuA
CreatePopupMenu
GetSystemMetrics
GetSysColor
ReleaseCapture
GetIconInfo
LoadImageA
DestroyIcon
OffsetRect
ClientToScreen
IsDialogMessageA

gdi32

CreateEllipticRgn
LPtoDP
Ellipse
CreatePatternBrush
GetBkColor
GetTextColor
GetRgnBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
CreatePen
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
CreateRectRgn
CreateFontA
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
SetBkColor
CreateFontIndirectA
GetStockObject
CreateDIBSection
SelectObject
BitBlt
ExtCreateRegion
CombineRgn
DeleteObject
DeleteDC
GetTextExtentPoint32A
StretchBlt
Rectangle
GetDeviceCaps
CreateCompatibleDC
SetRectRgn
CreateRectRgnIndirect
GetObjectA
CreateSolidBrush

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegOpenKeyExA
RegEnumKeyA
RegEnumValueA
RegCloseKey
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegConnectRegistryA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

ShellExecuteA
SHGetFileInfoA
SHGetSpecialFolderPathA
DragFinish
DragQueryFileA
Shell_NotifyIconA

comctl32

ord17
ImageList_Draw
ImageList_Destroy
ImageList_GetImageInfo

shlwapi

PathGetArgsA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
StrFormatByteSize64A
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoRevokeClassObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SysAllocString
VariantInit
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringLen
VariantChangeType
SysStringLen
SafeArrayGetElemsize
SafeArrayGetDim
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect

ws2_32

WSARecv
WSASend
WSAWaitForMultipleEvents
setsockopt
gethostbyname
WSAConnect
WSASocketA
WSAGetLastError
select
__WSAFDIsSet
recv
socket
closesocket
inet_addr
WSACleanup
connect
WSAStartup
htons

wininet

HttpSendRequestA
HttpOpenRequestA
InternetOpenA
InternetConnectA
InternetCloseHandle

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 352KB - Virtual size: 350KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FileHam(normal)/FileHamUp.exe
.exe windows:4 windows x86 arch:x86

04714a3d64b65e9dfb181a79aa5b3a51

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:08:3b:ab:8b:27:e7:56:65:48:2f:a8:4a:e0:86:c0
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

15/12/2010, 00:00

Not After

14/12/2012, 23:59

Subject

CN=fileham,O=fileham,L=geumchon-gu,ST=seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

80:7c:f7:50:6c:51:cf:05:3d:6f:9c:cc:be:6f:58:b3:41:5c:54:64
Signer

Actual PE Digest

80:7c:f7:50:6c:51:cf:05:3d:6f:9c:cc:be:6f:58:b3:41:5c:54:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\PROJECT\FileHam\Fileham.co.kr\src_client\up_client\Release\up_client.pdb

Imports

kernel32

GetDateFormatA
GetStartupInfoA
HeapReAlloc
TerminateProcess
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
VirtualFree
IsBadWritePtr
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStdHandle
GetTimeFormatA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
GetSystemTimeAsFileTime
CreateThread
ExitThread
VirtualQuery
lstrlenA
VirtualAlloc
VirtualProtect
ExitProcess
RtlUnwind
SetErrorMode
GetFileTime
GetFileAttributesA
GetCurrentDirectoryA
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
LocalAlloc
GlobalFlags
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
FormatMessageA
LocalFree
SetLastError
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetCurrentProcess
lstrcatA
GetPrivateProfileStringA
GetCommandLineA
GetTickCount
GetNumberFormatA
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
InterlockedDecrement
GetModuleFileNameA
WaitForSingleObject
GetExitCodeThread
TerminateThread
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateEventA
GetCurrentThread
SetThreadPriority
CloseHandle
RaiseException
DeleteCriticalSection
InitializeCriticalSection
CreateMutexA
Sleep
LoadResource
LockResource
SizeofResource
FindResourceA
GetLastError
lstrcmpiA
WideCharToMultiByte
lstrlenW
CompareStringA
CompareStringW
GetVersion
MultiByteToWideChar
lstrcpynA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
MulDiv
lstrcpyA
FreeEnvironmentStringsA

user32

BringWindowToTop
SetMenu
TranslateAcceleratorA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
GetMenuItemInfoA
LoadCursorA
DrawIcon
IsRectEmpty
wsprintfA
SetWindowContextHelpId
MapDialogRect
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
IsWindowEnabled
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
SetRectEmpty
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
GetMenu
GetSubMenu
GetMenuItemID
LoadIconA
DrawIconEx
GetWindowLongA
CharUpperA
CopyRect
PtInRect
InflateRect
FillRect
DrawFocusRect
SendMessageA
GetClientRect
GetMenuItemCount
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
RegisterClassA
GetDlgCtrlID
DefWindowProcA
SetWindowPos
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
ReleaseDC
ExitWindowsEx
ReplyMessage
InsertMenuItemA
LoadAcceleratorsA
FindWindowA
GetActiveWindow
GetDC
IsWindow
SetWindowLongA
CallWindowProcA
RedrawWindow
UpdateWindow
SetCursor
SetRect
GetParent
GetWindowRect
PostThreadMessageA
RegisterClipboardFormatA
UnpackDDElParam
ReuseDDElParam
GetLastActivePopup
LoadMenuA
GetFocus
EnableWindow
MessageBoxA
GetClassInfoA
UnregisterClassA
PostMessageA
SetTimer
KillTimer
InvalidateRect
SetForegroundWindow
ShowWindow
DestroyMenu
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
AppendMenuA
CreatePopupMenu
GetSystemMetrics
GetSysColor
ReleaseCapture
GetIconInfo
LoadImageA
DestroyIcon
OffsetRect
ClientToScreen
GetCapture
SetCapture
WindowFromPoint
SetWindowRgn
LoadBitmapA
ShowOwnedPopups

gdi32

CreateEllipticRgn
LPtoDP
Ellipse
GetBkColor
GetTextColor
GetRgnBox
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
CreatePen
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
CreateRectRgn
CreateFontA
StretchBlt
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
SetBkColor
CreateFontIndirectA
GetStockObject
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
ExtCreateRegion
CombineRgn
DeleteObject
DeleteDC
GetObjectA
GetTextExtentPoint32A
Rectangle
GetDeviceCaps
SetRectRgn
CreateRectRgnIndirect
CreateSolidBrush

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegOpenKeyExA
RegEnumKeyA
RegEnumValueA
RegCloseKey
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegConnectRegistryA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

Shell_NotifyIconA
SHGetFileInfoA
DragFinish
DragQueryFileA
ShellExecuteA

comctl32

ImageList_Draw
ord17
ImageList_Destroy
ImageList_GetImageInfo

shlwapi

PathGetArgsA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecA
StrFormatByteSize64A
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoRevokeClassObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SysAllocString
VariantInit
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringLen
VariantChangeType
SysStringLen
SafeArrayGetElemsize
SafeArrayGetDim
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect

ws2_32

WSARecv
WSASend
WSAWaitForMultipleEvents
setsockopt
WSAConnect
WSASocketA
select
WSAGetLastError
__WSAFDIsSet
send
socket
closesocket
inet_addr
htons
connect
WSACleanup
WSAStartup
gethostbyname

Sections

.text
Size: 332KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FileHam(normal)/GuideOn__GO41.exe
.exe windows:5 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:d3:a7:b1:e9:14:d8:85:50:9c:16:51:fe:20:08:d0
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

04/12/2010, 00:00

Not After

02/02/2012, 23:59

Subject

CN=nbiz Ltd.,OU=Development Department,O=nbiz Ltd.,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 200KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 131KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FileHam(normal)/Uninstall.exe.nsis
FileHam(normal)/ver.ini

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

2a:08:3b:ab:8b:27:e7:56:65:48:2f:a8:4a:e0:86:c0Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

5d:ec:21:25:e9:4d:0a:5e:0e:c3:05:65:d7:dd:da:d6:61:b9:8c:94Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 18KB - Virtual size: 18KB

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

cf208266862ad5001b16b4e38c3db833

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 16KB - Virtual size: 32KB

542ddcc98d09b062ab997e1bb4d6d8a8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

2a:08:3b:ab:8b:27:e7:56:65:48:2f:a8:4a:e0:86:c0Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0d:23:37:80:ff:77:09:a9:39:c6:75:30:f1:42:3d:72:70:7f:f2:dfSigner

Headers

File Characteristics

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

2a:08:3b:ab:8b:27:e7:56:65:48:2f:a8:4a:e0:86:c0
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

5d:ec:21:25:e9:4d:0a:5e:0e:c3:05:65:d7:dd:da:d6:61:b9:8c:94
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 18KB - Virtual size: 18KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 32KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

2a:08:3b:ab:8b:27:e7:56:65:48:2f:a8:4a:e0:86:c0
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0d:23:37:80:ff:77:09:a9:39:c6:75:30:f1:42:3d:72:70:7f:f2:df
Signer

.text
Size: 356KB - Virtual size: 355KB

.rdata
Size: 92KB - Virtual size: 90KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 81KB - Virtual size: 80KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 17KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB