aa634262dc894b693e736187aebea244_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aa634262dc894b693e736187aebea244_JaffaCakes118
Size

846KB
MD5

aa634262dc894b693e736187aebea244
SHA1

9f714824571bebc32317c55c8ccdd2967f555450
SHA256

3a7f01ce264560a750edd483cb63eb13d0d8b8535cf8f8a0df1c57c0bd6cd956
SHA512

f141e80d7801f30e1d9d04f4c18b42a97b2ad15ebfae388e20818d02c28c387e0289de2c1b7df20f2ac33d3dba50bb69750e4a7874366786486b8226ba9e3d70
SSDEEP

24576:D6MqLjTPfRbcrlbN/FRnDkjI84Vs3DPO4hreoQ36Pvi:ETXR4lh9RnI8WaKpQ38vi

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/CustomLicense.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

aa634262dc894b693e736187aebea244_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:7c:2c:b4:df:02:26:42:c1:be:58:55:25:4b:1d:92
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/12/2009, 00:00

Not After

23/01/2012, 23:59

Subject

CN=PriceGong Software Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PriceGong Software Ltd,L=Ramat Gan,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CustomLicense.dll
.dll windows:5 windows x86 arch:x86

17ea51acf0005f354251d1882460a13c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
GetFileSize
GlobalAlloc
ReadFile
GetLastError
GlobalFree
CloseHandle
lstrcpyA
lstrcpynA

user32

SendMessageA

Exports

Exports

LoadFile

Sections

.text
Size: 1024B - Virtual size: 594B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 413B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/licence.txt
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PriceGongIE.dll
.dll regsvr32 windows:4 windows x86 arch:x86

3e2f1686ffefcecafa6f5ae9a0e652e7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:7c:2c:b4:df:02:26:42:c1:be:58:55:25:4b:1d:92
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/12/2009, 00:00

Not After

23/01/2012, 23:59

Subject

CN=PriceGong Software Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PriceGong Software Ltd,L=Ramat Gan,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\PriceGong\Projects\PriceFactor\PriceFactorIE\Release\PriceFactorIE.pdb

Imports

kernel32

GetProcessHeap
HeapAlloc
lstrcmpiW
lstrcpynW
GetCurrentThreadId
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
lstrcatW
GetProcAddress
LoadLibraryW
GlobalUnlock
GlobalLock
GlobalAlloc
GetVolumeInformationW
GetSystemTime
LocalFree
LocalAlloc
lstrlenA
CopyFileW
CreateDirectoryW
DeleteFileW
CloseHandle
SetFileTime
WriteFile
CreateFileW
ReadFile
GetFileSize
FindClose
FindNextFileW
FindFirstFileW
WideCharToMultiByte
SetCurrentDirectoryW
FileTimeToSystemTime
GetFileTime
LoadLibraryA
GetSystemDirectoryA
WaitForSingleObject
HeapReAlloc
ReleaseMutex
CreateMutexW
SetFilePointer
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesW
GetCurrentDirectoryW
HeapCreate
SetUnhandledExceptionFilter
GetModuleFileNameA
HeapFree
GetTickCount
QueryPerformanceCounter
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
CreateThread
ResumeThread
ExitThread
GetSystemTimeAsFileTime
GetCommandLineA
RtlUnwind
ExitProcess
HeapSize
HeapDestroy
GetVersionExA
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
TerminateProcess
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetCurrentProcess
InterlockedExchange
FlushInstructionCache
GetLastError
LeaveCriticalSection
EnterCriticalSection
lstrcpyW
InterlockedDecrement
InterlockedIncrement
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetTimeFormatA
SetEnvironmentVariableA
CompareStringW
GetDateFormatA
CompareStringA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
GetOEMCP
GetCPInfo
InitializeCriticalSection
RaiseException
lstrlenW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetCurrentProcessId
GetStringTypeA
VirtualFree

user32

EnableWindow
CharLowerBuffW
GetClassInfoW
RegisterClassW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindowRect
SystemParametersInfoW
MoveWindow
ReleaseCapture
AnimateWindow
GetFocus
SetWindowPos
SetFocus
SendMessageW
ShowWindow
CallWindowProcW
GetWindowLongW
CreateWindowExW
RegisterClassExW
DefWindowProcW
DestroyWindow
LoadCursorW
wsprintfW
GetClassInfoExW
CharNextW
SetWindowLongW
EnumWindows
GetWindowTextW
PostMessageW
EnumChildWindows
GetClassNameW
UnregisterClassW
GetClientRect

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey

shell32

SHCreateDirectoryExW
FindExecutableW
SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoInitialize
CoCreateGuid
StringFromCLSID
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

SysAllocString
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
VarBstrCmp
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VarUI4FromStr
VarBstrCat
VariantClear
VariantInit
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysFreeString

shlwapi

PathFindExtensionW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptQueryObject
CryptMsgClose

ws2_32

WSASocketW
closesocket
WSAStartup
WSACreateEvent
WSASetEvent
WSAEventSelect
WSARecv
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSASetLastError
WSAEnumNetworkEvents
WSACloseEvent
WSACleanup
ntohs
getservbyport
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
WSAConnect
gethostbyaddr

iphlpapi

GetAdaptersInfo

Exports

Exports

CloseBrowsers
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IsInstalledNewerVersion
IsOpenBrowsers
SetSnoozeTime

Sections

.text
Size: 276KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_7_/chrome.manifest
$_7_/chrome/content/PriceGong.png
.png
$_7_/chrome/content/options.js
.js
$_7_/chrome/content/options.xul
.xml
$_7_/chrome/content/overlay.js
.js
$_7_/chrome/content/pricegong.xul
.js .xml polyglot
$_7_/chrome/locale/en-US/overlay.dtd
$_7_/chrome/locale/en-US/pricegong.dtd
$_7_/chrome/skin/overlay.css
$_7_/components/PriceGong.xpt
$_7_/components/PriceGongFF.dll
.dll regsvr32 windows:4 windows x86 arch:x86

39ad278e897790c500b72a185600f904

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:7c:2c:b4:df:02:26:42:c1:be:58:55:25:4b:1d:92
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/12/2009, 00:00

Not After

23/01/2012, 23:59

Subject

CN=PriceGong Software Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PriceGong Software Ltd,L=Ramat Gan,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\PriceGong\Projects\PriceFactor\PriceFactorFF\Release\PriceFactorFF.pdb

Imports

xpcom

NS_GetComponentManager
NS_Alloc
NS_CStringGetData
NS_GetServiceManager
NS_UTF16ToCString
NS_CStringContainerFinish
NS_CStringContainerInit
NS_StringContainerInit2
NS_StringContainerFinish
NS_StringContainerInit
NS_StringGetData

kernel32

LockResource
LoadResource
FindResourceW
FindResourceExW
DeleteFileW
GetModuleFileNameW
GetProcAddress
LoadLibraryW
lstrcpyW
EnterCriticalSection
LeaveCriticalSection
GetLastError
lstrcmpiW
lstrcpynW
lstrcatW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GlobalUnlock
GlobalLock
GlobalAlloc
GetVolumeInformationW
GetSystemTime
LocalFree
LocalAlloc
lstrlenA
CopyFileW
CreateDirectoryW
CloseHandle
SetFileTime
WriteFile
CreateFileW
ReadFile
GetFileSize
FindClose
FindNextFileW
FindFirstFileW
WideCharToMultiByte
SetCurrentDirectoryW
FileTimeToSystemTime
GetFileTime
SizeofResource
GetSystemDirectoryA
WaitForSingleObject
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
ReleaseMutex
CreateMutexW
SetFilePointer
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesW
GetCurrentDirectoryW
HeapDestroy
HeapSize
ExitProcess
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetCurrentProcess
GetSystemTimeAsFileTime
ExitThread
ResumeThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetModuleFileNameA
SetUnhandledExceptionFilter
TlsAlloc
SetLastError
TlsFree
lstrlenW
MultiByteToWideChar
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CompareStringA
CompareStringW
SetEnvironmentVariableA
LoadLibraryA
GetVersionExA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
GetTimeZoneInformation
GetDateFormatA
TlsGetValue
VirtualFree
TlsSetValue
IsBadWritePtr
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetStdHandle
LCMapStringA
LCMapStringW
GetTimeFormatA
HeapCreate

user32

EnableWindow
CreateWindowExW
GetWindowLongW
SetWindowLongW
GetClassInfoW
RegisterClassW
DefWindowProcW
GetClientRect
DestroyWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindowRect
SystemParametersInfoW
MoveWindow
ReleaseCapture
AnimateWindow
GetFocus
SetWindowPos
SetFocus
EnumWindows
SendMessageW
GetClassNameW
ShowWindow
CharNextW
CharLowerBuffW
wsprintfW

advapi32

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
SHFileOperationW
FindExecutableW
SHCreateDirectoryExW

ole32

StringFromCLSID
StringFromGUID2
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoCreateGuid
CoCreateInstance
CoTaskMemAlloc

oleaut32

VariantInit
VariantClear
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VarBstrCmp
VarBstrCat
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysAllocString
SysAllocStringLen
SysFreeString

nspr4

PR_AtomicIncrement
PR_AtomicDecrement

shlwapi

PathFindExtensionW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

crypt32

CertGetNameStringW
CertFreeCertificateContext
CryptMsgClose
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertCloseStore

ws2_32

WSASocketW
closesocket
WSAStartup
WSACreateEvent
WSASetEvent
WSAEventSelect
WSARecv
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSAConnect
WSAEnumNetworkEvents
WSASetLastError
WSACleanup
ntohs
getservbyport
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
WSACloseEvent

iphlpapi

GetAdaptersInfo

Exports

Exports

CreatePriceFactorFFCtrl
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NSGetModule
NSModule

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_7_/components/PriceGongFF_50.dll
.dll regsvr32 windows:4 windows x86 arch:x86

6bdf11c4df84e7721c86957373fba3ec

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:7c:2c:b4:df:02:26:42:c1:be:58:55:25:4b:1d:92
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/12/2009, 00:00

Not After

23/01/2012, 23:59

Subject

CN=PriceGong Software Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PriceGong Software Ltd,L=Ramat Gan,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\PriceGong\Projects\PriceFactor\PriceFactorFF\Release\PriceFactorFF.pdb

Imports

xpcom

NS_GetComponentManager
NS_CStringGetData
NS_GetServiceManager
NS_StringGetData
NS_UTF16ToCString
NS_CStringContainerFinish
NS_CStringContainerInit
NS_StringContainerInit2
NS_StringContainerFinish
NS_StringContainerInit

kernel32

LockResource
LoadResource
FindResourceW
FindResourceExW
DeleteFileW
GetModuleFileNameW
GetProcAddress
LoadLibraryW
lstrcpyW
EnterCriticalSection
LeaveCriticalSection
GetLastError
lstrcmpiW
lstrcpynW
lstrcatW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GlobalUnlock
GlobalLock
GlobalAlloc
GetVolumeInformationW
GetSystemTime
LocalFree
LocalAlloc
lstrlenA
CopyFileW
CreateDirectoryW
CloseHandle
SetFileTime
WriteFile
CreateFileW
ReadFile
GetFileSize
FindClose
FindNextFileW
FindFirstFileW
WideCharToMultiByte
SetCurrentDirectoryW
FileTimeToSystemTime
SizeofResource
LoadLibraryA
GetSystemDirectoryA
WaitForSingleObject
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
ReleaseMutex
CreateMutexW
SetFilePointer
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesW
GetCurrentDirectoryW
HeapDestroy
HeapSize
RtlUnwind
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetCurrentProcess
GetSystemTimeAsFileTime
ExitThread
ResumeThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
QueryPerformanceCounter
lstrlenW
MultiByteToWideChar
InterlockedDecrement
DeleteCriticalSection
SetUnhandledExceptionFilter
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
InterlockedIncrement
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileTime
GetVersionExA
GetTickCount
GetCurrentProcessId
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
GetTimeZoneInformation
GetDateFormatA
HeapCreate
VirtualFree
IsBadWritePtr
GetModuleFileNameA
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetStdHandle
LCMapStringA
LCMapStringW
GetTimeFormatA

user32

EnableWindow
CreateWindowExW
GetWindowLongW
SetWindowLongW
GetClassInfoW
RegisterClassW
DefWindowProcW
GetClientRect
DestroyWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindowRect
SystemParametersInfoW
MoveWindow
ReleaseCapture
AnimateWindow
GetFocus
SetWindowPos
SetFocus
EnumWindows
SendMessageW
GetClassNameW
ShowWindow
CharNextW
CharLowerBuffW
wsprintfW

advapi32

RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW
SHFileOperationW
FindExecutableW
SHCreateDirectoryExW

ole32

StringFromGUID2
CoTaskMemFree
CoCreateGuid
CoInitialize
CoCreateInstance
CoTaskMemRealloc
StringFromCLSID
CoTaskMemAlloc

oleaut32

VariantInit
VariantClear
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VarBstrCmp
VarBstrCat
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen

mozalloc

moz_malloc
moz_free
moz_xmalloc

shlwapi

PathFindExtensionW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CryptMsgClose
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertCloseStore

ws2_32

WSASocketW
closesocket
WSAStartup
WSACreateEvent
WSASetEvent
WSAEventSelect
WSARecv
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSASetLastError
WSAEnumNetworkEvents
WSACloseEvent
WSACleanup
ntohs
getservbyport
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
WSAConnect

iphlpapi

GetAdaptersInfo

Exports

Exports

CreatePriceFactorFFCtrl
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NSModule

Sections

.text
Size: 268KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_7_/components/PriceGongFF_60.dll
.dll regsvr32 windows:4 windows x86 arch:x86

8db12f51b9a67ecfad445ba39b395498

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:7c:2c:b4:df:02:26:42:c1:be:58:55:25:4b:1d:92
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/12/2009, 00:00

Not After

23/01/2012, 23:59

Subject

CN=PriceGong Software Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PriceGong Software Ltd,L=Ramat Gan,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\PriceGong\Projects\PriceFactor\PriceFactorFF\Release\PriceFactorFF.pdb

Imports

xpcom

NS_GetComponentManager
NS_CStringGetData
NS_GetServiceManager
NS_StringGetData
NS_UTF16ToCString
NS_CStringContainerFinish
NS_CStringContainerInit
NS_StringContainerInit2
NS_StringContainerFinish
NS_StringContainerInit

kernel32

LockResource
LoadResource
FindResourceW
FindResourceExW
DeleteFileW
GetModuleFileNameW
GetProcAddress
LoadLibraryW
lstrcpyW
EnterCriticalSection
LeaveCriticalSection
GetLastError
lstrcmpiW
lstrcpynW
lstrcatW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GlobalUnlock
GlobalLock
GlobalAlloc
GetVolumeInformationW
GetSystemTime
LocalFree
LocalAlloc
lstrlenA
CopyFileW
CreateDirectoryW
CloseHandle
SetFileTime
WriteFile
CreateFileW
ReadFile
GetFileSize
FindClose
FindNextFileW
FindFirstFileW
WideCharToMultiByte
SetCurrentDirectoryW
FileTimeToSystemTime
SizeofResource
LoadLibraryA
GetSystemDirectoryA
WaitForSingleObject
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
ReleaseMutex
CreateMutexW
SetFilePointer
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesW
GetCurrentDirectoryW
HeapDestroy
HeapSize
ExitProcess
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetCurrentProcess
GetSystemTimeAsFileTime
ExitThread
ResumeThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetModuleFileNameA
TlsAlloc
SetLastError
TlsFree
lstrlenW
MultiByteToWideChar
InterlockedDecrement
DeleteCriticalSection
SetUnhandledExceptionFilter
InitializeCriticalSection
RaiseException
InterlockedIncrement
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileTime
GetVersionExA
TlsSetValue
TlsGetValue
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
GetTimeZoneInformation
GetDateFormatA
HeapCreate
VirtualFree
IsBadWritePtr
GetModuleHandleA
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetStdHandle
LCMapStringA
LCMapStringW
GetTimeFormatA

user32

EnableWindow
CreateWindowExW
GetWindowLongW
SetWindowLongW
GetClassInfoW
RegisterClassW
DefWindowProcW
GetClientRect
DestroyWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindowRect
SystemParametersInfoW
MoveWindow
ReleaseCapture
AnimateWindow
GetFocus
SetWindowPos
SetFocus
EnumWindows
SendMessageW
GetClassNameW
ShowWindow
CharNextW
CharLowerBuffW
wsprintfW

advapi32

RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW
SHFileOperationW
FindExecutableW
SHCreateDirectoryExW

ole32

StringFromGUID2
CoTaskMemFree
CoCreateGuid
CoInitialize
CoCreateInstance
CoTaskMemRealloc
StringFromCLSID
CoTaskMemAlloc

oleaut32

VariantInit
VariantClear
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VarBstrCmp
VarBstrCat
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen

mozalloc

moz_malloc
moz_free
moz_xmalloc

shlwapi

PathFindExtensionW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CryptMsgClose
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertCloseStore

ws2_32

WSASocketW
closesocket
WSAStartup
WSACreateEvent
WSASetEvent
WSAEventSelect
WSARecv
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSASetLastError
WSAEnumNetworkEvents
WSACloseEvent
WSACleanup
ntohs
getservbyport
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
WSAConnect

iphlpapi

GetAdaptersInfo

Exports

Exports

CreatePriceFactorFFCtrl
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NSModule

Sections

.text
Size: 268KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_7_/components/pg_inst.txt
$_7_/install.rdf
.xml
2.5.4/PriceGong.crx
.zip
manifest.json
menu_dlg/email.png
.png
menu_dlg/h.png
.png
menu_dlg/info.png
.png
menu_dlg/options.png
.png
menu_dlg/pg_dlg.html
.html .js polyglot
menu_dlg/v.png
.png
menu_dlg/x.png
.png
options/pg_options.html
.html .js polyglot
pg_background.html
.html .js polyglot
pg_client.js
.js
res/pg_btn.png
.png
res/pg_icon_128.png
.png
res/pg_icon_16.png
.png
res/pg_icon_48.png
.png
2.5.4/PriceGongIE.dll
.dll regsvr32 windows:4 windows x86 arch:x86

3e2f1686ffefcecafa6f5ae9a0e652e7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:7c:2c:b4:df:02:26:42:c1:be:58:55:25:4b:1d:92
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/12/2009, 00:00

Not After

23/01/2012, 23:59

Subject

CN=PriceGong Software Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PriceGong Software Ltd,L=Ramat Gan,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\PriceGong\Projects\PriceFactor\PriceFactorIE\Release\PriceFactorIE.pdb

Imports

kernel32

GetProcessHeap
HeapAlloc
lstrcmpiW
lstrcpynW
GetCurrentThreadId
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
lstrcatW
GetProcAddress
LoadLibraryW
GlobalUnlock
GlobalLock
GlobalAlloc
GetVolumeInformationW
GetSystemTime
LocalFree
LocalAlloc
lstrlenA
CopyFileW
CreateDirectoryW
DeleteFileW
CloseHandle
SetFileTime
WriteFile
CreateFileW
ReadFile
GetFileSize
FindClose
FindNextFileW
FindFirstFileW
WideCharToMultiByte
SetCurrentDirectoryW
FileTimeToSystemTime
GetFileTime
LoadLibraryA
GetSystemDirectoryA
WaitForSingleObject
HeapReAlloc
ReleaseMutex
CreateMutexW
SetFilePointer
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesW
GetCurrentDirectoryW
HeapCreate
SetUnhandledExceptionFilter
GetModuleFileNameA
HeapFree
GetTickCount
QueryPerformanceCounter
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
CreateThread
ResumeThread
ExitThread
GetSystemTimeAsFileTime
GetCommandLineA
RtlUnwind
ExitProcess
HeapSize
HeapDestroy
GetVersionExA
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
TerminateProcess
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetCurrentProcess
InterlockedExchange
FlushInstructionCache
GetLastError
LeaveCriticalSection
EnterCriticalSection
lstrcpyW
InterlockedDecrement
InterlockedIncrement
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetTimeFormatA
SetEnvironmentVariableA
CompareStringW
GetDateFormatA
CompareStringA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
GetOEMCP
GetCPInfo
InitializeCriticalSection
RaiseException
lstrlenW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetCurrentProcessId
GetStringTypeA
VirtualFree

user32

EnableWindow
CharLowerBuffW
GetClassInfoW
RegisterClassW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindowRect
SystemParametersInfoW
MoveWindow
ReleaseCapture
AnimateWindow
GetFocus
SetWindowPos
SetFocus
SendMessageW
ShowWindow
CallWindowProcW
GetWindowLongW
CreateWindowExW
RegisterClassExW
DefWindowProcW
DestroyWindow
LoadCursorW
wsprintfW
GetClassInfoExW
CharNextW
SetWindowLongW
EnumWindows
GetWindowTextW
PostMessageW
EnumChildWindows
GetClassNameW
UnregisterClassW
GetClientRect

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey

shell32

SHCreateDirectoryExW
FindExecutableW
SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoInitialize
CoCreateGuid
StringFromCLSID
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

SysAllocString
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
VarBstrCmp
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VarUI4FromStr
VarBstrCat
VariantClear
VariantInit
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysFreeString

shlwapi

PathFindExtensionW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptQueryObject
CryptMsgClose

ws2_32

WSASocketW
closesocket
WSAStartup
WSACreateEvent
WSASetEvent
WSAEventSelect
WSARecv
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSASetLastError
WSAEnumNetworkEvents
WSACloseEvent
WSACleanup
ntohs
getservbyport
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
WSAConnect
gethostbyaddr

iphlpapi

GetAdaptersInfo

Exports

Exports

CloseBrowsers
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IsInstalledNewerVersion
IsOpenBrowsers
SetSnoozeTime

Sections

.text
Size: 276KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe.nsis

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

20:7c:2c:b4:df:02:26:42:c1:be:58:55:25:4b:1d:92Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 17KB - Virtual size: 17KB

17ea51acf0005f354251d1882460a13c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 594B

.rdata Size: 512B - Virtual size: 413B

.data Size: - Virtual size: 16B

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 512B - Virtual size: 130B

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

20:7c:2c:b4:df:02:26:42:c1:be:58:55:25:4b:1d:92
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 17KB - Virtual size: 17KB

.text
Size: 1024B - Virtual size: 594B

.rdata
Size: 512B - Virtual size: 413B

.data
Size: - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 512B - Virtual size: 130B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

20:7c:2c:b4:df:02:26:42:c1:be:58:55:25:4b:1d:92
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 276KB - Virtual size: 274KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 20KB - Virtual size: 18KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

20:7c:2c:b4:df:02:26:42:c1:be:58:55:25:4b:1d:92
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate