abb093395a021f9213e84e8ebbc08b55_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

abb093395a021f9213e84e8ebbc08b55_JaffaCakes118
Size

4.2MB
MD5

abb093395a021f9213e84e8ebbc08b55
SHA1

fd5f69f5383f29ada19285dbc9d0dd53fd7f8055
SHA256

e16e07beaa1dd3c9a5ab0adbeecb59b44197b83f6b13ac53c4dc09ef740e1cfb
SHA512

9f6f3d810d421d08cf03a95fb652e4d79bbd4c94106c1d8803981c8d47ab9a4ca592e70642fe1d6906f7df0bab44f1e53ef43f1f3999fd3398ac6ba00e0aed49
SSDEEP

98304:YARVaLaMOFWD5wSuWE6WUmjDe4OBCx0Wkt:YARVo0WD5wRn3P7w

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/99CW.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/99CW.exe

Files

abb093395a021f9213e84e8ebbc08b55_JaffaCakes118
.rar
99CW.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 861KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
99cw.bin
Accdocu.sys
.sys .xls windows office2003
Base.bin
COMDLG32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

988f29c1eb8054253091352741683c76

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:04:be:c7:7e:04:0a:8e:9c:44:86:a8:95:a7:50:5e:ca:0f:22:ec
Signer

Actual PE Digest

30:04:be:c7:7e:04:0a:8e:9c:44:86:a8:95:a7:50:5e:ca:0f:22:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
GetLastError
LockResource
GetWindowsDirectoryA
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
CompareStringA
CompareStringW
lstrcmpA
GetLocaleInfoA
GetVersion
GetModuleFileNameA
GetFileAttributesA
IsBadWritePtr
DisableThreadLibraryCalls
GlobalAlloc
lstrcmpiA
LoadLibraryA
GetProcAddress
lstrcatA
lstrlenA
lstrcpyA
WriteProfileStringA
GlobalLock
GlobalUnlock
LoadResource
FindResourceA
lstrcpynA
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
GetProfileStringA
EnterCriticalSection
GetProcessHeap
GetCurrentThreadId
MultiByteToWideChar
InitializeCriticalSection
GlobalFree

user32

SetWindowRgn
IntersectRect
EqualRect
PtInRect
IsDialogMessageA
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBeep
PostMessageA
ClientToScreen
wsprintfA
SendMessageTimeoutA
CharNextA
GetActiveWindow
GetWindowThreadProcessId
LoadCursorA
MessageBoxA
GetWindowLongA
GetWindowRect
CreateWindowExA
SetWindowLongA
ShowWindow
DialogBoxParamA
EnableWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
OffsetRect
GetParent
GetDlgItem
SendMessageA
SetFocus
SetParent
SetDlgItemInt
EndPaint
SetActiveWindow
IsWindowVisible
WinHelpA
GetDlgItemInt
EndDialog
GetDlgItemTextA
DestroyWindow
SetDlgItemTextA
GetWindowTextA
GetNextDlgTabItem
SendDlgItemMessageA
RegisterClassA
GetDC
ReleaseDC
LoadIconA
DrawIcon
DestroyIcon
GetSystemMetrics
RegisterWindowMessageA
LoadStringA
DefWindowProcA
UnregisterClassA
GetClientRect
BeginPaint
RegisterClipboardFormatA
SetWindowPos
MoveWindow

ole32

CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
ReleaseStgMedium

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

LoadRegTypeLi
OleCreatePropertyFrame
SetErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
OleLoadPicture
VariantChangeType
RegisterTypeLi
VariantInit
GetErrorInfo
VariantClear
SysStringLen
SysAllocStringLen
OleTranslateColor
SysFreeString
SysAllocString
CreateErrorInfo

comdlg32

CommDlgExtendedError
PrintDlgA
ChooseFontA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA

gdi32

GetDIBits
CreateCompatibleDC
CreateBitmap
GetSystemPaletteEntries
StretchDIBits
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
LPtoDP
SetViewportExtEx
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
CreateDCA
GetObjectA
EnumFontFamiliesA
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Data/Database.dat
Data/新云软件.url
.url
MSCOMCT2.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

71e4dc10f7cc0c7bb2b43714bb9f46c1

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f3:8a:eb:ca:d3:84:50:9f:6f:92:6a:b6:cb:f7:e6:bb:9c:34:2a:93
Signer

Actual PE Digest

f3:8a:eb:ca:d3:84:50:9f:6f:92:6a:b6:cb:f7:e6:bb:9c:34:2a:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
VirtualFree
GetCPInfo
GetOEMCP
VirtualAlloc
FlushFileBuffers
SetStdHandle
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
IsBadReadPtr
GlobalReAlloc
UnmapViewOfFile
GetFileSize
CreateFileMappingA
MapViewOfFile
GetSystemDefaultLCID
GetCurrentThreadId
GetCurrentProcessId
HeapCreate
HeapDestroy
FreeResource
LocalSize
RtlMoveMemory
CreateThread
Sleep
WaitForSingleObject
GetTimeFormatA
GlobalHandle
lstrcmpA
GetThreadLocale
MulDiv
LocalAlloc
GetProfileIntA
LocalReAlloc
LocalFree
GetTickCount
GetModuleHandleA
GlobalAddAtomA
GetACP
CompareStringW
CompareStringA
GlobalSize
GetVersionExA
IsDBCSLeadByte
lstrcpynA
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
FindResourceA
LoadResource
LockResource
GetLastError
lstrcmpiA
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
MultiByteToWideChar
IsBadWritePtr
GetDateFormatA
lstrcpyA
GetLocaleInfoA
GetLocalTime
CreateFileA
CloseHandle
GlobalAlloc
WriteFile
GlobalLock
HeapAlloc
DeleteCriticalSection
WideCharToMultiByte
lstrlenW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapFree
FreeLibrary
lstrlenA
GetProcessHeap
GlobalFree
GlobalUnlock

user32

GrayStringA
HideCaret
DestroyCaret
CreateCaret
GetAsyncKeyState
SetCaretPos
DrawTextExA
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
MapVirtualKeyA
ShowCaret
GetUpdateRgn
DestroyCursor
GetWindowRgn
ValidateRect
GetDCEx
LockWindowUpdate
CharNextExA
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
GetKeyboardLayout
GetUpdateRect
DeferWindowPos
BeginDeferWindowPos
FindWindowA
TrackPopupMenu
GetKeyNameTextA
RemovePropA
SendNotifyMessageA
FrameRect
ChildWindowFromPoint
DrawIcon
TranslateMessage
DispatchMessageA
MessageBeep
UnregisterClassA
CreateDialogIndirectParamA
IsChild
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
ScrollWindowEx
InvalidateRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
RegisterClipboardFormatA
RegisterWindowMessageA
PeekMessageA
ScreenToClient
PostMessageW
PeekMessageW
RedrawWindow
InflateRect
AdjustWindowRectEx
CreatePopupMenu
DestroyMenu
DrawTextA
DrawFocusRect
AppendMenuA
AdjustWindowRect
IsZoomed
EnumChildWindows
GetDesktopWindow
ShowScrollBar
SetScrollRange
SetScrollPos
GetMessageA
GetScrollPos
IsRectEmpty
CallMsgFilterA
GetMessagePos
GetDoubleClickTime
InvertRect
GetSysColorBrush
SetCursor
GetWindowDC
UnionRect
SetTimer
SetScrollInfo
EnableScrollBar
UpdateWindow
KillTimer
LoadCursorA
GetMessageTime
GetDlgCtrlID
GetWindowThreadProcessId
WindowFromPoint
EndDeferWindowPos
EndDialog
ReleaseCapture
PtInRect
SetWindowRgn
IntersectRect
EqualRect
OffsetRect
GetParent
ClientToScreen
GetWindowRect
GetActiveWindow
GetWindow
MoveWindow
BeginPaint
EndPaint
SetParent
IsWindowVisible
CreateWindowExA
DestroyWindow
CharNextA
GetPropA
GetCursorPos
SetCursorPos
MapWindowPoints
DefWindowProcA
SetPropA
IsWindow
SetDlgItemTextA
CheckDlgButton
IsWindowEnabled
GetDlgItemTextA
GetDC
ReleaseDC
SetWindowPos
SetWindowLongA
GetWindowLongA
SendDlgItemMessageA
IsDlgButtonChecked
GetClientRect
GetFocus
LoadIconA
FillRect
DrawIconEx
ShowWindow
DestroyIcon
SetDlgItemInt
GetDlgItemInt
MessageBoxA
SetFocus
GetWindowTextLengthA
SetWindowTextA
GetWindowTextA
EnableWindow
SendMessageA
DialogBoxParamA
GetKeyState
SetCapture
GetCapture
CallWindowProcA
PostMessageA
GetSysColor
SetRect
DrawEdge
GetSystemMetrics
GetClassInfoA
RegisterClassA
GetDlgItem
LoadStringA
wsprintfA
GetScrollInfo
GetClassNameA
DrawFrameControl
CopyRect

ole32

OleLoadFromStream
ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
OleSaveToStream
CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegEnumKeyExA
RegCreateKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SafeArrayCopy
SafeArrayGetElement
SafeArrayCreate
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetLBound
VariantCopy
SafeArrayUnaccessData
OleCreateFontIndirect
GetErrorInfo
OleCreatePictureIndirect
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLibEx
SetErrorInfo
LoadTypeLi
CreateErrorInfo
VariantCopyInd
SafeArrayCreateVector
OleCreatePropertyFrame
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
OleTranslateColor
VariantChangeTypeEx
VariantChangeType
SysAllocStringLen
VariantInit
SysStringLen
SysAllocString
LoadRegTypeLi
VariantClear
SafeArrayRedim
SysFreeString

gdi32

ExcludeClipRect
SetBrushOrgEx
GetClipRgn
OffsetRgn
GetDIBColorTable
SetDIBColorTable
CreateDIBSection
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
CreateHalftonePalette
GetTextAlign
SetTextAlign
DeleteObject
GetDeviceCaps
SelectObject
CreateSolidBrush
PatBlt
Polyline
CreatePen
StretchDIBits
GetDIBits
GetSystemPaletteEntries
GetObjectA
CreateBitmap
DeleteDC
CreateCompatibleDC
CreateDCA
SetBkColor
GetStockObject
GetTextExtentPoint32A
CreateFontIndirectA
GetCurrentObject
GetTextMetricsA
SetViewportOrgEx
SetWindowOrgEx
CreateRectRgnIndirect
GetViewportExtEx
GetWindowExtEx
LPtoDP
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetTextColor
SelectClipRgn
CreateRectRgn
Rectangle
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
RealizePalette
SelectPalette
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
GetClipBox
TextOutA
SetBkMode
CreateFontA
CreatePatternBrush
ExtTextOutA
RestoreDC
IntersectClipRect
SaveDC
GetBkColor
GetCharWidthA
GetTextExtentPointA
Arc
RectVisible
Ellipse
LineTo
MoveToEx
GetPixel
CreateCompatibleBitmap
BitBlt
CombineRgn
GetTextColor

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 468KB - Virtual size: 466KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSCOMCTL.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

ce21923007044b1701a0b2dc4ac9396b

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c7:c4:89:65:e3:9c:c5:cd:87:45:a0:f0:e3:45:44:66:2e:8c:1e:27
Signer

Actual PE Digest

c7:c4:89:65:e3:9c:c5:cd:87:45:a0:f0:e3:45:44:66:2e:8c:1e:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
LocalReAlloc
GetProfileIntA
RtlMoveMemory
LocalSize
FreeResource
GetCurrentProcessId
MulDiv
GetTickCount
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GlobalReAlloc
IsBadReadPtr
Sleep
WaitForSingleObject
GlobalHandle
GetThreadLocale
LocalFree
LocalAlloc
GlobalAddAtomA
SetFilePointer
SetStdHandle
FlushFileBuffers
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
CompareStringW
GlobalSize
CreateFileA
GetFileSize
GlobalUnlock
GlobalLock
ReadFile
CloseHandle
IsDBCSLeadByte
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetLastError
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
IsBadWritePtr
lstrcmpiA
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpA
GlobalAlloc
GlobalFree
GetVersionExA
GetCurrentThreadId
MultiByteToWideChar
CompareStringA
lstrcpyA
InterlockedExchange
lstrlenA
GetSystemDefaultLCID
lstrcpynA
HeapAlloc
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
HeapReAlloc

user32

DrawFocusRect
AdjustWindowRect
DrawFrameControl
TrackPopupMenu
GetMessageA
AdjustWindowRectEx
CopyRect
GetKeyNameTextA
ShowCaret
SetCaretPos
GrayStringA
HideCaret
DestroyCaret
CreateCaret
SetWindowTextA
SetScrollInfo
DrawTextExA
InvertRect
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
GetScrollInfo
GetKeyboardLayout
DestroyCursor
GetUpdateRgn
GetUpdateRect
GetWindowRgn
ValidateRect
CallMsgFilterA
LockWindowUpdate
IsZoomed
GetDesktopWindow
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
EndDeferWindowPos
EnumChildWindows
GetDoubleClickTime
FindWindowA
GetMessageTime
GetWindowThreadProcessId
RemovePropA
SendNotifyMessageA
SetScrollPos
SetScrollRange
GetWindowTextLengthA
EnableScrollBar
ChildWindowFromPoint
EndDialog
GetWindow
GetPropA
GetCursorPos
WindowFromPoint
GetClassNameA
GetDlgCtrlID
IsWindow
SetPropA
SetTimer
KillTimer
SendDlgItemMessageA
IsWindowVisible
UnregisterClassA
CharNextA
SetActiveWindow
CheckRadioButton
SetFocus
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
IsWindowEnabled
GetDCEx
DrawIconEx
CreateIconIndirect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
SetCursorPos
RegisterClipboardFormatA
MessageBeep
RegisterWindowMessageA
PeekMessageA
PostMessageW
PeekMessageW
VkKeyScanA
SetParent
CharUpperA
GetDlgItemInt
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
IsDialogMessageA
ScrollWindowEx
GetDlgItemTextA
SetWindowRgn
IntersectRect
EqualRect
MoveWindow
BeginPaint
EndPaint
DeferWindowPos
BeginDeferWindowPos
CharNextExA
DrawIcon
DestroyIcon
MapWindowPoints
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
DestroyMenu
GetActiveWindow
MessageBoxA
WinHelpA
PtInRect
DefWindowProcA
GetWindowDC
SetRect
LoadCursorA
IsRectEmpty
ClientToScreen
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetAsyncKeyState
EnableWindow
PostMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DialogBoxParamA
UpdateWindow
GetWindowLongA
SetWindowLongA
GetDC
ReleaseDC
GetParent
OffsetRect
UnionRect
GetFocus
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetMessagePos
ScreenToClient
SetWindowPos
SetCapture
GetWindowTextA
WindowFromDC
GetClientRect
CallWindowProcA
DrawEdge
GetSysColor
FrameRect
InflateRect
FillRect
DrawTextA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
InvalidateRect
LoadIconA
GetSystemMetrics
CopyImage
SendMessageA
LoadStringA
RedrawWindow
ShowWindow
CreateAcceleratorTableA

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
OleLoadFromStream
OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

advapi32

RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
OleCreateFontIndirect
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLi
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysAllocStringLen
VariantCopy
OleTranslateColor
VariantChangeType
OleCreatePictureIndirect
VariantCopyInd
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

Arc
GetTextExtentPointA
GetCharWidthA
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
Polyline
GetTextAlign
SetTextAlign
OffsetRgn
GetTextColor
CombineRgn
GetTextMetricsA
MoveToEx
LineTo
Ellipse
DeleteObject
SelectObject
CreateSolidBrush
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetDeviceCaps
CreateFontIndirectA
GetObjectA
SelectClipRgn
ExcludeClipRect
RectVisible
GetClipBox
IntersectClipRect
GetClipRgn
CreateRectRgnIndirect
RealizePalette
SelectPalette
PatBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
GetTextExtentPoint32A
TextOutA
SetBkColor
SetTextColor
SetBkMode
Rectangle
CreatePen
GetStockObject
GetViewportExtEx
GetWindowExtEx
LPtoDP
DeleteDC
CreateDCA
CreateRectRgn
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
GetDIBits
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
CreatePatternBrush
CreateDIBSection
CreateHalftonePalette
BitBlt
SetDIBColorTable
GetDIBColorTable
GetPixel
StretchDIBits
SetBrushOrgEx
GetBkColor
ExtTextOutA
RestoreDC
SaveDC
CreateFontA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 692KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OWC10.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

bb08fbf9e3d0a26d20492ade90974acf

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/05/2002, 00:55

Not After

25/11/2003, 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

64:e9:b9:18:bc:cf:22:a7:8a:e7:d3:f0:5e:94:e2:48:c7:2f:cb:c4
Signer

Actual PE Digest

64:e9:b9:18:bc:cf:22:a7:8a:e7:d3:f0:5e:94:e2:48:c7:2f:cb:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetCurrencyFormatW
GetNumberFormatW
GetTimeFormatW
GetLocalTime
LCMapStringW
FlushInstructionCache
GlobalAlloc
GlobalLock
GlobalUnlock
GetDateFormatW
GetLocaleInfoW
GetSystemDefaultLCID
InterlockedIncrement
InterlockedDecrement
HeapDestroy
GetUserDefaultLCID
DeleteCriticalSection
lstrcmpiW
LoadLibraryExW
GetLastError
FindResourceW
LoadResource
SizeofResource
lstrlenA
MultiByteToWideChar
GetShortPathNameW
LoadLibraryW
FreeLibrary
GetModuleFileNameW
InitializeCriticalSection
GetVersionExA
GetTickCount
EnumCalendarInfoA
GetUserDefaultLangID
GetSystemDefaultLangID
LeaveCriticalSection
EnterCriticalSection
GlobalSize
TlsAlloc
CloseHandle
SetStdHandle
GetCPInfo
IsBadCodePtr
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
HeapSize
TerminateProcess
ExitProcess
RtlUnwind
ConvertDefaultLocale
LocalReAlloc
IsDBCSLeadByteEx
RaiseException
SearchPathW
GetSystemDirectoryA
CreateSemaphoreA
ReleaseSemaphore
GetProfileSectionA
HeapReAlloc
FlushFileBuffers
GetSystemDirectoryW
GetEnvironmentVariableA
VirtualQuery
GetCommandLineA
GetSystemInfo
DuplicateHandle
HeapCreate
GlobalMemoryStatus
HeapFree
HeapAlloc
VirtualAlloc
LocalAlloc
GetOEMCP
GetTempFileNameW
ExpandEnvironmentStringsA
IsValidLocale
GetTempPathW
IsValidCodePage
ExpandEnvironmentStringsW
IsDBCSLeadByte
CompareStringW
CompareStringA
GlobalHandle
GetStringTypeExW
EnumResourceNamesA
GetSystemTime
FreeResource
SystemTimeToFileTime
FileTimeToLocalFileTime
OpenEventW
SetEvent
CompareFileTime
FileTimeToSystemTime
GetFileTime
SetCurrentDirectoryW
CopyFileW
GetSystemTimeAsFileTime
ReadFile
GlobalReAlloc
WriteFile
GetCurrentDirectoryW
GetComputerNameW
GlobalFree
lstrcpyA
lstrcpyW
lstrcatW
Sleep
lstrcatA
CreateEventW
FreeLibraryAndExitThread
TerminateThread
InterlockedExchange
GetFileSize
SetFilePointer
SetEndOfFile
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
FindClose
CreateFileW
FindFirstFileW
WaitForMultipleObjects
PulseEvent
CreateThread
GetCurrentProcessId
WaitForSingleObject
CreateMutexA
lstrcmpW
GetVersionExW
lstrlenW
GetFileAttributesW
GetFullPathNameW
QueryDosDeviceW
IsBadReadPtr
SetFileAttributesW
DeleteFileW
IsBadWritePtr
LocalFree
FormatMessageA
FormatMessageW
GetCurrentThreadId
GetProcAddress
WideCharToMultiByte
SetCurrentDirectoryA
SetFileAttributesA
lstrcmpA
SearchPathA
LCMapStringA
lstrcmpiA
LoadLibraryA
GetWindowsDirectoryA
GetTempFileNameA
GetTempPathA
GetShortPathNameA
GetTimeFormatA
GetStringTypeExA
GetProfileStringA
GetProfileIntA
GetModuleHandleA
GetPrivateProfileIntA
GetNumberFormatA
GetComputerNameA
GetModuleFileNameA
GetFullPathNameA
OpenEventA
GetFileAttributesA
GetCurrencyFormatA
GetDateFormatA
GetCurrentDirectoryA
FindFirstFileA
FindResourceA
CopyFileA
DeleteFileA
CreateFileMappingA
CreateEventA
SetLastError
CreateFileA
GetLocaleInfoA
TlsGetValue
GetACP
GetVersion
TlsFree
TlsSetValue
VirtualFree
MulDiv
ReleaseMutex
LockResource
GetModuleHandleW

user32

SetParent
SetActiveWindow
GetWindowPlacement
UnhookWindowsHookEx
GetIconInfo
GetWindowDC
GetAsyncKeyState
IsWindowVisible
WindowFromPoint
GetDlgItemTextW
SetDlgItemTextW
FindWindowW
CopyRect
DrawFocusRect
DialogBoxParamW
EndDialog
GetCursor
SetRect
UpdateWindow
IsWindowEnabled
KillTimer
SetTimer
GetCapture
GetCursorPos
ScreenToClient
GetClassInfoW
RegisterClassW
GetClassInfoA
RegisterClassA
GetWindowTextLengthA
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RegisterWindowMessageW
GetDlgItem
InvalidateRgn
SetCapture
ReleaseCapture
GetClassNameW
RedrawWindow
GetWindow
SetWindowsHookExA
SetWindowsHookExW
GetScrollInfo
SetScrollInfo
GetDesktopWindow
PostMessageA
PostMessageW
MessageBoxW
GetActiveWindow
GetForegroundWindow
DispatchMessageA
DispatchMessageW
PeekMessageW
IsWindowUnicode
PeekMessageA
WinHelpA
UnregisterClassA
SystemParametersInfoA
SetWindowTextA
SetWindowLongA
SetDlgItemTextA
SendMessageA
RemovePropA
RegisterWindowMessageA
RegisterClipboardFormatA
MessageBoxA
LoadMenuA
LoadIconA
LoadBitmapA
IsCharUpperA
IsCharAlphaA
InsertMenuItemA
GetWindowTextA
GetWindowLongA
GetMenuStringA
GetDlgItemTextA
LoadImageA
GetClassNameA
FindWindowA
EnableWindow
CallNextHookEx
DialogBoxParamA
CreateWindowExA
CreateDialogParamA
AppendMenuA
InflateRect
GetClipboardData
IsClipboardFormatAvailable
CloseClipboard
GetClipboardOwner
EmptyClipboard
OpenClipboard
RegisterClipboardFormatW
SetClipboardData
SetCursor
EnableMenuItem
CheckMenuItem
FillRect
GetMenuItemInfoW
GetMenuStringW
CreatePopupMenu
GetMenuItemCount
GetMenuItemInfoA
AppendMenuW
SetMenuItemInfoA
LoadBitmapW
GetSysColor
GetSysColorBrush
DestroyMenu
TrackPopupMenuEx
IsCharUpperW
IsCharAlphaW
GetWindowThreadProcessId
AttachThreadInput
CreateWindowExW
CallWindowProcW
CallWindowProcA
SetWindowLongW
DefWindowProcW
DefWindowProcA
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
GetFocus
IsChild
LoadMenuW
GetSubMenu
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
UnionRect
PtInRect
GetKeyState
InvalidateRect
BeginPaint
GetClientRect
EndPaint
CreateDialogParamW
GetWindowLongW
GetParent
SetFocus
SendMessageW
IsDialogMessageA
IsDialogMessageW
WinHelpW
MoveWindow
ShowWindow
GetDC
ReleaseDC
GetDialogBaseUnits
IsWindow
DestroyWindow
GetClassLongA
PostThreadMessageW
CharNextW
WindowFromDC
MapWindowPoints
IntersectRect
SystemParametersInfoW
GetWindowRect
GetSystemMetrics
PostThreadMessageA
GetMessageW
GetMessageA
GetDlgCtrlID
SetCaretPos
HideCaret
CreateCaret
DestroyCaret
GetNextDlgTabItem
TranslateMessage
FrameRect
DrawEdge
CharToOemBuffA
FindWindowExA
LoadIconW
PostQuitMessage
GetWindowRgn
IsRectEmpty
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
ScrollWindowEx
EnumChildWindows
ClientToScreen
SetKeyboardState
GetKeyboardState
IsMenu
RemoveMenu
GetSystemMenu
CreateDialogIndirectParamA
CreateDialogIndirectParamW
SetWindowPlacement
AdjustWindowRectEx
MsgWaitForMultipleObjects
IsDlgButtonChecked
CheckDlgButton
CheckRadioButton
SetScrollPos
SetScrollRange
GetCaretPos
TrackMouseEvent
InvertRect
GetPropA
GetPropW
RemovePropW
SetPropA
SetPropW
ShowCaret
GetKeyboardLayout
InsertMenuItemW
CharPrevA
GetQueueStatus
GetDCEx
wvsprintfA
GetMessagePos
AdjustWindowRect

gdi32

LineTo
ExtCreatePen
CreatePenIndirect
SetRectRgn
CreateSolidBrush
SetBkColor
CreateBrushIndirect
CreateCompatibleDC
BitBlt
SetTextColor
EnumFontFamiliesExW
EnumFontFamiliesExA
SetBkMode
SetWindowExtEx
CloseMetaFile
CreateMetaFileW
CreateRectRgnIndirect
CreateDCW
DeleteMetaFile
LPtoDP
SaveDC
GetObjectType
SetWindowOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
GetDeviceCaps
DeleteDC
SelectObject
GetTextMetricsW
CreateFontIndirectW
DeleteObject
GetClipBox
GetTextExtentPoint32W
MoveToEx
Rectangle
PolylineTo
Polygon
CreateCompatibleBitmap
Ellipse
PlayMetaFile
SetMetaFileBitsEx
DeleteEnhMetaFile
CloseEnhMetaFile
StretchDIBits
GetWinMetaFileBits
RealizePalette
SelectPalette
StretchBlt
CreateEnhMetaFileW
GdiFlush
DPtoLP
SetTextAlign
SetViewportExtEx
CreateDIBSection
GdiComment
IntersectClipRect
Arc
GetObjectW
PatBlt
GetNearestPaletteIndex
GetNearestColor
GetPaletteEntries
GetOutlineTextMetricsA
GetOutlineTextMetricsW
GetTextFaceW
GetViewportExtEx
GetWindowExtEx
Escape
SelectClipRgn
RectVisible
GetMapMode
CopyEnhMetaFileA
CopyMetaFileA
CreateEnhMetaFileA
CreateFontIndirectA
CreateDCA
CreateMetaFileA
CreateFontA
GetObjectA
GetTextExtentPoint32A
GetTextFaceA
SetROP2
GetTextMetricsA
GetCharWidthW
GetCharWidthA
GetTextExtentExPointA
SetDIBColorTable
GetDIBColorTable
ExtTextOutA
CreateEllipticRgn
CreateHalftonePalette
SetPixel
ExcludeClipRect
GetClipRgn
GetBitmapBits
GetTextColor
GetBkColor
CreateRectRgn
GetRgnBox
CreateDIBitmap
ExtTextOutW
CreateBitmap
SetDIBits
GetDIBits
GetTextAlign
GetTextExtentPointA
CreateFontW
GetCurrentObject
GetTextCharset
GetTextCharsetInfo
GetTextExtentExPointW
CopyMetaFileW
TranslateCharsetInfo
CopyEnhMetaFileW
GetFontData
CreateDIBPatternBrushPt
CreatePalette
CombineRgn
GetSystemPaletteEntries
StrokePath
ExtEscape
BeginPath
PolyBezierTo
EndPath
SetDIBitsToDevice
CloseFigure
GetRegionData
GetRandomRgn
SetStretchBltMode
SetICMMode
GetDCOrgEx
GetViewportOrgEx
EnumMetaFile
GetMetaFileBitsEx
EnumEnhMetaFile
SetEnhMetaFileBits
GetEnhMetaFileHeader
SetMetaRgn
SetWorldTransform
SetGraphicsMode
GetEnhMetaFileBits
SetBitmapBits
ExtCreateRegion
GetPixel
ModifyWorldTransform
GetBkMode
GetROP2
FillRgn
SetMiterLimit
ExtSelectClipRgn
PlayEnhMetaFileRecord
GetWorldTransform
SetBrushOrgEx
ScaleViewportExtEx
GetWindowOrgEx
OffsetViewportOrgEx
Polyline
CreatePen
PlayMetaFileRecord
PolyPolygon
SetTextJustification
GetGraphicsMode
SelectClipPath
PolyBezier
SetPolyFillMode
FillPath
StrokeAndFillPath
PolyPolyline
PlayEnhMetaFile
CreatePatternBrush
SetMapperFlags
CombineTransform
ScaleWindowExtEx
AngleArc
RoundRect
PlgBlt
ResizePalette
SetPaletteEntries
OffsetClipRgn
Chord
Pie
PolyDraw
GetCurrentPositionEx
WidenPath
FlattenPath
GetStockObject
AbortPath
GetPath
SetArcDirection
ArcTo

advapi32

RegEnumKeyW
RegEnumValueA
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegEnumValueW
RegQueryValueExW
RegOpenKeyW
GetUserNameA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegEnumKeyA
RegOpenKeyExA
RegOpenKeyA
RegQueryInfoKeyA
RegQueryValueExA
RegQueryValueA
RegSetValueExA
GetUserNameW
RegNotifyChangeKeyValue
RegQueryValueW
CloseServiceHandle
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
ControlService
RegQueryInfoKeyW

ole32

StringFromGUID2
RevokeDragDrop
CreateILockBytesOnHGlobal
StgCreateDocfile
StgCreateDocfileOnILockBytes
ReleaseStgMedium
CoCreateGuid
CoInitialize
DoDragDrop
StgOpenStorage
RegisterDragDrop
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitializeEx
CoUninitialize
CreateBindCtx
OleUninitialize
OleLockRunning
StringFromCLSID
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleInitialize
GetHGlobalFromStream
CreateStreamOnHGlobal
ProgIDFromCLSID
OleSaveToStream
WriteClassStm
OleLoadFromStream
CreateDataAdviseHolder
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoGetMalloc

oleaut32

VarCyFromStr
VarUI4FromUI2
VarR8FromStr
VarR4FromStr
VarBoolFromStr
VarI4FromStr
VarDecFromStr
SystemTimeToVariantTime
VarBstrFromCy
VarBstrFromR8
VarBstrFromR4
VarBstrFromI4
VarBstrFromI2
VarBstrFromUI4
VarBstrFromUI2
VarBstrFromDate
OleTranslateColor
SafeArrayPtrOfIndex
VariantTimeToSystemTime
LHashValOfNameSys
OleCreateFontIndirect
OleCreatePictureIndirect
SafeArrayGetElement
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayLock
SafeArrayUnlock
SafeArrayCreate
SafeArrayPutElement
SysReAllocStringLen
SafeArrayDestroy
CreateErrorInfo
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopyInd
VariantCopy
VarDateFromStr
GetAltMonthNames
VariantInit
VariantChangeTypeEx
VarDateFromUdate
VarUdateFromDate
DispCallFunc
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
OleCreatePropertyFrame
VariantClear
GetErrorInfo
SetErrorInfo
LoadRegTypeLi
SysStringLen
SysAllocStringLen
VarUI4FromStr
LoadTypeLi
SysAllocString
RegisterTypeLi
SysFreeString
VarUI4FromUI1
VarI4FromI2
VarI4FromI1
VarBstrFromDec
SafeArrayRedim
SafeArrayGetElemsize

imm32

ImmGetDefaultIMEWnd
ImmNotifyIME
ImmGetContext
ImmReleaseContext

wininet

InternetQueryOptionW
FindFirstUrlCacheEntryExW
CreateUrlCacheEntryW
CommitUrlCacheEntryW
InternetQueryOptionA
FindNextUrlCacheEntryExW
GetUrlCacheEntryInfoW

msi

ord37

shfolder

SHGetFolderPathA

Exports

Exports

CoAggregateInstance
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rtext
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bootdat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

msoconst
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1004KB - Virtual size: 1003KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 276KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
使用说明.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 861KB - Virtual size: 2.4MB

.data Size: 512B - Virtual size: 24KB

.rsrc Size: 1024B - Virtual size: 32KB

.aspack Size: 34KB - Virtual size: 36KB

.adata Size: - Virtual size: 4KB

988f29c1eb8054253091352741683c76

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:0e:7d:a7:00:00:00:00:00:48Certificate

Extended Key Usages

Key Usages

30:04:be:c7:7e:04:0a:8e:9c:44:86:a8:95:a7:50:5e:ca:0f:22:ecSigner

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 69KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 52KB - Virtual size: 51KB

.reloc Size: 8KB - Virtual size: 5KB

71e4dc10f7cc0c7bb2b43714bb9f46c1

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:0e:7d:a7:00:00:00:00:00:48Certificate

Extended Key Usages

Key Usages

f3:8a:eb:ca:d3:84:50:9f:6f:92:6a:b6:cb:f7:e6:bb:9c:34:2a:93Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 468KB - Virtual size: 466KB

.data Size: 28KB - Virtual size: 25KB

.rsrc Size: 112KB - Virtual size: 111KB

.reloc Size: 24KB - Virtual size: 23KB

ce21923007044b1701a0b2dc4ac9396b

Code Sign

.text
Size: 861KB - Virtual size: 2.4MB

.data
Size: 512B - Virtual size: 24KB

.rsrc
Size: 1024B - Virtual size: 32KB

.aspack
Size: 34KB - Virtual size: 36KB

.adata
Size: - Virtual size: 4KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:0e:7d:a7:00:00:00:00:00:48
Certificate

30:04:be:c7:7e:04:0a:8e:9c:44:86:a8:95:a7:50:5e:ca:0f:22:ec
Signer

.text
Size: 72KB - Virtual size: 69KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 52KB - Virtual size: 51KB

.reloc
Size: 8KB - Virtual size: 5KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:0e:7d:a7:00:00:00:00:00:48
Certificate

f3:8a:eb:ca:d3:84:50:9f:6f:92:6a:b6:cb:f7:e6:bb:9c:34:2a:93
Signer

.text
Size: 468KB - Virtual size: 466KB

.data
Size: 28KB - Virtual size: 25KB

.rsrc
Size: 112KB - Virtual size: 111KB

.reloc
Size: 24KB - Virtual size: 23KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:0e:7d:a7:00:00:00:00:00:48
Certificate

c7:c4:89:65:e3:9c:c5:cd:87:45:a0:f0:e3:45:44:66:2e:8c:1e:27
Signer

.text
Size: 692KB - Virtual size: 690KB

.data
Size: 32KB - Virtual size: 29KB

.rsrc
Size: 280KB - Virtual size: 279KB

.reloc
Size: 40KB - Virtual size: 38KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

64:e9:b9:18:bc:cf:22:a7:8a:e7:d3:f0:5e:94:e2:48:c7:2f:cb:c4
Signer

.text
Size: 5.6MB - Virtual size: 5.6MB

.data
Size: 132KB - Virtual size: 206KB

.rtext
Size: 4KB - Virtual size: 76B

.bootdat
Size: 4KB - Virtual size: 2KB

msoconst
Size: 4KB - Virtual size: 3KB

Shared
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1004KB - Virtual size: 1003KB

.reloc
Size: 276KB - Virtual size: 273KB