afe4b586a33de273005809d401822359_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

afe4b586a33de273005809d401822359_JaffaCakes118
Size

655KB
MD5

afe4b586a33de273005809d401822359
SHA1

3fdd9692f0732ad49e33782129b957a3354c78eb
SHA256

174bfeae6fd9727394db8589004b3697300f31c0901f1405489e002e1b24db03
SHA512

16a350599722381de330a191f3f91dd3d0ba3c73fae7892df858f04e762f4342c730b1851d3b6026c9fba7e710356f8924057aef5b543cd19462dd08438c9fef
SSDEEP

12288:Xck0M41v5UJzb/ef6nyai9hbogwa7ht7z1sjACmAw18sarRgK:XctMeAz7utogh7hpz1scB1aV

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$SYSDIR/OnKeyCSP_hkbeas.dll
unpack001/$SYSDIR/OnKeyCsp_hkbea.dll
unpack001/$SYSDIR/OnKeyDev01_hkbea.dll
unpack001/$SYSDIR/OnKeyP11_hkbea.dll
unpack001/$SYSDIR/OnKeyPinpad_hkbea.dll
unpack001/$SYSDIR/OnKeySvr_hkbea.exe
unpack001/$SYSDIR/OnKeyToken_hkbea.dll
unpack001/$SYSDIR/OnKeyTools_hkbea.exe
unpack001/OnKeyTools_hkbea.exe

Files

afe4b586a33de273005809d401822359_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

18-05-1998 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:a9:1a:18:3f:5d:ac:8f:25:0c:52:dd:a0:5f:1d:ba
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

25-05-2009 00:00

Not After

25-05-2010 23:59

Subject

CN=The Bank of East Asia (China) Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=The Bank of East Asia (China) Limited,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01-04-2009 00:00

Not After

31-03-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:5e:44:bf:71:45:f7:86:7d:49:45:7e:7b:50:31:27:a4:b8:8d:9c
Signer

Actual PE Digest

40:5e:44:bf:71:45:f7:86:7d:49:45:7e:7b:50:31:27:a4:b8:8d:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

bd0c5e2173fde31d22cb05fc3c2a33dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
GetLastError
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

bd466f7c556ab8a855353a3037d368db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
GlobalAlloc
GetVersion
lstrcpynW

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/NetSign20.dll
.dll regsvr32 windows:4 windows x86 arch:x86

a21a991bcb66fdf2525af06bcf5b9788

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:b2:8e:e5:60:56:e4:01:eb:b4:fd:8b:74:f0:04:ea
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

29-05-2008 00:00

Not After

29-05-2009 23:59

Subject

CN=The Bank of East Asia (China) Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Electronic Distribution Department,O=The Bank of East Asia (China) Limited,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

68:7f:37:1c:70:c3:5e:d5:0e:c5:46:40:1d:2b:be:52:73:a2:17:f9
Signer

Actual PE Digest

68:7f:37:1c:70:c3:5e:d5:0e:c5:46:40:1d:2b:be:52:73:a2:17:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
CloseHandle
FileTimeToSystemTime
GetSystemDefaultLCID
GetCurrentThreadId
FindClose
CreateDirectoryA
GetWindowsDirectoryA
TerminateProcess
FindFirstFileA
DeleteFileA
WideCharToMultiByte
GetLastError
GlobalUnlock
CreateFileA
ReadFile
GetFileSize
InterlockedIncrement
InterlockedDecrement
lstrcmpA
FlushInstructionCache
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GlobalAlloc
FindResourceA
LoadResource
LockResource
GlobalHandle
GlobalFree
FreeResource
lstrlenA
MultiByteToWideChar
lstrlenW
FreeLibrary
LoadLibraryA
GetModuleFileNameA
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
GetShortPathNameA
SizeofResource
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
lstrcatA
lstrcpyA
GlobalLock
GetProcAddress

user32

RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
DialogBoxIndirectParamA
GetActiveWindow
DefWindowProcA
GetWindow
SetWindowLongA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetWindowLongA
EndDialog
SendMessageA
GetDC
GetDlgItem
MessageBoxA
LoadStringA
PtInRect
MapWindowPoints
SetWindowPos
GetClientRect
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
CharNextA
ShowWindow
UnionRect
SystemParametersInfoA
GetKeyState
CreateWindowExA
wsprintfA
GetClassNameA
DestroyWindow
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableA
GetDesktopWindow
ReleaseDC
RedrawWindow
IsWindow
BeginPaint
FillRect
EndPaint
CallWindowProcA
GetFocus
IsChild
SetFocus
GetSysColor
GetParent
GetWindowRect

gdi32

SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
Rectangle
SetTextAlign
TextOutA
GetStockObject
GetObjectA
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
SetWindowOrgEx
SaveDC
CreateMetaFileA
SetViewportOrgEx
SetMapMode
LPtoDP
CreateDCA
RestoreDC

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

advapi32

RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
CryptVerifySignatureA
CryptGetUserKey
CryptCreateHash
CryptHashData
CryptSignHashA
CryptDestroyHash
CryptAcquireContextA
CryptReleaseContext
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
OleLockRunning
OleRegEnumVerbs
OleRegGetUserType
CreateOleAdviseHolder
OleSaveToStream
WriteClassStm
OleLoadFromStream
CoTaskMemRealloc
CreateDataAdviseHolder
OleRegGetMiscStatus

oleaut32

VariantChangeType
VarUI4FromStr
OleCreatePropertyFrame
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi
RegisterTypeLi
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString
VariantClear
OleCreateFontIndirect
LoadTypeLi

crypt32

CertGetCertificateContextProperty
CertEnumCertificateContextProperties
CryptHashMessage
CryptImportPublicKeyInfo
CertOIDToAlgId
CertFindExtension
CryptFormatObject
CryptDecryptAndVerifyMessageSignature
CryptSignAndEncryptMessage
CryptDecryptMessage
CryptEncryptMessage
CryptSignMessage
CryptVerifyMessageSignature
CryptVerifyDetachedMessageSignature
CertCloseStore
CertCompareIntegerBlob
CertOpenSystemStoreA
CertVerifySubjectCertificateContext
CertCreateCertificateChainEngine
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertFreeCertificateContext
CertEnumCertificatesInStore
CertNameToStrA
CertFindCertificateInStore
CertOpenStore

msvcrt

calloc
free
__CxxFrameHandler
_EH_prolog
memcpy
malloc
memset
_CxxThrowException
strstr
strlen
strcpy
strchr
memcmp
??3@YAXPAX@Z
??2@YAPAXI@Z
fclose
fwrite
fopen
sprintf
fread
_stat
strrchr
strcmp
realloc
atoi
_purecall
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
strcat

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/NetSignRes_C.dll
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:b2:8e:e5:60:56:e4:01:eb:b4:fd:8b:74:f0:04:ea
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

29-05-2008 00:00

Not After

29-05-2009 23:59

Subject

CN=The Bank of East Asia (China) Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Electronic Distribution Department,O=The Bank of East Asia (China) Limited,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6e:c1:89:d7:85:a6:ee:c8:b4:5f:1f:00:67:60:55:0c:ae:a9:92:70
Signer

Actual PE Digest

6e:c1:89:d7:85:a6:ee:c8:b4:5f:1f:00:67:60:55:0c:ae:a9:92:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/NetSignRes_E.dll
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:b2:8e:e5:60:56:e4:01:eb:b4:fd:8b:74:f0:04:ea
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

29-05-2008 00:00

Not After

29-05-2009 23:59

Subject

CN=The Bank of East Asia (China) Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Electronic Distribution Department,O=The Bank of East Asia (China) Limited,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5f:60:dd:89:82:d0:8a:e0:b1:4f:86:06:5d:a6:b4:2c:64:0e:c8:d8
Signer

Actual PE Digest

5f:60:dd:89:82:d0:8a:e0:b1:4f:86:06:5d:a6:b4:2c:64:0e:c8:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/OnKeyCSP_hkbeas.dll
.dll windows:4 windows x86 arch:x86

e2af0e56da4eab5f77d44678a7e8fbe8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleFileNameA
FreeLibrary
DisableThreadLibraryCalls
SetLastError

shlwapi

PathFindFileNameA

Exports

Exports

CPAcquireContext
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/OnKeyCloseSvr.vbs
$SYSDIR/OnKeyCsp_hkbea.dll
.dll windows:4 windows x86 arch:x86

b634b2ea4d2990fcf97e092258111309

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSection
GetCPInfo
MultiByteToWideChar
GetLastError
IsBadWritePtr
SetLastError
GetVersionExA
LocalFree
LocalAlloc
FreeLibrary
LoadLibraryA
GetProcAddress
ExitProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetModuleFileNameA
HeapReAlloc
HeapAlloc
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapSize
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
RtlUnwind
InterlockedExchange
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetACP
GetOEMCP

onkeytoken_hkbea

Ossl_GetBytes
Ossl_BytesToKey
Ossl_DecryptInit
Ossl_DecryptUpdate
Ossl_EncryptFinal
Ossl_EncryptInit
Ossl_RC2_SetKey
Ossl_EncryptUpdate
Ossl_DigestInit
Ossl_DigestUpdate
Ossl_DecryptFinal
Ossl_DigestFinal
Ossl_DigestEncode
OnKeyT_GetRandBytes
OnKeyT_ManTokenParam
OnKeyT_Ex_DisplayInfo
OnKeyT_Ex_InputPasswd
OnKeyT_Ex_SelectSlot

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertSetCertificateContextProperty
CertCompareCertificateName
CertOpenSystemStoreA
CertAddCertificateContextToStore
CertFreeCertificateContext
CertCloseStore
CertCreateCertificateContext
CertGetNameStringA
CertEnumCertificatesInStore

Exports

Exports

CPAcquireContext
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/OnKeyDev01_hkbea.dll
.dll windows:4 windows x86 arch:x86

8415f7d0000b8bf4c8c916cdd4cc9722

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetTickCount
GetLastError
WriteFile
GetOverlappedResult
WaitForSingleObject
ReadFile
GlobalAlloc
MultiByteToWideChar
HeapSize
GetStringTypeW
GetStringTypeA
CreateFileA
lstrcpyA
lstrlenA
CloseHandle
GlobalFree
FreeLibrary
LoadLibraryA
CreateEventA
GetProcAddress
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
VirtualProtect
GetSystemInfo
VirtualQuery
LCMapStringA
WideCharToMultiByte
LCMapStringW
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
InterlockedExchange
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
GetLocaleInfoA

user32

MessageBoxA

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList

hid

HidD_GetFeature
HidD_SetFeature
HidD_GetHidGuid
HidD_GetAttributes
HidD_GetPreparsedData
HidP_GetCaps
HidD_FreePreparsedData
HidD_SetNumInputBuffers

Exports

Exports

OnKey_GetFunctionList

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/OnKeyP11_hkbea.dll
.dll windows:4 windows x86 arch:x86

6e3c4abbfbb0fcff538a20d91784e553

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetOEMCP
GetACP
VirtualQuery
InterlockedExchange
RtlUnwind
VirtualAlloc
EnterCriticalSection
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapSize
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection

onkeytoken_hkbea

OnKeyT_RsaVerify
OnKeyT_RsaSign
Ossl_DigestEncode
Ossl_GetCertPublicKeyN
Ossl_DigestUpdate
Ossl_DigestFinal
Ossl_DigestInit
Ossl_DecryptFinal
Ossl_DecryptUpdate
OnKeyT_RsaDecrypt
Ossl_DecryptInit
Ossl_EncryptFinal
Ossl_EncryptUpdate
OnKeyT_RsaEncrypt
Ossl_EncryptInit
OnKeyT_ReadObjectEx
OnKeyT_ManTokenParam
OnKeyT_ClearCache
OnKeyT_UpdateObject
OnKeyT_DeleteObject
OnKeyT_CreateObject
OnKeyT_ImportPairKey
OnKeyT_GeneratePairKey
OnKeyT_ExportPairKey
OnKeyT_GetRandBytes
OnKeyT_Logout
OnKeyT_Login
OnKeyT_ChangePin
OnKeyT_ReloadPin
OnKeyT_InitToken
OnKeyT_GetTokenInfo
OnKeyT_GetSlotList

Exports

Exports

C_CancelFunction
C_CloseAllSessions
C_CloseSession
C_CopyObject
C_CreateObject
C_Decrypt
C_DecryptDigestUpdate
C_DecryptFinal
C_DecryptInit
C_DecryptUpdate
C_DecryptVerifyUpdate
C_DeriveKey
C_DestroyObject
C_Digest
C_DigestEncryptUpdate
C_DigestFinal
C_DigestInit
C_DigestKey
C_DigestUpdate
C_Encrypt
C_EncryptFinal
C_EncryptInit
C_EncryptUpdate
C_Finalize
C_FindObjects
C_FindObjectsFinal
C_FindObjectsInit
C_GenerateKey
C_GenerateKeyPair
C_GenerateRandom
C_GetAttributeValue
C_GetFunctionList
C_GetFunctionStatus
C_GetInfo
C_GetMechanismInfo
C_GetMechanismList
C_GetObjectSize
C_GetOperationState
C_GetSessionInfo
C_GetSlotInfo
C_GetSlotList
C_GetTokenInfo
C_InitPIN
C_InitToken
C_Initialize
C_Login
C_Logout
C_OpenSession
C_SeedRandom
C_SetAttributeValue
C_SetOperationState
C_SetPIN
C_Sign
C_SignEncryptUpdate
C_SignFinal
C_SignInit
C_SignRecover
C_SignRecoverInit
C_SignUpdate
C_UnwrapKey
C_Verify
C_VerifyFinal
C_VerifyInit
C_VerifyRecover
C_VerifyRecoverInit
C_VerifyUpdate
C_WaitForSlotEvent
C_WrapKey

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/OnKeyPinpad_hkbea.dll
.dll windows:4 windows x86 arch:x86

956a8e0a98ef224bc2009af087fda476

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitThread
CreateThread
TerminateProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
HeapReAlloc
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
ExitProcess
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapFree
HeapAlloc
RtlUnwind
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GlobalFlags
InterlockedIncrement
RaiseException
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GetCurrentThread
lstrcmpA
GetModuleFileNameA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
CloseHandle
InterlockedDecrement
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
FreeLibrary
lstrcatA
lstrcmpW
GetModuleHandleA
GetProcAddress
SetLastError
FormatMessageA
lstrcpynA
LocalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
lstrlenA
lstrcmpiA
GetVersion
GetLastError
Sleep
ResumeThread
SetThreadPriority
Beep
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
MultiByteToWideChar
GetCurrentProcessId
WideCharToMultiByte

user32

DestroyMenu
LoadCursorA
GetSysColorBrush
SetCursor
PostQuitMessage
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
CheckRadioButton
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconA
PeekMessageA
MapWindowPoints
MessageBoxA
GetKeyState
IsWindowVisible
UpdateWindow
GetMenu
AdjustWindowRectEx
SendMessageA
GetWindowRect
GetClientRect
RedrawWindow
EnableWindow
LoadBitmapA
SetTimer
KillTimer
wsprintfA
GetSysColor
PostMessageA
GetParent
SetActiveWindow
SetForegroundWindow
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
GetWindow
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
GetLastActivePopup
PostThreadMessageA
FillRect
DrawIcon
GetSystemMetrics
OffsetRect
SetWindowRgn
GetWindowRgn
InvalidateRect
SetCapture
ReleaseCapture
PtInRect
GetSubMenu
GetMenuItemCount
TabbedTextOutA
GetMenuState
GetMenuItemID
CallNextHookEx

gdi32

CreateBitmap
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
RectVisible
PtVisible
CreateSolidBrush
GetClipBox
SetMapMode
SetBkColor
RestoreDC
SaveDC
SetBkMode
SelectObject
GetTextMetricsA
SetTextColor
SetTextAlign
TextOutA
SelectClipRgn
PtInRegion
GetRgnBox
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CombineRgn
OffsetRgn
FillRgn
CreateDCA
GetDeviceCaps
DeleteDC
GetStockObject
GetObjectA
CreateFontIndirectA
CreateEllipticRgn
CreateRectRgn
DeleteObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegSetValueExA
RegCreateKeyExA

comctl32

ord17
ImageList_Destroy

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

Pinpad_CreateKey
Pinpad_CreateKeyEx
Pinpad_GetKeyInfo
Pinpad_Indicator
Pinpad_ShowDialog

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/OnKeySvr_hkbea.exe
.exe windows:4 windows x86 arch:x86

096439c87624c86716586d5c1dd525ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
LCMapStringA
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetStringTypeA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
VirtualQuery
GetCPInfo
GetOEMCP
GetStringTypeW
VirtualProtect
GetSystemInfo
OutputDebugStringA
Sleep
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
HeapSize
GetCurrentProcess
GetProcAddress
GetLocaleInfoA
GetACP
InterlockedExchange
LocalAlloc
LocalFree
MultiByteToWideChar
GetLastError
SetLastError
FreeLibrary
LoadLibraryA
WriteFile
TerminateProcess
HeapAlloc
HeapReAlloc
ExitProcess
RtlUnwind
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA

user32

RegisterWindowMessageA
FindWindowA
CreateWindowExA
ShowWindow
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
UpdateWindow
BeginPaint
EndPaint
PostQuitMessage
RegisterDeviceNotificationA
UnregisterDeviceNotification
DestroyWindow
DefWindowProcA
SetTimer
KillTimer
PostMessageA
BroadcastSystemMessageA
wsprintfA
SendMessageA
RegisterClassExA

advapi32

RegCreateKeyA
RegCloseKey
RegSetValueExA
SetNamedSecurityInfoA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
SetEntriesInAclA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA

crypt32

CertCloseStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertOpenSystemStoreA
CertCompareCertificateName
CertSetCertificateContextProperty
CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertCreateCertificateContext

onkeytoken_hkbea

OnKeyT_GetSlotList
OnKeyT_ManTokenParam

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/OnKeyToken_hkbea.dll
.dll windows:4 windows x86 arch:x86

f2b4adcbfbe9c6e78f6ffa9e048f721f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
UnmapViewOfFile
CloseHandle
OpenMutexA
OpenFileMappingA
GetCurrentProcessId
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetACP
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
ProcessIdToSessionId
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
InterlockedExchange
VirtualQuery
InitializeCriticalSection
GetLocaleInfoA
VirtualProtect
GetSystemInfo
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalMemoryStatus
CreateMutexA
CreateFileMappingA
MapViewOfFile
ReleaseMutex
GetVersionExA
LocalFree
FreeLibrary
LoadLibraryA
GetProcAddress
FreeEnvironmentStringsA
DisableThreadLibraryCalls
FlushFileBuffers
ReadFile
SetStdHandle
SetFilePointer
CreateFileA
SetEndOfFile

user32

wsprintfA

advapi32

SetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
GetSecurityDescriptorSacl

wtsapi32

WTSEnumerateSessionsA

Exports

Exports

OnKeyT_ChangePin
OnKeyT_ClearCache
OnKeyT_ClearToken
OnKeyT_CreateObject
OnKeyT_DeleteObject
OnKeyT_Ex_DisplayInfo
OnKeyT_Ex_InputPasswd
OnKeyT_Ex_SelectSlot
OnKeyT_ExportPairKey
OnKeyT_GeneratePairKey
OnKeyT_GetObjectList
OnKeyT_GetRandBytes
OnKeyT_GetSlotList
OnKeyT_GetTokenInfo
OnKeyT_ImportPairKey
OnKeyT_InitToken
OnKeyT_Login
OnKeyT_Logout
OnKeyT_ManTokenParam
OnKeyT_Name2SlotID
OnKeyT_PrereloadPIN
OnKeyT_RSAReloadPin
OnKeyT_ReadObject
OnKeyT_ReadObjectEx
OnKeyT_ReloadPin
OnKeyT_RsaDecrypt
OnKeyT_RsaEncrypt
OnKeyT_RsaSign
OnKeyT_RsaVerify
OnKeyT_SSF33Calc
OnKeyT_UpdateObject
Ossl_BytesToKey
Ossl_DecryptFinal
Ossl_DecryptInit
Ossl_DecryptUpdate
Ossl_DigestDecode
Ossl_DigestEncode
Ossl_DigestFinal
Ossl_DigestInit
Ossl_DigestUpdate
Ossl_EncryptFinal
Ossl_EncryptInit
Ossl_EncryptUpdate
Ossl_GetBytes
Ossl_GetCertPublicKeyN
Ossl_GetP12Data
Ossl_RC2_SetKey
Ossl_RsaPrivate_crypt
Ossl_RsaPrivate_d2me
Ossl_RsaPublic_crypt
Ossl_RsaPublic_d2i
Ossl_RsaPublic_i2d

Sections

.text
Size: 336KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/OnKeyTools_hkbea.exe
.exe windows:4 windows x86 arch:x86

d1f6b8755eff9c56e522aa5af1a8edd5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
ReleaseMutex
GetLastError
CreateMutexA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
LCMapStringA
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapSize
TerminateProcess
HeapReAlloc
GetCommandLineA
FindResourceA
WideCharToMultiByte
GetModuleFileNameA
MultiByteToWideChar
GetVersion
lstrcmpiA
lstrlenA
CompareStringA
CompareStringW
WriteFile
CreateFileA
lstrcmpA
lstrcpyA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetProcAddress
LoadLibraryA
FreeLibrary
SetLastError
LocalFree
LocalAlloc
GetModuleHandleA
lstrcpynA
lstrcmpW
lstrcatA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
FreeResource
FormatMessageA
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapFree
HeapAlloc
ExitProcess
RtlUnwind
GetTickCount
GetFileTime
GetFileAttributesA
SetErrorMode
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
WritePrivateProfileStringA
InterlockedDecrement
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
CloseHandle

user32

MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
IsRectEmpty
CharNextA
ReleaseCapture
SetCapture
GetSysColorBrush
wsprintfA
EndPaint
BeginPaint
GetWindowDC
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetDesktopWindow
CreateDialogIndirectParamA
EndDialog
SetMenuItemBitmaps
EnableMenuItem
GetMenuCheckMarkDimensions
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
GetMessageA
TranslateMessage
ValidateRect
GetMenuState
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
IsWindow
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
SendMessageA
EnableWindow
SetForegroundWindow
FindWindowA
SetRect
DrawIcon
GetMenuItemCount
GetMenuItemID
GetSubMenu
ModifyMenuA
RemoveMenu
GetMenu
GetSystemMenu
IsIconic
GetMessagePos
PeekMessageA
MapWindowPoints
MessageBoxA
TrackPopupMenu
GetKeyState
GetScrollRange
SetScrollPos
GetScrollPos
IsWindowVisible
AdjustWindowRectEx
SetScrollInfo
RegisterClipboardFormatA
PostThreadMessageA
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
SetActiveWindow
GetClassNameA
SetWindowLongA
BeginDeferWindowPos
GetClassInfoExA
GetWindowRect
GetClientRect
InvalidateRect
LoadIconA
GetDlgItem
GetSystemMetrics
GetCursorPos
RegisterWindowMessageA
PostMessageA
GetParent
CharUpperA
DestroyIcon
DrawStateA
ReleaseDC
GetDC
CreateIconIndirect
GetIconInfo
CopyRect
InflateRect
OffsetRect
FillRect
FrameRect
DrawFocusRect
ClientToScreen
GetActiveWindow
GetNextDlgTabItem
WindowFromPoint
GetWindowLongA
DestroyMenu
DestroyCursor
SetCursor
TrackPopupMenuEx
GetSysColor
LoadImageA
DeferWindowPos
EndDeferWindowPos
ScreenToClient
IsZoomed
DrawFrameControl
EqualRect
GetScrollInfo
GrayStringA
DrawTextExA
TabbedTextOutA
UpdateWindow
DrawEdge
LoadBitmapA
SetRectEmpty
PtInRect
LoadCursorA
DrawTextA
CheckMenuItem

gdi32

GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateSolidBrush
GetBkColor
GetRgnBox
MoveToEx
LineTo
SetMapMode
SetBkMode
CreateRectRgnIndirect
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetMapMode
CreatePen
GetCurrentPositionEx
GetDeviceCaps
SaveDC
GetTextExtentPoint32A
RestoreDC
CreateFontIndirectA
GetTextColor
CreateDIBSection
GetObjectA
CreateCompatibleBitmap
GetPixel
SetPixel
CreateBitmap
CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
SetTextColor
GetStockObject
DeleteDC
DeleteObject

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegSetValueExA
RegDeleteValueA

shell32

ShellExecuteExA
ShellExecuteA

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_GetImageInfo
ImageList_Draw
ImageList_AddMasked
ImageList_GetImageCount
_TrackMouseEvent
ImageList_ReplaceIcon

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathCompactPathA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
CoTaskMemFree
CoCreateGuid
StringFromGUID2
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocStringByteLen
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
SysAllocString
OleCreateFontIndirect
VariantClear

winmm

PlaySoundA

crypt32

CertFreeCertificateContext
CertNameToStrA
CertGetNameStringA
CertCreateCertificateContext
CertCloseStore
CertAddCertificateContextToStore
CertOpenSystemStoreA
CertCompareCertificateName
CertSetCertificateContextProperty
CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertGetCertificateChain
PFXVerifyPassword
CertFreeCertificateChain

onkeytoken_hkbea

OnKeyT_ManTokenParam
OnKeyT_GetSlotList
OnKeyT_ClearCache
OnKeyT_GetTokenInfo
OnKeyT_Login
OnKeyT_ChangePin
OnKeyT_ReloadPin
OnKeyT_InitToken
Ossl_GetP12Data

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/Root.reg
$SYSDIR/TdrCOM_User.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d01078586890718da0790aee3280554d

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:b2:8e:e5:60:56:e4:01:eb:b4:fd:8b:74:f0:04:ea
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

29-05-2008 00:00

Not After

29-05-2009 23:59

Subject

CN=The Bank of East Asia (China) Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Electronic Distribution Department,O=The Bank of East Asia (China) Limited,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

15:36:ba:6f:40:bb:2f:a1:3b:58:53:cb:2d:33:90:c7:ce:3e:2e:8b
Signer

Actual PE Digest

15:36:ba:6f:40:bb:2f:a1:3b:58:53:cb:2d:33:90:c7:ce:3e:2e:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Work\东亚银行\v2.0_193I_SourceCode\东亚银行控件#\TendyronCOM_User\Release\TdrCom_User.pdb

Imports

kernel32

IsDBCSLeadByte
GetModuleFileNameA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
SetLastError
lstrcatA
CloseHandle
FlushFileBuffers
InterlockedDecrement
LCMapStringA
GetStringTypeW
GetStringTypeA
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
lstrcpyA
lstrcpynA
GetProcAddress
LoadLibraryA
lstrcmpiA
lstrlenA
SetStdHandle
GetCPInfo
GetOEMCP
SetFilePointer
IsBadCodePtr
IsBadReadPtr
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
LCMapStringW
InterlockedExchange
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
GetCurrentThreadId
GetCommandLineA
HeapCreate
VirtualFree
IsBadWritePtr
TerminateProcess
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle

user32

wsprintfA
LoadStringA
CharNextA

advapi32

RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA

ole32

CoTaskMemFree
CoTaskMemRealloc
ProgIDFromCLSID
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2

oleaut32

RegisterTypeLi
SysAllocStringLen
UnRegisterTypeLi
SysAllocString
SysStringLen
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
CreateErrorInfo
SetErrorInfo
SysFreeString

shlwapi

PathFindExtensionA

crypt32

CertCloseStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertOpenSystemStoreA
CertCompareCertificateName
CertSetCertificateContextProperty
CertCreateCertificateContext

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/ie6_tdr.reg
$SYSDIR/ie7_tdr.reg
$SYSDIR/safeInput4bea.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f100ff9c694e6ef46bc827b0243c32eb

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:b2:8e:e5:60:56:e4:01:eb:b4:fd:8b:74:f0:04:ea
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

29-05-2008 00:00

Not After

29-05-2009 23:59

Subject

CN=The Bank of East Asia (China) Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Electronic Distribution Department,O=The Bank of East Asia (China) Limited,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

40:93:b6:c0:97:b5:47:1c:ea:44:65:a0:5b:fd:04:65:4c:21:f7:cb
Signer

Actual PE Digest

40:93:b6:c0:97:b5:47:1c:ea:44:65:a0:5b:fd:04:65:4c:21:f7:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
IsBadCodePtr
IsBadReadPtr
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualAlloc
LCMapStringA
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
GetLastError
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetVersion
GetStringTypeA
HeapAlloc
LCMapStringW
FlushFileBuffers
InterlockedExchange
FlushInstructionCache
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DisableThreadLibraryCalls
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
HeapReAlloc
HeapFree
RaiseException
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
GetStringTypeW
lstrlenA
GetVersionExA
LoadLibraryA
lstrcmpiA
GetCurrentProcess
WriteProcessMemory
VirtualQuery
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32First
Module32Next
CloseHandle
GetProcAddress
GetSystemInfo
VirtualFree
HeapSize

user32

IsChild
CallNextHookEx
GetKeyState
ReleaseDC
SetCaretPos
GetDC
MessageBoxA
SetCursor
GetFocus
FrameRect
CreateWindowExA
CallWindowProcA
SetWindowLongA
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
UnionRect
DestroyWindow
DefWindowProcA
GetWindowLongA
SetTimer
PostMessageA
CharUpperA
ShowWindow
GetParent
GetWindow
SetFocus
HideCaret
DestroyCaret
CreateCaret
ShowCaret
SetCapture
ReleaseCapture
IsWindow
LoadCursorA
PtInRect
BeginPaint
GetClientRect
EndPaint
InvalidateRect
GetAsyncKeyState
KillTimer
UnhookWindowsHookEx
SetWindowsHookExA

gdi32

SetTextColor
SetBkMode
CreateSolidBrush
CreatePen
MoveToEx
LineTo
ExtTextOutA
GetDeviceCaps
LPtoDP
SetMapMode
SetViewportOrgEx
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
DeleteObject
DPtoLP
GetTextExtentPoint32A
GetTextExtentExPointA
SelectObject
SetBkColor

ole32

CoTaskMemFree
CoCreateFreeThreadedMarshaler
CreateStreamOnHGlobal
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
CreateDataAdviseHolder
CreateOleAdviseHolder
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
OleLoadPicture
OleCreatePropertyFrame
SysStringByteLen
OleCreateFontIndirect
SysAllocString
SysAllocStringLen
OleTranslateColor
VariantClear
SysFreeString
SysStringLen

atl

ord16
ord21
ord23
ord31
ord15
ord18
ord57
ord32
ord30
ord58
ord46
ord27
ord26
ord51
ord50
ord44
ord43

imagehlp

ImageDirectoryEntryToData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OnKeyTools_hkbea.exe
.exe windows:4 windows x86 arch:x86

d1f6b8755eff9c56e522aa5af1a8edd5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetUnhandledExceptionFilter
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
ReleaseMutex
GetLastError
CreateMutexA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
LCMapStringA
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapSize
TerminateProcess
HeapReAlloc
GetCommandLineA
FindResourceA
WideCharToMultiByte
GetModuleFileNameA
MultiByteToWideChar
GetVersion
lstrcmpiA
lstrlenA
CompareStringA
CompareStringW
WriteFile
CreateFileA
lstrcmpA
lstrcpyA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetProcAddress
LoadLibraryA
FreeLibrary
SetLastError
LocalFree
LocalAlloc
GetModuleHandleA
lstrcpynA
lstrcmpW
lstrcatA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
FreeResource
FormatMessageA
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapFree
HeapAlloc
ExitProcess
RtlUnwind
GetTickCount
GetFileTime
GetFileAttributesA
SetErrorMode
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
WritePrivateProfileStringA
InterlockedDecrement
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
CloseHandle

user32

MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
IsRectEmpty
CharNextA
ReleaseCapture
SetCapture
GetSysColorBrush
wsprintfA
EndPaint
BeginPaint
GetWindowDC
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetDesktopWindow
CreateDialogIndirectParamA
EndDialog
SetMenuItemBitmaps
EnableMenuItem
GetMenuCheckMarkDimensions
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
GetMessageA
TranslateMessage
ValidateRect
GetMenuState
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
IsWindow
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
SendMessageA
EnableWindow
SetForegroundWindow
FindWindowA
SetRect
DrawIcon
GetMenuItemCount
GetMenuItemID
GetSubMenu
ModifyMenuA
RemoveMenu
GetMenu
GetSystemMenu
IsIconic
GetMessagePos
PeekMessageA
MapWindowPoints
MessageBoxA
TrackPopupMenu
GetKeyState
GetScrollRange
SetScrollPos
GetScrollPos
IsWindowVisible
AdjustWindowRectEx
SetScrollInfo
RegisterClipboardFormatA
PostThreadMessageA
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
SetActiveWindow
GetClassNameA
SetWindowLongA
BeginDeferWindowPos
GetClassInfoExA
GetWindowRect
GetClientRect
InvalidateRect
LoadIconA
GetDlgItem
GetSystemMetrics
GetCursorPos
RegisterWindowMessageA
PostMessageA
GetParent
CharUpperA
DestroyIcon
DrawStateA
ReleaseDC
GetDC
CreateIconIndirect
GetIconInfo
CopyRect
InflateRect
OffsetRect
FillRect
FrameRect
DrawFocusRect
ClientToScreen
GetActiveWindow
GetNextDlgTabItem
WindowFromPoint
GetWindowLongA
DestroyMenu
DestroyCursor
SetCursor
TrackPopupMenuEx
GetSysColor
LoadImageA
DeferWindowPos
EndDeferWindowPos
ScreenToClient
IsZoomed
DrawFrameControl
EqualRect
GetScrollInfo
GrayStringA
DrawTextExA
TabbedTextOutA
UpdateWindow
DrawEdge
LoadBitmapA
SetRectEmpty
PtInRect
LoadCursorA
DrawTextA
CheckMenuItem

gdi32

GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateSolidBrush
GetBkColor
GetRgnBox
MoveToEx
LineTo
SetMapMode
SetBkMode
CreateRectRgnIndirect
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetMapMode
CreatePen
GetCurrentPositionEx
GetDeviceCaps
SaveDC
GetTextExtentPoint32A
RestoreDC
CreateFontIndirectA
GetTextColor
CreateDIBSection
GetObjectA
CreateCompatibleBitmap
GetPixel
SetPixel
CreateBitmap
CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
SetTextColor
GetStockObject
DeleteDC
DeleteObject

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegSetValueExA
RegDeleteValueA

shell32

ShellExecuteExA
ShellExecuteA

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_GetImageInfo
ImageList_Draw
ImageList_AddMasked
ImageList_GetImageCount
_TrackMouseEvent
ImageList_ReplaceIcon

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathCompactPathA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
CoTaskMemFree
CoCreateGuid
StringFromGUID2
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocStringByteLen
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
SysAllocString
OleCreateFontIndirect
VariantClear

winmm

PlaySoundA

crypt32

CertFreeCertificateContext
CertNameToStrA
CertGetNameStringA
CertCreateCertificateContext
CertCloseStore
CertAddCertificateContextToStore
CertOpenSystemStoreA
CertCompareCertificateName
CertSetCertificateContextProperty
CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertGetCertificateChain
PFXVerifyPassword
CertFreeCertificateChain

onkeytoken_hkbea

OnKeyT_ManTokenParam
OnKeyT_GetSlotList
OnKeyT_ClearCache
OnKeyT_GetTokenInfo
OnKeyT_Login
OnKeyT_ChangePin
OnKeyT_ReloadPin
OnKeyT_InitToken
Ossl_GetP12Data

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
hkbea.ico
unInstall.exe.nsis

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

64:a9:1a:18:3f:5d:ac:8f:25:0c:52:dd:a0:5f:1d:baCertificate

Extended Key Usages

Key Usages

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1aCertificate

Extended Key Usages

Key Usages

40:5e:44:bf:71:45:f7:86:7d:49:45:7e:7b:50:31:27:a4:b8:8d:9cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 129KB

.ndata Size: - Virtual size: 80KB

.rsrc Size: 5KB - Virtual size: 4KB

bd0c5e2173fde31d22cb05fc3c2a33dc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 848B

.data Size: - Virtual size: 56B

.reloc Size: 512B - Virtual size: 502B

bd466f7c556ab8a855353a3037d368db

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 686B

.rdata Size: 1024B - Virtual size: 753B

.data Size: 512B - Virtual size: 48B

.reloc Size: 512B - Virtual size: 156B

a21a991bcb66fdf2525af06bcf5b9788

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

64:a9:1a:18:3f:5d:ac:8f:25:0c:52:dd:a0:5f:1d:ba
Certificate

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

40:5e:44:bf:71:45:f7:86:7d:49:45:7e:7b:50:31:27:a4:b8:8d:9c
Signer

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 129KB

.ndata
Size: - Virtual size: 80KB

.rsrc
Size: 5KB - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 848B

.data
Size: - Virtual size: 56B

.reloc
Size: 512B - Virtual size: 502B

.text
Size: 1024B - Virtual size: 686B

.rdata
Size: 1024B - Virtual size: 753B

.data
Size: 512B - Virtual size: 48B

.reloc
Size: 512B - Virtual size: 156B

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

03:b2:8e:e5:60:56:e4:01:eb:b4:fd:8b:74:f0:04:ea
Certificate

68:7f:37:1c:70:c3:5e:d5:0e:c5:46:40:1d:2b:be:52:73:a2:17:f9
Signer

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 16KB - Virtual size: 13KB

.reloc
Size: 16KB - Virtual size: 12KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

03:b2:8e:e5:60:56:e4:01:eb:b4:fd:8b:74:f0:04:ea
Certificate

6e:c1:89:d7:85:a6:ee:c8:b4:5f:1f:00:67:60:55:0c:ae:a9:92:70
Signer

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

03:b2:8e:e5:60:56:e4:01:eb:b4:fd:8b:74:f0:04:ea
Certificate

5f:60:dd:89:82:d0:8a:e0:b1:4f:86:06:5d:a6:b4:2c:64:0e:c8:d8
Signer

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 12B