b2126f89d07c540fac6ac13ba6a2edfb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b2126f89d07c540fac6ac13ba6a2edfb_JaffaCakes118
Size

4.1MB
MD5

b2126f89d07c540fac6ac13ba6a2edfb
SHA1

7a45be476f42e7cdb9fe372ccdc10341ac6276b2
SHA256

d7be441ec9c456b3df1a232702d777b73d7ff4bfda328ebe5723fdccee5f21c1
SHA512

6fd4c35eb3ae2ee1bbe91831f0979ec9f66b05afad64f538d4332a4df2560624f958ab5b8b14129512e15901f0741ee563d257dc4812ee60d33b285ea20a450a
SSDEEP

98304:yGx8LIq+o1Kgb9baKP+kB4XLne3tcbdS+6eYVylbtQHisTw7:Fx8LI8KybaKPx4XrsC5dnJbtQHzG

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LockedList.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack002/$PLUGINSDIR/LockedList.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsisFirewall.dll
unpack002/BugSplatRc.dll
unpack002/dbghelp.dll
unpack001/ESNLaunchAx.ocx
unpack001/esnlauncher.exe
unpack001/npesnlaunch.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$TEMP/sonarinst.exe	nsis_installer_1
static1/unpack001/$TEMP/sonarinst.exe	nsis_installer_2

Files

b2126f89d07c540fac6ac13ba6a2edfb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:f4:ae:46:f2:76:ce:96:cc:56:ad:23:77:a7:63:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/05/2011, 00:00

Not After

02/05/2014, 23:59

Subject

CN=EA Digital Illusions CE AB,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=EA Digital Illusions CE AB,L=Stockholm,ST=Stockholms Lan,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:b5:89:34:fa:80:48:fc:39:89:7a:c3:41:8d:e9:42:1f:a8:15:e2
Signer

Actual PE Digest

2b:b5:89:34:fa:80:48:fc:39:89:7a:c3:41:8d:e9:42:1f:a8:15:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LockedList.dll
.dll windows:5 windows x86 arch:x86

f3d1592afd58c9d588a71932729da9c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Programming\work\esnlaunch\NSIS\Plugins\LockedList.pdb

Imports

comctl32

ImageList_Create
ImageList_ReplaceIcon

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
GetLastError
QueryFullProcessImageNameA
OpenProcess
Module32Next
GetModuleFileNameA
Module32First
lstrcpyA
lstrcmpiA
GlobalAlloc
LocalFree
LocalAlloc
lstrcmpA
GlobalFree
GetCurrentProcessId
Sleep
WaitForSingleObject
TerminateProcess
lstrcatA
GetCurrentProcess
lstrlenA
CreateThread
GetModuleHandleA
CreateFileA
AllocConsole
LoadLibraryA
GetProcAddress
ResetEvent
CreateEventA
TerminateThread
QueryDosDeviceA
DuplicateHandle
WideCharToMultiByte
SetEvent
lstrcpynA
ReadFile
GetProcessHeap
SetEndOfFile
CreateFileW
SetStdHandle
GetStringTypeW
MultiByteToWideChar
LCMapStringW
FlushFileBuffers
HeapSize
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleFileNameW
WriteFile
GetLocaleInfoW
LoadLibraryW
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FatalAppExitA
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidLocale
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
ExitProcess
HeapFree
GetCurrentThread
InterlockedDecrement
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
WriteConsoleW
SetLastError
GetModuleHandleW
GetCurrentThreadId
DecodePointer
GetCommandLineA
RtlUnwind
RaiseException
EnterCriticalSection
LeaveCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement

user32

GetDlgItem
MapWindowPoints
MoveWindow
SetWindowPos
GetClientRect
GetSystemMetrics
SetWindowLongA
GetMessageA
IsDialogMessageA
DispatchMessageA
DestroyWindow
GetWindowRect
ScreenToClient
CreatePopupMenu
AppendMenuA
TrackPopupMenu
DestroyMenu
IsIconic
ShowWindow
SetForegroundWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CreateDialogParamA
SetActiveWindow
SendMessageTimeoutA
EnableWindow
PostMessageA
SetWindowTextA
MessageBoxA
LoadImageA
GetCursorPos
SetCursorPos
DestroyIcon
SendMessageA
IsWindow
GetClassNameA
CharLowerA
wsprintfA
SetCursor
CallWindowProcA
GetWindowTextA
GetWindowLongA
GetParent
GetWindowThreadProcessId
EnumWindows
TranslateMessage

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shell32

ExtractIconExA

Exports

Exports

AddApplications
AddCaption
AddClass
AddCustom
AddFile
AddFolder
AddModule
Dialog
EnumProcesses
FindProcess
InitDialog
IsFileLocked
Show
SilentPercentComplete
SilentSearch
SilentWait

Sections

.text
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

afa8e526425f3585465337467d0b5909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
lstrcpynA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$TEMP/sonarinst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:81:ff:eb:00:25:83:b6:79:45:13:05:5f:c0:ad:d5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

27/10/2009, 00:00

Not After

26/10/2012, 23:59

Subject

CN=Electronic Sports Network i Sverige AB,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Electronic Sports Network i Sverige AB,L=Uppsala,ST=N/A,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

23:45:2d:f2:c4:f0:4e:76:dd:b2:2e:bc:52:0b:16:72:8b:77:7f:27
Signer

Actual PE Digest

23:45:2d:f2:c4:f0:4e:76:dd:b2:2e:bc:52:0b:16:72:8b:77:7f:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LockedList.dll
.dll windows:5 windows x86 arch:x86

f3d1592afd58c9d588a71932729da9c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Programming\work\esnlaunch\NSIS\Plugins\LockedList.pdb

Imports

comctl32

ImageList_Create
ImageList_ReplaceIcon

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
GetLastError
QueryFullProcessImageNameA
OpenProcess
Module32Next
GetModuleFileNameA
Module32First
lstrcpyA
lstrcmpiA
GlobalAlloc
LocalFree
LocalAlloc
lstrcmpA
GlobalFree
GetCurrentProcessId
Sleep
WaitForSingleObject
TerminateProcess
lstrcatA
GetCurrentProcess
lstrlenA
CreateThread
GetModuleHandleA
CreateFileA
AllocConsole
LoadLibraryA
GetProcAddress
ResetEvent
CreateEventA
TerminateThread
QueryDosDeviceA
DuplicateHandle
WideCharToMultiByte
SetEvent
lstrcpynA
ReadFile
GetProcessHeap
SetEndOfFile
CreateFileW
SetStdHandle
GetStringTypeW
MultiByteToWideChar
LCMapStringW
FlushFileBuffers
HeapSize
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleFileNameW
WriteFile
GetLocaleInfoW
LoadLibraryW
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FatalAppExitA
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidLocale
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
ExitProcess
HeapFree
GetCurrentThread
InterlockedDecrement
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
WriteConsoleW
SetLastError
GetModuleHandleW
GetCurrentThreadId
DecodePointer
GetCommandLineA
RtlUnwind
RaiseException
EnterCriticalSection
LeaveCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement

user32

GetDlgItem
MapWindowPoints
MoveWindow
SetWindowPos
GetClientRect
GetSystemMetrics
SetWindowLongA
GetMessageA
IsDialogMessageA
DispatchMessageA
DestroyWindow
GetWindowRect
ScreenToClient
CreatePopupMenu
AppendMenuA
TrackPopupMenu
DestroyMenu
IsIconic
ShowWindow
SetForegroundWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CreateDialogParamA
SetActiveWindow
SendMessageTimeoutA
EnableWindow
PostMessageA
SetWindowTextA
MessageBoxA
LoadImageA
GetCursorPos
SetCursorPos
DestroyIcon
SendMessageA
IsWindow
GetClassNameA
CharLowerA
wsprintfA
SetCursor
CallWindowProcA
GetWindowTextA
GetWindowLongA
GetParent
GetWindowThreadProcessId
EnumWindows
TranslateMessage

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shell32

ExtractIconExA

Exports

Exports

AddApplications
AddCaption
AddClass
AddCustom
AddFile
AddFolder
AddModule
Dialog
EnumProcesses
FindProcess
InitDialog
IsFileLocked
Show
SilentPercentComplete
SilentSearch
SilentWait

Sections

.text
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisFirewall.dll
.dll windows:4 windows x86 arch:x86

1a4c99175e8891c64634680f4f238d51

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
InterlockedDecrement
lstrlenA
MultiByteToWideChar
LocalFree

user32

wsprintfA

ole32

OleRun
CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString

oleaut32

VariantClear
GetErrorInfo
SysFreeString
SysAllocString

msvcrt

??2@YAPAXI@Z
_onexit
__dllonexit
_initterm
free
??1type_info@@UAE@XZ
_CxxThrowException
_adjust_fdiv
??3@YAXPAX@Z
malloc
__CxxFrameHandler

Exports

Exports

AddAuthorizedApplication
RemoveAuthorizedApplication

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BsSndRpt.exe
.exe windows:5 windows x86 arch:x86

fd588b0f3128b520596e1598b3a0c74c

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

26:b0:54:29:f9:04:0d:bf:6c:51:33:85:16:9b:da:88
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

04/05/2009, 00:00

Not After

03/05/2012, 23:59

Subject

CN=BugSplat LLC,O=BugSplat LLC,POSTALCODE=03242,STREET=104 Deer Run,L=Henniker,ST=NH,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1f:43:44:e4:dc:db:a2:58:a4:ec:bc:d6:99:11:dc:96:00:6a:d8:34
Signer

Actual PE Digest

1f:43:44:e4:dc:db:a2:58:a4:ec:bc:d6:99:11:dc:96:00:6a:d8:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\builds\BugSplatLibraries\trunk\BugSplat\bin\BsSndRpt.pdb

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

shlwapi

PathUnquoteSpacesW

rpcrt4

UuidToStringW

wininet

InternetAttemptConnect

ws2_32

gethostname

user32

CharUpperW

gdi32

GetStockObject

advapi32

RegisterEventSourceW

shell32

ShellExecuteW

ole32

CoTaskMemFree

oleaut32

VarUI4FromStr

comctl32

_TrackMouseEvent

Sections

.text
Size: 110KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BugSplat.dll
.dll windows:5 windows x86 arch:x86

75133541298fd16898da890b83feccc1

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

26:b0:54:29:f9:04:0d:bf:6c:51:33:85:16:9b:da:88
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

04/05/2009, 00:00

Not After

03/05/2012, 23:59

Subject

CN=BugSplat LLC,O=BugSplat LLC,POSTALCODE=03242,STREET=104 Deer Run,L=Henniker,ST=NH,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

91:de:78:82:78:d6:ef:eb:e9:6c:94:74:14:0a:2f:a0:ac:24:92:9d
Signer

Actual PE Digest

91:de:78:82:78:d6:ef:eb:e9:6c:94:74:14:0a:2f:a0:ac:24:92:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\builds\BugSplatLibraries\trunk\BugSplat\bin\BugSplat.pdb

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

wininet

HttpSendRequestA

shlwapi

PathStripPathA

user32

MessageBoxA

advapi32

RegCreateKeyA

ole32

CoTaskMemAlloc

oleaut32

VarUI4FromStr

urlmon

URLDownloadToFileA

version

GetFileVersionInfoA

rpcrt4

RpcStringFreeA

Exports

Exports

??0BugSplatImp@@QAE@XZ
??0MiniDmpSender@@QAE@ABV0@@Z
??0MiniDmpSender@@QAE@PBD000K@Z
??0MiniDmpSender@@QAE@PBG000K@Z
??0MiniDmpSender@@QAE@PB_W000K@Z
??1MiniDmpSender@@UAE@XZ
??4BugSplatImp@@QAEAAV0@ABV0@@Z
??4MiniDmpSender@@QAEAAV0@ABV0@@Z
??_7MiniDmpSender@@6B@
?CreateMiniDump@BugSplatImp@@QAEHPAUHINSTANCE__@@KPAXKPAU_EXCEPTION_POINTERS@@PBDPADK@Z
?GetReducedGuid@BugSplatImp@@QAEXPADK@Z
?ReduceGuidString@BugSplatImp@@QAEXPADK@Z
?ResumeSuspendedThreads@BugSplatImp@@QAEXXZ
?SetDbghelpFlags@MiniDmpSender@@QAEXW4dbghelpFlags@1@@Z
?SuspendAllThreadsInProcess@BugSplatImp@@QAEXPAX@Z
?SuspendThreadsInCurrentProcess@BugSplatImp@@QAEXXZ
?createReport@MiniDmpSender@@QAEXPAU_EXCEPTION_POINTERS@@@Z
?createReport@MiniDmpSender@@QAEXXZ
?createReportAndExit@MiniDmpSender@@QAEXXZ
?enableExceptionFilter@MiniDmpSender@@QAE_N_N@Z
?getFlags@MiniDmpSender@@QBEKXZ
?imp@MiniDmpSender@@QAEPAXXZ
?isExceptionFilterEnabled@MiniDmpSender@@QBE_NXZ
?resetAppIdentifierA@MiniDmpSender@@QAEXPBD@Z
?resetAppIdentifierW@MiniDmpSender@@QAEXPBG@Z
?resetAppIdentifierWC@MiniDmpSender@@QAEX_W@Z
?resetVersionStringA@MiniDmpSender@@QAEXPBD@Z
?resetVersionStringW@MiniDmpSender@@QAEXPBG@Z
?setCallback@MiniDmpSender@@QAEXP6A_NIPAX0@Z@Z
?setFlags@MiniDmpSender@@QAE_NK@Z
?storeUserLogA@MiniDmpSender@@QAEXPBD@Z
?storeUserLogW@MiniDmpSender@@QAEXPBG@Z
?storeUserLogWC@MiniDmpSender@@QAEX_W@Z
CreateMiniDmpSender
DestroyMiniDmpSender
MDSGetFlags
MDSResetAppIdentifier
MDSResetVersionString
MDSSetFlags

Sections

.text
Size: 89KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BugSplatRc.dll
.dll windows:5 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.rsrc
Size: 64KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SonarAx.ocx
.dll regsvr32 windows:5 windows x86 arch:x86

05d2de698196328ffae4e29296816f21

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:81:ff:eb:00:25:83:b6:79:45:13:05:5f:c0:ad:d5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

27/10/2009, 00:00

Not After

26/10/2012, 23:59

Subject

CN=Electronic Sports Network i Sverige AB,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Electronic Sports Network i Sverige AB,L=Uppsala,ST=N/A,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

be:82:61:45:03:b0:15:29:e0:ac:26:58:6b:dc:8d:18:5d:2b:67:6d
Signer

Actual PE Digest

be:82:61:45:03:b0:15:29:e0:ac:26:58:6b:dc:8d:18:5d:2b:67:6d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\BuildAgent\work\cf2c3c666f327c17\client\Release\SonarAx.pdb

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

advapi32

RegQueryValueExW

winmm

timeBeginPeriod

ws2_32

WSAStartup

shell32

ExtractIconW

user32

GetTopWindow

gdi32

CopyMetaFileW

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW

shlwapi

PathFindExtensionW

ole32

ReadClassStm

oleaut32

SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 194KB - Virtual size: 560KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SonarHost.exe
.exe windows:5 windows x86 arch:x86

93f57ea1c8b5678947908f980602748f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:81:ff:eb:00:25:83:b6:79:45:13:05:5f:c0:ad:d5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

27/10/2009, 00:00

Not After

26/10/2012, 23:59

Subject

CN=Electronic Sports Network i Sverige AB,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Electronic Sports Network i Sverige AB,L=Uppsala,ST=N/A,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

46:f0:36:53:d3:40:46:84:a4:02:93:46:35:fe:15:88:27:53:dd:20
Signer

Actual PE Digest

46:f0:36:53:d3:40:46:84:a4:02:93:46:35:fe:15:88:27:53:dd:20

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent\work\cf2c3c666f327c17\client\Release\SonarHost.pdb

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

ws2_32

freeaddrinfo

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA

winmm

timeBeginPeriod

dsound

ord12

crypt32

CryptUnprotectData

shell32

Shell_NotifyIconW

comctl32

ImageList_Create

bugsplat

??1MiniDmpSender@@UAE@XZ

wldap32

ord143

user32

SetClipboardData

gdi32

SetROP2

winspool.drv

ClosePrinter

comdlg32

ChooseColorW

ole32

CLSIDFromString

Sections

.text
Size: 730KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
channelClientJoined.wav
channelClientParted.wav
channelJoined.wav
channelParted.wav
dbghelp.dll
.dll windows:6 windows x86 arch:x86

1ad421b72e4dc353621547a143130420

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

??3@YAXPAX@Z

advapi32

RegQueryValueExA

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
itoldyouso
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 330KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
esnsonar_uninstall.exe.nsis
headerImage.png
.png
iconCaptureMuted.png
.png
iconInChannel.png
.png
iconPlaybackMuted.png
.png
iconTalking.png
.png
include/libsonarclient.h
include/libsonarclient_c.h
libsonarclient.dll
.dll windows:5 windows x86 arch:x86

18f21292d92d283f253527ceda7827c1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:81:ff:eb:00:25:83:b6:79:45:13:05:5f:c0:ad:d5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

27/10/2009, 00:00

Not After

26/10/2012, 23:59

Subject

CN=Electronic Sports Network i Sverige AB,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Electronic Sports Network i Sverige AB,L=Uppsala,ST=N/A,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d6:2f:51:1a:e2:c3:2a:ba:4b:2b:00:3b:7b:d0:53:89:17:2b:6f:15
Signer

Actual PE Digest

d6:2f:51:1a:e2:c3:2a:ba:4b:2b:00:3b:7b:d0:53:89:17:2b:6f:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\BuildAgent\work\cf2c3c666f327c17\client\Release\libsonarclient.pdb

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

advapi32

RegQueryValueExW

winmm

timeGetTime

ws2_32

WSAStartup

user32

RegisterWindowMessageW

shell32

ShellExecuteExW

Exports

Exports

??0ISonarClient@Sonar@@QAE@ABV01@@Z
??0ISonarClient@Sonar@@QAE@XZ
??0Result@Sonar@@QAE@PAURESULTPRIVATE@1@@Z
??0Variant@Sonar@@QAE@H@Z
??0Variant@Sonar@@QAE@M@Z
??0Variant@Sonar@@QAE@PAX@Z
??0Variant@Sonar@@QAE@PBXI@Z
??0Variant@Sonar@@QAE@PB_W@Z
??0Variant@Sonar@@QAE@XZ
??0Variant@Sonar@@QAE@_N@Z
??1Result@Sonar@@QAE@XZ
??1Variant@Sonar@@QAE@XZ
??4ISonarClient@Sonar@@QAEAAV01@ABV01@@Z
??4Result@Sonar@@QAEAAV01@ABV01@@Z
??4Variant@Sonar@@QAEAAV01@ABV01@@Z
??_7ISonarClient@Sonar@@6B@
?GetArgument@Result@Sonar@@QBEPBVVariant@2@I@Z
?GetArguments@Result@Sonar@@QBEIXZ
?GetBlobPtr@Variant@Sonar@@QBEPBXPAI@Z
?GetBoolean@Variant@Sonar@@QBE_NXZ
?GetException@Result@Sonar@@QBEPB_WXZ
?GetFloat@Variant@Sonar@@QBEMXZ
?GetInteger@Variant@Sonar@@QBEHXZ
?GetString@Variant@Sonar@@QBEPB_WXZ
?GetType@Variant@Sonar@@QBE?AW4SONARVARIANTTYPES@2@XZ
?HasException@Result@Sonar@@QBE_NXZ
?SonarClient_Destroy@@YAXPAVISonarClient@Sonar@@@Z
?SonarClient_New@@YAPAVISonarClient@Sonar@@K@Z
?ToConsoleValue@Variant@Sonar@@QBEPAXXZ
SonarClientAsyncExecCommand
SonarClientAttachInstance
SonarClientFreeResult
SonarClientGetVariable
SonarClientPoll
SonarClientRegisterEventHandler
SonarClientSetVariable
SonarClientSetupInstance
SonarClientShutdownInstance
SonarClientSyncExecCommand
SonarClientWait
SonarClient_Alloc
SonarClient_Free
SonarResultGetArgument
SonarResultGetArguments
SonarResultGetException
SonarResultHasException
SonarVariantBlob
SonarVariantBool
SonarVariantCreate
SonarVariantFloat
SonarVariantFree
SonarVariantGetBlobPtr
SonarVariantGetBoolean
SonarVariantGetFloat
SonarVariantGetInteger
SonarVariantGetString
SonarVariantGetType
SonarVariantInt
SonarVariantString

Sections

.text
Size: 90KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
libsonarclient.lib
npesnsonar.dll
.dll windows:5 windows x86 arch:x86

18f21292d92d283f253527ceda7827c1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:81:ff:eb:00:25:83:b6:79:45:13:05:5f:c0:ad:d5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

27/10/2009, 00:00

Not After

26/10/2012, 23:59

Subject

CN=Electronic Sports Network i Sverige AB,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Electronic Sports Network i Sverige AB,L=Uppsala,ST=N/A,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

57:53:ac:1c:6e:8b:39:0c:09:d8:fa:32:14:94:c4:be:26:6b:35:b3
Signer

Actual PE Digest

57:53:ac:1c:6e:8b:39:0c:09:d8:fa:32:14:94:c4:be:26:6b:35:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\BuildAgent\work\cf2c3c666f327c17\client\Release\npesnwhisper.pdb

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

advapi32

RegQueryValueExW

winmm

timeGetTime

ws2_32

WSAStartup

user32

RegisterWindowMessageW

shell32

ShellExecuteExW

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 100KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sonaricon.ico
version.txt
ESNLaunchAx.ocx
.dll regsvr32 windows:5 windows x86 arch:x86

120d6551d3d7a920aeaa4c6a60527475

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\dev\planet\bfa\plugins\esnlaunch\Retail\ESNLaunchAx.pdb

Imports

ws2_32

WSAStartup
ntohs
htonl
getaddrinfo
socket
bind
WSAGetLastError
closesocket
inet_addr
htons
connect
sendto
select
recvfrom
ntohl

iphlpapi

IcmpSendEcho2
IcmpCreateFile
IcmpCloseHandle
IcmpParseReplies

kernel32

OpenEventA
UnmapViewOfFile
lstrlenW
CloseHandle
GetLastError
GetProcAddress
LoadLibraryExW
GetSystemDirectoryW
FreeLibrary
LoadLibraryW
SetLastError
InitializeCriticalSection
GetCurrentThreadId
AllocConsole
DeleteCriticalSection
WaitForSingleObject
Sleep
LeaveCriticalSection
CreateThread
MapViewOfFile
CreateFileMappingA
GetStartupInfoW
CreateEventW
WaitForMultipleObjects
QueryPerformanceCounter
QueryPerformanceFrequency
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
GetCurrentProcessId
GetFullPathNameA
GetTimeZoneInformation
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
SetEnvironmentVariableA
GetProcessHeap
LocalFree
GetTickCount
OpenFileMappingA
EnterCriticalSection
GlobalFlags
GetConsoleMode
GetConsoleCP
FormatMessageW
CreateFileA
SetEvent
ReadFile
GetStringTypeW
LCMapStringW
SetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
HeapFree
HeapQueryInformation
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetConsoleCtrlHandler
SetHandleCount
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
FatalAppExitA
IsProcessorFeaturePresent
SetStdHandle
OutputDebugStringW
OutputDebugStringA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
GetModuleFileNameA
ExitThread
ExitProcess
FindFirstFileExW
GetDriveTypeW
FileTimeToLocalFileTime
IsBadReadPtr
HeapValidate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
GetFileType
WriteConsoleW
GetCommandLineA
RaiseException
RtlUnwind
DecodePointer
EncodePointer
LocalLock
LocalUnlock
ReleaseMutex
CreateMutexW
ReleaseSemaphore
CreateSemaphoreW
InitializeCriticalSectionAndSpinCount
PulseEvent
SearchPathW
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
ReplaceFileW
GetDiskFreeSpaceW
GetTempFileNameW
FindResourceExW
SetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
GetFileAttributesExW
GetFileTime
GetFileSizeEx
GetFileAttributesW
GetVersion
SystemTimeToFileTime
FileTimeToSystemTime
lstrcpyW
ResetEvent
GetCurrentDirectoryW
GetProfileIntW
VirtualProtect
lstrlenA
GetShortPathNameW
lstrcmpiW
GetThreadLocale
GetStringTypeExW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DeleteFileW
MoveFileW
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
CreateFileW
GetCurrentProcess
DuplicateHandle
GetHandleInformation
GetAtomNameW
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GetOverlappedResult
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
MulDiv
CopyFileW
GlobalSize
IsDBCSLeadByte
ResumeThread
GetThreadPriority
SetThreadPriority
GetVersionExW
FreeResource
GlobalGetAtomNameW
GlobalFindAtomW
GetUserDefaultLCID
GlobalFree
GlobalUnlock
InterlockedIncrement
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
SuspendThread
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetLocaleInfoW
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
CompareStringW
GetModuleHandleW
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx
LoadResource
LockResource
SizeofResource
FindResourceW
WriteFile
InterlockedCompareExchange

user32

GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
CreateAcceleratorTableW
DestroyAcceleratorTable
DrawIconEx
MessageBeep
GetDialogBaseUnits
LoadImageW
GetMenuBarInfo
ReuseDDElParam
TranslateAcceleratorW
UnpackDDElParam
GetClipboardFormatNameW
GetClipboardFormatNameA
LoadAcceleratorsW
SetLayeredWindowAttributes
EnumDisplayMonitors
RealChildWindowFromPoint
GetAsyncKeyState
SystemParametersInfoW
MapVirtualKeyW
GetKeyNameTextW
CharUpperW
DestroyIcon
UnregisterClassW
EnumChildWindows
EndDialog
CreateDialogIndirectParamW
RegisterClipboardFormatW
IsRectEmpty
IntersectRect
DestroyMenu
InflateRect
OffsetRect
SetRectEmpty
ReleaseCapture
PtInRect
GetSystemMetrics
MoveWindow
SetWindowTextW
IsDialogMessageW
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
OpenIcon
CloseWindow
LoadCursorW
PostThreadMessageW
NotifyWinEvent
GetWindowContextHelpId
SetWindowContextHelpId
SendNotifyMessageW
SetForegroundWindow
ShowCaret
HideCaret
GetCaretPos
CreateCaret
GetClipboardViewer
GetClipboardOwner
GetOpenClipboardWindow
OpenClipboard
SetClipboardViewer
ChangeClipboardChain
FlashWindow
WindowFromPoint
FindWindowExW
FindWindowW
ChildWindowFromPointEx
ChildWindowFromPoint
ShowScrollBar
GetNextDlgTabItem
GetNextDlgGroupItem
DlgDirSelectComboBoxExW
DlgDirSelectExW
DlgDirListComboBoxW
DlgDirListW
SetCapture
KillTimer
SetTimer
DrawCaption
DrawAnimatedRects
EnableScrollBar
RedrawWindow
LockWindowUpdate
GetDCEx
ShowOwnedPopups
IsWindowVisible
ValidateRgn
InvalidateRgn
InvalidateRect
GetUpdateRgn
GetUpdateRect
UpdateWindow
GetWindowDC
GetKeyboardState
BeginPaint
ClientToScreen
BringWindowToTop
GetWindowRgn
SetWindowRgn
ArrangeIconicWindows
IsZoomed
IsIconic
HiliteMenuItem
GetSystemMenu
DrawMenuBar
DragDetect
RegisterWindowMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
GetSysColor
SetActiveWindow
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpW
TrackPopupMenuEx
TrackPopupMenu
SetWindowPlacement
GetWindowPlacement
GetDlgItem
GetWindowTextLengthW
GetWindowTextW
GetDlgCtrlID
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetMenu
GetMenu
GetMessageTime
GetMessagePos
GetDesktopWindow
SetWindowLongW
CopyRect
ShowWindow
SetParent
SetWindowPos
CallWindowProcW
GetWindow
DefWindowProcW
DestroyWindow
GetActiveWindow
GetWindowLongW
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
GetKeyState
CallNextHookEx
PeekMessageW
GetCursorPos
SetWindowsHookExW
ValidateRect
GetMessageW
TranslateMessage
DispatchMessageW
GetMenuCheckMarkDimensions
GetFocus
PostQuitMessage
SendMessageW
IsWindow
SetCursorPos
SetClassLongW
GetIconInfo
CopyImage
SetClipboardData
CloseClipboard
EmptyClipboard
MonitorFromPoint
UpdateLayeredWindow
CopyIcon
CharUpperBuffW
DefFrameProcW
TranslateMDISysAccel
DefMDIChildProcW
IsClipboardFormatAvailable
GetDoubleClickTime
MapDialogRect
CheckMenuRadioItem
GetMenuContextHelpId
SetMenuContextHelpId
LoadMenuIndirectW
LoadMenuW
SetMenuItemBitmaps
RemoveMenu
ModifyMenuW
InsertMenuItemW
IsCharLowerW
MapVirtualKeyExW
InSendMessage
WaitMessage
DestroyCursor
MsgWaitForMultipleObjectsEx
EndPaint
InsertMenuW
GetSubMenu
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuStringW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
SetMenuDefaultItem
EnableMenuItem
CheckMenuItem
AppendMenuW
DeleteMenu
IsMenu
CreatePopupMenu
CreateMenu
ScrollDC
GrayStringW
GetTabbedTextExtentW
DrawTextExW
DrawTextW
TabbedTextOutW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawStateW
DrawIcon
InvertRect
FrameRect
FillRect
ExcludeUpdateRgn
WindowFromDC
LoadBitmapW
GetSysColorBrush
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowModuleFileNameW
GetForegroundWindow
GetClientRect
GetWindowRect
GetDC
ReleaseDC
MessageBoxW
PostMessageW
SetRect
UnionRect
SubtractRect
DispatchMessageA
GetMessageA
IsWindowUnicode
PeekMessageA
SetCaretPos

gdi32

GetNearestPaletteIndex
ResizePalette
CreateRectRgn
CreateRectRgnIndirect
CreateEllipticRgn
CreateEllipticRgnIndirect
CreatePolygonRgn
CreatePolyPolygonRgn
CreateRoundRectRgn
PathToRegion
ExtCreateRegion
GetRegionData
SetRectRgn
CombineRgn
EqualRgn
OffsetRgn
GetRgnBox
PtInRegion
RectInRegion
CreateDCW
CreateICW
CreateCompatibleDC
GetBrushOrgEx
SetBrushOrgEx
EnumObjects
SelectObject
GetNearestColor
RealizePalette
UpdateColors
GetBkColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextColor
GetMapMode
GetGraphicsMode
GetWorldTransform
GetViewportOrgEx
GetViewportExtEx
GetWindowOrgEx
GetWindowExtEx
DPtoLP
LPtoDP
FillRgn
FrameRgn
InvertRgn
PaintRgn
PtVisible
RectVisible
GetCurrentPositionEx
Arc
Polyline
Chord
Ellipse
Pie
Polygon
PolyPolygon
Rectangle
RoundRect
PatBlt
BitBlt
StretchBlt
GetPixel
SetPixel
FloodFill
ExtFloodFill
TextOutW
ExtTextOutW
GetTextExtentPoint32W
GetTextAlign
GetTextFaceW
GetTextMetricsW
GetTextCharacterExtra
GetCharWidthW
GetFontLanguageInfo
GetCharacterPlacementW
GetAspectRatioFilterEx
Escape
SetBoundsRect
GetBoundsRect
ResetDCW
GetOutlineTextMetricsW
GetCharABCWidthsW
GetFontData
GetKerningPairsW
GetGlyphOutlineW
StartDocW
StartPage
EndPage
SetAbortProc
GetPaletteEntries
AnimatePalette
MaskBlt
PlgBlt
SetPixelV
AngleArc
GetArcDirection
PolyPolyline
GetColorAdjustment
GetCurrentObject
PolyBezier
DrawEscape
ExtEscape
GetCharABCWidthsFloatW
GetCharWidthFloatW
AbortPath
BeginPath
CloseFigure
EndPath
FillPath
FlattenPath
GetMiterLimit
GetPath
SetMiterLimit
StrokeAndFillPath
StrokePath
WidenPath
GdiComment
PlayEnhMetaFile
CreateMetaFileW
CloseMetaFile
CreateEnhMetaFileW
CloseEnhMetaFile
DeleteMetaFile
DeleteDC
SetTextColor
SetBkColor
CopyMetaFileW
SaveDC
RestoreDC
SelectPalette
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetLayout
SetLayout
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
DeleteObject
GetClipRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
EnumMetaFile
PlayMetaFile
StretchDIBits
EnumFontFamiliesW
GetTextCharsetInfo
CreateDIBitmap
EnumFontFamiliesExW
CreateDIBSection
GetSystemPaletteEntries
GetDIBits
SetDIBColorTable
GetTextExtentPointW
EndDoc
SetPaletteEntries
CreateHalftonePalette
CreatePalette
GetDeviceCaps
GetObjectW
GetStockObject
UnrealizeObject
GetObjectType
CreatePen
CreatePenIndirect
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreateBrushIndirect
CreatePatternBrush
CreateDIBPatternBrushPt
CreateFontIndirectW
CreateFontW
CreateBitmap
CreateBitmapIndirect
SetBitmapBits
GetBitmapBits
SetBitmapDimensionEx
GetBitmapDimensionEx
CreateCompatibleBitmap
AbortDoc
CreateDiscardableBitmap

msimg32

AlphaBlend
TransparentBlt
GradientFill

comdlg32

GetFileTitleW

winspool.drv

GetJobW
ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

OpenThreadToken
RevertToSelf
SetThreadToken
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyW
RegCreateKeyExW
RegQueryValueW
RegSetValueW
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
GetFileSecurityW
SetFileSecurityW
RegEnumValueW
RegEnumKeyExW
RegCloseKey

shell32

SHGetPathFromIDListW
ShellExecuteW
SHGetFolderPathW
DragAcceptFiles
ExtractIconW
SHGetFileInfoW
SHAddToRecentDocs
SHBrowseForFolderW
SHGetMalloc
SHAppBarMessage
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
DragFinish

comctl32

ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ImageList_Remove
ImageList_GetIcon
ImageList_GetImageCount
ImageList_DrawEx
ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
UrlGetPartW
PathRemoveFileSpecW

ole32

OleIsCurrentClipboard
OleLoadFromStream
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CreateStreamOnHGlobal
ReadClassStm
OleRun
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoUninitialize
CoInitializeEx
CoTreatAsClass
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
GetRunningObjectTable
CreateBindCtx
OleDuplicateData
ReleaseStgMedium
CreateDataAdviseHolder
OleSaveToStream
OleDestroyMenuDescriptor
OleSetClipboard
CreateOleAdviseHolder
CoDisconnectObject
CoTaskMemAlloc
CreateDataCache
CoCreateGuid
StringFromGUID2
StringFromCLSID
CoRevokeClassObject
OleQueryLinkFromData
OleQueryCreateFromData
OleRegGetMiscStatus
OleRegEnumVerbs
OleGetClipboard
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleIsRunning
CreateItemMoniker
CreateGenericComposite
WriteClassStm
OleGetIconOfClass
CoRegisterClassObject
CoTaskMemFree
CoCreateInstance
GetHGlobalFromILockBytes
OleFlushClipboard
PropVariantCopy
DoDragDrop
CoGetMalloc
CreateFileMoniker
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
StgOpenStorageOnILockBytes
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleSetMenuDescriptor
OleSetContainedObject
OleCreateFromData
CoUnmarshalInterface
CoMarshalInterface
CoReleaseMarshalData
GetClassFile
CoGetClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleCreateMenuDescriptor
OleInitialize
StgIsStorageILockBytes
OleSave
OleLoad
OleCreate
OleCreateLinkToFile
OleCreateFromFile
OleCreateStaticFromData
SetConvertStg
OleCreateLinkFromData

oleaut32

LoadTypeLi
OleCreatePropertyFrame
OleTranslateColor
SafeArrayGetDim
SafeArrayGetElemsize
SysAllocStringLen
OleCreateFontIndirect
VariantCopy
OleLoadPicture
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
SafeArrayCreate
RegisterTypeLi
SysStringLen
VarCyFromStr
SystemTimeToVariantTime
VarDateFromUdate
VarUdateFromDate
VariantTimeToSystemTime
DosDateTimeToVariantTime
SysReAllocStringLen
VarBstrFromDate
VarDateFromStr
VarDecFromStr
VarBstrFromDec
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromCy
SysFreeString
VariantChangeType
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocString
LoadRegTypeLi
OleCreatePictureIndirect

oledlg

OleUIBusyW
OleUIInsertObjectW
OleUIConvertW
OleUIChangeIconW
OleUIPasteSpecialW
OleUIUpdateLinksW
OleUIEditLinksW

urlmon

CreateURLMoniker
CreateAsyncBindCtx
RegisterBindStatusCallback
IsAsyncMoniker

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

gdiplus

GdipCreateBitmapFromStream
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageI
GdipGetImageGraphicsContext
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipCloneImage
GdipFree
GdipDisposeImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdipCreateBitmapFromStreamICM

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 911KB - Virtual size: 911KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
esnlauncher.exe
.exe windows:5 windows x86 arch:x86

cce5d58076e37c7a4fa5dfaf99fd5d3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dev\planet\bfa\plugins\esnlaunch\Retail\ESNLaunchHelper.pdb

Imports

user32

MessageBoxW

shell32

ShellExecuteExW

kernel32

GetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
DecodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
GetModuleFileNameW
RaiseException
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree
GetProcAddress
GetModuleHandleW
SetLastError
GetLastError
GetCurrentThread
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
LoadLibraryW
IsProcessorFeaturePresent
HeapValidate
IsBadReadPtr
InitializeCriticalSectionAndSpinCount
FatalAppExitA
WriteFile
OutputDebugStringA
WriteConsoleW
GetFileType
OutputDebugStringW
ExitProcess
SetConsoleCtrlHandler
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
HeapDestroy
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
HeapFree
HeapAlloc
GetProcessHeap
VirtualQuery
FreeLibrary
GetModuleFileNameA
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
HeapSize
HeapQueryInformation
GetLocaleInfoW
LCMapStringW
GetStringTypeW
SetStdHandle
CreateFileW
CloseHandle
FlushFileBuffers
GetLocaleInfoA

Sections

.textbss
Size: - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
npesnlaunch.dll
.dll windows:5 windows x86 arch:x86

3d120da843daa5330b522f82f0589f55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\dev\planet\bfa\plugins\esnlaunch\Retail\npesnlaunch.pdb

Imports

kernel32

InterlockedCompareExchange
GetFullPathNameA
GetTimeZoneInformation
SetEndOfFile
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
SetEnvironmentVariableA
CompareStringW
VirtualQuery
GetProcessHeap
GetConsoleMode
GetConsoleCP
GetTempPathW
GetTickCount
IsBadReadPtr
SetStdHandle
FlushFileBuffers
InterlockedExchange
FreeLibrary
GetFullPathNameW
DisableThreadLibraryCalls
InitializeCriticalSection
GetCurrentThreadId
AllocConsole
DeleteCriticalSection
CloseHandle
WaitForSingleObject
Sleep
LeaveCriticalSection
CreateThread
EnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
WideCharToMultiByte
MultiByteToWideChar
GetStartupInfoW
GetLastError
CreateEventW
WaitForMultipleObjects
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetProcAddress
LoadLibraryW
GetModuleFileNameW
GetCurrentProcessId
LocalFree
FormatMessageW
CreateFileA
SetEvent
ReadFile
ResetEvent
GetOverlappedResult
WriteFile
RtlUnwind
RaiseException
WriteConsoleW
GetFileType
GetStdHandle
DecodePointer
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
HeapValidate
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileExW
SetHandleCount
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
ExitProcess
FatalAppExitA
lstrlenA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
IsProcessorFeaturePresent
SetConsoleCtrlHandler
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
GetSystemTimeAsFileTime
OutputDebugStringA
OutputDebugStringW
HeapAlloc
HeapReAlloc
HeapSize
HeapQueryInformation
HeapFree
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
LCMapStringW
GetStringTypeW
GetLocaleInfoW
SetFilePointer
GetFileInformationByHandle
PeekNamedPipe
CreateFileW
GetCurrentDirectoryW
SetCurrentDirectoryW

user32

SetTimer
SetWindowLongA
GetWindowLongA
KillTimer
UpdateWindow
InvalidateRect
GetWindowThreadProcessId
GetWindowModuleFileNameW
MessageBoxW
GetForegroundWindow
GetClientRect
GetWindowRect
PostMessageA
DefWindowProcA
ReleaseDC
GetDC

ws2_32

WSAStartup
recvfrom
select
sendto
connect
htons
inet_addr
closesocket
WSAGetLastError
bind
socket
getaddrinfo
htonl
ntohs
ntohl

iphlpapi

IcmpCloseHandle
IcmpParseReplies
IcmpSendEcho2
IcmpCreateFile

gdi32

GetDeviceCaps

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHGetFolderPathW
ShellExecuteW
ShellExecuteExW

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 812KB - Virtual size: 811KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe.nsis

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

18:f4:ae:46:f2:76:ce:96:cc:56:ad:23:77:a7:63:44Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

2b:b5:89:34:fa:80:48:fc:39:89:7a:c3:41:8d:e9:42:1f:a8:15:e2Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 114KB - Virtual size: 114KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

f3d1592afd58c9d588a71932729da9c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

version

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 207KB - Virtual size: 206KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 5KB - Virtual size: 22KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 9KB

afa8e526425f3585465337467d0b5909

Headers

File Characteristics

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

18:f4:ae:46:f2:76:ce:96:cc:56:ad:23:77:a7:63:44
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2b:b5:89:34:fa:80:48:fc:39:89:7a:c3:41:8d:e9:42:1f:a8:15:e2
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 114KB - Virtual size: 114KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 207KB - Virtual size: 206KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 5KB - Virtual size: 22KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 9KB

.text
Size: 1024B - Virtual size: 741B

.rdata
Size: 1024B - Virtual size: 673B

.data
Size: 512B - Virtual size: 88B

.reloc
Size: 512B - Virtual size: 190B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

09:81:ff:eb:00:25:83:b6:79:45:13:05:5f:c0:ad:d5
Certificate

23:45:2d:f2:c4:f0:4e:76:dd:b2:2e:bc:52:0b:16:72:8b:77:7f:27
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 297KB - Virtual size: 296KB

.text
Size: 207KB - Virtual size: 206KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 5KB - Virtual size: 22KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 9KB