dialog
initDialog
show
Overview
overview
3Static
static
3bcb15e6f55...18.exe
windows7-x64
3bcb15e6f55...18.exe
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
$PLUGINSDI...ss.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows10-2004-x64
3IEHandler.exe
windows7-x64
3IEHandler.exe
windows10-2004-x64
3RegistryHelper.exe
windows7-x64
3RegistryHelper.exe
windows10-2004-x64
3RegistryHe...or.exe
windows7-x64
3RegistryHe...or.exe
windows10-2004-x64
3RegistryHe...le.exe
windows7-x64
3RegistryHe...le.exe
windows10-2004-x64
3RegistryHe...ce.exe
windows7-x64
3RegistryHe...ce.exe
windows10-2004-x64
3RegistryHe...TR.exe
windows7-x64
3RegistryHe...TR.exe
windows10-2004-x64
3Starter.exe
windows7-x64
3Starter.exe
windows10-2004-x64
3vbrun60sp5.exe
windows7-x64
vbrun60sp5.exe
windows10-2004-x64
Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
bcb15e6f55d611b171729c357d52f91b_JaffaCakes118.exe
Resource
win7-20240704-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
bcb15e6f55d611b171729c357d52f91b_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240705-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240729-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240705-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral9
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240729-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral10
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win7-20240729-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral13
Sample
IEHandler.exe
Resource
win7-20240708-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral14
Sample
IEHandler.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral15
Sample
RegistryHelper.exe
Resource
win7-20240705-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral16
Sample
RegistryHelper.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral17
Sample
RegistryHelperActivator.exe
Resource
win7-20240704-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral18
Sample
RegistryHelperActivator.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral19
Sample
RegistryHelperBundle.exe
Resource
win7-20240704-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral20
Sample
RegistryHelperBundle.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral21
Sample
RegistryHelperService.exe
Resource
win7-20240704-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral22
Sample
RegistryHelperService.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral23
Sample
RegistryHelperSetupTR.exe
Resource
win7-20240704-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral24
Sample
RegistryHelperSetupTR.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral25
Sample
Starter.exe
Resource
win7-20240729-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral26
Sample
Starter.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral27
Sample
vbrun60sp5.exe
Resource
win7-20240708-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral28
Sample
vbrun60sp5.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
bcb15e6f55d611b171729c357d52f91b_JaffaCakes118
-
Size
2.8MB
-
MD5
bcb15e6f55d611b171729c357d52f91b
-
SHA1
2ed4daa89f5d637fc6b419fa49af73f03b40cb49
-
SHA256
e5a5cdbe6ebda2f4a4dac8fedbe55b2c18f7c781106114e58910a4adc932122b
-
SHA512
856bf0d7aee07a2e112edf6e883330bcedad4d41f489dbbcaa77420cc531ab73cd0bab6fd88e00c6949bf440662f41b835f24f2b5fce7d757b89ab5f6007bfbc
-
SSDEEP
49152:f8arsJYhKdu7zVrLu8aBHIFiOW+D6P8W9os/vjRnw00Ox:0arsmAAUzBHIR6NH/vjRnXbx
Score
3/10
Malware Config
Signatures
-
Unsigned PE 7 IoCs
Checks for missing Authenticode signature.
resource bcb15e6f55d611b171729c357d52f91b_JaffaCakes118 unpack001/$PLUGINSDIR/InstallOptions.dll unpack001/$PLUGINSDIR/System.dll unpack001/$PLUGINSDIR/UAC.dll unpack001/$PLUGINSDIR/UserInfo.dll unpack001/$PLUGINSDIR/nsProcess.dll unpack001/vbrun60sp5.exe -
NSIS installer 1 IoCs
resource yara_rule sample nsis_installer_1
Files
-
bcb15e6f55d611b171729c357d52f91b_JaffaCakes118.exe windows:4 windows x86 arch:x86
9c523d8653da5455667e3f82274f2f88
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
lstrcmpiA
CopyFileA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCurrentProcess
user32
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 110KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 40KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/InstallOptions.dll.dll windows:4 windows x86 arch:x86
57354bdeea3dfae6e948101add87501a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc
user32
GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA
gdi32
SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA
comdlg32
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
Exports
Exports
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 954B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
4ec328f99bdd944fc98d8a5cf11f7a62
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 92B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 496B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/UAC.dll.dll windows:4 windows x86 arch:x86
2457671c10c5aa708d9619798ec0139c
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetModuleFileNameA
SetLastError
CloseHandle
GlobalFree
LocalFree
FormatMessageA
MultiByteToWideChar
GetLastError
CreateProcessA
GlobalAlloc
lstrlenA
GetVersionExA
LoadLibraryA
lstrcatA
GetProcAddress
lstrcpynA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiA
lstrcpyA
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
Sleep
CreateThread
GetStartupInfoA
GetCommandLineA
GetPrivateProfileIntA
GetPrivateProfileStringA
FreeLibrary
GetModuleHandleA
user32
EnableWindow
GetWindowLongA
DestroyWindow
LoadImageA
SetWindowLongA
EndDialog
MessageBoxA
SendMessageW
DialogBoxParamA
CharNextA
SendMessageTimeoutA
WaitForInputIdle
DefWindowProcA
PostMessageA
GetLastActivePopup
PostQuitMessage
SetForegroundWindow
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassA
UnregisterClassA
GetWindowTextA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
ShowWindow
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
SetWindowTextA
advapi32
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
shell32
ShellExecuteExA
ole32
CoInitialize
CoUninitialize
Exports
Exports
Exec
ExecCodeSegment
ExecWait
GetElevationType
GetOuterHwnd
IsAdmin
RunElevated
ShellExec
ShellExecWait
StackPush
SupportsUAC
Unload
Sections
.text Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/UserInfo.dll.dll windows:4 windows x86 arch:x86
48cfa0ea7e353e4a7dd23572da8374ef
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetVersion
GetCurrentThread
GetCurrentProcess
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc
advapi32
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken
Exports
Exports
GetAccountType
GetName
Sections
.text Size: 1024B - Virtual size: 573B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 45B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/countries.ini
-
$PLUGINSDIR/disclosure1.ini
-
$PLUGINSDIR/email.ini
-
$PLUGINSDIR/nsProcess.dll.dll windows:4 windows x86 arch:x86
c9fc7f6df8fedf8f8f1f9f820c072664
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc
Exports
Exports
_FindProcess
_KillProcess
_Unload
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 646B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 146B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/review.bmp
-
ErrorFound.wav
-
IEHandler.exe.exe windows:4 windows x86 arch:x86
8ea9adf554d5ee2c46a4df74d2945bee
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
31:5b:df:bd:ae:79:49:e2:74:8a:5e:45:cb:06:f5:5fCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before23/06/2009, 00:00Not After11/07/2010, 23:59SubjectCN=SafeApp Software\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SafeApp Software\, LLC,L=Harrison,ST=New York,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
EVENT_SINK_GetIDsOfNames
_CIcos
_adj_fptan
__vbaFreeVar
__vbaLenBstr
__vbaEnd
_adj_fdiv_m64
EVENT_SINK_Invoke
ord517
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord593
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
_CIsin
ord631
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
Zombie_GetTypeInfoCount
EVENT_SINK_Release
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaStrToAnsi
__vbaFpI4
ord616
_CIatan
ord618
__vbaCastObj
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
Sections
.text Size: 16KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
RegistryHelper.exe.exe windows:4 windows x86 arch:x86
7d9394dfef07bb026e04c47665dfddfe
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
31:5b:df:bd:ae:79:49:e2:74:8a:5e:45:cb:06:f5:5fCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before23/06/2009, 00:00Not After11/07/2010, 23:59SubjectCN=SafeApp Software\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SafeApp Software\, LLC,L=Harrison,ST=New York,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
ord693
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
__vbaLineInputStr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaPut4
EVENT_SINK_Invoke
ord621
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord519
__vbaI2Abs
__vbaCopyBytes
__vbaResume
__vbaStrCat
__vbaVarCmpNe
__vbaLsetFixstr
ord553
__vbaStrDate
__vbaSetSystemError
ord661
__vbaRecDestruct
__vbaHresultCheckObj
ord662
ord663
ord557
__vbaVargVarCopy
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
ord666
Zombie_GetTypeInfo
__vbaVarCmpGe
__vbaAryDestruct
ord669
ord591
__vbaLateMemSt
ord592
__vbaStrBool
__vbaExitProc
ord593
__vbaForEachCollObj
ord300
ord594
__vbaI4Abs
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
ord702
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaFpR4
ord306
__vbaStrFixstr
ord520
__vbaBoolVar
ord522
__vbaRefVarAry
__vbaVarTstLt
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord709
ord631
__vbaVargVarMove
__vbaVarCmpGt
ord632
ord525
__vbaNextEachCollObj
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
ord528
__vbaVarAbs
__vbaStrCmp
__vbaGet3
ord529
__vbaPutOwner3
__vbaVarTstEq
__vbaAryConstruct2
__vbaI2I4
__vbaObjVar
ord561
DllFunctionCall
ord563
__vbaVarOr
__vbaCastObjVar
__vbaStrR4
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
ord711
ord605
__vbaPrintFile
__vbaStrToUnicode
ord712
ord606
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
ord607
__vbaLateIdStAd
__vbaI2Str
ord714
ord608
__vbaVarCmpLe
ord531
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaCheckType
__vbaDateVar
ord536
__vbaI2Var
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVarLateMemCallLdRf
__vbaVar2Vec
__vbaNew2
ord648
ord570
__vbaR8Str
__vbaInStr
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
__vbaVarNot
__vbaFreeStrList
__vbaVarCmpLt
ord576
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord578
ord100
ord579
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaAryLock
__vbaVarAdd
ord611
ord320
__vbaVarDup
ord612
__vbaStrToAnsi
ord321
ord613
__vbaFpI2
__vbaVarCopy
ord616
__vbaFpI4
__vbaVarLateMemCallLd
__vbaVarTstGe
__vbaRecDestructAnsi
__vbaR8IntI2
ord617
__vbaLateMemCallLd
_CIatan
__vbaUI1Str
__vbaStrMove
__vbaAryCopy
ord618
__vbaCastObj
__vbaStrVarCopy
ord619
__vbaR8IntI4
ord541
ord542
ord650
ord543
_allmul
__vbaLateIdSt
ord651
ord544
ord545
_CItan
ord546
__vbaAryUnlock
__vbaFPInt
ord547
_CIexp
__vbaMidStmtBstr
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj
ord580
__vbaRecAssign
ord581
Sections
.text Size: 5.4MB - Virtual size: 5.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 103KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 176KB - Virtual size: 173KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
RegistryHelperActivator.exe.exe windows:4 windows x86 arch:x86
2d752b4e603ce24d4729f7df375e72d4
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
31:5b:df:bd:ae:79:49:e2:74:8a:5e:45:cb:06:f5:5fCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before23/06/2009, 00:00Not After11/07/2010, 23:59SubjectCN=SafeApp Software\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SafeApp Software\, LLC,L=Harrison,ST=New York,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
ord517
_adj_fprem1
__vbaResume
__vbaStrCat
__vbaVarCmpNe
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
ord669
__vbaExitProc
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord520
__vbaBoolVarNull
_CIsin
ord631
__vbaVargVarMove
ord525
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
ord561
__vbaI2I4
DllFunctionCall
ord563
__vbaVarOr
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord607
ord608
__vbaFPException
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord536
ord644
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaVarLateMemCallLdRf
__vbaVar2Vec
__vbaInStr
ord648
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
ord613
__vbaFpI2
__vbaVarLateMemCallLd
ord616
__vbaVarCopy
__vbaFpI4
__vbaR8IntI2
ord617
_CIatan
__vbaAryCopy
__vbaStrMove
__vbaUI1Str
__vbaStrVarCopy
ord619
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581
Sections
.text Size: 56KB - Virtual size: 55KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
RegistryHelperBundle.exe.exe windows:4 windows x86 arch:x86
12ca7fdd7f5e052609b83567a7d87a8f
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
31:5b:df:bd:ae:79:49:e2:74:8a:5e:45:cb:06:f5:5fCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before23/06/2009, 00:00Not After11/07/2010, 23:59SubjectCN=SafeApp Software\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SafeApp Software\, LLC,L=Harrison,ST=New York,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
ord516
ord517
_adj_fprem1
__vbaResume
__vbaVarCmpNe
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord669
__vbaExitProc
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord520
__vbaBoolVarNull
_CIsin
ord631
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaI2I4
DllFunctionCall
ord563
__vbaVarOr
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
__vbaPrintFile
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
ord608
__vbaFPException
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord536
__vbaI2Var
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
ord648
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
ord613
__vbaVarCopy
__vbaFpI4
ord616
ord617
_CIatan
__vbaUI1Str
__vbaStrMove
__vbaCastObj
ord618
__vbaStrVarCopy
ord619
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581
Sections
.text Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
RegistryHelperService.exe.exe windows:4 windows x86 arch:x86
1b8d3ca8a3d7f5b6ce0289e3c4ca798f
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
31:5b:df:bd:ae:79:49:e2:74:8a:5e:45:cb:06:f5:5fCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before23/06/2009, 00:00Not After11/07/2010, 23:59SubjectCN=SafeApp Software\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SafeApp Software\, LLC,L=Harrison,ST=New York,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaLateIdCall
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaPut4
ord621
__vbaFreeObjList
ord516
ord517
_adj_fprem1
__vbaRecAnsiToUni
__vbaResume
__vbaVarCmpNe
__vbaStrCat
ord660
ord553
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaForEachCollObj
__vbaExitProc
__vbaBoolStr
__vbaStrLike
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord520
__vbaBoolVar
__vbaBoolVarNull
_CIsin
ord709
ord631
ord525
__vbaNextEachCollObj
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaExitEachColl
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
ord563
__vbaVarOr
ord670
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
ord711
__vbaStrToUnicode
__vbaPrintFile
ord712
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord609
ord531
__vbaFPException
__vbaInStrVar
ord717
__vbaStrVarVal
__vbaUbound
__vbaVarCat
ord536
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord570
__vbaVar2Vec
ord648
__vbaNew2
__vbaInStr
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord578
ord685
ord100
__vbaI4Var
__vbaVarCmpEq
ord611
__vbaVarAdd
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
ord613
ord616
__vbaVarCopy
__vbaFpI4
__vbaRecDestructAnsi
ord617
_CIatan
__vbaCastObj
ord618
__vbaUI1Str
__vbaStrMove
__vbaAryCopy
__vbaStrVarCopy
ord619
ord542
ord650
ord543
_allmul
__vbaLateIdSt
ord544
ord545
_CItan
ord546
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord580
ord581
Sections
.text Size: 64KB - Virtual size: 62KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
RegistryHelperSetupTR.exe.exe windows:4 windows x86 arch:x86
ae247a53a76a0941011c89df89b69f74
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
31:5b:df:bd:ae:79:49:e2:74:8a:5e:45:cb:06:f5:5fCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before23/06/2009, 00:00Not After11/07/2010, 23:59SubjectCN=SafeApp Software\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SafeApp Software\, LLC,L=Harrison,ST=New York,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaAryMove
__vbaFreeVar
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
ord517
_adj_fprem1
ord518
__vbaRecAnsiToUni
__vbaResume
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord666
__vbaAryVar
__vbaAryDestruct
ord669
__vbaExitProc
ord300
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
ord702
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord306
ord520
__vbaBoolVar
__vbaStrFixstr
__vbaFpR8
__vbaBoolVarNull
_CIsin
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaPutOwner3
__vbaI2I4
DllFunctionCall
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
ord605
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaVar2Vec
ord648
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarDup
__vbaStrToAnsi
ord613
__vbaFpI4
ord617
_CIatan
__vbaAryCopy
__vbaStrMove
ord619
_allmul
__vbaLateIdSt
_CItan
ord546
_CIexp
__vbaMidStmtBstr
__vbaFreeStr
ord580
__vbaFreeObj
ord581
Sections
.text Size: 164KB - Virtual size: 163KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Starter.exe.exe windows:4 windows x86 arch:x86
c829c2ff04b87b0f8acac8b7d7bd357e
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
31:5b:df:bd:ae:79:49:e2:74:8a:5e:45:cb:06:f5:5fCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before23/06/2009, 00:00Not After11/07/2010, 23:59SubjectCN=SafeApp Software\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SafeApp Software\, LLC,L=Harrison,ST=New York,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
_CIcos
_adj_fptan
__vbaStrI4
__vbaLenBstr
_adj_fdiv_m64
ord517
_adj_fprem1
__vbaSetSystemError
_adj_fdiv_m32
__vbaAryDestruct
ord669
_adj_fdiv_m16i
_adj_fdivr_m16i
ord598
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
DllFunctionCall
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaAryLock
__vbaStrToAnsi
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr
Sections
.text Size: 12KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
vbrun60sp5.exe.exe windows:5 windows x86 arch:x86
b83464d8132ecd9f810820e192566e15
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
advapi32
RegCloseKey
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA
kernel32
lstrcatA
GetFileAttributesA
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentProcess
lstrlenA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
FreeLibrary
LocalAlloc
GetLastError
GetSystemDirectoryA
LoadLibraryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
GetWindowsDirectoryA
GetProcAddress
RemoveDirectoryA
GlobalUnlock
GlobalLock
GlobalAlloc
ExitProcess
GetModuleHandleA
GetStartupInfoA
CloseHandle
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
GetVersionExA
LocalFree
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDiskFreeSpaceA
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetCommandLineA
CreateDirectoryA
GlobalFree
FormatMessageA
IsDBCSLeadByte
gdi32
GetDeviceCaps
user32
EndDialog
wsprintfA
ExitWindowsEx
CharNextA
CharUpperA
GetDesktopWindow
SetWindowLongA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
EnableWindow
GetDlgItemTextA
SendMessageA
DispatchMessageA
LoadStringA
PeekMessageA
MessageBoxA
CharPrevA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
MsgWaitForMultipleObjects
comctl32
ord17
version
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA
Sections
.text Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 970KB - Virtual size: 972KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ