c0c0d367be36a946ed9f7020b714e076_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c0c0d367be36a946ed9f7020b714e076_JaffaCakes118
Size

1.2MB
MD5

c0c0d367be36a946ed9f7020b714e076
SHA1

44a608f03b955fa5263bdd22d43c8b942443ee66
SHA256

4134ef8786ea95000b13818220af5c6f5bf43483ba3595bfc5e48259fa774207
SHA512

1b120269811028cc925af9f36e6fbbc8011560f9da666f118d7e21be8589bdce901e6f9369ee10eeb26cb3f981352b13ffdfb1baadd2ac175fce439a30bd5711
SSDEEP

24576:jVSyNuUchNRmo7v2lTkhUIJMbRFr9COnX4TA6lToCpfry:jVdkUchf7+Blb/RCY6lXG

Score

3^/10

Malware Config

Signatures

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
c0c0d367be36a946ed9f7020b714e076_JaffaCakes118
unpack001/$APPDATA/IESafer/kswbc.dll
unpack001/$APPDATA/IESafer/kwssp.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack001/IEDriver.dll
unpack001/IEManager.dll
unpack001/IEMate.dll
unpack001/IEPromotion.dll
unpack001/IEProtect.dll
unpack001/IERepair.exe
unpack001/NsPlugin.dll
unpack001/cab.dll
unpack001/fixhomepage.exe
unpack001/plugins/imFilter.dll
unpack001/regedit.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

c0c0d367be36a946ed9f7020b714e076_JaffaCakes118
.exe windows:4 windows x86 arch:x86

97318da386948415d08cef4a9006d669

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/IESafer/KSWebShield.exe
.exe windows:4 windows x86 arch:x86

a1575143c7276d23e65a1698d2158da9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22-06-2009 00:00

Not After

21-06-2012 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6b:8d:d5:18:b6:0b:38:d2:eb:cd:9a:25:d1:19:53:ef:47:ea:81:93
Signer

Actual PE Digest

6b:8d:d5:18:b6:0b:38:d2:eb:cd:9a:25:d1:19:53:ef:47:ea:81:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\KXEngine\kws_new\Product\Release\dbginfo\kswebshieldsvc.pdb

Imports

kernel32

CreateToolhelp32Snapshot
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
Process32FirstW
CreateFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoW
Process32NextW
OpenProcess
CreateProcessW
SetThreadPriority
ResumeThread
CreateMutexW
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
GetLastError
CreateThread
SetConsoleCtrlHandler
SetProcessWorkingSetSize
DuplicateHandle
DeleteCriticalSection
GetProcAddress
Sleep
FreeLibrary
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetModuleFileNameW
SetEvent
TerminateThread
GetCurrentThread
GetCurrentProcess
CreateEventW
CloseHandle
LoadLibraryW
WaitForSingleObject
CreateFileA
GetVersionExW
GetLocaleInfoA
LoadLibraryA
InterlockedExchange
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwind
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
HeapFree
HeapAlloc
GetVersionExA
GetProcessHeap
GetStartupInfoW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
RaiseException
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetFullPathNameA
GetCurrentDirectoryA
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ReadFile
FlushFileBuffers
GetThreadLocale

user32

PeekMessageW
DispatchMessageW
RegisterClassExW
DefWindowProcW
PostQuitMessage
MsgWaitForMultipleObjects
TranslateMessage
FindWindowW
ShowWindow
CreateWindowExW
GetMessageW

advapi32

CreateProcessAsUserW
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
RegQueryValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
LockServiceDatabase
OpenSCManagerW
UnlockServiceDatabase
StartServiceW
ChangeServiceConfigW
RegSetValueExW
CreateServiceW
RegDeleteValueW
OpenServiceW
RegCloseKey
RegCreateKeyW
CloseServiceHandle
ChangeServiceConfig2W
DeleteService
QueryServiceStatus
RegOpenKeyExW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW

ole32

CoCreateInstance

shlwapi

PathAppendW
PathRemoveFileSpecW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/IESafer/kswbc.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d722b46f77981ed8b9edd09cabf8597d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\KXEngine\kws_new\Product\Release\dbginfo\KSWBC.pdb

Imports

psapi

GetModuleInformation

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
HttpSendRequestW
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetSetOptionW
InternetOpenW
HttpSendRequestA
InternetCrackUrlA
InternetSetOptionA
InternetCrackUrlW

kernel32

UnmapViewOfFile
ResetEvent
SetEvent
MapViewOfFile
OpenFileMappingW
OpenEventW
WaitForSingleObject
OpenMutexW
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
GetCurrentProcess
IsBadReadPtr
GetModuleFileNameA
VirtualProtect
LoadLibraryA
GetModuleHandleA
DisableThreadLibraryCalls
TerminateThread
GetFileAttributesW
FreeResource
LockResource
VirtualAlloc
ReadFile
SetFilePointer
CreateFileW
WaitForMultipleObjects
CreateEventW
CloseHandle
CreateThread
ExpandEnvironmentStringsA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
HeapCreate
VirtualFree
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
ReleaseMutex
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
FreeLibrary
InterlockedDecrement
InterlockedIncrement
lstrlenA
WideCharToMultiByte
GetPrivateProfileStringW
MultiByteToWideChar
lstrcmpiW
lstrcatW
GetModuleFileNameW
GetModuleHandleW
LoadLibraryW
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
lstrlenW
GetCurrentProcessId
SetStdHandle
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetACP
InterlockedExchange
GetCommandLineA
GetSystemTimeAsFileTime
CreateDirectoryA
GetCurrentThreadId
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale

user32

ReleaseDC
UnregisterClassA
FindWindowExW
CharNextW
CopyRect
InvalidateRect
GetParent
KillTimer
GetClientRect
GetWindowTextW
SetTimer
SendMessageW
GetWindowRect
SetWindowPos
CreateWindowExW
IsWindow
CharLowerBuffW
LoadCursorW
MoveWindow
LoadBitmapW
SetWindowLongW
GetForegroundWindow
DrawTextW
CallWindowProcW
GetPropW
DefWindowProcW
BeginPaint
EndPaint
ScreenToClient
SetPropW
GetWindowDC
RegisterClassExW
FillRect

gdi32

CreateCompatibleDC
GetObjectW
DeleteDC
SelectObject
SetBkMode
GetStockObject
GetPixel
CreateSolidBrush
DeleteObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetFolderPathW

ole32

CoGetInterfaceAndReleaseStream
StringFromGUID2
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
CoCreateGuid

oleaut32

VariantClear
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
SysAllocStringLen
SafeArrayAccessData
UnRegisterTypeLi
RegisterTypeLi
VariantInit
SysStringLen
VarBstrCat
SafeArrayUnaccessData
SysFreeString

shlwapi

StrToIntW
PathAppendA
PathIsURLW
UrlApplySchemeW
StrCmpW
StrCmpIW
PathFileExistsW
StrStrIA
StrStrIW
PathAppendW
PathRemoveFileSpecW
StrCmpNIW

msimg32

GradientFill
TransparentBlt

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 316KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/IESafer/kswebshield.dll
.dll windows:4 windows x86 arch:x86

4504c1c05d2b0811d19f8f3e5b799206

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22-06-2009 00:00

Not After

21-06-2012 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

10:c9:1c:3e:b0:af:be:7e:95:0f:9b:00:ee:ad:08:f4:21:4c:30:97
Signer

Actual PE Digest

10:c9:1c:3e:b0:af:be:7e:95:0f:9b:00:ee:ad:08:f4:21:4c:30:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\KXEngine\kws_new\Product\Release\dbginfo\kswebshield.pdb

Imports

psapi

GetModuleInformation
GetModuleFileNameExW

kernel32

GetSystemInfo
VirtualQueryEx
VirtualAllocEx
VirtualFreeEx
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameA
lstrcatW
LoadLibraryW
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
CloseHandle
InterlockedIncrement
ResetEvent
InterlockedDecrement
SetEvent
WaitForSingleObject
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
VirtualAlloc
GetLastError
MultiByteToWideChar
lstrlenA
lstrcmpiA
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
Sleep
CreateRemoteThread
CopyFileExA
CopyFileExW
CopyFileA
CopyFileW
LoadLibraryExA
OutputDebugStringW
CreateProcessW
CreateProcessA
WinExec
GetCurrentProcess
VirtualFree
UnmapViewOfFile
SearchPathW
GetLongPathNameW
GetFileAttributesA
GetSystemDirectoryA
GetWindowsDirectoryA
GetFullPathNameA
CreateFileA
GetFileSize
CreateFileMappingW
MapViewOfFile
VirtualQuery
GetTickCount
CreateFileW
SetLastError
lstrcpyA
lstrcpynW
ReadFile
GetThreadLocale
OpenMutexW
OpenEventW
OpenFileMappingW
ReleaseMutex
OutputDebugStringA
TerminateThread
CreateEventA
RaiseException
lstrcmpiW
GetPrivateProfileStringA
GetPrivateProfileIntA
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
LoadLibraryA
GetModuleHandleA
CreateThread
WriteProcessMemory
VirtualProtect
IsBadReadPtr
GetModuleHandleW
GetVersionExW
IsBadWritePtr
GetModuleFileNameW
WideCharToMultiByte
lstrlenW
HeapReAlloc
GetSystemTimeAsFileTime
LoadLibraryExW
SetEndOfFile
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
HeapFree
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
TerminateProcess
CreateDirectoryA
InterlockedExchange
GetCurrentThreadId
GetCommandLineA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetStdHandle
WriteFile
HeapCreate
HeapDestroy
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
LCMapStringW
LCMapStringA
GetCPInfo
GetStringTypeW
GetStringTypeA
ExitProcess
RtlUnwind
GetProcessHeap
GetVersionExA

user32

UnregisterClassA
CharNextW
CharLowerW
wsprintfA

advapi32

RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueW
RegOpenKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW

shell32

SHGetFolderPathW
CommandLineToArgvW

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CoCreateInstance
CoTaskMemRealloc
ProgIDFromCLSID

oleaut32

VarUI4FromStr
SafeArrayUnaccessData
SafeArrayAccessData
SysStringLen
SysAllocString
VariantInit
SysAllocStringByteLen
SysAllocStringLen
SysFreeString

shlwapi

PathQuoteSpacesW
PathRemoveArgsW
PathUnquoteSpacesW
PathFileExistsW
PathRemoveBlanksW
PathIsContentTypeW
StrCmpNIW
UrlApplySchemeW
PathIsURLW
PathAppendW
UrlApplySchemeA
PathIsURLA
PathIsRootA
PathIsDirectoryA
PathFindFileNameW
PathAppendA
PathRemoveFileSpecA
StrCmpIW
StrStrIW
PathRemoveFileSpecW
StrStrIA
StrCmpNIA

wininet

InternetCrackUrlW
InternetQueryDataAvailable

version

GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoA

ws2_32

WSASetLastError

Exports

Exports

MatchingUWUrl
MatchingUrl
ProcessUWUrl
RegisterUrlProcessor
UnregisterUrlProcessor
UrlProcess

Sections

.text
Size: 340KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/IESafer/kwssp.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 324KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 534B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEDriver.dll
.dll windows:4 windows x86 arch:x86

5e9948431e6e4d64378961345d139c23

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
CreateFileA
SizeofResource
LockResource
LoadResource
WriteFile
Sleep
GetLastError
GetVersion
MultiByteToWideChar
SetEndOfFile
CloseHandle
DeleteFileA
GetSystemDirectoryA
GetModuleFileNameA
FindResourceA
DeviceIoControl

user32

wsprintfA

advapi32

OpenServiceA
DeleteService
CreateServiceA
CloseServiceHandle
OpenSCManagerA
StartServiceA

msvcrt

wcslen
strcpy
strrchr
strcat
strlen
memset
printf
sprintf
fclose
fread
fopen
??3@YAXPAX@Z
memcpy
??2@YAPAXI@Z
_purecall
_stat
ftell
fseek
fwrite
fflush
malloc
free
realloc
__dllonexit
_onexit
_initterm
_adjust_fdiv

Exports

Exports

GetClassObject

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEManager.dll
.dll windows:4 windows x86 arch:x86

2f0ee47156e789331ac200edc241cf7c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
LoadLibraryA
SetEndOfFile
GetProcAddress
MultiByteToWideChar
GetVersion
CreateFileA
GetLastError
DisableThreadLibraryCalls
WideCharToMultiByte
GetWindowsDirectoryA
lstrlenA
InterlockedDecrement
InterlockedIncrement
CloseHandle
GetSystemDirectoryA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetModuleFileNameA
DeviceIoControl
IsBadCodePtr
SetUnhandledExceptionFilter
GetLocalTime
GetTimeZoneInformation
RtlUnwind
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
HeapAlloc
HeapFree
HeapReAlloc
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
TerminateProcess
GetCurrentProcess
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetFullPathNameA
GetCurrentDirectoryA
WriteFile
FlushFileBuffers
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
SetStdHandle

user32

wsprintfA
LoadStringA

advapi32

RegEnumKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegEnumValueA
RegOpenKeyA

oleaut32

SysFreeString
SysAllocStringLen

atl

ord21
ord16

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

GetClassObject

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEMate.dll
.dll regsvr32 windows:4 windows x86 arch:x86

a0e15d8fb3be857729154ba1d8329143

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryW
SystemTimeToFileTime
SetFilePointer
ReadFile
GetNumberFormatW
GetCommandLineW
DeviceIoControl
LocalAlloc
CompareStringW
UnmapViewOfFile
GetExitCodeThread
CreateThread
SetCurrentDirectoryW
LocalFree
WritePrivateProfileStringW
GetPrivateProfileStringW
GetComputerNameW
GetProfileIntW
SetErrorMode
ResumeThread
MulDiv
FreeResource
GetWindowsDirectoryA
CopyFileA
GetShortPathNameA
OpenMutexW
GetSystemTimeAsFileTime
SetThreadPriority
ReleaseMutex
IsBadStringPtrW
GetCommandLineA
SetWaitableTimer
SuspendThread
SetEndOfFile
GetTempFileNameW
MapViewOfFileEx
CreateFileMappingW
OpenFileMappingW
CreateWaitableTimerW
lstrcpyA
FormatMessageW
FlushViewOfFile
FileTimeToSystemTime
FileTimeToLocalFileTime
IsBadReadPtr
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadCodePtr
ReadProcessMemory
GetCurrentThread
GetModuleFileNameA
GetCurrentDirectoryW
FindNextFileW
GetCurrentProcessId
GlobalAddAtomW
GlobalFindAtomW
SetEnvironmentVariableA
CompareStringA
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetDateFormatA
GetTimeFormatA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
GetOEMCP
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
HeapCreate
QueryPerformanceCounter
GetCPInfo
LCMapStringW
LCMapStringA
ExitThread
GetSystemInfo
RtlUnwind
ExitProcess
VirtualFree
VirtualAlloc
CreateEventA
GetCurrentDirectoryA
TerminateThread
GetLocalTime
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindFirstFileA
CreateDirectoryA
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GlobalDeleteAtom
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringW
GetFileSize
VirtualQuery
VirtualProtect
GetTickCount
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
EnterCriticalSection
LeaveCriticalSection
lstrcpynW
LoadLibraryExW
CreateMutexW
GetTempPathW
lstrcatW
FreeLibrary
CopyFileW
DeleteFileW
CreateDirectoryW
WideCharToMultiByte
FindFirstFileW
FindClose
CreateFileW
WriteFile
CreateEventW
WaitForMultipleObjects
ResetEvent
SetEvent
WaitForSingleObject
CloseHandle
IsBadStringPtrA
GetCurrentThreadId
lstrlenA
Sleep
InterlockedDecrement
lstrcmpW
lstrlenW
lstrcmpiW
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
InterlockedIncrement
MultiByteToWideChar
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcpyW
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
LoadLibraryW
CreateFileA
LoadLibraryA

user32

InsertMenuW
IsMenu
GetAsyncKeyState
mouse_event
InvalidateRgn
GetUpdateRect
GetMessageW
GetDCEx
EqualRect
SetRect
DialogBoxParamW
SetMenu
GetScrollPos
IsWindowEnabled
DrawFocusRect
FillRect
DestroyCursor
OffsetRect
IsRectEmpty
MoveWindow
GetLastActivePopup
EnumChildWindows
GetWindowTextA
GetClassNameA
OpenClipboard
CloseClipboard
GetWindowPlacement
RegisterWindowMessageW
GetCapture
RegisterHotKey
ModifyMenuW
UnregisterHotKey
keybd_event
CharUpperBuffW
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
RegisterWindowMessageA
IsWindowVisible
SetForegroundWindow
IsIconic
ReleaseCapture
InsertMenuItemW
GetDoubleClickTime
EndPaint
BeginPaint
GetDlgCtrlID
GetComboBoxInfo
GetWindowLongA
LoadAcceleratorsW
LoadStringW
SetClipboardData
EmptyClipboard
FindWindowW
FrameRect
SetWindowPlacement
EndDialog
GetParent
WindowFromPoint
GetCursorPos
GetKeyState
SendMessageW
CreatePopupMenu
PeekMessageA
MsgWaitForMultipleObjects
PostThreadMessageA
wsprintfA
wvsprintfA
DestroyMenu
AppendMenuW
GetMenuItemInfoW
SetCursor
UnionRect
GetDesktopWindow
PostQuitMessage
SetParent
GetSubMenu
AdjustWindowRectEx
LoadMenuW
SetMenuDefaultItem
CheckMenuRadioItem
EnableMenuItem
DeleteMenu
GetMenuItemID
GetMenuItemCount
RedrawWindow
ShowWindow
InvalidateRect
UpdateWindow
ClientToScreen
wvsprintfW
GetDC
TrackPopupMenu
GetClassInfoExW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetTimer
KillTimer
ScrollWindowEx
SetScrollPos
ShowScrollBar
GetScrollInfo
SetScrollInfo
IsDlgButtonChecked
SetLastErrorEx
SetCapture
RegisterClassExW
LoadCursorW
wsprintfW
SetFocus
SetMenuItemInfoW
GetMonitorInfoW
MonitorFromPoint
GetMenuStringW
PtInRect
SetWindowLongW
GetWindowLongW
SetWindowTextW
GetWindowTextW
IsWindow
CallWindowProcW
DrawTextW
DefWindowProcW
UnregisterClassW
CreateWindowExW
GetWindowRect
SetWindowPos
GetClientRect
PostThreadMessageW
TrackPopupMenuEx
GetWindowDC
ReleaseDC
SetRectEmpty
SystemParametersInfoW
DestroyIcon
LoadBitmapW
WaitMessage
DispatchMessageW
TranslateMessage
PeekMessageW
PostMessageW
GetActiveWindow
ScreenToClient
GetSystemMetrics
DrawStateW
DrawEdge
CopyRect
MapWindowPoints
InflateRect
GetSysColor
LoadImageW
CheckMenuItem
FindWindowExW
SetWindowTextA
GetDlgItem
GetWindowTextLengthW
CharNextW
DestroyWindow
MessageBoxW
GetClassNameW
GetForegroundWindow
GetFocus
GetWindow
GetWindowThreadProcessId
GetCursor
GetIconInfo

gdi32

TextOutW
MoveToEx
LineTo
SetStretchBltMode
SetBrushOrgEx
CreateDCW
GetTextExtentPoint32W
CreateRectRgn
CombineRgn
CreateRectRgnIndirect
CreateBitmap
Polyline
GetCurrentObject
CreateDIBSection
GetTextAlign
SetTextAlign
GetBkColor
StretchBlt
BitBlt
SetViewportOrgEx
CreateCompatibleBitmap
CreatePen
Polygon
SelectPalette
RealizePalette
GetDIBits
GetDeviceCaps
CreateCompatibleDC
GetTextMetricsW
ExtTextOutW
Rectangle
SetTextColor
SetBkMode
CreateSolidBrush
SetBkColor
CreateFontIndirectW
DeleteDC
SelectObject
CreatePatternBrush
SetROP2
RestoreDC
GetStockObject
DeleteObject
GetObjectW
SaveDC

advapi32

CryptCreateHash
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegEnumValueW
RegEnumKeyW
CryptAcquireContextW
RegCreateKeyExA
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
GetUserNameW
RegQueryValueW
RegSetValueW
RegOpenKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey

shell32

SHGetSpecialFolderPathW
ord195
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetSpecialFolderLocation
ShellExecuteW
SHFileOperationW
SHGetMalloc

ole32

StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoGetClassObject
OleInitialize
CoTaskMemRealloc
OleUninitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoCreateInstance
RegisterDragDrop
ReleaseStgMedium

oleaut32

SysAllocStringLen
VariantClear
SysStringByteLen
VariantInit
VariantCopy
VariantChangeType
SafeArrayDestroy
VarBstrCmp
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayAccessData
UnRegisterTypeLi
RegisterTypeLi
OleLoadPicture
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysAllocStringByteLen
SysFreeString
SysStringLen
SafeArrayPutElement
GetErrorInfo
SysAllocString

shlwapi

StrCmpNIW
UrlCreateFromPathW
SHRegGetBoolUSValueW
SHGetValueW
UrlIsW
PathRemoveFileSpecW
PathFileExistsW
StrCmpIW
StrCpyNW
StrCpyW
PathFindExtensionW
PathIsDirectoryW
ord16
PathFindFileNameW
SHSetValueW

msimg32

TransparentBlt

urlmon

CoInternetParseUrl
URLDownloadToFileW
CoInternetGetSession

dbghelp

SymGetModuleBase64
StackWalk64
SymSetOptions
SymGetOptions
SymFunctionTableAccess64
SymGetLineFromAddr64
SymGetSymFromAddr64
SymCleanup
SymInitialize

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetSetOptionW
InternetSetStatusCallbackW
InternetOpenUrlW
HttpQueryInfoW
InternetOpenW
InternetCloseHandle
InternetReadFileExA
InternetReadFile
GetUrlCacheEntryInfoExW
InternetCanonicalizeUrlW

iphlpapi

GetAdaptersInfo

oleacc

AccessibleChildren
AccessibleObjectFromPoint

Exports

Exports

??0CScErrLog@@QAE@ABV0@@Z
??0CScErrLog@@QAE@PBD0H@Z
??1CScErrLog@@UAE@XZ
??4CScErrLog@@QAEAAV0@ABV0@@Z
??_7CScErrLog@@6B@
?ThreadProxy@CScErrLog@@KGIPAX@Z
?ThreadWork@CScErrLog@@IAEXXZ
?_createDirectory@CScErrLog@@IAEHPAD@Z
?_idebug1@@YAXPADZZ
?_idebug2@@YAXPADZZ
?_idebug3@@YAXPADZZ
?_idebug4@@YAXPADZZ
?_idebug5@@YAXPADZZ
?_idebug@@YAXPADZZ
?_readRegistoryFilePath@CScErrLog@@IAEHPAD@Z
?_readRegistoryLoglevel@CScErrLog@@IAEHPADPAH@Z
?_readRegistoryOutputFlag@CScErrLog@@IAE_NXZ
?_tidebug1@@YAXPAGZZ
?_tidebug2@@YAXPAGZZ
?_tidebug3@@YAXPAGZZ
?_tidebug4@@YAXPAGZZ
?_tidebug5@@YAXPAGZZ
?_tidebug@@YAXPAGZZ
?dump_binary@CScErrLog@@QAEXPADPAEH@Z
?flushlogbuff@CScErrLog@@IAEHH@Z
?g_pScErrLog@@3PAVCScErrLog@@A
?get_lastlogindex@CScErrLog@@IAEHXZ
?get_logfile_info@CScErrLog@@QAEABUSXLOGPARAM@@XZ
?geterror@CScErrLog@@QAEHXZ
?getlogLevel@CScErrLog@@QAEHXZ
?idebug1@@YAXPADZZ
?idebug2@@YAXPADZZ
?idebug3@@YAXPADZZ
?idebug4@@YAXPADZZ
?idebug5@@YAXPADZZ
?idebug@@YAXPADZZ
?is_output_debug@CScErrLog@@QBE_NXZ
?logfilebackup@CScErrLog@@IAEXH@Z
?logtype_string@CScErrLog@@2PAPBDA
?logwrite@CScErrLog@@IAEHPADH@Z
?makelogfile@CScErrLog@@IAEHXZ
?put@CScErrLog@@QAEXHPAD@Z
?put@CScErrLog@@QAEXHW4tagKind@1@W4tagType@1@PBD22@Z
?put@CScErrLog@@QAEXHW4tagKind@1@W4tagType@1@PBG22@Z
?putf@CScErrLog@@QAAXHPADZZ
?putf_nh@CScErrLog@@QAAXPADZZ
?rm_directory@CScErrLog@@IAEXPAD@Z
?rm_oldlog@CScErrLog@@IAEXXZ
?setlogLevel@CScErrLog@@QAEXH@Z
?setlogMaxDay@CScErrLog@@QAEXH@Z
?writefile@CScErrLog@@QAEXPADH@Z
?writefile_nh@CScErrLog@@QAEXPAEH@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 736KB - Virtual size: 732KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEMateLib.DLL
IEMateLib2.DLL
IEMateLib3.DLL
IEPromotion.dll
.dll regsvr32 windows:4 windows x86 arch:x86

6cc0ef3da90d0a1be17abd1af2082c16

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord3953
ord5307
ord2396
ord6467
ord860
ord800
ord858
ord924
ord537
ord540
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord4698
ord4079
ord5302
ord5300
ord2725
ord3346
ord5199
ord1089
ord3922
ord5731
ord2512
ord600
ord826
ord269
ord2554
ord4486
ord6375
ord815
ord1131
ord4274

msvcrt

_initterm
__CxxFrameHandler
??2@YAPAXI@Z
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
memcpy
free
_onexit

kernel32

LocalFree
WritePrivateProfileStringA
CreateDirectoryA
lstrlenA
LocalAlloc

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

atl

ord16
ord21
ord15
ord57
ord18

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 758B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEProtect.dll
.dll windows:4 windows x86 arch:x86

2116dd0b957022e6dc2bb13ac56d05b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
GetVersion
GetModuleHandleW
LoadLibraryW
GetModuleFileNameW
LoadLibraryA
SetLastError
GetLongPathNameA
VirtualProtect
GetModuleHandleA
CreateThread
MultiByteToWideChar
FreeLibrary
OutputDebugStringA
WideCharToMultiByte
GetSystemDirectoryA
GetModuleFileNameA
DeviceIoControl
GetWindowsDirectoryA
GetCurrentProcess
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
GetVersionExA
FindFirstFileA
GetFileAttributesA
GetProcAddress
VirtualAlloc
SetFileAttributesA
RemoveDirectoryA
DeleteFileA
UnmapViewOfFile
FindNextFileA
FindClose
CreateFileA
GetFileSize
CreateFileMappingA
CloseHandle
MapViewOfFile
LocalFree

user32

MessageBoxA
EndDialog
wsprintfA
GetDlgItemTextA
KillTimer
SendMessageA
CheckDlgButton
IsDlgButtonChecked
SetTimer
SetWindowTextA
GetDlgItem
DialogBoxParamA

gdi32

DeleteObject
CreateFontA

advapi32

OpenProcessToken
FreeSid
RegOpenKeyExA
RegGetKeySecurity
RegCloseKey
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
GetLengthSid
CopySid
InitializeSecurityDescriptor
AddAce
InitializeAcl
AllocateAndInitializeSid
RegEnumKeyA
RegQueryInfoKeyA
RegSetKeySecurity
SetSecurityDescriptorDacl

shell32

CommandLineToArgvW
SHGetSpecialFolderPathA

ole32

CoCreateInstance

msvcrt

_wcsicmp
strlen
memcpy
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_adjust_fdiv
_initterm
_onexit
__dllonexit
realloc
free
malloc
fflush
fwrite
_stat
_purecall
strncpy
_mbsicmp
_mbscmp
sprintf
??3@YAXPAX@Z
??2@YAPAXI@Z
wcslen
strrchr
printf
fclose
fread
fopen
__CxxFrameHandler
wcscpy
??1type_info@@UAE@XZ
memmove
strstr
_stricmp
_strlwr
_except_handler3
strchr
ftell
fseek

shlwapi

SHDeleteKeyA

Exports

Exports

GetClassObject

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IERepair.exe
.exe windows:4 windows x86 arch:x86

46589c781bb842e78b0e0c90df91d1a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockResource
LoadResource
FindResourceW
FindResourceExW
CloseHandle
GetModuleFileNameW
GetProcAddress
LoadLibraryW
lstrlenW
WritePrivateProfileStringW
GetLastError
GetCommandLineW
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
lstrcpyW
GetModuleHandleW
FreeLibrary
LoadLibraryExW
lstrcmpiW
lstrcpynW
FlushFileBuffers
SetStdHandle
SizeofResource
IsBadReadPtr
LoadLibraryA
SetFilePointer
GetOEMCP
GetStringTypeW
GetStringTypeA
GetCPInfo
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
TerminateProcess
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
InterlockedExchange
GetThreadLocale
GetLocaleInfoA
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
LCMapStringW
LCMapStringA
GetACP
IsBadCodePtr
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
ExitProcess
RtlUnwind
GetModuleHandleA
GetStartupInfoW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery

user32

TranslateMessage
GetMessageW
ShowWindow
UnregisterClassW
SendMessageW
SetWindowLongW
DispatchMessageW
LoadStringW
MessageBoxW
GetWindowTextW
GetWindowTextLengthW
SetDlgItemTextW
MessageBeep
SetFocus
GetWindowLongW
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetSystemMetrics
LoadImageW
GetDlgItem
EnableWindow
PostQuitMessage
CharNextW
DefWindowProcW
CreateDialogParamW
IsDialogMessageW
DestroyWindow
PeekMessageW

advapi32

RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW

ole32

CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

PathRemoveFileSpecW
UrlCreateFromPathW

comctl32

InitCommonControlsEx

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NsPlugin.dll
.dll windows:4 windows x86 arch:x86

03a6a7a20fcbf4d48d73a69b61a44175

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleFileNameA
CloseHandle
WaitForSingleObject
CreateProcessA
GlobalFree
lstrcpyA
FreeLibrary

msvcrt

strcat
strcpy
strrchr
atoi
__dllonexit
_onexit
memset

Exports

Exports

Install
Investigate
Uninstall

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 577B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cab.dll
.dll windows:4 windows x86 arch:x86

42febd0d194e323cddcc94850154f2e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\steupIemate\cabinet\Release\cabinet.pdb

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesW
SetFileAttributesW
CloseHandle
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileW
GetLastError
CreateDirectoryW
GetTempPathW
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandle
FreeLibrary
DeleteFileW
GetProcAddress
LoadLibraryW
FindNextFileW
FindClose
FindFirstFileW
lstrcatW
lstrcpyW
RaiseException
RtlUnwind
ExitProcess
GetFileType
ReadFile
WriteFile
SetFilePointer
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetUnhandledExceptionFilter
HeapAlloc
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
SetEndOfFile
SetHandleCount
GetStdHandle
GetStartupInfoA
SetStdHandle
TerminateProcess
GetCurrentProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
InterlockedExchange
VirtualQuery
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
FlushFileBuffers
VirtualProtect
GetSystemInfo

Exports

Exports

CompressFile
CompressFolder
DeCompressFolder
Test

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fixhomepage.exe
.exe windows:4 windows x86 arch:x86

fc6e99a36570027ad31a479773e059d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetCurrentProcess
TerminateProcess
GetEnvironmentVariableA
InterlockedDecrement
lstrcpynA
lstrlenA
InterlockedIncrement
MultiByteToWideChar
GetPrivateProfileStringA
GetProcAddress
OutputDebugStringA
FindNextFileA
SetLastError
GetFullPathNameA
lstrcpyA
WinExec
SetFileAttributesA
DeleteFileA
SearchPathA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
ExpandEnvironmentStringsA
VirtualQuery
GetModuleFileNameA
GetCurrentDirectoryA
GetLongPathNameA
GetShortPathNameA
FindFirstFileA
FindClose
GetFileAttributesA
GetVersionExA
GetLastError
DebugBreak
LocalFree
FlushFileBuffers
SetStdHandle
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
SetFilePointer
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
HeapFree
HeapAlloc
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapReAlloc
HeapSize
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW

user32

LoadStringA
CharLowerA
CharNextA
wvsprintfA

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
GetUserNameA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetNamedSecurityInfoA
GetExplicitEntriesFromAclA
DeleteAce

shell32

SHGetPathFromIDListA
SHGetSpecialFolderPathA
SHChangeNotify
SHGetMalloc
SHGetSpecialFolderLocation

ole32

CoCreateInstance
CoInitialize
CoUninitialize

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

SHSetValueA
SHDeleteValueA
StrNCatA
PathCombineA
SHGetValueA
SHDeleteKeyA

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
navagation.ini
option.ini
page/img/01.gif
.gif
page/img/02.gif
.gif
page/img/03.gif
.gif
page/img/05.gif
.gif
page/img/05_w.gif
.gif
page/img/1.gif
.gif
page/img/11.gif
.gif
page/img/12.gif
.gif
page/img/bg.jpg
.jpg
page/img/btn.gif
.gif
page/img/ie.gif
.gif
page/img/ie.jpg
.jpg
page/img/jt.gif
.gif
page/img/line.gif
.gif
page/img/logo.gif
.gif
page/img/mouseGesture.gif
.gif
page/img/oms_008.gif
.gif
page/img/recover1.jpg
.jpg
page/img/recover2.gif
.gif
page/img/recover3.jpg
.jpg
page/img/recover4.jpg
.jpg
page/img/search_bg.gif
.gif
page/img/search_bottom.gif
.gif
page/img/search_gl.gif
.gif
page/img/search_ts.gif
.gif
page/img/start_lbg.gif
.gif
page/img/stockTip.gif
.gif
page/img/sub_01.gif
.gif
page/img/wait.GIF
.gif
page/main.htm
.js
page/recover.htm
.js
page/saveimage.htm
.html
page/stockData.htm
.html .js polyglot
page/wizard.htm
.html .js polyglot
plugins/imFilter.dll
.dll regsvr32 windows:4 windows x86 arch:x86

745ceb2e4fd1cc75db2946d09dce203e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GlobalAlloc
lstrcmpA
GetCurrentThreadId
HeapSize
GlobalUnlock
HeapDestroy
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
ExitProcess
HeapAlloc
GetCurrentProcess
FlushInstructionCache
MulDiv
lstrcmpiW
GetProcessHeap
HeapFree
GetModuleHandleA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
lstrcatA
GetModuleFileNameA
lstrcpyA
lstrcpynA
lstrcmpiA
lstrlenA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
InterlockedExchange
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
HeapReAlloc

user32

CreateWindowExA
SendMessageA
GetWindowLongA
InvalidateRect
SetWindowLongA
CharNextA
GetFocus
IsChild
SetFocus
GetDlgItem
IsWindow
DestroyAcceleratorTable
RedrawWindow
PtInRect
DefWindowProcA
DestroyWindow
GetSysColor
ReleaseCapture
SetCapture
FillRect
GetClientRect
GetDC
ReleaseDC
InvalidateRgn
GetDesktopWindow
CallWindowProcA
EndPaint
BeginPaint
UnregisterClassA
GetWindow
SetWindowPos
GetClassNameA
GetParent
UnionRect
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
GetKeyState
ShowWindow
wsprintfA
CreateAcceleratorTableA
RegisterClassExA
LoadCursorA
GetClassInfoExA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
RegisterWindowMessageA

gdi32

CloseMetaFile
RestoreDC
SetWindowExtEx
SetWindowOrgEx
SaveDC
CreateMetaFileA
SetViewportOrgEx
SetMapMode
LPtoDP
CreateDCA
SetTextAlign
DeleteMetaFile
SetBkMode
SetTextColor
CreateFontIndirectA
LineTo
MoveToEx
CreatePen
FillRgn
SelectClipRgn
CreateRectRgn
GetClipRgn
CreateSolidBrush
GetStockObject
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
TextOutA
CreateRectRgnIndirect
DeleteObject

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA

ole32

OleLoadFromStream
OleSaveToStream
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleInitialize
CreateDataAdviseHolder
WriteClassStm
OleRegEnumVerbs
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
OleUninitialize

oleaut32

VariantChangeType
LoadRegTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
OleCreatePropertyFrame

msvcr71

__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
??2@YAPAXI@Z
_purecall
??_U@YAPAXI@Z
realloc
wcsncpy
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z
_CxxThrowException
_except_handler3
_resetstkoflw
free
malloc
?terminate@@YAXXZ
_initterm
_adjust_fdiv
__CppXcptFilter
_onexit
memset

shlwapi

PathFindExtensionA
UrlCombineW
StrCpyNW

wininet

InternetCreateUrlW
InternetCrackUrlW

comctl32

_TrackMouseEvent

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/inlinesearch.dll
plugins/suggest.dll
regedit.dll
.dll windows:4 windows x86 arch:x86

580179c74542b6ee64e3f37abcf77d44

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\iemate2\regedit\Release\regedit.pdb

Imports

kernel32

HeapReAlloc
VirtualAlloc
GetCPInfo
GetOEMCP
GetACP
EnterCriticalSection
LeaveCriticalSection
VirtualQuery
InterlockedExchange
RtlUnwind
LoadLibraryA
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
InitializeCriticalSection
GetStdHandle
SetHandleCount
HeapAlloc
HeapFree
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetVersionExA
GetCommandLineA
GetCurrentThreadId
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
SearchPathW
GetFileSize
GetLastError
OutputDebugStringW
CreateFileW
CloseHandle
WideCharToMultiByte
WriteFile
ReadFile
MultiByteToWideChar
lstrcmpW
ExitProcess
lstrlenW
lstrcpyW
GetFileType

user32

CharNextW
IsCharAlphaNumericW
CharUpperW
IsDialogMessageW
PeekMessageW
TranslateMessage
DispatchMessageW
wsprintfW
SendDlgItemMessageW

advapi32

RegSetValueExW
RegEnumValueW
RegCreateKeyW
RegOpenKeyW
RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueW
RegSetValueExA
RegFlushKey
RegDeleteValueW

shlwapi

StrChrW
StrToIntW

Exports

Exports

ExportWinNT50RegFile
ImportRegFile

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
search.ini
stock.dll
update.ini

Sharing

General

Malware Config

Signatures

Files

97318da386948415d08cef4a9006d669

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 19KB - Virtual size: 18KB

a1575143c7276d23e65a1698d2158da9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1bCertificate

Extended Key Usages

Key Usages

6b:8d:d5:18:b6:0b:38:d2:eb:cd:9a:25:d1:19:53:ef:47:ea:81:93Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shlwapi

wtsapi32

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 28KB - Virtual size: 26KB

d722b46f77981ed8b9edd09cabf8597d

Headers

File Characteristics

PDB Paths

Imports

psapi

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msimg32

version

Exports

Exports

Sections

.text Size: 316KB - Virtual size: 312KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 76KB - Virtual size: 73KB

.reloc Size: 28KB - Virtual size: 24KB

4504c1c05d2b0811d19f8f3e5b799206

Code Sign

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 19KB - Virtual size: 18KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

6b:8d:d5:18:b6:0b:38:d2:eb:cd:9a:25:d1:19:53:ef:47:ea:81:93
Signer

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 28KB - Virtual size: 26KB

.text
Size: 316KB - Virtual size: 312KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 76KB - Virtual size: 73KB

.reloc
Size: 28KB - Virtual size: 24KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

10:c9:1c:3e:b0:af:be:7e:95:0f:9b:00:ee:ad:08:f4:21:4c:30:97
Signer

.text
Size: 340KB - Virtual size: 336KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 4KB - Virtual size: 1020B

.reloc
Size: 28KB - Virtual size: 25KB

.text
Size: 324KB - Virtual size: 322KB

.rdata
Size: 48KB - Virtual size: 46KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 25KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B