c143a95e652f8668eba1a45026144f7c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c143a95e652f8668eba1a45026144f7c_JaffaCakes118
Size

13.7MB
MD5

c143a95e652f8668eba1a45026144f7c
SHA1

ec3ec42330a74bbce5805207d13ebc2bb296bcbf
SHA256

f83e44454af5a697a411730632784e8264583dc4df0f02c33c45e9eb9bb9fceb
SHA512

63b48d80f0e51c86948a309e703b3334388afa24d7a927b350a9b77cc61e71c410d3363069056efb934a59d8371619085d477f6dc4058b25f82586927a848d0e
SSDEEP

393216:U8nsELa+vFGvAsX5aFq/2vN+Oak+Y+NxaxMitym3n2c+jzs:U8nsmvFiAFJ1ak/6dityFM

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/IDM v5.20 FULL_Portable/IDM/USB_by_veto/USB/upx.exe	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack002/IDM v5.20 FULL_Portable/IDM/IDMan.exe
unpack002/IDM v5.20 FULL_Portable/IDM/NP_IDM.dll
unpack002/IDM v5.20 FULL_Portable/IDM/USB_by_veto/USB/lpk.dll
unpack002/IDM v5.20 FULL_Portable/IDM/USB_by_veto/USB/upx.exe
unpack002/IDM v5.20 FULL_Portable/IDM/lpk.dll

Files

c143a95e652f8668eba1a45026144f7c_JaffaCakes118
.rar
HPSTGLA-125/A-Upasias Download&IDM/Upasias Download/1.png
.png
HPSTGLA-125/A-Upasias Download&IDM/Upasias Download/2.png
.png
HPSTGLA-125/A-Upasias Download&IDM/Upasias Download/3.png
.png
HPSTGLA-125/A-Upasias Download&IDM/Upasias Download/4.png
.png
HPSTGLA-125/A-Upasias Download&IDM/Upasias Download/5.png
.png
HPSTGLA-125/A-Upasias Download&IDM/Upasias Download/6.png
.png
HPSTGLA-125/A-Upasias Download&IDM/Upasias Download/7.png
.png
HPSTGLA-125/A-Upasias Download&IDM/Upasias Download/IDM v5.20 FULL_Portable.rar
.rar
IDM v5.20 FULL_Portable/Help.txt
IDM v5.20 FULL_Portable/IDM/$cfi-1258883009.ico
IDM v5.20 FULL_Portable/IDM/2.bmp
IDM v5.20 FULL_Portable/IDM/GlobalErrors.log
IDM v5.20 FULL_Portable/IDM/IDMGetAll.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2322dbae349e780ebff54feae758b30c

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

59:b0:fd:1e:91:c3:15:61:10:48:02:d4:d5:88:ee:08
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

30-05-2006 00:00

Not After

29-05-2008 23:59

Subject

CN=Tonec Inc.,OU=Secure Application Development,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
lstrlenW
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
DeleteCriticalSection
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
InitializeCriticalSection
LocalFree
DisableThreadLibraryCalls
GetLastError
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
lstrcpynA
InterlockedIncrement

user32

MessageBoxA
CharNextA

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumValueA
RegSetValueExA

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize

oleaut32

SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SafeArrayPutElement
VariantChangeType
SysAllocStringLen
VariantClear
SafeArrayCreate
SysFreeString
SysAllocString
VariantInit
SafeArrayDestroy

wininet

InternetCombineUrlA
InternetGetCookieA
InternetCrackUrlA

msvcrt

_wcsicmp
_onexit
__dllonexit
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
isalpha
strchr
_CxxThrowException
memcmp
realloc
_memicmp
malloc
free
_purecall
strrchr
sprintf
strlen
atoi
_ismbcdigit
_mbclen
vsprintf
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
wcslen
__CxxFrameHandler
_mbschr
_mbsinc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM v5.20 FULL_Portable/IDM/IDMGrHlp.exe
.exe windows:4 windows x86 arch:x86

bedd8f0bfdf8fccb473fa687454d0597

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b0:fd:1e:91:c3:15:61:10:48:02:d4:d5:88:ee:08
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

30-05-2006 00:00

Not After

29-05-2008 23:59

Subject

CN=Tonec Inc.,OU=Secure Application Development,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
TerminateProcess
HeapReAlloc
HeapSize
GetACP
GetTimeZoneInformation
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RaiseException
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
RtlUnwind
GetProfileStringA
GetFileTime
GetFileAttributesA
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
SetErrorMode
GetThreadLocale
GetOEMCP
GetCPInfo
GetProcessVersion
SizeofResource
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrcpynA
GetModuleFileNameA
MulDiv
SetLastError
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetProcAddress
LockResource
FindResourceA
LoadResource
GlobalDeleteAtom
lstrcmpiA
GetCurrentThread
lstrcmpA
FormatMessageA
LocalFree
lstrlenA
InterlockedIncrement
WideCharToMultiByte
InterlockedDecrement
GetModuleHandleA
GetCurrentThreadId
CreateThread
SleepEx
MultiByteToWideChar
ExitProcess
CreateFileA
GetLastError
GetFileSize
WriteFile
SetFilePointer
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
CloseHandle
GetEnvironmentVariableA
GlobalFree

user32

MessageBeep
CharUpperA
InvalidateRect
InflateRect
RegisterClipboardFormatA
DestroyMenu
GetSysColorBrush
PtInRect
LoadStringA
MapDialogRect
SetWindowContextHelpId
ValidateRect
GetCursorPos
SetCursor
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
EnableMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
GetNextDlgGroupItem
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
CopyRect
IsWindowVisible
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetDlgCtrlID
GetKeyState
MessageBoxA
PostThreadMessageA
UnhookWindowsHookEx
SendMessageA
LoadIconA
DrawIcon
HideCaret
ShowCaret
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
SetRect
CopyAcceleratorTableA
CharNextA
RegisterWindowMessageA
OffsetRect
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
GetClientRect
GetSystemMetrics
IsIconic
EnableWindow
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
LoadCursorA
PostQuitMessage
DefWindowProcA
PostMessageA
CallNextHookEx
GetWindowTextA
GetClassNameA
SetWindowsHookExA
UnregisterClassA
GetDesktopWindow
SetTimer
KillTimer
IsWindowEnabled
GetDlgItem
GetWindowLongA
GetParent
DestroyWindow
CreateDialogIndirectParamA
IsWindow
SetActiveWindow
GetActiveWindow
EndDialog
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetNextDlgTabItem
CheckMenuItem

gdi32

CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetWindowExtEx
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
PatBlt
GetViewportExtEx
GetDeviceCaps
DeleteObject
GetStockObject
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateDIBitmap
GetClipBox

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA

comctl32

ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
CoRevokeClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CoCreateInstance
CreateBindCtx
CoInitialize
CoRegisterMessageFilter
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
CreateStreamOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
CreateILockBytesOnHGlobal

olepro32

ord253

oleaut32

VariantInit
SysAllocString
SysAllocStringLen
SysStringLen
VariantClear
VariantChangeType
VariantTimeToSystemTime
VariantCopy
SysAllocStringByteLen
SysFreeString

urlmon

CoInternetGetSession
CreateURLMoniker

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IDM v5.20 FULL_Portable/IDM/IDMan.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.BRD
Size: 544KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BRD
Size: 54KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BRD
Size: 41KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BRD
Size: 216KB - Virtual size: 752KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 109KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

iebihof
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IDM v5.20 FULL_Portable/IDM/IEExt.htm
.html .vbs polyglot
IDM v5.20 FULL_Portable/IDM/IEGetAll.htm
.html .vbs polyglot
IDM v5.20 FULL_Portable/IDM/IEGetVL.htm
.html .vbs polyglot
IDM v5.20 FULL_Portable/IDM/IEGetVL2.htm
.html .vbs polyglot
IDM v5.20 FULL_Portable/IDM/IEMonitor.exe
.exe windows:4 windows x86 arch:x86

47ac0eec3cc670670855d455d9ba5a63

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

59:b0:fd:1e:91:c3:15:61:10:48:02:d4:d5:88:ee:08
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

30-05-2006 00:00

Not After

29-05-2008 23:59

Subject

CN=Tonec Inc.,OU=Secure Application Development,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAsFileTime
TerminateProcess
GetSystemTime
GetLocalTime
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
RaiseException
HeapReAlloc
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetTimeZoneInformation
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
RtlUnwind
GetFileTime
GetProfileStringA
GetFileSize
GetFileAttributesA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
SetErrorMode
FileTimeToLocalFileTime
FileTimeToSystemTime
GetOEMCP
GetCPInfo
GetThreadLocale
SizeofResource
GetProcessVersion
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
MulDiv
SetLastError
FormatMessageA
LocalFree
InterlockedIncrement
lstrlenW
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetTickCount
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
InterlockedDecrement
ExitProcess
WideCharToMultiByte
lstrcpynA
GetFullPathNameA
lstrlenA
lstrcpyA
MultiByteToWideChar
GetVersionExA
LoadLibraryA
GetProcAddress
FreeLibrary
ReleaseMutex
CloseHandle
CreateMutexA
GetLastError
GetModuleHandleA
HeapDestroy
GetModuleFileNameA

user32

InvalidateRect
CharUpperA
InflateRect
LoadStringA
GetSysColorBrush
PtInRect
GetDesktopWindow
LoadCursorA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
CopyRect
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
PostThreadMessageA
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
LoadIconA
KillTimer
SetTimer
SendMessageA
DrawIcon
GetClientRect
UnregisterClassA
HideCaret
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
RegisterClipboardFormatA
DestroyMenu
MessageBeep
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
CharNextA
EndDialog
SetActiveWindow
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
GetSystemMetrics
IsIconic
PostMessageA
GetClassNameA
GetKeyboardState
GetKeyState
EnableWindow
PostQuitMessage
SetCursor
MessageBoxA
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
PeekMessageA
IsWindowVisible
ValidateRect
CallNextHookEx
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuItemCount
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA

gdi32

CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
PatBlt
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
DeleteObject
CreateBitmap
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateDIBitmap
GetClipBox

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA

comctl32

ord17

oledlg

ord8

ole32

CoDisconnectObject
CoTaskMemAlloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
OleFlushClipboard
CoTaskMemFree
CoRevokeClassObject
CoGetClassObject
CoRegisterMessageFilter
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
OleRun
CoCreateInstance

olepro32

ord253

oleaut32

SysStringLen
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SysFreeString
SysAllocString
VariantInit
SysAllocStringLen
VariantCopy
VariantChangeType
VariantTimeToSystemTime
SysAllocStringByteLen
LoadTypeLi
GetErrorInfo
VariantClear

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IDM v5.20 FULL_Portable/IDM/Languages/$cfi-2071810543.ico
IDM v5.20 FULL_Portable/IDM/Languages/desktop.ini
IDM v5.20 FULL_Portable/IDM/Languages/idm_th1.lng
IDM v5.20 FULL_Portable/IDM/Languages/tips_th1.txt
IDM v5.20 FULL_Portable/IDM/Languages/เครดิต.txt
IDM v5.20 FULL_Portable/IDM/NP_IDM.dll
.dll windows:4 windows x86 arch:x86

45fcab88da8bdc378674c19c03f82c1f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetWindowsDirectoryA
GetFileAttributesA
GetVersionExA
GetCurrentProcess
MultiByteToWideChar
FreeLibrary
GetProcAddress

user32

InvalidateRect
UpdateWindow
SetPropA
LoadIconA
MessageBoxA
GetClassNameA
GetForegroundWindow
SendMessageA
GetWindow
EndPaint
DestroyIcon
DrawIcon
FillRect
BeginPaint
GetUpdateRect
GetPropA
SetWindowLongA

gdi32

SetBkColor
SetTextColor
SelectObject
GetStockObject
DeleteObject
CreateSolidBrush
TextOutA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegLoadKeyA
RegRestoreKeyA
GetUserNameA
RegCloseKey
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocStringLen
VariantInit
SysAllocString
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
SysFreeString

msvcrt

_initterm
free
strstr
strrchr
strncpy
__CxxFrameHandler
sprintf
_adjust_fdiv
malloc

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 622B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM v5.20 FULL_Portable/IDM/Thumbs.db
IDM v5.20 FULL_Portable/IDM/USB_by_veto/$cfi-3820526186.ico
IDM v5.20 FULL_Portable/IDM/USB_by_veto/USB/$cfi-953244032.ico
IDM v5.20 FULL_Portable/IDM/USB_by_veto/USB/compress.bat
IDM v5.20 FULL_Portable/IDM/USB_by_veto/USB/desktop.ini
IDM v5.20 FULL_Portable/IDM/USB_by_veto/USB/lpk.dll
.dll windows:5 windows x86 arch:x86

00c5fd00087020a0645079ce30f4148b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetProcAddress
RtlMoveMemory
LoadLibraryW
lstrcatW
GetSystemDirectoryW
FreeLibrary
lstrcpynA
LockResource
LoadResource
SizeofResource
FindResourceW
CreateProcessW
RtlZeroMemory
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
GetLastError
CreateMutexA
lstrcmpiW
GetModuleFileNameW
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
GetCurrentThreadId
GetFileAttributesW
lstrcpyW
GetTickCount
GetLogicalDrives
FindNextFileW
SetFileAttributesW
CopyFileW
FindClose
FindFirstFileW
WaitForMultipleObjects
TerminateThread
ResumeThread
SetThreadPriority
CreateThread
SetEvent
CreateEventW
DisableThreadLibraryCalls

user32

wsprintfW

shell32

ord64
ord92

shlwapi

SHRegGetValueW
PathFindExtensionW
PathFindFileNameW
PathAppendW
PathRemoveFileSpecW
StrStrIW

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM v5.20 FULL_Portable/IDM/USB_by_veto/USB/upx.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

udqevtw
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IDM v5.20 FULL_Portable/IDM/USB_by_veto/USB/เครดิต.txt
IDM v5.20 FULL_Portable/IDM/USB_by_veto/desktop.ini
IDM v5.20 FULL_Portable/IDM/USB_by_veto/เครดิต.txt
IDM v5.20 FULL_Portable/IDM/Uninstall.exe
.exe windows:4 windows x86 arch:x86

6f07614ce5531e661c68fbdb42368c97

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:c3:1a:45:58:1e:e6:ae:2c:92:eb:b8:7e:82:c5:37
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

15-05-2008 00:00

Not After

30-05-2010 23:59

Subject

CN=Tonec Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

shlwapi

SHDeleteKeyA

kernel32

GetWindowsDirectoryA
lstrlenA
GetVersionExA
CopyFileA
GetLastError
GetModuleFileNameA
lstrcpyA
lstrcmpA
CreateFileA
ExitThread
ExitProcess
UnmapViewOfFile
GetSystemTime
MapViewOfFile
SetFileTime
GetFileTime
CreateFileMappingA
GetFileSize
SleepEx
CreateDirectoryA
RemoveDirectoryA
FindClose
Sleep
FindFirstFileA
SetEndOfFile
SetFilePointer
GetShortPathNameA
MoveFileExA
DeleteFileA
WriteFile
LocalFree
FormatMessageA
WideCharToMultiByte
GetModuleHandleA
SetCurrentDirectoryA
LocalAlloc
CreateProcessA
GetExitCodeThread
CreateThread
OpenProcess
HeapAlloc
GetProcessHeap
HeapFree
TerminateProcess
GetDiskFreeSpaceA
ResumeThread
SuspendThread
GetCurrentProcess
LoadLibraryA
GetProcAddress
FreeLibrary
GetSystemDirectoryA
CreateMutexA
OpenMutexA
WaitForSingleObject
lstrcmpiA
ReleaseMutex
CloseHandle
GetFileAttributesA
lstrcatA
MultiByteToWideChar
FindNextFileA
GetStartupInfoA

user32

MessageBoxA
wsprintfA
SendMessageA
SendDlgItemMessageA
EnableWindow
GetDlgItem
SetDlgItemTextA
PostQuitMessage
DispatchMessageA
TranslateMessage
GetMessageA
SetWindowPos
LoadIconA
CreateDialogParamA
ExitWindowsEx
GetWindowLongA
SetWindowLongA
GetWindowRect
ScreenToClient
CreateWindowExA
CallWindowProcA
GetDlgItemTextA
DestroyWindow
DialogBoxParamA
CharUpperA
FindWindowA
SetWindowTextA
EnumWindows
GetWindowThreadProcessId
GetWindowTextA
GetClientRect
ShowWindow
PostMessageA

advapi32

RegQueryValueExA
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExA
RegEnumKeyA
RegQueryInfoKeyA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegEnumKeyExA
GetUserNameA
FreeSid
LookupPrivilegeValueA

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
LoadTypeLibEx
SysAllocStringLen

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
sprintf
strtol
strcmp
strtoul
_itoa
memmove
strchr
strncpy
_ftol
memcpy
_splitpath
wcsstr
wcsncmp
wcscat
wcscpy
memset
free
malloc
memcmp
??2@YAPAXI@Z
??3@YAXPAX@Z
strstr
strrchr
strlen
strcat
strcpy
__CxxFrameHandler
_except_handler3
_controlfp

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IDM v5.20 FULL_Portable/IDM/defexclist.txt
IDM v5.20 FULL_Portable/IDM/desktop.ini
IDM v5.20 FULL_Portable/IDM/downlWithIDM.dll
.dll regsvr32 windows:4 windows x86 arch:x86

773b52a313fb73d41e7e3c2a0927cd37

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:c3:1a:45:58:1e:e6:ae:2c:92:eb:b8:7e:82:c5:37
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

15-05-2008 00:00

Not After

30-05-2010 23:59

Subject

CN=Tonec Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetShortPathNameA
FreeLibrary
SizeofResource
GetCurrentThreadId
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
GlobalLock
GlobalUnlock
LocalFree
lstrlenW
GetLastError
lstrlenA
FindFirstFileA
FindNextFileA
FindClose
MultiByteToWideChar
LoadResource
WideCharToMultiByte

user32

GetKeyState
MessageBoxA
CharNextA

advapi32

RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA

ole32

CoCreateInstance
CoUninitialize
CoInitialize
GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemFree
CoGetMalloc
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

SysFreeString
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
VariantInit
VariantClear
SysAllocStringLen
SysAllocString
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy

wininet

InternetCrackUrlA
InternetGetCookieA
InternetCombineUrlA

msvcrt

_memicmp
_stricmp
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_CxxThrowException
isdigit
realloc
malloc
free
_purecall
atoi
_ismbcdigit
_mbclen
_strnicmp
vsprintf
_mbsinc
strcmp
strrchr
__CxxFrameHandler
??3@YAXPAX@Z
strcpy
??2@YAPAXI@Z
strlen
memcpy
strpbrk
strchr
strstr
memset
wcslen
_wcsicmp
fclose
sscanf
memcmp
fgets
fopen
sprintf
_splitpath
memmove
_mbsstr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM v5.20 FULL_Portable/IDM/idman.chm
.chm
IDM v5.20 FULL_Portable/IDM/idmantypeinfo.tlb
IDM v5.20 FULL_Portable/IDM/idmbrbtn.dll
.dll windows:4 windows x86 arch:x86

d2cba82cf5665c114a1f2dda9fd13248

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:c3:1a:45:58:1e:e6:ae:2c:92:eb:b8:7e:82:c5:37
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

15-05-2008 00:00

Not After

30-05-2010 23:59

Subject

CN=Tonec Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
GetFileSize
CloseHandle
WideCharToMultiByte
MulDiv
GetLastError
GetModuleHandleA
GetProcAddress
MultiByteToWideChar

user32

GetWindowDC
ReleaseDC
PtInRect
PostMessageA
ShowWindow
DestroyMenu
MessageBoxA
CreatePopupMenu
SetTimer
SendMessageA
EndPaint
DefDlgProcA
BeginPaint
DestroyWindow
KillTimer
SetCapture
AppendMenuA
ClientToScreen
TrackPopupMenu
DrawTextA
LoadImageA
IntersectRect
MoveWindow
InvalidateRect
CreateWindowExA
SetWindowLongA
SetWindowPos
SetParent
LoadIconA
LoadCursorA
RegisterClassA
ReleaseCapture
GetWindowLongA

gdi32

DeleteObject
BitBlt
SelectObject
CreateCompatibleDC
GetStockObject
CreateCompatibleBitmap
GetObjectA
GetTextExtentPoint32A
CreateFontIndirectA
GetDeviceCaps
StretchBlt
SetTextColor
SetBkMode
DeleteDC

ole32

CoCreateInstance

oleaut32

SafeArrayDestroy
SafeArrayCreate
SafeArrayPutElement
VariantInit
SysAllocString
SysAllocStringLen
SysFreeString

msvcrt

_wcsicmp
_adjust_fdiv
malloc
_initterm
free
??1type_info@@UAE@XZ
wcscpy
wcscat
_i64tow
wcslen
_CxxThrowException
wcscmp
sprintf
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z

Exports

Exports

CreateIDMButton
CreateIDMButton2

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM v5.20 FULL_Portable/IDM/idmfsa.dll
.dll regsvr32 windows:4 windows x86 arch:x86

09c315f33fb0b016c4749a6bc75474f3

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

59:b0:fd:1e:91:c3:15:61:10:48:02:d4:d5:88:ee:08
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

30-05-2006 00:00

Not After

29-05-2008 23:59

Subject

CN=Tonec Inc.,OU=Secure Application Development,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
HeapAlloc
GetSystemInfo
GetVersionExA
HeapCreate
lstrlenW
MultiByteToWideChar
lstrlenA
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
DeleteCriticalSection
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
HeapReAlloc
HeapFree
InitializeCriticalSection
DisableThreadLibraryCalls
GetFileAttributesA
CopyFileA
DeleteFileA
CreateDirectoryA
WideCharToMultiByte
MoveFileA
FreeLibrary
GetLastError

user32

CharNextA

advapi32

RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegEnumValueA
RegEnumKeyExA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance

oleaut32

BSTR_UserMarshal
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
VarUI4FromStr
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserSize
SysFreeString

rpcrt4

NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrDllGetClassObject
NdrStubCall2
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 91B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 985B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM v5.20 FULL_Portable/IDM/idmftype.dll
.dll windows:4 windows x86 arch:x86

cb9cf7fccc131828b1b23de2700dee0c

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:c3:1a:45:58:1e:e6:ae:2c:92:eb:b8:7e:82:c5:37
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

15-05-2008 00:00

Not After

30-05-2010 23:59

Subject

CN=Tonec Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
RtlUnwind
HeapFree
RaiseException
HeapReAlloc
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
SetUnhandledExceptionFilter
GetProcAddress
MultiByteToWideChar
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
IsBadReadPtr
IsBadCodePtr
SetFilePointer
GetStringTypeA
GetStringTypeW
GetCPInfo
GetTimeZoneInformation
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
FlushFileBuffers
CloseHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

IDMFileType

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 200KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM v5.20 FULL_Portable/IDM/idmmbc.dll
.dll windows:4 windows x86 arch:x86

9e2b3ebc1665612c72cd1f207213d7d7

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:c3:1a:45:58:1e:e6:ae:2c:92:eb:b8:7e:82:c5:37
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

15-05-2008 00:00

Not After

30-05-2010 23:59

Subject

CN=Tonec Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
GetFileAttributesA
FreeLibrary
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
GetVersionExA
GetCurrentProcess
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
CreateSemaphoreA
GetSystemInfo
CreateIoCompletionPort
WaitForMultipleObjectsEx
PostQueuedCompletionStatus
ReleaseSemaphore
WaitForSingleObjectEx
GetQueuedCompletionStatus
HeapAlloc
HeapFree
HeapCreate
InterlockedIncrement
ExpandEnvironmentStringsA
LoadLibraryW
ExpandEnvironmentStringsW
GetModuleHandleA
TlsFree
Sleep
TlsAlloc
GetModuleFileNameA
TlsSetValue
TlsGetValue
CompareStringW
CompareStringA
SetEndOfFile
ReadFile
CreateFileA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
ResetEvent
GetCurrentProcessId
SetEvent
ExitThread
EnterCriticalSection
CreateEventA
CreateThread
LeaveCriticalSection
WaitForSingleObject
CloseHandle
GetExitCodeThread
GetLastError
HeapDestroy
IsBadReadPtr
SetFilePointer
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
WriteFile
HeapSize
TerminateProcess
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
GetEnvironmentVariableA
GetStringTypeW
RtlUnwind
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
GetCurrentThreadId
SetLastError
ExitProcess
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetStringTypeA
SetEnvironmentVariableA

user32

PostQuitMessage
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DefWindowProcA
MessageBoxA
PostMessageA
UnregisterClassA
GetKeyState
DestroyWindow
IsWindow
GetDesktopWindow
GetKeyboardState
DispatchMessageA

advapi32

LookupPrivilegeValueA
RegSetValueExA
OpenProcessToken
AdjustTokenPrivileges
GetUserNameA
RegRestoreKeyA
RegLoadKeyA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SafeArrayPutElement
SafeArrayCreate
SysAllocString
VariantInit
SysFreeString
SysAllocStringLen
SafeArrayDestroy

ws2_32

WSASetLastError
WSAGetLastError
WPUCompleteOverlappedRequest
WSCEnumProtocols
WSCGetProviderPath
ntohs
__WSAFDIsSet

Exports

Exports

GetLspGuid
WSPStartup

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM v5.20 FULL_Portable/IDM/idmmkb.dll
.dll windows:4 windows x86 arch:x86

922cbc631d38a734b795e24b35030aa0

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:c3:1a:45:58:1e:e6:ae:2c:92:eb:b8:7e:82:c5:37
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

15-05-2008 00:00

Not After

30-05-2010 23:59

Subject

CN=Tonec Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameA
CreateMutexA
LoadLibraryA
DisableThreadLibraryCalls
ReleaseMutex
WaitForSingleObject
GetProcAddress
FreeLibrary
OpenMutexA
WideCharToMultiByte

user32

SetWindowsHookExA
UnhookWindowsHookEx
GetKeyState
CallNextHookEx

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

msvcrt

_splitpath
_adjust_fdiv
__CxxFrameHandler
strrchr
sprintf
strchr
_stricmp
time
free
_initterm
malloc

Exports

Exports

GetAltState
GetCtrlState
InstallHook
InstallMouseHook
NeedForce
NeedPrevent
RemoveHook
RemoveMouseHook

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shared
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM v5.20 FULL_Portable/IDM/idmmkb.dll~~
.dll windows:4 windows x86 arch:x86

922cbc631d38a734b795e24b35030aa0

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:c3:1a:45:58:1e:e6:ae:2c:92:eb:b8:7e:82:c5:37
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

15-05-2008 00:00

Not After

30-05-2010 23:59

Subject

CN=Tonec Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameA
CreateMutexA
LoadLibraryA
DisableThreadLibraryCalls
ReleaseMutex
WaitForSingleObject
GetProcAddress
FreeLibrary
OpenMutexA
WideCharToMultiByte

user32

SetWindowsHookExA
UnhookWindowsHookEx
GetKeyState
CallNextHookEx

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

msvcrt

_splitpath
_adjust_fdiv
__CxxFrameHandler
strrchr
sprintf
strchr
_stricmp
time
free
_initterm
malloc

Exports

Exports

GetAltState
GetCtrlState
InstallHook
InstallMouseHook
NeedForce
NeedPrevent
RemoveHook
RemoveMouseHook

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shared
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM v5.20 FULL_Portable/IDM/idmmzcc.xpi
.zip
META-INF/manifest.mf
META-INF/zigbert.rsa
META-INF/zigbert.sf
chrome.manifest
chrome/idmmzcc.jar
.zip
content/IDM/contents.rdf
.xml
content/IDM/dwnl1.gif
.gif
content/IDM/dwnlAll.gif
.gif
content/IDM/idmmenuitems.css
content/IDM/overlay.js
.js
content/IDM/overlay.xul
.xml
components/iIDMMzCC.xpt
components/idmmzcc.dll
.dll windows:4 windows x86 arch:x86

957efe26645c5be54bc5aa045389ef58

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:c3:1a:45:58:1e:e6:ae:2c:92:eb:b8:7e:82:c5:37
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

15-05-2008 00:00

Not After

30-05-2010 23:59

Subject

CN=Tonec Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameA
CreateMutexA
GetFileAttributesA
GetWindowsDirectoryA
GetVersionExA
GetModuleHandleA
CloseHandle
GetLastError
GetFileSize
CreateFileA
CreateThread
ReadFile
FreeLibrary
lstrlenA
FindFirstFileA
FindNextFileA
FindClose
DisableThreadLibraryCalls
SetCurrentDirectoryA
GetLocaleInfoA
LoadLibraryA
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
GetCurrentProcess
ReleaseMutex

user32

GetSystemMetrics
GetClientRect
MessageBoxA
PostMessageA
SendMessageA
GetKeyState
GetClassNameA
GetParent
GetKeyboardState

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyA
RegLoadKeyA
RegRestoreKeyA
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA

shell32

ShellExecuteA

ole32

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringLen
SysStringLen
SysAllocString
VariantInit
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
SysFreeString

wininet

InternetCombineUrlA

msvcrt

_adjust_fdiv
_memicmp
_wcsicmp
_wcslwr
_stricmp
_strnicmp
_initterm
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
_fullpath
strcpy
memcpy
strlen
memset
strncmp
strpbrk
isdigit
_i64tow
fwrite
strncpy
_stat
free
malloc
strchr
??2@YAPAXI@Z
_CxxThrowException
??3@YAXPAX@Z
__CxxFrameHandler
memmove
_purecall
wcslen
wcscpy
sprintf
strrchr
fclose
sscanf
fopen
fgets
_splitpath
_mbsstr
strstr
isalpha
memchr
_strupr

nspr4

PR_UnloadLibrary
PR_LoadLibraryWithFlags
PR_Free
PR_GetLibraryFilePathname
PR_FindSymbolAndLibrary
PR_SetEnv
PR_smprintf
PR_smprintf_free
PR_GetEnv
PR_AtomicIncrement
PR_AtomicDecrement
PR_FindSymbol

plc4

PL_strrchr

Exports

Exports

GetListenerState
NSGetModule

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
install.js
.js
install.rdf
.xml
IDM v5.20 FULL_Portable/IDM/lpk.dll
.dll windows:5 windows x86 arch:x86

00c5fd00087020a0645079ce30f4148b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetProcAddress
RtlMoveMemory
LoadLibraryW
lstrcatW
GetSystemDirectoryW
FreeLibrary
lstrcpynA
LockResource
LoadResource
SizeofResource
FindResourceW
CreateProcessW
RtlZeroMemory
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
GetLastError
CreateMutexA
lstrcmpiW
GetModuleFileNameW
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
GetCurrentThreadId
GetFileAttributesW
lstrcpyW
GetTickCount
GetLogicalDrives
FindNextFileW
SetFileAttributesW
CopyFileW
FindClose
FindFirstFileW
WaitForMultipleObjects
TerminateThread
ResumeThread
SetThreadPriority
CreateThread
SetEvent
CreateEventW
DisableThreadLibraryCalls

user32

wsprintfW

shell32

ord64
ord92

shlwapi

SHRegGetValueW
PathFindExtensionW
PathFindFileNameW
PathAppendW
PathRemoveFileSpecW
StrStrIW

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDM v5.20 FULL_Portable/IDM/เครดิต.txt
HPSTGLA-125/A-Upasias Download&IDM/Upasias Download/Thumbs.db
HPSTGLA-125/Club Super Love Lolita Asia PTHC U13-U15-U18.html
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Bests Teen Lolita Asia Go---kansaix.com (1).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Bests Teen Lolita Asia Go---kansaix.com (2).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Bests Teen Lolita Asia Go---kansaix.com (3).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Bests Teen Lolita Asia Go---kansaix.com (4).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Bests Teen Lolita Asia Go---kansaix.com (5).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Bests Teen Lolita Asia Go---kansaix.com (6).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Bests Teen Lolita Asia Go---kansaix.com.txt
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Free Porn Teen U13 U15 U18 Asia---teensex88.com (1).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Free Porn Teen U13 U15 U18 Asia---teensex88.com (2).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Free Porn Teen U13 U15 U18 Asia---teensex88.com (3).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Free Porn Teen U13 U15 U18 Asia---teensex88.com (4).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Free Porn Teen U13 U15 U18 Asia---teensex88.com (5).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Free Porn Teen U13 U15 U18 Asia---teensex88.com (6).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Free Porn Teen U13 U15 U18 Asia---teensex88.com.txt
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super JAV Teen Lolita J-Idon Go--teenbests.com (1).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super JAV Teen Lolita J-Idon Go--teenbests.com (2).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super JAV Teen Lolita J-Idon Go--teenbests.com (3).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super JAV Teen Lolita J-Idon Go--teenbests.com (4).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super JAV Teen Lolita J-Idon Go--teenbests.com (5).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super JAV Teen Lolita J-Idon Go--teenbests.com.jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super JAV Teen Lolita J-Idon Go--teenbests.com.txt
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Lolita Asia Go--yukikax.com (1).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Lolita Asia Go--yukikax.com (2).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Lolita Asia Go--yukikax.com (3).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Lolita Asia Go--yukikax.com (4).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Lolita Asia Go--yukikax.com (5).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Lolita Asia Go--yukikax.com (6).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Lolita Asia Go--yukikax.com.txt
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Webcam Teen Lolita Asia Go---www.asiaxteen.com (1).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Webcam Teen Lolita Asia Go---www.asiaxteen.com (2).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Webcam Teen Lolita Asia Go---www.asiaxteen.com (3).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Webcam Teen Lolita Asia Go---www.asiaxteen.com (4).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Webcam Teen Lolita Asia Go---www.asiaxteen.com (5).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Webcam Teen Lolita Asia Go---www.asiaxteen.com (6).jpg
.jpg
HPSTGLA-125/Super Bests Teen Lolita Asia Good Job/Super Webcam Teen Lolita Asia Go---www.asiaxteen.com.txt
HPSTGLA-125/kansaix.com (1).jpg
.jpg
HPSTGLA-125/kansaix.com (10).jpg
.jpg
HPSTGLA-125/kansaix.com (11).jpg
.jpg
HPSTGLA-125/kansaix.com (12).jpg
.jpg
HPSTGLA-125/kansaix.com (13).jpg
.jpg
HPSTGLA-125/kansaix.com (14).jpg
.jpg
HPSTGLA-125/kansaix.com (15).jpg
.jpg
HPSTGLA-125/kansaix.com (16).jpg
.jpg
HPSTGLA-125/kansaix.com (17).jpg
.jpg
HPSTGLA-125/kansaix.com (18).jpg
.jpg
HPSTGLA-125/kansaix.com (19).jpg
.jpg
HPSTGLA-125/kansaix.com (2).jpg
.jpg
HPSTGLA-125/kansaix.com (20).jpg
.jpg
HPSTGLA-125/kansaix.com (21).jpg
.jpg
HPSTGLA-125/kansaix.com (22).jpg
.jpg
HPSTGLA-125/kansaix.com (23).jpg
.jpg
HPSTGLA-125/kansaix.com (24).jpg
.jpg
HPSTGLA-125/kansaix.com (25).jpg
.jpg
HPSTGLA-125/kansaix.com (26).jpg
.jpg
HPSTGLA-125/kansaix.com (27).jpg
.jpg
HPSTGLA-125/kansaix.com (28).jpg
.jpg
HPSTGLA-125/kansaix.com (29).jpg
.jpg
HPSTGLA-125/kansaix.com (3).jpg
.jpg
HPSTGLA-125/kansaix.com (30).jpg
.jpg
HPSTGLA-125/kansaix.com (31).jpg
.jpg
HPSTGLA-125/kansaix.com (32).jpg
.jpg
HPSTGLA-125/kansaix.com (33).jpg
.jpg
HPSTGLA-125/kansaix.com (34).jpg
.jpg
HPSTGLA-125/kansaix.com (35).jpg
.jpg
HPSTGLA-125/kansaix.com (36).jpg
.jpg
HPSTGLA-125/kansaix.com (37).jpg
.jpg
HPSTGLA-125/kansaix.com (38).jpg
.jpg
HPSTGLA-125/kansaix.com (39).jpg
.jpg
HPSTGLA-125/kansaix.com (4).jpg
.jpg
HPSTGLA-125/kansaix.com (40).jpg
.jpg
HPSTGLA-125/kansaix.com (41).jpg
.jpg
HPSTGLA-125/kansaix.com (42).jpg
.jpg
HPSTGLA-125/kansaix.com (43).jpg
.jpg
HPSTGLA-125/kansaix.com (44).jpg
.jpg
HPSTGLA-125/kansaix.com (45).jpg
.jpg
HPSTGLA-125/kansaix.com (46).jpg
.jpg
HPSTGLA-125/kansaix.com (47).jpg
.jpg
HPSTGLA-125/kansaix.com (48).jpg
.jpg
HPSTGLA-125/kansaix.com (49).jpg
.jpg
HPSTGLA-125/kansaix.com (5).jpg
.jpg
HPSTGLA-125/kansaix.com (50).jpg
.jpg
HPSTGLA-125/kansaix.com (6).jpg
.jpg
HPSTGLA-125/kansaix.com (7).jpg
.jpg
HPSTGLA-125/kansaix.com (8).jpg
.jpg
HPSTGLA-125/kansaix.com (9).jpg
.jpg

Sharing

General

Malware Config

Signatures

Files

2322dbae349e780ebff54feae758b30c

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

59:b0:fd:1e:91:c3:15:61:10:48:02:d4:d5:88:ee:08Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wininet

msvcrt

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

bedd8f0bfdf8fccb473fa687454d0597

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

59:b0:fd:1e:91:c3:15:61:10:48:02:d4:d5:88:ee:08Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

oledlg

ole32

olepro32

oleaut32

urlmon

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 20KB - Virtual size: 34KB

.rsrc Size: 24KB - Virtual size: 21KB

Headers

File Characteristics

Sections

.BRD Size: 544KB - Virtual size: 1.5MB

.BRD Size: 54KB - Virtual size: 368KB

.BRD Size: 41KB - Virtual size: 172KB

.BRD Size: 216KB - Virtual size: 752KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

59:b0:fd:1e:91:c3:15:61:10:48:02:d4:d5:88:ee:08
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB

01
Certificate

0a
Certificate

59:b0:fd:1e:91:c3:15:61:10:48:02:d4:d5:88:ee:08
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 20KB - Virtual size: 34KB

.rsrc
Size: 24KB - Virtual size: 21KB

.BRD
Size: 544KB - Virtual size: 1.5MB

.BRD
Size: 54KB - Virtual size: 368KB

.BRD
Size: 41KB - Virtual size: 172KB

.BRD
Size: 216KB - Virtual size: 752KB

.aspack
Size: 109KB - Virtual size: 112KB

.adata
Size: 31KB - Virtual size: 32KB

iebihof
Size: - Virtual size: 4KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

59:b0:fd:1e:91:c3:15:61:10:48:02:d4:d5:88:ee:08
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 16KB - Virtual size: 15KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 622B