cdba0935f95f8e97ffadb50d510ace60N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

cdba0935f95f8e97ffadb50d510ace60N.exe
Size

482KB
MD5

cdba0935f95f8e97ffadb50d510ace60
SHA1

22940e1590aaa949c23faeaf02c46c0e1c8c9d6a
SHA256

af8b500428ae1502c2b6c3ed6f91714b873f8c4f418847cd234fb2b9e2b5a0c2
SHA512

d6428c70a44b77ad441ecd806a80e5c4f56400cc41e6675598f86d467b3ec6870787d0304dbe183a6e7f510e869f54c12081db67d58f685d62e11cd8c0565f2e
SSDEEP

12288:ZpG3lMqLngPixjkRGAy4EkqDkJE+FUsr0v:ZSMqLgPilOytc2cLr0v

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/fct.dll
unpack003/$PLUGINSDIR/NSISdl.dll
unpack003/$PLUGINSDIR/nsExec.dll

NSIS installer 6 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/bin/firsttime_setup.exe	nsis_installer_1
static1/unpack001/bin/firsttime_setup.exe	nsis_installer_2
static1/unpack001/bin/prepenv_setup.exe	nsis_installer_1
static1/unpack001/bin/prepenv_setup.exe	nsis_installer_2

Files

cdba0935f95f8e97ffadb50d510ace60N.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03-03-2009 12:58

Not After

03-03-2024 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

3f:c4:37:77:fa:37:4b:71:7c:09:d0:98:54:4c:20:f1
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

06-01-2012 00:00

Not After

07-02-2014 23:59

Subject

CN=Genieo Innovation LTD,O=Genieo Innovation LTD,L=Herzliah,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:e6:be:a9:aa:b2:9a:88:fa:16:ac:0d:68:6c:88:08:52:02:6e:85
Signer

Actual PE Digest

3b:e6:be:a9:aa:b2:9a:88:fa:16:ac:0d:68:6c:88:08:52:02:6e:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/Genieo/Application/TrayUi/bin/gentray.exe
.exe windows:5 windows x86 arch:x86

b3778e9cf72153344dbdd55454337c13

Code Sign

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03-03-2009 12:58

Not After

03-03-2024 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

3f:c4:37:77:fa:37:4b:71:7c:09:d0:98:54:4c:20:f1
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

06-01-2012 00:00

Not After

07-02-2014 23:59

Subject

CN=Genieo Innovation LTD,O=Genieo Innovation LTD,L=Herzliah,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e9:3b:5b:71:3b:84:97:23:9a:ae:4e:7f:2a:a7:35:21:db:af:58:08
Signer

Actual PE Digest

e9:3b:5b:71:3b:84:97:23:9a:ae:4e:7f:2a:a7:35:21:db:af:58:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

K:\projects\AnabelPackage\build\src\TrayUi\Release\gentray.pdb

Imports

ws2_32

shutdown
inet_addr
htons
socket
connect
send
closesocket
WSAStartup
WSACleanup
recv
setsockopt

urlmon

URLDownloadToFileW

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

wininet

HttpSendRequestW
InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
InternetSetOptionW
InternetCrackUrlW
InternetConnectW
InternetReadFile
InternetQueryDataAvailable
InternetOpenW

kernel32

LeaveCriticalSection
CreateFileW
FlushFileBuffers
EnterCriticalSection
GetLocalTime
DeleteCriticalSection
GetExitCodeThread
CreateEventW
VirtualQuery
FreeLibrary
SetEvent
GetTickCount
ReadProcessMemory
GetProcAddress
OpenEventW
HeapAlloc
HeapFree
GetProcessHeap
GetPrivateProfileStringW
DeleteFileW
SetLastError
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
CopyFileW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
GetStdHandle
VirtualAlloc
VirtualFree
HeapCreate
HeapSize
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
WideCharToMultiByte
LCMapStringA
RaiseException
GetStartupInfoW
HeapReAlloc
RtlUnwind
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
WriteFile
InitializeCriticalSection
SetFilePointer
GetFileSize
TerminateThread
lstrcpynW
CreateThread
GetTempFileNameW
GetTempPathW
ExitProcess
GetModuleHandleW
CloseHandle
TerminateProcess
GetExitCodeProcess
OpenProcess
GetLastError
MultiByteToWideChar
lstrlenA
Sleep
GetCommandLineW
CreateDirectoryW
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
GetStartupInfoA
ReadFile
GetConsoleCP
GetConsoleMode
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetStdHandle
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
GetACP

user32

IsWindowVisible
wsprintfW
FindWindowW
GetLastInputInfo
GetDoubleClickTime
DestroyMenu
PostQuitMessage
PostMessageW
TrackPopupMenu
SetForegroundWindow
CheckMenuItem
ModifyMenuW
GetCursorPos
GetSubMenu
LoadMenuW
RegisterWindowMessageW
KillTimer
FillRect
InvalidateRect
SetTimer
DefWindowProcW
SetCursor
EndPaint
BeginPaint
ShowWindowAsync
ShowWindow
PtInRect
RegisterClassW
LoadImageW
SetWindowPos
SetWindowLongW
GetWindowLongW
CreateWindowExW
LoadCursorW
DestroyWindow
GetWindowRect
GetClassNameW
DispatchMessageW
TranslateMessage
GetMessageW
SendMessageW

gdi32

CreateCompatibleDC
CreateRectRgnIndirect
SaveDC
CreateDIBSection
SetStretchBltMode
GetClipBox
ExtSelectClipRgn
RestoreDC
TextOutW
SetTextAlign
SetTextColor
SetBkMode
CreateFontW
SetPixel
DeleteObject
CreateBrushIndirect
GetStockObject
DeleteDC
SetDIBitsToDevice
BitBlt
SelectObject

advapi32

RegNotifyChangeKeyValue
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyExW
RegEnumValueW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam

shell32

Shell_NotifyIconW
ShellExecuteW
CommandLineToArgvW
SHAppBarMessage
ShellExecuteExW
Shell_NotifyIconA
ShellExecuteA

ole32

CoUninitialize
CoCreateGuid
CoInitialize
StringFromGUID2
CoInitializeEx

shlwapi

StrTrimA
SHRegGetUSValueA
SHSetValueW
SHGetValueW
SHRegGetUSValueW

iphlpapi

GetAdaptersAddresses

Sections

.text
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/Genieo/Application/TrayUi/conf/conf.ini
$APPDATA/Genieo/Application/license/Apache log4j 1.2 - Project License.htm
.html
$APPDATA/Genieo/Application/license/IE HistoryView Freeware Internet Explorer History Viewer.htm
.js
$APPDATA/Genieo/Application/license/JDIC_Plus_index.html
.html .js polyglot
$APPDATA/Genieo/Application/license/JDOM_FAQ.htm
.html
$APPDATA/Genieo/Application/license/JavaMail API Reference Implementation  Project Kenai.htm
.html
$APPDATA/Genieo/Application/license/JavaMail_SMTP.txt
$APPDATA/Genieo/Application/license/Jericho HTML Parser.htm
.html .js polyglot
$APPDATA/Genieo/Application/license/JettyNOTICE.txt
$APPDATA/Genieo/Application/license/Launch4j - Cross-platform Java executable wrapper.htm
.html
$APPDATA/Genieo/Application/license/License - jQuery JavaScript Library.htm
.html .js polyglot
$APPDATA/Genieo/Application/license/LicenseAgreement.txt
$APPDATA/Genieo/Application/license/Licenses.htm
.html .js polyglot
$APPDATA/Genieo/Application/license/MozilaHistoryViewbrowsers.htm
.js
$APPDATA/Genieo/Application/license/MozillaHistoryView/MozillaHistoryView.chm
.chm
$APPDATA/Genieo/Application/license/MozillaHistoryView/readme.txt
$APPDATA/Genieo/Application/license/OpenSorcePackagesInUse.txt
$APPDATA/Genieo/Application/license/SQLite Copyright.htm
.html
$APPDATA/Genieo/Application/license/iehv/iehv.chm
.chm
$APPDATA/Genieo/Application/license/iehv/readme.txt
$APPDATA/Genieo/Application/license/license.html
.html
$APPDATA/Genieo/Application/license/oauth-signpost - Project Hosting on Google Code.htm
.html .js polyglot
$APPDATA/Genieo/Application/license/reallysimplehistory - Project Hosting on Google Code.htm
.html .js polyglot
$APPDATA/Genieo/Data/Updater/conf/updater_manifest.xml
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/fct.dll
.dll windows:4 windows x86 arch:x86

ea6c66dd8fdf3fe3fb04ddbc357acc4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
Sleep
CloseHandle
TerminateProcess
WaitForSingleObject
OpenProcess
lstrcmpA
GlobalAlloc
GlobalFree
GetExitCodeThread
lstrcpyA
lstrcpynA
CreateThread
lstrcmpiA

user32

IsWindow
MessageBoxA
PostMessageA
GetWindowThreadProcessId
GetWindowLongA
GetWindowTextA
GetClassNameA
EnumWindows
wsprintfA

Exports

Exports

fct
wait

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 717B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/IeSearchProvider.exe
.exe windows:5 windows x86 arch:x86

5aa5e2115acb84d43a302c287efcf624

Code Sign

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03-03-2009 12:58

Not After

03-03-2024 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

3f:c4:37:77:fa:37:4b:71:7c:09:d0:98:54:4c:20:f1
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

06-01-2012 00:00

Not After

07-02-2014 23:59

Subject

CN=Genieo Innovation LTD,O=Genieo Innovation LTD,L=Herzliah,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

df:6d:25:3f:7b:f8:e3:54:fe:b2:11:dc:7a:58:92:69:b7:01:c2:1a
Signer

Actual PE Digest

df:6d:25:3f:7b:f8:e3:54:fe:b2:11:dc:7a:58:92:69:b7:01:c2:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

K:\projects\AnabelPackage\build\src\IeSearchProvider\Release\IeSearchProvider.pdb

Imports

ole32

CoInitialize
CoUninitialize
CoCreateInstance

shlwapi

SHSetValueW

kernel32

VirtualFree
GetStartupInfoW
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
RaiseException
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
WideCharToMultiByte
LCMapStringW
HeapSize

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/firsttime_setup.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03-03-2009 12:58

Not After

03-03-2024 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

3f:c4:37:77:fa:37:4b:71:7c:09:d0:98:54:4c:20:f1
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

06-01-2012 00:00

Not After

07-02-2014 23:59

Subject

CN=Genieo Innovation LTD,O=Genieo Innovation LTD,L=Herzliah,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ec:5b:4e:14:f0:b8:0e:fb:1b:c5:01:af:0e:a7:65:f8:dd:4f:4e:6a
Signer

Actual PE Digest

ec:5b:4e:14:f0:b8:0e:fb:1b:c5:01:af:0e:a7:65:f8:dd:4f:4e:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninstall/firsttime_uninstall.exe.nsis
bin/genupdater.exe
.exe windows:5 windows x86 arch:x86

4a32787cd777e971d1221d3db9bc7980

Code Sign

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03-03-2009 12:58

Not After

03-03-2024 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

3f:c4:37:77:fa:37:4b:71:7c:09:d0:98:54:4c:20:f1
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

06-01-2012 00:00

Not After

07-02-2014 23:59

Subject

CN=Genieo Innovation LTD,O=Genieo Innovation LTD,L=Herzliah,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:73:15:d9:7d:81:29:8c:b8:c9:ab:5b:f7:27:3f:c6:56:72:2f:a2
Signer

Actual PE Digest

41:73:15:d9:7d:81:29:8c:b8:c9:ab:5b:f7:27:3f:c6:56:72:2f:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

K:\projects\AnabelPackage\build\src\Updater\Release\genupdater.pdb

Imports

wininet

InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
InternetSetOptionW
HttpSendRequestW
InternetReadFile
InternetCrackUrlW
InternetQueryDataAvailable
InternetConnectW
InternetOpenW

iphlpapi

GetAdaptersAddresses

kernel32

CreateDirectoryW
DeleteFileW
GetFileSize
SetFilePointer
WriteFile
InitializeCriticalSection
CopyFileW
LeaveCriticalSection
CreateFileW
FlushFileBuffers
EnterCriticalSection
GetLocalTime
DeleteCriticalSection
CloseHandle
InterlockedDecrement
CreateSemaphoreW
WaitForSingleObject
ReleaseSemaphore
GetPrivateProfileStringW
GetTickCount
Sleep
CreateThread
OpenProcess
TerminateProcess
GetLastError
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
GetModuleHandleA
GetPrivateProfileIntW
GetExitCodeProcess
GetTempPathW
lstrlenA
MultiByteToWideChar
WaitForMultipleObjects
HeapAlloc
HeapFree
GetProcessHeap
SetLastError
WideCharToMultiByte
lstrlenW
TerminateThread
CreateProcessW
GetSystemTimeAsFileTime
GetStartupInfoW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
RtlUnwind
RaiseException
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleFileNameW
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ReadFile
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
SetStdHandle
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CreateFileA
HeapSize

user32

SendMessageW
FindWindowW
PostMessageW
GetLastInputInfo
wsprintfW

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumValueA
RegQueryInfoKeyA
CryptGetHashParam
CryptHashData
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash

shell32

ShellExecuteExW
ShellExecuteW

ole32

CoCreateGuid
StringFromGUID2
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantClear

shlwapi

SHSetValueA
SHRegGetUSValueW
StrTrimA
SHGetValueW
SHSetValueW
SHRegGetUSValueA

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/prepenv_setup.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03-03-2009 12:58

Not After

03-03-2024 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

3f:c4:37:77:fa:37:4b:71:7c:09:d0:98:54:4c:20:f1
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

06-01-2012 00:00

Not After

07-02-2014 23:59

Subject

CN=Genieo Innovation LTD,O=Genieo Innovation LTD,L=Herzliah,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c6:34:a3:7b:08:cd:f9:cd:c8:7e:b9:8c:4b:dd:70:33:2c:16:00:e3
Signer

Actual PE Digest

c6:34:a3:7b:08:cd:f9:cd:c8:7e:b9:8c:4b:dd:70:33:2c:16:00:e3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R2/uninstall/prepenv_uninstall.exe.nsis
conf/conf.ini
uninstall/updater_uninstall.exe.nsis

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

04:7a:55Certificate

Extended Key Usages

3f:c4:37:77:fa:37:4b:71:7c:09:d0:98:54:4c:20:f1Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

3b:e6:be:a9:aa:b2:9a:88:fa:16:ac:0d:68:6c:88:08:52:02:6e:85Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 19KB - Virtual size: 19KB

b3778e9cf72153344dbdd55454337c13

Code Sign

04:7a:55Certificate

Extended Key Usages

3f:c4:37:77:fa:37:4b:71:7c:09:d0:98:54:4c:20:f1Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

e9:3b:5b:71:3b:84:97:23:9a:ae:4e:7f:2a:a7:35:21:db:af:58:08Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

urlmon

psapi

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

iphlpapi

Sections

.text Size: 392KB - Virtual size: 392KB

.rdata Size: 131KB - Virtual size: 130KB

.data Size: 21KB - Virtual size: 30KB

.rsrc Size: 1024B - Virtual size: 788B

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

ea6c66dd8fdf3fe3fb04ddbc357acc4c

Headers

File Characteristics

04:7a:55
Certificate

3f:c4:37:77:fa:37:4b:71:7c:09:d0:98:54:4c:20:f1
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

3b:e6:be:a9:aa:b2:9a:88:fa:16:ac:0d:68:6c:88:08:52:02:6e:85
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 19KB - Virtual size: 19KB

04:7a:55
Certificate

3f:c4:37:77:fa:37:4b:71:7c:09:d0:98:54:4c:20:f1
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

e9:3b:5b:71:3b:84:97:23:9a:ae:4e:7f:2a:a7:35:21:db:af:58:08
Signer

.text
Size: 392KB - Virtual size: 392KB

.rdata
Size: 131KB - Virtual size: 130KB

.data
Size: 21KB - Virtual size: 30KB

.rsrc
Size: 1024B - Virtual size: 788B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 717B

.data
Size: 512B - Virtual size: 136B

.reloc
Size: 512B - Virtual size: 204B

04:7a:55
Certificate

3f:c4:37:77:fa:37:4b:71:7c:09:d0:98:54:4c:20:f1
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

df:6d:25:3f:7b:f8:e3:54:fe:b2:11:dc:7a:58:92:69:b7:01:c2:1a
Signer

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

04:7a:55
Certificate

3f:c4:37:77:fa:37:4b:71:7c:09:d0:98:54:4c:20:f1
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

ec:5b:4e:14:f0:b8:0e:fb:1b:c5:01:af:0e:a7:65:f8:dd:4f:4e:6a
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 48KB

.rsrc
Size: 2KB - Virtual size: 2KB

04:7a:55
Certificate

3f:c4:37:77:fa:37:4b:71:7c:09:d0:98:54:4c:20:f1
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate