cfc0d0b9ce52f5037986bfdde616c659_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cfc0d0b9ce52f5037986bfdde616c659_JaffaCakes118
Size

3.1MB
MD5

cfc0d0b9ce52f5037986bfdde616c659
SHA1

91d51755f743158e17ecd6194ce65e39d60e100b
SHA256

d5e5315c94ce12840cecfd831d1b0c7e83f5c426a20c4002a29e73a9737e565b
SHA512

11b07f801a1c8de43f0fe2d4d5dae6b26a187a1e8dce754cf92b1c7c05948e94434ca76ac92360956b61da3ec52aa5495df003ab154924d8fdc63852b3b7a2da
SSDEEP

49152:8YjNROAqC+qipim2SQNH/0mngrcVBud28FMJ+eYVpVQwKUGS0iFJgZSEbUt:8iDrd8pimfiZgrmclFDeoVl0UmZSEc

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/tbu01405/uninstall.exe	upx
static1/unpack001/off.exe	upx

Unsigned PE 19 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/Firefox.dll
unpack001/$PLUGINSDIR/Genealogy.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack002/tbu01405/Family_Toolbar.dll
unpack002/tbu01405/clearhist.exe
unpack002/tbu01405/dbghelp.dll
unpack002/tbu01405/tbcore3.dll
unpack002/tbu01405/tbhelper.dll
unpack002/tbu01405/uninstall.exe
unpack003/out.upx
unpack002/tbu01405/update.exe
unpack001/$PROGRAMFILES/Family Toolbar/mhxpcomi.dll
unpack001/$R0
unpack001/$R2/NSIS.Library.RegTool.v3.$_11_.exe
unpack004/components/mhxpcom.dll
unpack001/off.exe
unpack005/out.upx

NSIS installer 3 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$PLUGINSDIR/family_toolbar.exe	nsis_installer_1

Files

cfc0d0b9ce52f5037986bfdde616c659_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:54:9f:68:70:5a:5e:e7:23:3d:6e:7f:90:a8:d4:af
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

21/02/2008, 00:00

Not After

23/03/2010, 23:59

Subject

CN=MyHeritage Ltd.,OU=GENEALOGY RESEARCH,O=MyHeritage Ltd.,L=Bnei Atarot,ST=Bnei Atarot,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/$PROGRAMFILES/Family Toolbar/ToolUninstall.exe.nsis
$PLUGINSDIR/BrowserOptions.ini
$PLUGINSDIR/Firefox.dll
.dll windows:4 windows x86 arch:x86

21ada8a5cc893b8df17fc0f5587b020b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
ReadFile
Process32First
CloseHandle
FindNextFileA
FindClose
CreateToolhelp32Snapshot
CreateFileA
GetFileSize
lstrcpynA
OpenProcess
Process32Next
GlobalAlloc
CompareFileTime
CreateProcessA
FindFirstFileA
TerminateProcess
WriteFile
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
InitializeCriticalSection
GlobalFree
SetFilePointer
GetLastError
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
LoadLibraryA
HeapReAlloc
VirtualAlloc
GetFileAttributesA
DeleteFileA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
MultiByteToWideChar
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
ExitProcess
Sleep
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize

user32

EnumWindows
GetWindowThreadProcessId
GetWindow
DdeUnaccessData
GetWindowTextA
DdeFreeStringHandle
DdeClientTransaction
DdeConnect
DdeUninitialize
DdeCreateStringHandleA
DdeAccessData
DdeGetLastError
DdeDisconnect
DdeFreeDataHandle
DdeInitializeA
GetClassNameA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetFolderPathA

ole32

OleRun
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SysFreeString
GetErrorInfo

psapi

EnumProcessModules
GetModuleBaseNameA

Exports

Exports

CheckExtensions
CheckSemaphores
ClearSemaphores
DdeGetWindowInfo
FindExe
FindPageInMSIE
FindTopWindow
GetBrowserVersion
IsRunning
IsToolbarDisabled
IsToolbarHidden
IsToolbarInstalled
OpenPage
OpenPageInMSIE
RemoveToolbar
Terminate
UnDisableToolbar
UnHideToolbar

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Genealogy.dll
.dll windows:4 windows x86 arch:x86

54cd9ef3a30f47dbd933eac40e33aa4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GetExitCodeProcess
CreateProcessA
TerminateProcess
ReadFile
MultiByteToWideChar
FindFirstFileA
GetLastError
GetProcAddress
GlobalFree
FindClose
LoadLibraryA
Process32Next
FindNextFileA
OpenProcess
CreateToolhelp32Snapshot
CloseHandle
LocalFree
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RtlUnwind
WriteFile
WaitForSingleObject
Process32First
GetCurrentProcess
FreeLibrary
lstrcpynA
GetLocaleInfoA
SetFilePointer
GetFileSize
GetModuleHandleA
CreateFileA
InitializeCriticalSection
HeapSize
HeapReAlloc
GetFileAttributesA
GetLocalTime
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
RaiseException
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetConsoleCP
GetConsoleMode
VirtualAlloc

user32

GetWindow
GetClassNameA
GetWindowRect
EnumWindows
GetWindowTextA
GetWindowLongA
CreateWindowExA
IsWindow
GetDlgCtrlID

advapi32

RegEnumKeyA
RegOpenKeyA
IsValidSid
RegDeleteValueA
RegOpenKeyExA
RegDeleteKeyA
RegQueryValueExA
GetTokenInformation
OpenProcessToken
RegCloseKey

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoCreateInstance

Exports

Exports

AppendTextToFile
CheckInstall
CreateShortcut
DisplayImage
DoubleStringSlashes
ExecSilent
ExecSilentWait
ExecSilentWaitLog
FindOpera
GetAppStatus
GetDistribution
GetLanguageNameFromID
GetMSIEVersion
GetSID
IsBrowserRunning
IsFlashInstalled
IsLogHistory
IsMSIEToolbarDisabled
IsMyHeritageVersion
IsProcessRunning
LogTextToFile
LogWindows
ProjectHasPhotos
TerminateProc
TerminateResearch
UnDisableMSIEToolbar

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Options_2.ini
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/family_toolbar.exe
.exe windows:4 windows x86 arch:x86

a23455b2d570c1e80b11b92360e41c00

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:54:9f:68:70:5a:5e:e7:23:3d:6e:7f:90:a8:d4:af
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

21/02/2008, 00:00

Not After

23/03/2010, 23:59

Subject

CN=MyHeritage Ltd.,OU=GENEALOGY RESEARCH,O=MyHeritage Ltd.,L=Bnei Atarot,ST=Bnei Atarot,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tbu01405/AR.gif
.gif
tbu01405/BG.gif
.gif
tbu01405/CS.gif
.gif
tbu01405/DA.gif
.gif
tbu01405/DE.gif
.gif
tbu01405/EL.gif
.gif
tbu01405/EN.gif
.gif
tbu01405/ES.gif
.gif
tbu01405/FI.gif
.gif
tbu01405/FR.gif
.gif
tbu01405/Family_Toolbar.dll
.dll regsvr32 windows:5 windows x86 arch:x86

32af71368cbdf173ab04d242843ebffe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Artem\Documents\Visual Studio 2008\Projects\update_crutch\Release\update_crutch.pdb

Imports

shell32

ShellExecuteW

kernel32

GetTickCount
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tbu01405/HE.gif
.gif
tbu01405/HR.gif
.gif
tbu01405/HU.gif
.gif
tbu01405/IT.gif
.gif
tbu01405/LT.gif
.gif
tbu01405/Loading.jpg
.jpg
tbu01405/MHlogo.gif
.gif
tbu01405/MyHeritage.ico
tbu01405/MyHeritage.png
.png
tbu01405/MyHeritageSearch.png
.png
tbu01405/NL.gif
.gif
tbu01405/NO.gif
.gif
tbu01405/PB.gif
.gif
tbu01405/PL.gif
.gif
tbu01405/PT.gif
.gif
tbu01405/RO.gif
.gif
tbu01405/RU.gif
.gif
tbu01405/SK.gif
.gif
tbu01405/SR.gif
.gif
tbu01405/SV.gif
.gif
tbu01405/TB_AR.gif
.gif
tbu01405/TB_BG.gif
.gif
tbu01405/TB_CS.gif
.gif
tbu01405/TB_DA.gif
.gif
tbu01405/TB_DE.gif
.gif
tbu01405/TB_EL.gif
.gif
tbu01405/TB_EN.gif
.gif
tbu01405/TB_ES.gif
.gif
tbu01405/TB_FI.gif
.gif
tbu01405/TB_FR.gif
.gif
tbu01405/TB_HE.gif
.gif
tbu01405/TB_HR.gif
.gif
tbu01405/TB_HU.gif
.gif
tbu01405/TB_IT.gif
.gif
tbu01405/TB_LT.gif
.gif
tbu01405/TB_NL.gif
.gif
tbu01405/TB_NO.gif
.gif
tbu01405/TB_PB.gif
.gif
tbu01405/TB_PL.gif
.gif
tbu01405/TB_PT.gif
.gif
tbu01405/TB_RO.gif
.gif
tbu01405/TB_RU.gif
.gif
tbu01405/TB_SK.gif
.gif
tbu01405/TB_SR.gif
.gif
tbu01405/TB_SV.gif
.gif
tbu01405/TB_TR.gif
.gif
tbu01405/TB_UK.gif
.gif
tbu01405/TR.gif
.gif
tbu01405/UK.gif
.gif
tbu01405/about.gif
.gif
tbu01405/about.html
.html
tbu01405/active.html
.html .js polyglot
tbu01405/addPhotos.gif
.gif
tbu01405/alerts.gif
.gif
tbu01405/anniversary.gif
.gif
tbu01405/banner.html
.html .js polyglot
tbu01405/basis.xml
.xml
tbu01405/birthday.gif
.gif
tbu01405/buyFamilyGifts.gif
.gif
tbu01405/calendar.gif
.gif
tbu01405/clearSearchHistory.gif
.gif
tbu01405/clearhist.exe
.exe windows:4 windows x86 arch:x86

22140fc584ccdb7f79e8a8b825fbd4a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\vsp\Toolbar4\release_bin\ClearHist.pdb

Imports

kernel32

CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
Process32Next
HeapSize
InitializeCriticalSection
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetLastError
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
Sleep
GetLocaleInfoA
RtlUnwind
LoadLibraryA

user32

MessageBoxA

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegEnumKeyExA

shell32

ShellExecuteA

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tbu01405/close.gif
.gif
tbu01405/closeRoll.gif
.gif
tbu01405/collage.gif
.gif
tbu01405/createFamilySite.gif
.gif
tbu01405/data.js
.js
tbu01405/dbghelp.dll
.dll windows:5 windows x86 arch:x86

42cfa6142c38112bdaffa05fb22db82e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

__dllonexit
_wcsicmp
wcsncpy
wcscmp
wcsncmp
__CxxFrameHandler
_wsplitpath
_wcsnicmp
towlower
__unDName
fclose
wcstol
_CxxThrowException
bsearch
_snwprintf
fread
fseek
_wfopen
fopen
_osver
_mbsnbcpy
fflush
_iob
_wmakepath
wcsrchr
wcscpy
_wcsdup
ftell
_wgetenv
_mbsicmp
_access
_fullpath
_fsopen
_wfsopen
_sopen
_wsopen
_wfullpath
_read
_write
_onexit
_chsize
_close
_get_osfhandle
_open_osfhandle
_winminor
_winmajor
_mbscmp
_memicmp
wcsncat
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
time
memmove
_ftol
swprintf
calloc
wcscat
_ltoa
_itoa
printf
_vsnprintf
strncat
tolower
_strcmpi
_makepath
_purecall
malloc
free
_strlwr
isspace
ctime
strstr
??2@YAPAXI@Z
??3@YAXPAX@Z
qsort
strncmp
_strnicmp
isxdigit
wcslen
sprintf
strrchr
strncpy
_except_handler3
_splitpath
_stricmp
strchr
_lseeki64
wprintf

kernel32

GetFileType
Sleep
DeviceIoControl
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
CopyFileA
SetFileAttributesA
CopyFileW
GetFileAttributesW
SetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
CreateFileMappingW
LCMapStringW
GetDriveTypeW
GetCurrentProcess
UnmapViewOfFile
GetEnvironmentVariableA
SetLastError
CloseHandle
CreateFileA
GetLastError
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetFullPathNameA
LocalAlloc
LocalFree
lstrcpyA
GetDriveTypeA
TlsGetValue
TlsAlloc
TlsFree
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
GetProcAddress
GetModuleHandleA
lstrlenA
HeapDestroy
HeapCreate
DisableThreadLibraryCalls
GetVersionExA
MapViewOfFile
CreateFileMappingA
FreeLibrary
GetFileSize
LoadLibraryA
DuplicateHandle
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
VirtualFree
SetErrorMode
GetFileAttributesA
ReadProcessMemory
VirtualProtect
VirtualAlloc
DeleteFileW
WriteFile
CreateFileW
OutputDebugStringA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemInfo
GetVersionExW
GetProcessHeap
SuspendThread
ResumeThread
GetThreadContext
VirtualQueryEx
LoadLibraryW
TerminateThread
SetEndOfFile
GetThreadSelectorEntry
MapViewOfFileEx
FlushViewOfFile
TlsSetValue
CreateThread

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
StackWalk
StackWalk64
SymCleanup
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromName
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromName
SymGetLineFromName64
SymGetLineNext
SymGetLineNext64
SymGetLinePrev
SymGetLinePrev64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetSearchPath
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetTypeFromName
SymGetTypeInfo
SymInitialize
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymMatchFileName
SymMatchString
SymRegisterCallback
SymRegisterCallback64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSetContext
SymSetOptions
SymSetSearchPath
SymSetSymWithAddr64
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnmapDebugInformation
WinDbgExtensionDllInit
dbghelp
dh
lm
lmi
omap
srcfiles
sym
vc7fpo

Sections

.text
Size: 569KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tbu01405/dialog_close.gif
.gif
tbu01405/familyTree.gif
.gif
tbu01405/femaleOnline.gif
.gif
tbu01405/femaleOnlineAway.gif
.gif
tbu01405/ff.ico
tbu01405/icons.bmp
tbu01405/ie.ico
tbu01405/inboxOff.gif
.gif
tbu01405/inboxOn.gif
.gif
tbu01405/info.txt
tbu01405/inviteFamily.gif
.gif
tbu01405/lang.js
.js
tbu01405/logOnToMH.gif
.gif
tbu01405/logoff.gif
.gif
tbu01405/maleOnline.gif
.gif
tbu01405/maleOnlineAway.gif
.gif
tbu01405/morph.gif
.gif
tbu01405/online.gif
.gif
tbu01405/photos.gif
.gif
tbu01405/privacy.gif
.gif
tbu01405/reload.gif
.gif
tbu01405/search.gif
.gif
tbu01405/site.gif
.gif
tbu01405/sites.gif
.gif
tbu01405/spacer.gif
.gif
tbu01405/stub.xml
tbu01405/tagPeople.gif
.gif
tbu01405/tbcore3.dll
.dll regsvr32 windows:5 windows x86 arch:x86

ad05da4b1fc33e8bdb7300da881db322

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\WORK\MyHeritage\src\toolbar\Release_bin\tbcore3U.pdb

Imports

wininet

InternetCloseHandle
InternetWriteFile
FtpOpenFileW
FindCloseUrlCache
InternetOpenW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FtpSetCurrentDirectoryW
InternetConnectW
FtpCreateDirectoryW
DeleteUrlCacheEntryW

shlwapi

PathFileExistsW
PathRemoveFileSpecW

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

winmm

PlaySoundW

dbghelp

SymSetOptions
SymGetOptions
SymGetSymFromAddr
SymGetModuleBase
SymGetLineFromAddr
SymFunctionTableAccess
StackWalk
MiniDumpWriteDump
SymInitialize
SymLoadModule
SymCleanup

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

iphlpapi

GetAdaptersInfo

kernel32

GetProcAddress
GetFileAttributesW
GetVersion
GetCurrentThreadId
RaiseException
FlushInstructionCache
GetCurrentProcess
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
EnterCriticalSection
LeaveCriticalSection
lstrlenW
LoadLibraryA
IsBadCodePtr
HeapFree
GetProcessHeap
SetUnhandledExceptionFilter
HeapAlloc
IsBadWritePtr
GetCurrentProcessId
lstrcpynW
lstrlenA
FormatMessageW
IsBadReadPtr
ReadProcessMemory
GetCurrentThread
GetVersionExW
CreateFileW
CloseHandle
OpenProcess
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
LoadLibraryExW
lstrcmpiW
InterlockedIncrement
WaitForSingleObject
SetEvent
CreateEventW
ResumeThread
ResetEvent
GlobalUnlock
GlobalLock
TerminateThread
CreateThread
CopyFileW
VerLanguageNameW
ReadFile
GetFileSize
DeleteFileW
RemoveDirectoryW
WriteFile
GetTempPathW
MoveFileW
CreateDirectoryW
GetLongPathNameW
GetModuleFileNameW
Process32NextW
Module32NextW
GetModuleHandleW
Process32FirstW
CreateToolhelp32Snapshot
GetFullPathNameW
FindFirstFileW
FindNextFileW
FindClose
GlobalFree
GlobalReAlloc
GlobalAlloc
lstrcmpW
MulDiv
WriteProcessMemory
DisableThreadLibraryCalls
lstrcpyW
lstrcatW
MoveFileExW
ReleaseMutex
CreateMutexW
OpenMutexW
GetUserDefaultLangID
Sleep
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
LocalFree
LocalAlloc
FileTimeToSystemTime
SetFilePointer
GetFileInformationByHandle
SystemTimeToFileTime
GetLocalTime
GetTickCount
SetCurrentDirectoryW
GlobalSize
InterlockedCompareExchange
InterlockedExchange
GetCommandLineA
UnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
FlushFileBuffers
FatalAppExitA
HeapCreate
GetCPInfo
GetACP
GetOEMCP
LoadLibraryW
OutputDebugStringA
GetLastError
SetLastError
InterlockedDecrement
Module32FirstW
GetModuleHandleA
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetLocaleInfoA
ExitThread
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
GetStringTypeA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
CreateFileA
TerminateProcess
GetSystemTimeAsFileTime

user32

GetAsyncKeyState
CloseClipboard
EmptyClipboard
OpenClipboard
DialogBoxIndirectParamW
GetIconInfo
UnregisterClassA
EnumChildWindows
GetWindow
MonitorFromWindow
GetMonitorInfoW
EndDialog
GetActiveWindow
EnableWindow
DrawEdge
DrawFocusRect
FillRect
EndPaint
BeginPaint
SetWindowPos
GetMenu
AdjustWindowRectEx
GetDlgCtrlID
SetCapture
IsWindowEnabled
KillTimer
SetTimer
UpdateWindow
PtInRect
ReleaseCapture
GetCapture
SystemParametersInfoW
InflateRect
SetFocus
SetActiveWindow
GetWindowTextW
GetWindowThreadProcessId
TranslateMessage
DispatchMessageW
InvalidateRect
CharUpperBuffW
MessageBoxW
CharNextW
SetLastErrorEx
wsprintfW
IsChild
GetDlgItem
GetMessagePos
MapWindowPoints
ReleaseDC
GetWindowDC
SetWindowsHookExW
WindowFromDC
OffsetRect
GetMenuItemInfoW
UnhookWindowsHookEx
LoadMenuIndirectW
LoadMenuW
GetSubMenu
GetClientRect
GetWindowLongW
DefWindowProcW
CallWindowProcW
PostMessageW
SetWindowLongW
RegisterClassExW
LoadCursorW
GetClassInfoExW
GetParent
ShowWindow
MoveWindow
SetWindowTextW
CreateWindowExW
SendMessageW
GetFocus
IsWindow
DestroyWindow
DestroyMenu
CreatePopupMenu
AppendMenuW
InsertMenuW
InsertMenuItemW
SetMenuItemBitmaps
TrackPopupMenu
CharLowerBuffW
EnableMenuItem
LoadCursorFromFileW
LoadImageW
SetWindowRgn
DrawFrameControl
LoadBitmapW
GetCursorPos
EndMenu
DrawTextW
CopyRect
InvalidateRgn
ScreenToClient
CreateAcceleratorTableW
GetDesktopWindow
RedrawWindow
GetSysColor
DestroyAcceleratorTable
RegisterWindowMessageW
UnregisterClassW
GetDC
GetKeyState
GetSysColorBrush
DialogBoxParamW
GetClassNameW
WindowFromPoint
ClientToScreen
IsWindowVisible
CallNextHookEx
SetCursor
DestroyCursor
SetDlgItemTextW
GetWindowRect
MessageBeep
GetSystemMetrics
GetWindowTextLengthW

gdi32

GetTextExtentPoint32W
ExtTextOutW
CreateFontW
DeleteObject
FrameRgn
CreateSolidBrush
CreateRectRgnIndirect
GetStockObject
DeleteDC
BitBlt
CreateCompatibleDC
Rectangle
CreatePatternBrush
CreatePen
GetTextExtentPointW
GetTextMetricsW
CreateCompatibleBitmap
GetDeviceCaps
GetObjectW
SetBkMode
SetTextColor
SaveDC
RestoreDC
GetClipBox
SelectClipRgn
SetBkColor
CombineRgn
CreateBrushIndirect
CreateRectRgn
PatBlt
SetBrushOrgEx
CreateDIBPatternBrushPt
CreateDIBSection
GetDIBits
RealizePalette
SetDIBitsToDevice
SetStretchBltMode
ExtSelectClipRgn
StretchBlt
CreateBitmap
RectVisible
StretchDIBits
CreateFontIndirectW
SelectObject

shell32

SHCreateDirectoryExW
ShellExecuteW
SHEmptyRecycleBinW
SHAddToRecentDocs
DragQueryFileW
SHLoadInProc
DoEnvironmentSubstW

ole32

CoTaskMemAlloc
OleRun
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
RegisterDragDrop
ReleaseStgMedium
CoUninitialize
CoInitialize
OleUninitialize
CreateStreamOnHGlobal
OleInitialize
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
StringFromGUID2
OleLockRunning
CoCreateGuid
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream

oleaut32

SafeArrayUnaccessData
SysFreeString
DispCallFunc
VariantInit
VariantClear
LoadRegTypeLi
CreateErrorInfo
SetErrorInfo
GetErrorInfo
VarBstrCat
VariantChangeType
SafeArrayCreate
SafeArrayPutElement
SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi
VariantCopy
SysAllocStringByteLen
SafeArrayCreateVector
SafeArrayAccessData
LoadTypeLi
SafeArrayDestroy
OleCreateFontIndirect
SysAllocStringLen
VarBstrCmp
VarUI4FromStr
SysStringLen
SysAllocString

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXAAV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPB_W0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z
CanReload
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetUpdaterAPI
MyUnregisterServer
TBStudioReg

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 422KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tbu01405/tbhelper.dll
.dll regsvr32 windows:5 windows x86 arch:x86

976dea5a19b78b2c6236d00ae0642caf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\WORK\MyHeritage\src\toolbar\Release_bin\tbhelperU.pdb

Imports

wininet

HttpAddRequestHeadersW
InternetSetOptionW
InternetQueryOptionW
InternetCloseHandle
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
FtpOpenFileW
FtpGetFileSize
InternetQueryDataAvailable
HttpOpenRequestW
InternetOpenW
InternetConnectW

rpcrt4

UuidFromStringA

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InterlockedExchange
IsValidLocale
EnumSystemLocalesA
MultiByteToWideChar
InterlockedDecrement
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameW
lstrlenW
GetLastError
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
LoadLibraryExW
lstrcmpiW
SetEndOfFile
RaiseException
InterlockedIncrement
CloseHandle
TerminateThread
WaitForSingleObject
OpenThread
GlobalUnlock
GlobalLock
WideCharToMultiByte
WriteFile
CreateFileW
DeleteFileW
GetCurrentThreadId
lstrlenA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetConsoleMode
GetTimeZoneInformation
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetProcAddress
GetConsoleCP
SetStdHandle
GetLocaleInfoA
GetLocaleInfoW
LoadLibraryA
SetConsoleCtrlHandler
GetModuleHandleA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
Sleep
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
ReadFile
GetModuleFileNameA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle

user32

CharNextW
PostThreadMessageW
IsWindow
CharLowerBuffW
CloseClipboard
GetClipboardData
OpenClipboard
PeekMessageW
SendMessageW

advapi32

RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CLSIDFromProgID
CoCreateInstance
CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoUninitialize
CoInitialize
CoGetInterfaceAndReleaseStream

oleaut32

VarBstrCmp
UnRegisterTypeLi
RegisterTypeLi
SysStringLen
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
CreateErrorInfo
SysAllocStringByteLen
VariantCopy
VariantClear
VariantInit
SysFreeString
SysAllocString
GetErrorInfo
VariantChangeType
SetErrorInfo
SysStringByteLen

Exports

Exports

CreateHelperObject
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IsUnicode

Sections

.text
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tbu01405/tbs_include_script_000391.js
.js
tbu01405/tbs_include_script_000733.js
.js
tbu01405/tbs_include_script_000784.js
.js
tbu01405/tbs_include_script_001134.js
.js
tbu01405/tbs_include_script_002287.js
.js
tbu01405/tbs_include_script_002346.js
.js
tbu01405/tbs_include_script_002789.js
.js
tbu01405/tbs_include_script_002833.js
.js
tbu01405/tbs_include_script_002855.js
.js
tbu01405/tbs_include_script_003080.js
.js
tbu01405/tbs_include_script_003083.js
.js
tbu01405/tbs_include_script_004183.js
.js
tbu01405/tbs_include_script_004456.js
.js
tbu01405/tbs_include_script_004711.js
.js
tbu01405/tbs_include_script_004823.js
.js
tbu01405/tbs_include_script_004824.js
.js
tbu01405/tbs_include_script_005792.js
.js
tbu01405/tbs_include_script_006838.js
.js
tbu01405/tbs_include_script_007158.js
.js
tbu01405/tbs_include_script_007564.js
.js
tbu01405/tbs_include_script_007690.js
.js
tbu01405/tbs_include_script_007803.js
.js
tbu01405/tbs_include_script_008357.js
.js
tbu01405/tbs_include_script_008502.js
.js
tbu01405/tbs_include_script_009578.js
.js
tbu01405/tbs_include_script_009807.js
.js
tbu01405/tbs_include_script_011492.js
.js
tbu01405/tbs_include_script_011493.js
.js
tbu01405/tbs_include_script_011550.js
.js
tbu01405/tbs_include_script_011614.js
.js
tbu01405/tbs_include_script_011637.js
.js
tbu01405/tbs_include_script_012671.js
.js
tbu01405/tbs_include_script_012765.js
.js
tbu01405/tbs_include_script_013916.js
.js
tbu01405/tbs_include_script_014484.js
.js
tbu01405/tbs_include_script_014583.js
.js
tbu01405/tbs_include_script_014799.js
.js
tbu01405/tbs_include_script_015508.js
.js
tbu01405/tbs_include_script_015800.js
.js
tbu01405/tbs_include_script_016179.js
.js
tbu01405/tbs_include_script_016289.js
.js
tbu01405/tbs_include_script_016678.js
.js
tbu01405/tbs_include_script_017022.js
.js
tbu01405/tbs_include_script_017427.js
.js
tbu01405/tbs_include_script_018243.js
.js
tbu01405/tbs_include_script_018279.js
.js
tbu01405/tbs_include_script_018382.js
tbu01405/tbs_include_script_018505.js
.js
tbu01405/tbs_include_script_020098.js
.js
tbu01405/tbs_include_script_020109.js
.js
tbu01405/tbs_include_script_020129.js
.js
tbu01405/tbs_include_script_020859.js
.js
tbu01405/tbs_include_script_022495.js
.js
tbu01405/tbs_include_script_023942.js
.js
tbu01405/tbs_include_script_024113.js
.js
tbu01405/tbs_include_script_025757.js
.js
tbu01405/tbs_include_script_025787.js
.js
tbu01405/tbs_include_script_026799.js
.js
tbu01405/tbs_include_script_026954.js
tbu01405/tbs_include_script_027482.js
.js
tbu01405/tbs_include_script_027696.js
.js
tbu01405/tbs_include_script_028246.js
.js
tbu01405/tbs_include_script_028279.js
.js
tbu01405/tbs_include_script_029390.js
.js
tbu01405/tbs_include_script_030206.js
.js
tbu01405/tbs_include_script_030277.js
.js
tbu01405/tbs_include_script_030359.js
.js
tbu01405/tbs_include_script_030760.js
.js
tbu01405/tbs_include_script_030814.js
.js
tbu01405/tbs_include_script_031331.js
.js
tbu01405/tbs_include_script_031332.js
.js
tbu01405/tbs_include_script_031711.js
.js
tbu01405/tbs_include_script_032188.js
.js
tbu01405/tbs_include_script_032423.js
.js
tbu01405/tbs_include_script_032495.js
.js
tbu01405/tellAFriend.gif
.gif
tbu01405/toolbarSetting.gif
.gif
tbu01405/uninstall.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tbu01405/uninstall.gif
.gif
tbu01405/update.exe
.exe windows:4 windows x86 arch:x86

0fcefbaa9f02398a96fb77ce4350f6eb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\vsp\toolbar\toolbar45\release_bin\update.pdb

Imports

setupapi

SetupIterateCabinetW

shell32

ShellExecuteW
CommandLineToArgvW

kernel32

LoadLibraryW
lstrcpyW
FreeLibrary
lstrlenW
InterlockedIncrement
InterlockedDecrement
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateMutexW
LocalFree
Sleep
CopyFileW
MoveFileW
CreateDirectoryW
SetCurrentDirectoryW
GetLastError
GetProcAddress
DeleteFileW
HeapSize
GetCommandLineW
TlsFree
InitializeCriticalSection
RtlUnwind
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
RaiseException
SetLastError
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA

user32

LoadStringW
UnregisterClassA

advapi32

RegCloseKey
RegDeleteValueW
RegCreateKeyExW

ole32

CoInitialize

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tbu01405/updateToolbar.gif
.gif
tbu01405/userSite.gif
.gif
tbu01405/version.txt
tbu01405/whatsNew.gif
.gif
tbu01405/xoff.jpg
.jpg
tbu01405/xon.jpg
.jpg
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PROGRAMFILES/Family Toolbar/mhxpcomi.dll
.dll regsvr32 windows:4 windows x86 arch:x86

5956c520ef7def094a9891596678b206

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\Toolbar\MhXpComI\MhXpComI\Release\MhXpComI.pdb

Imports

wininet

CreateUrlCacheEntryA
CommitUrlCacheEntryA

kernel32

lstrcmpiA
CloseHandle
WriteFile
SetFilePointer
GetCurrentThreadId
CreateFileA
GetModuleFileNameA
IsDBCSLeadByte
InterlockedIncrement
InterlockedDecrement
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
lstrlenA
GetThreadLocale
ReadFile
GetFileSize
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileAttributesExA
GetFileAttributesA
GetProcAddress
LoadLibraryA
SystemTimeToFileTime
GetSystemTime
GetCurrentProcess
LocalFree
GetTickCount
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
MultiByteToWideChar
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesExW
WideCharToMultiByte
CompareStringW
SetEnvironmentVariableA
SetThreadLocale
WriteConsoleW
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
QueryPerformanceCounter
CompareStringA
FlushFileBuffers
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InterlockedExchange
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetTimeZoneInformation
Sleep
HeapSize
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
GetLocalTime
HeapReAlloc
GetSystemTimeAsFileTime
DeleteFileA
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
LCMapStringW
VirtualFree
HeapDestroy
HeapCreate
ExitProcess
GetStdHandle

user32

CharNextA
UnregisterClassA

advapi32

GetTokenInformation
IsValidSid
RegOpenKeyA
RegEnumValueA
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
OpenProcessToken

shell32

SHGetFolderPathA
SHGetFolderPathW
SHGetFileInfoW

ole32

StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoGetMalloc
CoCreateInstance
StringFromCLSID

oleaut32

VariantClear
VariantInit
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SysFreeString
SysAllocString
SysStringLen
LoadTypeLi

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

urlmon

CoInternetCombineUrl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0
.dll regsvr32 windows:4 windows x86 arch:x86

5956c520ef7def094a9891596678b206

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\Toolbar\MhXpComI\MhXpComI\Release\MhXpComI.pdb

Imports

wininet

CreateUrlCacheEntryA
CommitUrlCacheEntryA

kernel32

lstrcmpiA
CloseHandle
WriteFile
SetFilePointer
GetCurrentThreadId
CreateFileA
GetModuleFileNameA
IsDBCSLeadByte
InterlockedIncrement
InterlockedDecrement
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
lstrlenA
GetThreadLocale
ReadFile
GetFileSize
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileAttributesExA
GetFileAttributesA
GetProcAddress
LoadLibraryA
SystemTimeToFileTime
GetSystemTime
GetCurrentProcess
LocalFree
GetTickCount
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
MultiByteToWideChar
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesExW
WideCharToMultiByte
CompareStringW
SetEnvironmentVariableA
SetThreadLocale
WriteConsoleW
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
QueryPerformanceCounter
CompareStringA
FlushFileBuffers
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InterlockedExchange
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetTimeZoneInformation
Sleep
HeapSize
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
GetLocalTime
HeapReAlloc
GetSystemTimeAsFileTime
DeleteFileA
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
LCMapStringW
VirtualFree
HeapDestroy
HeapCreate
ExitProcess
GetStdHandle

user32

CharNextA
UnregisterClassA

advapi32

GetTokenInformation
IsValidSid
RegOpenKeyA
RegEnumValueA
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
OpenProcessToken

shell32

SHGetFolderPathA
SHGetFolderPathW
SHGetFileInfoW

ole32

StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoGetMalloc
CoCreateInstance
StringFromCLSID

oleaut32

VariantClear
VariantInit
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SysFreeString
SysAllocString
SysStringLen
LoadTypeLi

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

urlmon

CoInternetCombineUrl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R2/NSIS.Library.RegTool.v3.$_11_.exe
.exe windows:4 windows x86 arch:x86

a56a9c58ddb2b2da8fde66551747ce70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CloseHandle
CreateProcessA
GetSystemDirectoryA
FreeLibrary
LoadLibraryExA
MultiByteToWideChar
lstrcmpiA
lstrlenA
SetEndOfFile
GetProcAddress
UnmapViewOfFile
lstrcpyA
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
lstrcatA
GetWindowsDirectoryA
GetShortPathNameA
GetCommandLineA
ExitProcess
GetModuleHandleA
GetModuleFileNameA
SetFilePointer
SetErrorMode

oleaut32

LoadTypeLi
RegisterTypeLi

advapi32

RegQueryValueExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegCloseKey

user32

wsprintfA
CharNextA

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
404.htm
.html
Loading.gif
.gif
MissingSnapshot.jpg
.jpg
MyHeritageWhiteBg.gif
.gif
MyNewTab - Grid.htm
.html
MyNewTab - History Off.htm
.html
MyNewTab.css
MyNewTab.js
.js
dns.htm
.html
family_toolbar.xpi
.zip
META-INF/manifest.mf
META-INF/zigbert.rsa
META-INF/zigbert.sf
chrome.manifest
chrome/Family_Toolbar.jar
.jar
components/IMhtbComponent.xpt
components/mhxpcom.dll
.dll windows:4 windows x86 arch:x86

385bf39d0b63ad7b378ced8c49940ecb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\Toolbar\MhXpCom\release\MhXpCom.pdb

Imports

nspr4

PR_snprintf
PR_Malloc
PR_AtomicDecrement
PR_AtomicIncrement

xpcom

NS_Alloc
NS_Free
NS_CStringSetData
NS_StringContainerInit
NS_StringSetData
NS_StringGetData
NS_StringContainerFinish
NS_CStringGetData
NS_CStringContainerFinish
NS_CStringContainerInit
NS_GetServiceManager
NS_GetComponentManager

kernel32

WideCharToMultiByte
GetTickCount
CloseHandle
WriteFile
CreateFileA
InitializeCriticalSection
GetTempPathA
LeaveCriticalSection
SetFilePointer
GetCurrentThreadId
EnterCriticalSection
lstrlenA
MultiByteToWideChar
GetFileAttributesExA
FileTimeToSystemTime
ReadFile
LoadLibraryA
FreeLibrary
GetFileAttributesA
SystemTimeToTzSpecificLocalTime
GetProcAddress
GetModuleFileNameA
GetCurrentProcess
LocalFree
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CompareStringA
CompareStringW
GetFileSize
GetLocalTime
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
HeapReAlloc
VirtualAlloc
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
SetEnvironmentVariableA
GetSystemTimeAsFileTime
GetLastError
DeleteFileA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetStdHandle
Sleep
HeapSize
ExitProcess
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

advapi32

OpenProcessToken
IsValidSid
RegOpenKeyExA
RegDeleteKeyA
RegOpenKeyA
RegCreateKeyExA
RegEnumKeyExA
RegEnumValueA
RegSetValueExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
GetTokenInformation

shell32

SHGetFolderPathA

ole32

StringFromCLSID
CoCreateInstance
CoTaskMemFree

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

NSGetModule

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
install.rdf
.xml
installed.txt
ff.gif
.gif
ie.gif
.gif
off.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 284KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 243KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
translations.js
.js

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

75:54:9f:68:70:5a:5e:e7:23:3d:6e:7f:90:a8:d4:afCertificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 48KB

.rsrc Size: 21KB - Virtual size: 21KB

21ada8a5cc893b8df17fc0f5587b020b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

psapi

Exports

Exports

Sections

.text Size: 101KB - Virtual size: 100KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 6KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 8KB - Virtual size: 8KB

54cd9ef3a30f47dbd933eac40e33aa4f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 6KB - Virtual size: 6KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

75:54:9f:68:70:5a:5e:e7:23:3d:6e:7f:90:a8:d4:af
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 48KB

.rsrc
Size: 21KB - Virtual size: 21KB

.text
Size: 101KB - Virtual size: 100KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 6KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 320B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

75:54:9f:68:70:5a:5e:e7:23:3d:6e:7f:90:a8:d4:af
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB