d12234a95be5e9025ad3872c34a6f8da_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d12234a95be5e9025ad3872c34a6f8da_JaffaCakes118
Size

1.2MB
MD5

d12234a95be5e9025ad3872c34a6f8da
SHA1

053e7dc9fa37df4c78dc0e66f1f8620640b73740
SHA256

4fb17ba8b6943800a972385c7fde7e8e45fc4b1a6b6edfb0dcdad3671243f480
SHA512

5d548e2ee1b91118a74105f083c0dc8d4b572889e293852391acb85bbc041630de215303bdc84064b0ab6b85b3a573d0ae631cb29088f67e5fdbb3e22b434d74
SSDEEP

24576:q5pkYOEi9IYw2T1Cd12iC75Jvos5YahVZWn2EmrclFmTX3v:CIvwuCd12icJ2SVe24y7f

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/AccessControl.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/netdict.exe	nsis_installer_1
static1/unpack001/netdict.exe	nsis_installer_2

Files

d12234a95be5e9025ad3872c34a6f8da_JaffaCakes118
.rar
netdict.exe
.exe windows:4 windows x86 arch:x86

dfb06052e74b26a42b0e490bd1c07959

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:16:8f:e9:04:79:4f:c2:7c:48:99:04:e2:08:40:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24-09-2008 00:00

Not After

24-09-2009 23:59

Subject

CN=China Internet Network Information Center,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technique Dept.,O=China Internet Network Information Center,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:7f:99:20:20:b5:6a:1c:08:8b:35:1b:f4:ac:9c:68:25:95:b3:90
Signer

Actual PE Digest

11:7f:99:20:20:b5:6a:1c:08:8b:35:1b:f4:ac:9c:68:25:95:b3:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AccessControl.dll
.dll windows:4 windows x86 arch:x86

ed83f419402bc3b83a08e3aaf8b5b5b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

ConvertStringSidToSidA
LookupAccountNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
GetUserNameA
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
OpenProcessToken
LookupAccountSidA
ConvertSidToStringSidA
GetSidSubAuthority
GetSidSubAuthorityCount

kernel32

lstrcmpiA
lstrcpyA
LocalAlloc
lstrlenA
LocalFree
GetLastError
GlobalFree
lstrcpynA
GlobalAlloc
GetFileAttributesA
CloseHandle
GetCurrentProcess
lstrcatA

user32

wsprintfA

Exports

Exports

ClearOnFile
ClearOnRegKey
DenyOnFile
DenyOnRegKey
DisableFileInheritance
DisableRegKeyInheritance
EnableFileInheritance
EnableRegKeyInheritance
GetCurrentUserName
GetFileGroup
GetFileOwner
GetRegKeyGroup
GetRegKeyOwner
GrantOnFile
GrantOnRegKey
IsUserTheAdministrator
RevokeOnFile
RevokeOnRegKey
SetFileGroup
SetFileOwner
SetOnFile
SetOnRegKey
SetRegKeyGroup
SetRegKeyOwner
SidToName

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/option.ini
$TEMP/netdict/config.dat
$TEMP/netdict/ndrver.dat
$TEMP/netdict/rscver.dat
$TEMP/netdict/setup.dat
$WINDIR/ocinfo.dat
KwData/NetDict/AddressBar/AddressBarSearchPartner.bmp
KwData/NetDict/AddressBar/AddressBarSearchPartner.xml
KwData/NetDict/AddressBar/KeyWordHistory.ini
KwData/NetDict/ndrver.dat
KwData/NetDict/toolbox/query3.xml
KwData/NetDict/toolbox/toolbox.bmp
KwData/NetDict/toolbox/toolbox.xml
KwData/NetDict/trainticket/traincity.ini
KwData/NetDict/trainticket/trainxibie.ini
KwData/NetDict/weather/city.ini
KwData/NetDict/weather/gif/ǿɳ.gif
.gif
KwData/NetDict/weather/gif/ɳ.gif
.gif
KwData/NetDict/weather/gif/Сѩ-ѩ.gif
.gif
KwData/NetDict/weather/gif/Сѩ.gif
.gif
KwData/NetDict/weather/gif/С-.gif
.gif
KwData/NetDict/weather/gif/С.gif
.gif
KwData/NetDict/weather/gif/ѩ.gif
.gif
KwData/NetDict/weather/gif/-.gif
.gif
KwData/NetDict/weather/gif/.gif
.gif
KwData/NetDict/weather/gif/ѩ-ѩ.gif
.gif
KwData/NetDict/weather/gif/ѩ.gif
.gif
KwData/NetDict/weather/gif/-ش.gif
.gif
KwData/NetDict/weather/gif/.gif
.gif
KwData/NetDict/weather/gif/-.gif
.gif
KwData/NetDict/weather/gif/.gif
.gif
KwData/NetDict/weather/gif/.gif
.gif
KwData/NetDict/weather/gif/.gif
.gif
KwData/NetDict/weather/gif/.gif
.gif
KwData/NetDict/weather/gif/겢б.gif
.gif
KwData/NetDict/weather/gif/.gif
.gif
KwData/NetDict/weather/gif/.gif
.gif
KwData/NetDict/weather/gif/ش.gif
.gif
KwData/NetDict/weather/gif/.gif
.gif
KwData/NetDict/weather/gif/ɳ.gif
.gif
KwData/NetDict/weather/gif/.gif
.gif
KwData/NetDict/weather/gif/ѩ.gif
.gif
KwData/NetDict/weather/gif/ѩ.gif
.gif
KwData/NetDict/weather/gif/.gif
.gif
KwData/NetDict/weather/gif/ѩ-ѩ.gif
.gif
KwData/NetDict/weather/gif/ѩ.gif
.gif
KwData/NetDict/weather/gif/-.gif
.gif
KwData/NetDict/weather/gif/.gif
.gif
KwData/NetDict/weather/weather.ini
KwData/netdict/AddressBar/AddressBarSearchPartner.bmp
KwData/netdict/AddressBar/AddressBarSearchPartner.xml
KwData/netdict/AddressBar/KeyWordHistory.ini
KwData/netdict/ndrver.dat
KwData/netdict/toolbox/query3.xml
KwData/netdict/toolbox/toolbox.bmp
KwData/netdict/toolbox/toolbox.xml
KwData/netdict/trainticket/traincity.ini
KwData/netdict/trainticket/trainxibie.ini
KwData/netdict/weather/city.ini
KwData/netdict/weather/gif/ǿɳ.gif
.gif
KwData/netdict/weather/gif/ɳ.gif
.gif
KwData/netdict/weather/gif/Сѩ-ѩ.gif
.gif
KwData/netdict/weather/gif/Сѩ.gif
.gif
KwData/netdict/weather/gif/С-.gif
.gif
KwData/netdict/weather/gif/С.gif
.gif
KwData/netdict/weather/gif/ѩ.gif
.gif
KwData/netdict/weather/gif/-.gif
.gif
KwData/netdict/weather/gif/.gif
.gif
KwData/netdict/weather/gif/ѩ-ѩ.gif
.gif
KwData/netdict/weather/gif/ѩ.gif
.gif
KwData/netdict/weather/gif/-ش.gif
.gif
KwData/netdict/weather/gif/.gif
.gif
KwData/netdict/weather/gif/-.gif
.gif
KwData/netdict/weather/gif/.gif
.gif
KwData/netdict/weather/gif/.gif
.gif
KwData/netdict/weather/gif/.gif
.gif
KwData/netdict/weather/gif/.gif
.gif
KwData/netdict/weather/gif/겢б.gif
.gif
KwData/netdict/weather/gif/.gif
.gif
KwData/netdict/weather/gif/.gif
.gif
KwData/netdict/weather/gif/ش.gif
.gif
KwData/netdict/weather/gif/.gif
.gif
KwData/netdict/weather/gif/ɳ.gif
.gif
KwData/netdict/weather/gif/.gif
.gif
KwData/netdict/weather/gif/ѩ.gif
.gif
KwData/netdict/weather/gif/ѩ.gif
.gif
KwData/netdict/weather/gif/.gif
.gif
KwData/netdict/weather/gif/ѩ-ѩ.gif
.gif
KwData/netdict/weather/gif/ѩ.gif
.gif
KwData/netdict/weather/gif/-.gif
.gif
KwData/netdict/weather/gif/.gif
.gif
KwData/netdict/weather/weather.ini
KwData/rscver.dat
language/chinese.ini
skins/default.ini
skins/default/AddressBarDockBkgnd.bmp
skins/default/AddressBarDockGoBtnDown.bmp
skins/default/AddressBarDockGoBtnUp.bmp
skins/default/AddressBarDockHisBtnDown.bmp
skins/default/AddressBarDockHisBtnUp.bmp
skins/default/AddressBarDownArrow.bmp
skins/default/AddressBarFloatBkgnd.bmp
skins/default/AddressBarFloatBkgnd2.bmp
skins/default/AddressBarFloatCloseBtnDown.bmp
skins/default/AddressBarFloatCloseBtnUp.bmp
skins/default/AddressBarFloatModeBtnDown.bmp
skins/default/AddressBarFloatModeBtnUp.bmp
skins/default/AddressBarFloatTitle.bmp
skins/default/DialogCloseBtnDown.bmp
skins/default/DialogCloseBtnUp.bmp
skins/default/DialogFrame.bmp
skins/default/DialogModeBtnDown.bmp
skins/default/DialogModeBtnUp.bmp
skins/default/DialogNoTopBtnDown.bmp
skins/default/DialogNoTopBtnUp.bmp
skins/default/DialogTopBtnDown.bmp
skins/default/DialogTopBtnUp.bmp
skins/default/NetDictTitle.bmp
skins/default/Thumbs.db
skins/default/ToolBoxGroupBkgnd.bmp
skins/default/ToolBoxGroupItemBkgnd.bmp
skins/default/ToolBoxGroupItemHotBkgnd.bmp
skins/default/ToolBoxGroupItemSelectedBkgnd.bmp
skins/default/ToolBoxGroupTitleBkgnd.bmp
skins/default/ToolBoxPageFrame.bmp
skins/default/TrianTicktbkgnd.bmp
stcr.dat
temp/modules/addr.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f7ea40916897ceee5b988e4a56602a0c

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:16:8f:e9:04:79:4f:c2:7c:48:99:04:e2:08:40:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24-09-2008 00:00

Not After

24-09-2009 23:59

Subject

CN=China Internet Network Information Center,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technique Dept.,O=China Internet Network Information Center,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:07:5c:2d:33:62:7f:4a:6e:cf:f0:b7:8b:a7:2f:f7:1b:ef:95:1a
Signer

Actual PE Digest

16:07:5c:2d:33:62:7f:4a:6e:cf:f0:b7:8b:a7:2f:f7:1b:ef:95:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetSystemDefaultLangID
LocalFree
ExpandEnvironmentStringsW
GetVersionExA
lstrcmpA
FindNextFileW
FindFirstFileW
GetModuleFileNameA
GetShortPathNameA
CloseHandle
WriteFile
CreateFileA
lstrcpynA
GetCurrentProcess
CopyFileA
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
Process32Next
Process32First
CreateToolhelp32Snapshot
InterlockedIncrement
InterlockedDecrement
HeapDestroy
lstrcatA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
IsDBCSLeadByte
SetFilePointer
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryA
LocalFileTimeToFileTime
GetFileAttributesA
SetFileTime
GetLocalTime
SetEnvironmentVariableA
CompareStringW
GetTickCount
SetEndOfFile
GetOEMCP
GetACP
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapSize
TerminateProcess
LCMapStringW
LCMapStringA
Sleep
ExitProcess
GetVersion
GetCommandLineA
HeapReAlloc
GetSystemTime
CreateThread
LoadLibraryA
GetProcAddress
FreeLibrary
ExpandEnvironmentStringsA
lstrcatW
GetCurrentProcessId
lstrcpyA
lstrcmpiA
SetFileAttributesA
MultiByteToWideChar
WritePrivateProfileStringA
lstrlenA
GetCurrentThreadId
GetProcessHeap
HeapFree
lstrcpyW
lstrcpynW
lstrcmpiW
GetPrivateProfileIntA
lstrlenW
GetPrivateProfileStringA
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetTimeZoneInformation
RtlUnwind
HeapAlloc
DeleteFileA
WideCharToMultiByte
CompareStringA
InterlockedExchange

user32

PtInRect
ScreenToClient
GetCursorPos
GetDC
SetWindowTextW
GetWindowTextLengthW
GetParent
DrawTextW
SendMessageA
IsWindow
GetAsyncKeyState
SetCursor
GetClientRect
GetWindowTextW
SetWindowLongA
PostMessageW
SendMessageW
LoadCursorA
CopyRect
GetSysColor
FindWindowExW
LoadImageW
DestroyIcon
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
wsprintfA
LoadImageA
ReleaseDC
GetWindowLongA
CharNextA
FindWindowExA
GetClassNameA
CreateWindowExA
DestroyWindow
wsprintfW
GetWindowRect
CreatePopupMenu
InsertMenuItemW
CheckMenuItem
TrackPopupMenu
DestroyMenu
CallWindowProcW
SetWindowLongW
GetDlgCtrlID
GetWindowThreadProcessId
FillRect
GetFocus

gdi32

GetTextExtentPointW
SetTextColor
SetBkMode
GetTextExtentPoint32W
CreateCompatibleDC
GetObjectA
SelectObject
CreateDIBSection
BitBlt
DeleteObject
DeleteDC
CreateSolidBrush

advapi32

RegDeleteValueA
RegOpenKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA

shell32

SHGetSpecialFolderPathW
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString

shlwapi

PathAppendA
PathRemoveFileSpecA
PathFileExistsA
StrStrIW
StrCmpIW
StrCmpW
StrStrIA
PathFindFileNameA
StrStrW
StrCmpNIW
StrCpyW
StrCatW
StrCpyNW
StrDupW
UrlApplySchemeW
PathIsURLW
StrRetToBufW
StrRStrIW
PathFileExistsW
PathIsDirectoryW
StrDupA
StrNCatW

wininet

DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
InternetCrackUrlW
InternetCrackUrlA
FindCloseUrlCache

urlmon

URLDownloadToFileA

comctl32

ImageList_Remove
ImageList_ReplaceIcon

ws2_32

gethostbyname
inet_ntoa
WSAGetLastError
WSAStartup
recv
connect
inet_addr
htons
send
setsockopt
socket
closesocket

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
temp/modules/auxr.dll
.dll windows:4 windows x86 arch:x86

47678825157cd635a4fcc2bed640ea66

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:16:8f:e9:04:79:4f:c2:7c:48:99:04:e2:08:40:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24-09-2008 00:00

Not After

24-09-2009 23:59

Subject

CN=China Internet Network Information Center,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technique Dept.,O=China Internet Network Information Center,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0f:96:fd:03:79:ef:84:65:b0:2b:ad:15:c0:4f:d1:10:82:52:67
Signer

Actual PE Digest

61:0f:96:fd:03:79:ef:84:65:b0:2b:ad:15:c0:4f:d1:10:82:52:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

iphlpapi

GetAdaptersInfo

kernel32

RtlUnwind
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
InterlockedDecrement
InterlockedIncrement
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CloseHandle

Exports

Exports

Aux_Aux
Aux_Uid

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
temp/modules/netdict.exe
.exe windows:4 windows x86 arch:x86

8df4fdb1296beed93e4d0e31b8351f87

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:16:8f:e9:04:79:4f:c2:7c:48:99:04:e2:08:40:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24-09-2008 00:00

Not After

24-09-2009 23:59

Subject

CN=China Internet Network Information Center,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technique Dept.,O=China Internet Network Information Center,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

58:1a:66:12:50:89:d2:88:4e:d0:a6:1b:5d:3b:37:db:a2:fc:f9:af
Signer

Actual PE Digest

58:1a:66:12:50:89:d2:88:4e:d0:a6:1b:5d:3b:37:db:a2:fc:f9:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIA
PathFileExistsA
PathRemoveFileSpecA
PathAppendA

kernel32

GetPrivateProfileStringA
GetModuleFileNameA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetACP
HeapSize
TerminateProcess
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapReAlloc
GetSystemTime
GetTimeZoneInformation
HeapAlloc
HeapFree
RaiseException
RtlUnwind
SetErrorMode
GetFileTime
GetFullPathNameA
GetVolumeInformationA
GetProfileIntA
GetProfileStringA
InterlockedExchange
GetExitCodeThread
LocalSize
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
OpenProcess
LoadLibraryExW
LoadLibraryW
VirtualQuery
VirtualProtect
GetSystemInfo
GetWindowsDirectoryA
LoadLibraryExA
GetCurrentProcessId
WinExec
ExpandEnvironmentStringsA
GetPrivateProfileIntA
WritePrivateProfileStringA
DeleteFileA
SetFileAttributesA
CreateThread
CloseHandle
WriteFile
CreateFileA
lstrcpynA
GetLocalTime
CreateDirectoryA
FindClose
FindNextFileA
CopyFileA
FindFirstFileA
GetLastError
CreateMutexA
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
SetProcessWorkingSetSize
GetCurrentProcess
GetPrivateProfileSectionA
Sleep
TerminateThread
WaitForMultipleObjects
SetFilePointer
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryA
LocalFileTimeToFileTime
GetFileAttributesA
SetFileTime
MultiByteToWideChar
GetTempFileNameA
GetTempPathA
GetCurrentThreadId
OpenThread
WideCharToMultiByte
GetFileSize
FileTimeToSystemTime
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
LockResource
LoadResource
SizeofResource
FindResourceA
GlobalFree
GetModuleHandleA
lstrcpyA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
lstrcatA
GetVersion
SetLastError
MulDiv
InterlockedIncrement
InterlockedDecrement
lstrlenA
LocalFree
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GlobalFlags
FileTimeToLocalFileTime
lstrlenW
SetThreadPriority
ResumeThread
WaitForSingleObject
lstrcmpA
GetCurrentThread
GetThreadLocale
FormatMessageA

user32

TranslateAcceleratorA
SetMenu
ReuseDDElParam
LoadAcceleratorsA
SetRectEmpty
RegisterClipboardFormatA
CharUpperA
MessageBeep
GetNextDlgGroupItem
DeleteMenu
InsertMenuA
GetWindowThreadProcessId
SendMessageA
EnableWindow
UnpackDDElParam
LoadImageA
InvalidateRect
PtInRect
CheckMenuItem
AppendMenuA
CreatePopupMenu
GetMenuStringA
PostMessageA
GetParent
LoadBitmapA
FindWindowExA
wsprintfA
DrawTextA
PostThreadMessageA
DestroyIcon
GetWindowRect
GetSystemMetrics
GetFocus
SetForegroundWindow
IsWindowVisible
FindWindowA
IsWindow
LoadIconA
DrawIcon
IsIconic
SetTimer
KillTimer
EnableMenuItem
ModifyMenuA
GetSubMenu
GetCursorPos
GetClientRect
RegisterWindowMessageA
ReleaseCapture
SetCapture
SetRect
CopyAcceleratorTableA
LoadStringA
GetSysColorBrush
LoadCursorA
GetClassNameA
InflateRect
WaitMessage
MapDialogRect
SetWindowContextHelpId
GetMessageA
TranslateMessage
ValidateRect
SetCursor
ShowOwnedPopups
PostQuitMessage
CharNextA
DestroyMenu
WindowFromPoint
GrayStringA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
ShowWindow
MoveWindow
SetWindowTextA
SetWindowPos
IntersectRect
LoadMenuA
GetDlgCtrlID
CopyRect
ScreenToClient
ClientToScreen
MessageBoxA
FillRect
BringWindowToTop
IsWindowEnabled
GetDesktopWindow
ReleaseDC
GetDC
GetIconInfo
GetDlgItem
GetWindowLongA
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
UnregisterClassA
DrawMenuBar
TranslateMDISysAccel
ExcludeUpdateRgn
GetClipboardFormatNameA
IsZoomed
GetKeyboardLayoutList
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
GetKeyboardState
ToAsciiEx
GetKeyboardLayout
MapVirtualKeyExA
GetWindowTextLengthA
GetWindowTextA
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
GetWindow
SetWindowLongA
OffsetRect
SystemParametersInfoA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
CreateIconFromResourceEx
DrawStateA
DrawIconEx
CreateIconIndirect
CopyIcon
SetClipboardData
SetMenuDefaultItem
EnumChildWindows
SetParent
DrawAnimatedRects
SetWindowRgn
IsRectEmpty
RedrawWindow
CloseClipboard
EmptyClipboard
OpenClipboard
GetTabbedTextExtentA
IsClipboardFormatAvailable
InvertRect
DrawFocusRect
GetDCEx
LockWindowUpdate
DrawEdge
SendMessageTimeoutA
SetWindowLongW
GetWindowLongW
IsWindowUnicode
EnumWindows
EnableScrollBar
CallWindowProcW
DefWindowProcW
DefFrameProcA
DefFrameProcW
DefDlgProcA
DefDlgProcW
DefMDIChildProcA
DefMDIChildProcW
RegisterClassW
DrawFrameControl
GetCursor
LookupIconIdFromDirectoryEx
GetMenuStringW
SetCursorPos
SetClassLongA
GetSystemMenu
GetDoubleClickTime
UnionRect
GetMenuItemInfoA
IsMenu
MapVirtualKeyA
ShowCaret
HideCaret
GetWindowRgn
GetMenuDefaultItem
IsCharLowerA
GetKeyNameTextA

gdi32

LineTo
MoveToEx
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SelectPalette
CreateRectRgn
CombineRgn
CreateFontIndirectA
GetStockObject
SetBkMode
StretchDIBits
RectVisible
CreateCompatibleBitmap
SaveDC
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
RestoreDC
GetDIBits
CreateDIBSection
SetBrushOrgEx
PatBlt
CreatePen
SetTextAlign
GetDeviceCaps
CreateBitmap
SetBkColor
SetStretchBltMode
DeleteDC
CreateSolidBrush
SetTextColor
SelectObject
StretchBlt
CreateCompatibleDC
GetObjectA
BitBlt
DeleteObject
CreateFontA
GetClipRgn
GetObjectType
GetViewportExtEx
SetPixel
ExtCreateRegion
GetViewportOrgEx
GetCurrentObject
Polygon
RoundRect
EnumFontFamiliesExA
GetTextCharsetInfo
OffsetRgn
GetBitmapBits
CreatePalette
CreateDIBitmap
ExtTextOutW
GetTextExtentPoint32W
GetCharWidthA
PtInRegion
Polyline
Ellipse
ExtFloodFill
GetWindowOrgEx
GetRgnBox
CreatePolygonRgn
GetTextExtentPointA
GetWindowExtEx
PtVisible
TextOutA
ExtTextOutA
Escape
GetTextColor
GetBkColor
GetMapMode
SetRectRgn
DPtoLP
GetTextExtentPoint32A
GetTextMetricsA
LPtoDP
CopyMetaFileA
GetPixel
CreatePatternBrush

comdlg32

GetOpenFileNameA
GetFileTitleA
ChooseColorA
GetSaveFileNameA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA
DragQueryFileA
Shell_NotifyIconA
SHAppBarMessage
DragFinish

comctl32

ImageList_GetImageInfo
ImageList_Add
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_DrawEx
ImageList_AddMasked
ImageList_GetImageCount
_TrackMouseEvent
ImageList_Draw
ImageList_LoadImageA
ImageList_Create
ImageList_Destroy
ord17
FlatSB_GetScrollProp
ImageList_GetBkColor
ImageList_DrawIndirect
ImageList_Remove
ImageList_GetIconSize

oledlg

ord1
ord8

ole32

OleInitialize
ReleaseStgMedium
CoRevokeClassObject
OleFlushClipboard
OleUninitialize
OleDuplicateData
CoTaskMemAlloc
CoTaskMemFree
OleIsCurrentClipboard
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleRun
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CreateStreamOnHGlobal
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
DoDragDrop
CreateILockBytesOnHGlobal

olepro32

ord253

oleaut32

LoadTypeLi
SysFreeString
VariantTimeToSystemTime
VarBstrFromDate
SysStringByteLen
VariantChangeType
SysAllocStringByteLen
OleLoadPicturePath
VariantCopy
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
SysAllocString
SysStringLen
VariantClear
VariantChangeTypeEx
VarDateFromStr

urlmon

URLDownloadToFileA

wsock32

WSACleanup
setsockopt
send
htons
ioctlsocket
connect
WSAGetLastError
gethostbyname
inet_addr
closesocket
socket
WSAStartup
recv

wininet

FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindCloseUrlCache
FindNextUrlCacheEntryA
InternetCrackUrlA

msvcrt

fopen
wcsncmp
longjmp
_wcsicmp
_wtoi
swscanf
_setjmp3
wcschr
mbstowcs
_wcslwr
wcscmp
strtod
wcsstr
strncmp
qsort
malloc
fscanf
fgets
getc
fputc
fflush
ftell
fseek
fwrite
fread
fclose
floor
free
strncpy

imagehlp

ImageDirectoryEntryToData

winmm

PlaySoundA

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
temp/modules/netdictsvr.exe
.exe windows:4 windows x86 arch:x86

06b02a6660e89e80abed6acf17f20cfe

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:16:8f:e9:04:79:4f:c2:7c:48:99:04:e2:08:40:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24-09-2008 00:00

Not After

24-09-2009 23:59

Subject

CN=China Internet Network Information Center,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technique Dept.,O=China Internet Network Information Center,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c5:65:1b:eb:2e:55:e9:a9:08:d0:73:0e:80:a4:7e:a6:c3:d6:4d:d7
Signer

Actual PE Digest

c5:65:1b:eb:2e:55:e9:a9:08:d0:73:0e:80:a4:7e:a6:c3:d6:4d:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
OpenProcess
WaitForSingleObject
GetExitCodeProcess
SetFilePointer
TerminateThread
GetExitCodeThread
GetLastError
CreateMutexA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
SetFileAttributesA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
CopyFileA
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
InterlockedDecrement
CloseHandle
CreateThread
GetTickCount
lstrcpynA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetSystemDefaultLangID
GetModuleHandleA
FindResourceA
LoadResource
LockResource
SizeofResource
CreateFileA
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
MultiByteToWideChar
WriteFile
WideCharToMultiByte
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
HeapSize
HeapReAlloc
TerminateProcess
TlsGetValue
SetLastError
RtlUnwind
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
InterlockedIncrement
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
RaiseException
TlsSetValue
TlsAlloc

user32

wsprintfA
GetDlgItem
SetWindowTextA
LoadImageA
GetSystemMetrics
EndDialog
UpdateWindow
SendMessageA
MessageBoxA
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoA
GetWindowRect
GetWindow
PostMessageA
ShowWindow
SetWindowLongA
DestroyWindow
DefWindowProcA
GetActiveWindow
DialogBoxParamA
GetWindowLongA
GetParent

advapi32

DuplicateTokenEx
StartServiceCtrlDispatcherA
ControlService
DeleteService
OpenSCManagerA
OpenServiceA
CreateServiceA
ChangeServiceConfig2A
StartServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenProcessToken
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CreateProcessAsUserA

shell32

ShellExecuteA

ole32

CoInitialize
CoUninitialize

comctl32

InitCommonControlsEx

ws2_32

recv
WSAStartup
socket
closesocket
inet_ntoa
gethostbyname
WSAGetLastError
connect
inet_addr
htons
send
setsockopt

wininet

InternetCrackUrlA

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
temp/modules/shell.exe
.exe windows:4 windows x86 arch:x86

5f1fb2e8f92d02521ae035c612c9da52

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:16:8f:e9:04:79:4f:c2:7c:48:99:04:e2:08:40:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24-09-2008 00:00

Not After

24-09-2009 23:59

Subject

CN=China Internet Network Information Center,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technique Dept.,O=China Internet Network Information Center,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:57:2d:63:02:8b:13:20:23:80:65:0c:82:e0:1b:50:1e:96:8c:4d
Signer

Actual PE Digest

11:57:2d:63:02:8b:13:20:23:80:65:0c:82:e0:1b:50:1e:96:8c:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
Process32Next
TerminateProcess
OpenProcess
CloseHandle
Module32Next
Module32First
Process32First
CreateToolhelp32Snapshot
GetShortPathNameA
LocalFree
GetCurrentProcess
lstrcmpiA
OutputDebugStringA
GetProcAddress
CreateMutexA
InterlockedDecrement
DebugBreak
GetPrivateProfileIntA
Sleep
WinExec
ReadFile
SetStdHandle
FlushFileBuffers
VirtualAlloc
IsBadCodePtr
FreeLibrary
GetSystemDefaultLangID
lstrlenA
WritePrivateProfileStringA
CreateDirectoryA
InterlockedIncrement
FindFirstFileA
SetFileAttributesA
DeleteFileA
FindNextFileA
FindClose
RemoveDirectoryA
ExpandEnvironmentStringsA
GetModuleFileNameA
GetPrivateProfileStringA
GetLastError
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
SetFilePointer
WriteFile
VirtualFree
HeapCreate
HeapDestroy
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetCPInfo
GetACP
GetOEMCP
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
RaiseException

user32

CharNextA
wvsprintfA
FindWindowA
IsWindowVisible
LoadStringA

advapi32

OpenProcessToken
RegEnumKeyA
CreateProcessAsUserA
LookupPrivilegeValueA
AdjustTokenPrivileges
SetEntriesInAclA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegSetValueExA

shlwapi

SHDeleteKeyA
SHSetValueA
SHGetValueA
StrStrIA
PathFileExistsA
PathRemoveFileSpecA
PathAppendA

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
temp/modules/sign.dll
.dll windows:4 windows x86 arch:x86

42c095e840a02bdbd17c7caf849a3f19

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:16:8f:e9:04:79:4f:c2:7c:48:99:04:e2:08:40:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24-09-2008 00:00

Not After

24-09-2009 23:59

Subject

CN=China Internet Network Information Center,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technique Dept.,O=China Internet Network Information Center,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

36:f0:0d:69:c9:0d:3b:ac:e2:82:d3:ad:a6:3e:06:25:b1:93:24:af
Signer

Actual PE Digest

36:f0:0d:69:c9:0d:3b:ac:e2:82:d3:ad:a6:3e:06:25:b1:93:24:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
ReadFile
GetFileSize
CreateFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CopyFileA
WriteFile
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
FlushFileBuffers
GetStringTypeA
GetStringTypeW
SetStdHandle
LCMapStringA
LCMapStringW
RtlUnwind

Exports

Exports

Sign_SplitSgnFile
Sign_VerifySgnFile

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
temp/modules/skins/Office2007.cjstyles
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2009 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-11-2006 00:00

Not After

20-10-2008 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

68:dc:ca:b4:82:02:29:91:3b:fa:b5:ff:e5:99:7e:af:8d:7f:7c:b9
Signer

Actual PE Digest

68:dc:ca:b4:82:02:29:91:3b:fa:b5:ff:e5:99:7e:af:8d:7f:7c:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe.nsis
url.ico
version.dat
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

dfb06052e74b26a42b0e490bd1c07959

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4e:16:8f:e9:04:79:4f:c2:7c:48:99:04:e2:08:40:f4Certificate

Extended Key Usages

Key Usages

11:7f:99:20:20:b5:6a:1c:08:8b:35:1b:f4:ac:9c:68:25:95:b3:90Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 112KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 102KB - Virtual size: 102KB

ed83f419402bc3b83a08e3aaf8b5b5b7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 348B

.reloc Size: 1024B - Virtual size: 780B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 496B

f7ea40916897ceee5b988e4a56602a0c

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4e:16:8f:e9:04:79:4f:c2:7c:48:99:04:e2:08:40:f4
Certificate

11:7f:99:20:20:b5:6a:1c:08:8b:35:1b:f4:ac:9c:68:25:95:b3:90
Signer

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 112KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 102KB - Virtual size: 102KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 348B

.reloc
Size: 1024B - Virtual size: 780B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4e:16:8f:e9:04:79:4f:c2:7c:48:99:04:e2:08:40:f4
Certificate

16:07:5c:2d:33:62:7f:4a:6e:cf:f0:b7:8b:a7:2f:f7:1b:ef:95:1a
Signer

.text
Size: 112KB - Virtual size: 108KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 56KB

Shared
Size: 4KB - Virtual size: 52B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 12KB - Virtual size: 9KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4e:16:8f:e9:04:79:4f:c2:7c:48:99:04:e2:08:40:f4
Certificate

61:0f:96:fd:03:79:ef:84:65:b0:2b:ad:15:c0:4f:d1:10:82:52:67
Signer

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4e:16:8f:e9:04:79:4f:c2:7c:48:99:04:e2:08:40:f4
Certificate

58:1a:66:12:50:89:d2:88:4e:d0:a6:1b:5d:3b:37:db:a2:fc:f9:af
Signer