d1c150319f61ad98e42d43d8c1ddaa16_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d1c150319f61ad98e42d43d8c1ddaa16_JaffaCakes118
Size

5.3MB
MD5

d1c150319f61ad98e42d43d8c1ddaa16
SHA1

34b7ce828bce74fe0d2155f8aaa99032e33b9ce6
SHA256

e63c78068450a39a486d3f9e93fdcde8574bd0b8623df67c598dbef3aeac780f
SHA512

5651b9b5b48c8abbb039b3e4dcbc6f921c616ab63e1a7df28bb84bf380f04dba4203cc865cfd026c5192b081b6fe2e044e0428c18716b31c3e3ccf8eb015383d
SSDEEP

98304:M2JxayCGq5j2jXJ5Z5Kcw+YKubXqG3Bl2maTk2iK7AYok3LvBDGtU+YT:1Jlq5j2V5Ztw+Y7rqGv2maTk9K7qwXh

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
d1c150319f61ad98e42d43d8c1ddaa16_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/btag.dll
unpack001/DaVincisGold.exe
unpack001/Loader.exe
unpack001/uninst.exe
unpack002/$PLUGINSDIR/LangDLL.dll
unpack002/$PLUGINSDIR/UserInfo.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_1

Files

d1c150319f61ad98e42d43d8c1ddaa16_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1dba24346e415c53ffa8a8a260a9f47e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CloseHandle
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
FindWindowExA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

48cfa0ea7e353e4a7dd23572da8374ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName

Sections

.text
Size: 1024B - Virtual size: 573B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/btag.dll
.dll windows:4 windows x86 arch:x86

301d69c4c2a330e6c5b27536954310e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

x:\installer\NSIS\Plugins\btag.pdb

Imports

kernel32

LocalAlloc
CreateDirectoryA
GetLastError
LocalFree
GlobalAlloc
lstrcpynA
lstrcpyA
GlobalFree
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
ReadFile
EnterCriticalSection
LeaveCriticalSection
HeapFree
CloseHandle
SetFilePointer
TerminateProcess
GetCurrentProcess
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetCPInfo
GetLocaleInfoA
GetACP
GetOEMCP
SetStdHandle
VirtualAlloc
HeapReAlloc
FlushFileBuffers
CreateFileA
InitializeCriticalSection
VirtualProtect
GetSystemInfo
LCMapStringA
LCMapStringW
SetEndOfFile
HeapSize

advapi32

SetSecurityDescriptorDacl
RegOpenKeyExA
RegSetKeySecurity
RegCloseKey
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
FreeSid

Exports

Exports

CreateAccessibleDirectory
GetBtag
SetRegistryAccess

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
DaVincisGold.exe
.exe windows:4 windows x86 arch:x86

1dbcf2c6cdfb8812f5650277b7998cf3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
GetDC

kernel32

GetModuleFileNameA
GetEnvironmentVariableA
ExitProcess
FormatMessageA
GetLastError
SetLastError
GetProcAddress
VirtualProtect
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameW
GetVersionExA
VirtualFree
VirtualAlloc
GlobalAlloc
SetFilePointer
ReadFile
CreateFileA
LoadLibraryA

advapi32

FreeSid

comctl32

ImageList_Add

comdlg32

PrintDlgA

gdi32

SaveDC

ole32

OleRun

oleaut32

VarNot

shell32

DragFinish

urlmon

HlinkNavigateString

version

VerQueryValueA

wininet

InternetOpenA

winmm

joyGetPos

winspool.drv

OpenPrinterA

wsock32

send

Sections

.text
Size: 39KB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Loader.exe
.exe windows:4 windows x86 arch:x86

046aab91abaf21a4aa4af5ba09b6c737

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

x:\installer\Loader\Release\Loader.pdb

Imports

kernel32

GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
MultiByteToWideChar
WideCharToMultiByte
CreateProcessA
CloseHandle
WaitForSingleObject
CreateEventA
GetCommandLineA
GetLastError
InitializeCriticalSection
DeleteCriticalSection
RaiseException
GetStringTypeW
GetStringTypeA
CreateFileA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
MoveFileA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
DeleteFileA
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
SetUnhandledExceptionFilter
HeapCreate
VirtualFree
IsBadWritePtr
GetOEMCP
GetCPInfo
ReadFile
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
LCMapStringA
LCMapStringW
WriteFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryA
IsBadReadPtr
SetEndOfFile

user32

MessageBoxA

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
commonInclude.swf
config/config.xml
gameThumbs/thumb_3CardPoker.swf
gameThumbs/thumb_7andBar.swf
gameThumbs/thumb_ATRT.swf
gameThumbs/thumb_AcesFaces.swf
gameThumbs/thumb_AmerRoul.swf
gameThumbs/thumb_AtomicAge.swf
gameThumbs/thumb_Baccarat.swf
gameThumbs/thumb_BigCash.swf
gameThumbs/thumb_Blackjack.swf
gameThumbs/thumb_CaribbStud.swf
gameThumbs/thumb_CashCow.swf
gameThumbs/thumb_ChickenLittle.swf
gameThumbs/thumb_Craps.swf
gameThumbs/thumb_DeuceJoker.swf
gameThumbs/thumb_DeucesWild.swf
gameThumbs/thumb_DoubleJoker.swf
gameThumbs/thumb_Emergency.swf
gameThumbs/thumb_EuroRoul.swf
gameThumbs/thumb_FanFruit.swf
gameThumbs/thumb_FleaMarket.swf
gameThumbs/thumb_GoldRush.swf
gameThumbs/thumb_Grandmas.swf
gameThumbs/thumb_Hobos.swf
gameThumbs/thumb_Jokerpoker.swf
gameThumbs/thumb_JorB.swf
gameThumbs/thumb_Keno.swf
gameThumbs/thumb_LetItRide.swf
gameThumbs/thumb_MetalDetect.swf
gameThumbs/thumb_PaiGow.swf
gameThumbs/thumb_RedDog.swf
gameThumbs/thumb_ReelCrime.swf
gameThumbs/thumb_ReelCrime2.swf
gameThumbs/thumb_ReelOfFortune.swf
gameThumbs/thumb_ScratchCard.swf
gameThumbs/thumb_SicBo.swf
gameThumbs/thumb_So80s.swf
gameThumbs/thumb_SpyGame.swf
gameThumbs/thumb_SurfParadise.swf
gameThumbs/thumb_TorB.swf
gameThumbs/thumb_War.swf
games/LoadingScreen.swf
icon.ico
promoManager.swf
unicows.dll
.dll windows:5 windows x86 arch:x86

628730441f2453f40c61ce661f08e0ca

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a7:a2:13:01:eb:da:5d:60:b9:4a:67:90:6b:06:79:8b:f5:ed:1c:2f
Signer

Actual PE Digest

a7:a2:13:01:eb:da:5d:60:b9:4a:67:90:6b:06:79:8b:f5:ed:1c:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\dnsrv\sdktools\unicows\godot\obj\i386\unicows.pdb

Imports

kernel32

GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileAttributesW
FindClose
IsDBCSLeadByte
GetFullPathNameA
GetFullPathNameW
GetLocaleInfoW
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetNamedPipeHandleStateA
GetNamedPipeHandleStateW
GetNumberFormatA
GetNumberFormatW
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileSectionA
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionNamesW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileStructA
GetPrivateProfileStructW
GetProfileIntA
GetProfileIntW
GetProfileSectionA
GetProfileSectionW
GetProfileStringA
GetProfileStringW
GetShortPathNameA
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStringTypeExA
GetStringTypeExW
GetSystemDirectoryA
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetTimeFormatA
GetTimeFormatW
GetVersionExA
GetVersionExW
GetVolumeInformationA
GetVolumeInformationW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAddAtomW
GlobalFindAtomA
GlobalFindAtomW
GlobalGetAtomNameA
GlobalGetAtomNameW
IsBadStringPtrW
IsValidCodePage
LCMapStringA
LCMapStringW
LoadLibraryW
LoadLibraryExW
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
MoveFileW
OpenEventA
GetDefaultCommConfigW
OpenFileMappingA
OpenFileMappingW
OpenMutexA
OpenMutexW
OpenSemaphoreA
OpenSemaphoreW
OutputDebugStringA
OutputDebugStringW
PeekConsoleInputA
PeekConsoleInputW
QueryDosDeviceA
QueryDosDeviceW
ReadConsoleA
ReadConsoleW
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleOutputA
ReadConsoleOutputW
ReadConsoleOutputCharacterA
ReadConsoleOutputCharacterW
RemoveDirectoryA
RemoveDirectoryW
ScrollConsoleScreenBufferA
ScrollConsoleScreenBufferW
SearchPathA
SearchPathW
SetComputerNameA
SetComputerNameW
SetConsoleTitleA
SetConsoleTitleW
SetCurrentDirectoryA
SetCurrentDirectoryW
SetDefaultCommConfigA
SetDefaultCommConfigW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetFileAttributesA
SetFileAttributesW
SetLocaleInfoA
SetLocaleInfoW
SetVolumeLabelA
SetVolumeLabelW
VerLanguageNameA
VerLanguageNameW
WaitNamedPipeA
WaitNamedPipeW
WriteConsoleA
WriteConsoleW
WriteConsoleInputA
WriteConsoleInputW
WriteConsoleOutputA
WriteConsoleOutputW
WriteConsoleOutputCharacterA
WriteConsoleOutputCharacterW
WritePrivateProfileSectionA
WritePrivateProfileSectionW
WritePrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStructA
WritePrivateProfileStructW
WriteProfileSectionA
WriteProfileSectionW
WriteProfileStringA
WriteProfileStringW
FindResourceA
IsBadWritePtr
SetErrorMode
GetStringTypeW
FindResourceW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetDefaultCommConfigA
GetDateFormatW
GetDateFormatA
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrencyFormatW
GetCurrencyFormatA
GetConsoleTitleW
GetConsoleTitleA
GetComputerNameW
GetComputerNameA
GetAtomNameW
GetAtomNameA
FormatMessageW
FormatMessageA
HeapReAlloc
LocalAlloc
FreeEnvironmentStringsW
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindFirstChangeNotificationW
FindFirstChangeNotificationA
FindAtomW
FindAtomA
FillConsoleOutputCharacterW
FillConsoleOutputCharacterA
FatalAppExitW
FatalAppExitA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
EnumTimeFormatsW
EnumTimeFormatsA
EnumSystemLocalesW
EnumSystemLocalesA
EnumSystemCodePagesW
EnumDateFormatsW
EnumDateFormatsA
EnumCalendarInfoW
EnumCalendarInfoA
DeleteFileW
CreateSemaphoreW
CreateSemaphoreA
CreateProcessW
CreateProcessA
CreateNamedPipeW
CreateNamedPipeA
CreateMutexW
CreateMutexA
CreateMailslotW
CreateMailslotA
CreateFileMappingW
CreateFileMappingA
CreateFileW
CreateEventW
CreateEventA
CreateDirectoryExW
CreateDirectoryExA
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileA
CompareStringW
CommConfigDialogW
CommConfigDialogA
CallNamedPipeW
CallNamedPipeA
BuildCommDCBAndTimeoutsW
BuildCommDCBAndTimeoutsA
BuildCommDCBW
BuildCommDCBA
AddAtomW
AddAtomA
InitializeCriticalSection
GetACP
GetOEMCP
DeleteCriticalSection
GetFileAttributesA
LoadLibraryExA
EnumResourceTypesW
EnumResourceNamesW
EnumResourceLanguagesW
lstrlenW
FindResourceExW
SizeofResource
LoadResource
LockResource
FreeResource
GetTempFileNameA
GetTempPathA
DeleteFileA
MoveFileA
_lclose
_lread
_lwrite
_llseek
VirtualQuery
GetSystemInfo
VirtualFree
VirtualAlloc
VirtualProtect
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetCurrentProcessId
GetLastError
EnterCriticalSection
LeaveCriticalSection
CompareStringA
LocalFree
GlobalAddAtomA
lstrcpyA
AreFileApisANSI
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
WideCharToMultiByte
GetCurrentThreadId
lstrcmpA
lstrcmpiA
GetLocaleInfoA
CreateFileA
GetFileSize
CloseHandle
IsDBCSLeadByteEx
LoadLibraryA
InterlockedExchange
FreeLibrary
GetCPInfo
GetVersion
GetModuleHandleA
GetProcAddress
lstrlenA
GetProcessHeap
HeapAlloc
SetLastError
MultiByteToWideChar
OpenEventW
HeapFree
RtlUnwind

user32

TranslateAcceleratorW
TabbedTextOutA
TabbedTextOutW
UnregisterClassA
UnregisterClassW
VkKeyScanExA
VkKeyScanExW
WinHelpA
WinHelpW
wvsprintfW
CharLowerW
CharUpperW
EnumClipboardFormats
GetClipboardData
VkKeyScanW
wsprintfW
IsCharUpperW
IsCharLowerW
IsCharAlphaNumericW
IsCharAlphaW
InsertMenuItemW
InsertMenuItemA
InsertMenuW
InsertMenuA
GrayStringW
GrayStringA
GetWindowTextLengthW
GetWindowTextLengthA
GetWindowTextW
GetWindowTextA
GetWindowLongW
GetTabbedTextExtentW
GetTabbedTextExtentA
GetPropW
GetMessageW
GetMenuStringW
GetMenuStringA
GetMenuItemInfoW
GetMenuItemInfoA
GetKeyNameTextW
GetKeyboardLayout
GetKeyNameTextA
GetKeyboardLayoutNameW
GetKeyboardLayoutNameA
GetDlgItemTextW
GetDlgItemTextA
GetClipboardFormatNameW
GetClipboardFormatNameA
GetClassNameW
GetClassLongW
GetClassLongA
GetClassInfoExW
GetClassInfoExA
GetClassInfoW
GetClassInfoA
FindWindowExW
FindWindowExA
FindWindowW
FindWindowA
EnableWindow
EnumPropsExW
EnumPropsExA
EnumPropsW
EnumPropsA
EnumDisplaySettingsW
EnumDisplaySettingsA
DrawTextExW
DrawTextExA
DrawTextW
DrawTextA
DrawStateW
DrawStateA
DlgDirSelectExW
DlgDirSelectExA
DlgDirSelectComboBoxExW
DlgDirSelectComboBoxExA
DlgDirListComboBoxW
DlgDirListComboBoxA
SystemParametersInfoW
DlgDirListA
DispatchMessageW
DialogBoxParamW
DialogBoxParamA
DialogBoxIndirectParamW
DialogBoxIndirectParamA
DefMDIChildProcW
DefFrameProcW
DefDlgProcW
DdeQueryStringW
DdeQueryStringA
DdeQueryConvInfo
DdeInitializeW
DdeInitializeA
DdeCreateStringHandleW
DdeCreateStringHandleA
DdeConnectList
DdeConnect
CharUpperBuffW
IsCharLowerA
CharToOemBuffW
CharToOemW
CharPrevW
CharNextW
CharLowerBuffW
IsCharUpperA
SystemParametersInfoA
SetWindowTextW
SetWindowTextA
SetWindowsHookExW
SetWindowsHookW
SetWindowsHookA
SetWindowLongW
SetPropW
SetMenuItemInfoW
SetMenuItemInfoA
SetDlgItemTextW
SetDlgItemTextA
SetClassLongW
SetClassLongA
SendNotifyMessageW
SendMessageTimeoutW
SendMessageCallbackW
SendMessageW
SendDlgItemMessageW
RemovePropW
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClipboardFormatA
RegisterClassExW
RegisterClassExA
RegisterClassW
RegisterClassA
PostThreadMessageW
PostMessageW
PeekMessageW
OemToCharBuffW
OemToCharW
ModifyMenuW
ModifyMenuA
MessageBoxIndirectW
MessageBoxIndirectA
MessageBoxExW
MessageBoxW
MapVirtualKeyExW
ChangeMenuW
ChangeMenuA
ChangeDisplaySettingsW
ChangeDisplaySettingsA
CreateWindowExW
CreateWindowExA
CreateMDIWindowW
CreateMDIWindowA
CreateDialogParamW
CreateDialogParamA
CreateDialogIndirectParamW
CreateDialogIndirectParamA
CreateAcceleratorTableW
CreateAcceleratorTableA
CopyAcceleratorTableW
CopyAcceleratorTableA
CallWindowProcW
CallMsgFilterW
CallMsgFilterA
AppendMenuW
AppendMenuA
GetWindowThreadProcessId
SetWindowLongA
TranslateAcceleratorA
IsDialogMessageA
DispatchMessageA
PeekMessageA
GetMessageA
PostThreadMessageA
PostMessageA
SendNotifyMessageA
SendMessageTimeoutA
SendMessageCallbackA
SendMessageA
DefWindowProcA
CallWindowProcA
DefMDIChildProcA
DefFrameProcA
DefDlgProcA
GetWindowLongA
GetParent
GetDlgItem
DestroyWindow
SetPropA
RemovePropA
GetClassNameA
UnhookWindowsHookEx
SetWindowsHookExA
RegisterWindowMessageA
CallNextHookEx
MapVirtualKeyExA
EnumChildWindows
MapVirtualKeyW
MapVirtualKeyA
LoadStringW
LoadMenuIndirectW
IsDlgButtonChecked
GetPropA
LoadMenuIndirectA
LoadMenuW
LoadMenuA
LoadKeyboardLayoutW
LoadKeyboardLayoutA
LoadImageW
LoadImageA
LoadIconW
LoadIconA
LoadCursorFromFileW
LoadCursorFromFileA
LoadCursorW
LoadCursorA
LoadBitmapW
LoadBitmapA
LoadAcceleratorsW
LoadAcceleratorsA
IsWindowUnicode
IsWindow
DlgDirListW
IsDialogMessageW
IsClipboardFormatAvailable

gdi32

GetEnhMetaFileDescriptionW
GetGlyphOutlineA
GetGlyphOutlineW
GetICMProfileA
GetICMProfileW
GetKerningPairsA
GetKerningPairsW
GetLogColorSpaceA
GetLogColorSpaceW
GetMetaFileA
GetMetaFileW
GetObjectA
GetObjectType
GetObjectW
GetOutlineTextMetricsA
GetOutlineTextMetricsW
GetTextExtentExPointA
GetTextExtentExPointW
GetTextExtentPointA
GetEnhMetaFileDescriptionA
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextFaceA
GetTextFaceW
GetTextMetricsA
GetTextMetricsW
PolyTextOutA
PolyTextOutW
RemoveFontResourceA
RemoveFontResourceW
ResetDCA
ResetDCW
SetICMProfileA
SetICMProfileW
StartDocA
StartDocW
TextOutW
UpdateICMRegKeyA
UpdateICMRegKeyW
GetEnhMetaFileW
GetEnhMetaFileA
GetCharacterPlacementW
GetCharacterPlacementA
GetCharWidthFloatW
GetCharWidthFloatA
GetCharWidth32W
GetCharWidthW
GetCharWidthA
GetCharABCWidthsFloatW
GetCharABCWidthsFloatA
GetCharABCWidthsW
GetCharABCWidthsA
ExtTextOutW
ExtTextOutA
EnumICMProfilesW
EnumICMProfilesA
EnumFontsW
EnumFontsA
EnumFontFamiliesExW
EnumFontFamiliesExA
EnumFontFamiliesW
EnumFontFamiliesA
CreateScalableFontResourceW
CreateScalableFontResourceA
CreateMetaFileW
CreateMetaFileA
CreateICW
CreateICA
CreateFontIndirectW
CreateFontIndirectA
CreateFontW
CreateFontA
CreateEnhMetaFileW
CreateEnhMetaFileA
CreateDCW
CreateDCA
CreateColorSpaceW
CreateColorSpaceA
CopyMetaFileW
CopyMetaFileA
CopyEnhMetaFileW
CopyEnhMetaFileA
AddFontResourceW
AddFontResourceA
GetFontData
GetTextExtentPointW
TranslateCharsetInfo
GetTextCharset

mpr

WNetGetUniversalNameW
MultinetGetConnectionPerformanceW
WNetAddConnectionA
WNetAddConnectionW
WNetAddConnection2A
WNetAddConnection2W
WNetAddConnection3A
WNetAddConnection3W
WNetCancelConnectionA
WNetCancelConnectionW
WNetCancelConnection2A
WNetCancelConnection2W
WNetConnectionDialog1A
WNetConnectionDialog1W
WNetDisconnectDialog1A
WNetDisconnectDialog1W
WNetEnumResourceA
WNetEnumResourceW
WNetGetConnectionA
WNetGetConnectionW
WNetGetLastErrorA
WNetGetLastErrorW
WNetGetNetworkInformationA
WNetGetNetworkInformationW
WNetGetProviderNameA
WNetUseConnectionW
WNetUseConnectionA
WNetOpenEnumW
WNetOpenEnumA
WNetGetUserW
WNetGetUserA
MultinetGetConnectionPerformanceA
WNetGetUniversalNameA
WNetGetResourceParentW
WNetGetResourceParentA
WNetGetResourceInformationW
WNetGetResourceInformationA
WNetGetProviderNameW

advapi32

RegOpenKeyA
RegEnumValueA
RegUnLoadKeyW
RegUnLoadKeyA
RegSetValueExW
RegSetValueExA
RegSetValueW
RegSetValueA
RegSaveKeyW
RegSaveKeyA
RegReplaceKeyW
RegReplaceKeyA
RegQueryValueExW
RegQueryValueExA
RegQueryValueW
RegQueryValueA
RegQueryMultipleValuesW
RegQueryMultipleValuesA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyW
RegCloseKey
RegLoadKeyW
RegLoadKeyA
RegEnumValueW
RegEnumKeyExW
RegEnumKeyExA
RegEnumKeyW
RegEnumKeyA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA
RegConnectRegistryW
RegConnectRegistryA
IsTextUnicode
GetUserNameW
GetUserNameA
RegOpenKeyExA

comdlg32

GetOpenFileNameW
GetFileTitleW
GetFileTitleA
FindTextW
ChooseFontW
ChooseFontA
ChooseColorW
ChooseColorA
ReplaceTextW
FindTextA
ReplaceTextA
GetOpenFileNameA
GetSaveFileNameA
PageSetupDlgA
PageSetupDlgW
PrintDlgA
PrintDlgW
GetSaveFileNameW

version

VerQueryValueW
VerQueryValueA
VerInstallFileW
VerInstallFileA
VerFindFileW
VerFindFileA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA

shell32

SHGetPathFromIDListA
ord180
ord179
SHGetFileInfoA
SHFileOperationA
SHChangeNotify
SHBrowseForFolderA
Shell_NotifyIconA
ShellExecuteExA
ShellExecuteW
ShellExecuteA
ShellAboutW
ShellAboutA
FindExecutableW
FindExecutableA
ExtractIconExA
DragQueryFileA
DragQueryFileW
ExtractIconW
ExtractIconA

winspool.drv

GetPrinterW
GetPrinterDataW
GetPrinterDriverW
GetPrinterDriverDirectoryA
GetPrinterDriverDirectoryW
GetPrintProcessorDirectoryA
GetPrintProcessorDirectoryW
GetJobW
OpenPrinterW
ResetPrinterA
ResetPrinterW
SetJobA
SetJobW
SetPrinterA
SetPrinterW
SetPrinterDataA
SetPrinterDataW
StartDocPrinterA
EnumPrintProcessorsW
EnumPrintProcessorDatatypesW
EnumPrintersW
EnumPrinterDriversW
EnumPortsW
EnumMonitorsW
DocumentPropertiesW
DocumentPropertiesA
DeviceCapabilitiesW
DeviceCapabilitiesA
DeletePrintProvidorW
DeletePrintProvidorA
DeletePrintProcessorW
DeletePrintProcessorA
DeletePrinterDriverW
DeletePrinterDriverA
DeletePortW
DeletePortA
DeleteMonitorW
DeleteMonitorA
ConfigurePortW
ConfigurePortA
AdvancedDocumentPropertiesW
AdvancedDocumentPropertiesA
AddPrintProvidorW
AddPrintProvidorA
AddPrintProcessorW
AddPrintProcessorA
AddPrinterDriverW
AddPrinterDriverA
AddPrinterW
AddPrinterA
AddPortW
AddPortA
AddMonitorW
AddMonitorA
AddJobW
AddJobA
OpenPrinterA
StartDocPrinterW

oledlg

OleUIUpdateLinksW
OleUIPromptUserW
OleUIPasteSpecialW
OleUIObjectPropertiesW
OleUIInsertObjectW
OleUIEditLinksW
OleUIConvertW
OleUIChangeSourceW
OleUIChangeIconW
OleUIBusyW
ord8
OleUIAddVerbMenuW
ord1
ord6

winmm

waveOutGetErrorTextW
waveOutGetErrorTextA
waveOutGetDevCapsW
waveOutGetDevCapsA
waveInGetErrorTextW
mixerGetControlDetailsW
midiOutGetErrorTextW
midiOutGetErrorTextA
midiOutGetDevCapsW
midiOutGetDevCapsA
midiInGetErrorTextW
midiInGetDevCapsW
midiInGetDevCapsA
mciSendStringW
mciSendStringA
mciSendCommandW
mciGetErrorStringW
mciGetErrorStringA
midiInGetErrorTextA
mciGetDeviceIDW
mciGetDeviceIDA
joyGetDevCapsW
joyGetDevCapsA
auxGetDevCapsW
auxGetDevCapsA
PlaySoundW
PlaySoundA
mixerGetDevCapsW
mixerGetLineControlsW
mixerGetLineInfoW
mmioInstallIOProcW
mmioOpenA
mmioOpenW
mmioRenameA
mmioRenameW
mmioStringToFOURCCA
mmioStringToFOURCCW
sndPlaySoundA
sndPlaySoundW
waveInGetDevCapsA
waveInGetDevCapsW
waveInGetErrorTextA
mixerGetDevCapsA

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvfw32

MCIWndCreateW
MCIWndCreateA
GetSaveFileNamePreviewW
GetOpenFileNamePreviewW

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext
ImmGetCompositionStringW

Exports

Exports

AcquireCredentialsHandleW
AddAtomW
AddFontResourceW
AddJobW
AddMonitorW
AddPortW
AddPrintProcessorW
AddPrintProvidorW
AddPrinterDriverW
AddPrinterW
AdvancedDocumentPropertiesW
AppendMenuW
BeginUpdateResourceA
BeginUpdateResourceW
BroadcastSystemMessageW
BuildCommDCBAndTimeoutsW
BuildCommDCBW
CallMsgFilterW
CallNamedPipeW
CallWindowProcA
CallWindowProcW
ChangeDisplaySettingsExW
ChangeDisplaySettingsW
ChangeMenuW
CharLowerBuffW
CharLowerW
CharNextW
CharPrevW
CharToOemBuffW
CharToOemW
CharUpperBuffW
CharUpperW
ChooseColorW
ChooseFontW
CommConfigDialogW
CompareStringW
ConfigurePortW
CopyAcceleratorTableW
CopyEnhMetaFileW
CopyFileExW
CopyFileW
CopyMetaFileW
CreateAcceleratorTableW
CreateColorSpaceW
CreateDCW
CreateDialogIndirectParamW
CreateDialogParamW
CreateDirectoryExW
CreateDirectoryW
CreateEnhMetaFileW
CreateEventW
CreateFileMappingW
CreateFileW
CreateFontIndirectW
CreateFontW
CreateICW
CreateMDIWindowW
CreateMailslotW
CreateMetaFileW
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateScalableFontResourceW
CreateSemaphoreW
CreateStdAccessibleProxyW
CreateWaitableTimerW
CreateWindowExW
CryptAcquireContextW
CryptEnumProviderTypesW
CryptEnumProvidersW
CryptGetDefaultProviderW
CryptSetProviderExW
CryptSetProviderW
CryptSignHashW
CryptVerifySignatureW
DdeConnect
DdeConnectList
DdeCreateStringHandleW
DdeInitializeW
DdeQueryConvInfo
DdeQueryStringW
DefDlgProcW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteFileW
DeleteMonitorW
DeletePortW
DeletePrintProcessorW
DeletePrintProvidorW
DeletePrinterDriverW
DeviceCapabilitiesW
DialogBoxIndirectParamW
DialogBoxParamW
DispatchMessageW
DlgDirListComboBoxW
DlgDirListW
DlgDirSelectComboBoxExW
DlgDirSelectExW
DocumentPropertiesW
DragQueryFileW
DrawStateW
DrawTextExW
DrawTextW
EnableWindow
EndUpdateResourceA
EndUpdateResourceW
EnumCalendarInfoExW
EnumCalendarInfoW
EnumClipboardFormats
EnumDateFormatsExW
EnumDateFormatsW
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumFontFamiliesExW
EnumFontFamiliesW
EnumFontsW
EnumICMProfilesW
EnumMonitorsW
EnumPortsW
EnumPrintProcessorDatatypesW
EnumPrintProcessorsW
EnumPrinterDriversW
EnumPrintersW
EnumPropsA
EnumPropsExA
EnumPropsExW
EnumPropsW
EnumSystemCodePagesW
EnumSystemLocalesW
EnumTimeFormatsW
EnumerateSecurityPackagesW
ExpandEnvironmentStringsW
ExtTextOutW
ExtractIconExW
ExtractIconW
FatalAppExitW
FillConsoleOutputCharacterW
FindAtomW
FindExecutableW
FindFirstChangeNotificationW
FindFirstFileW
FindNextFileW
FindResourceExW
FindResourceW
FindTextW
FindWindowExW
FindWindowW
FormatMessageW
FreeContextBuffer
FreeEnvironmentStringsW
GetAltTabInfoW
GetAtomNameW
GetCPInfo
GetCPInfoExW
GetCalendarInfoW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetCharWidth32W
GetCharWidthFloatW
GetCharWidthW
GetCharacterPlacementW
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetClipboardData
GetClipboardFormatNameW
GetComputerNameW
GetConsoleTitleW
GetCurrencyFormatW
GetCurrentDirectoryW
GetCurrentHwProfileW
GetDateFormatW
GetDefaultCommConfigW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDlgItemTextW
GetDriveTypeW
GetEnhMetaFileDescriptionW
GetEnhMetaFileW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesExW
GetFileAttributesW
GetFileTitleW
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFullPathNameW
GetGlyphOutlineW
GetICMProfileW
GetJobW
GetKerningPairsW
GetKeyNameTextW
GetKeyboardLayoutNameW
GetLocaleInfoW
GetLogColorSpaceW
GetLogicalDriveStringsW
GetLongPathNameW
GetMenuItemInfoW
GetMenuStringW
GetMessageW
GetMetaFileW
GetModuleFileNameW
GetModuleHandleW
GetMonitorInfoW
GetNamedPipeHandleStateW
GetNumberFormatW
GetObjectW
GetOpenFileNamePreviewW
GetOpenFileNameW
GetOutlineTextMetricsW
GetPrintProcessorDirectoryW
GetPrinterDataW
GetPrinterDriverDirectoryW
GetPrinterDriverW
GetPrinterW
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetPrivateProfileStructW
GetProcAddress
GetProfileIntW
GetProfileSectionW
GetProfileStringW
GetPropA
GetPropW
GetRoleTextW
GetSaveFileNamePreviewW
GetSaveFileNameW
GetShortPathNameW
GetStartupInfoW
GetStateTextW
GetStringTypeExW
GetStringTypeW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetTabbedTextExtentW
GetTempFileNameW
GetTempPathW
GetTextExtentExPointW
GetTextExtentPoint32W
GetTextExtentPointW
GetTextFaceW
GetTextMetricsW
GetTimeFormatW
GetUserNameW
GetVersionExW
GetVolumeInformationW
GetWindowLongA
GetWindowLongW
GetWindowModuleFileNameW
GetWindowTextLengthW
GetWindowTextW
GetWindowsDirectoryW
GlobalAddAtomW
GlobalFindAtomW
GlobalGetAtomNameW
GrayStringW
InitSecurityInterfaceW
InitializeSecurityContextW
InsertMenuItemW
InsertMenuW
IsBadStringPtrW
IsCharAlphaNumericW
IsCharAlphaW
IsCharLowerW
IsCharUpperW
IsClipboardFormatAvailable
IsDestinationReachableW
IsDialogMessageW
IsTextUnicode
IsValidCodePage
IsWindowUnicode
LCMapStringW
LoadAcceleratorsW
LoadBitmapW
LoadCursorFromFileW
LoadCursorW
LoadIconW
LoadImageW
LoadKeyboardLayoutW
LoadLibraryExW
LoadLibraryW
LoadMenuIndirectW
LoadMenuW
LoadStringW
MCIWndCreateW
MapVirtualKeyExW
MapVirtualKeyW
MessageBoxExW
MessageBoxIndirectW
MessageBoxW
ModifyMenuW
MoveFileW
MultiByteToWideChar
MultinetGetConnectionPerformanceW
OemToCharBuffW
OemToCharW
OleUIAddVerbMenuW
OleUIBusyW
OleUIChangeIconW
OleUIChangeSourceW
OleUIConvertW
OleUIEditLinksW
OleUIInsertObjectW
OleUIObjectPropertiesW
OleUIPasteSpecialW
OleUIPromptUserW
OleUIUpdateLinksW
OpenEventW
OpenFileMappingW
OpenMutexW
OpenPrinterW
OpenSemaphoreW
OpenWaitableTimerW
OutputDebugStringW
PageSetupDlgW
PeekConsoleInputW
PeekMessageW
PlaySoundW
PolyTextOutW
PostMessageW
PostThreadMessageW
PrintDlgW
QueryContextAttributesW
QueryCredentialsAttributesW
QueryDosDeviceW
QuerySecurityPackageInfoW
RasConnectionNotificationW
RasCreatePhonebookEntryW
RasDeleteEntryW
RasDeleteSubEntryW
RasDialW
RasEditPhonebookEntryW
RasEnumConnectionsW
RasEnumDevicesW
RasEnumEntriesW
RasGetConnectStatusW
RasGetEntryDialParamsW
RasGetEntryPropertiesW
RasGetErrorStringW
RasGetProjectionInfoW
RasHangUpW
RasRenameEntryW
RasSetEntryDialParamsW
RasSetEntryPropertiesW
RasSetSubEntryPropertiesW
RasValidateEntryNameW
ReadConsoleInputW
ReadConsoleOutputCharacterW
ReadConsoleOutputW
ReadConsoleW
RegConnectRegistryW
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumKeyW
RegEnumValueW
RegLoadKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryMultipleValuesW
RegQueryValueExW
RegQueryValueW
RegReplaceKeyW
RegSaveKeyW
RegSetValueExW
RegSetValueW
RegUnLoadKeyW
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterDeviceNotificationW
RegisterWindowMessageW
RemoveDirectoryW
RemoveFontResourceW
RemovePropA
RemovePropW
ReplaceTextW
ResetDCW
ResetPrinterW
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetFileInfoW
SHGetNewLinkInfoW
SHGetPathFromIDListW
ScrollConsoleScreenBufferW
SearchPathW
SendDlgItemMessageW
SendMessageCallbackW
SendMessageTimeoutW
SendMessageW
SendNotifyMessageW
SetCalendarInfoW
SetClassLongW
SetComputerNameW
SetConsoleTitleW
SetCurrentDirectoryW
SetDefaultCommConfigW
SetDlgItemTextW
SetEnvironmentVariableW
SetFileAttributesW
SetICMProfileW
SetJobW
SetLocaleInfoW
SetMenuItemInfoW
SetPrinterDataW
SetPrinterW
SetPropA
SetPropW
SetVolumeLabelW
SetWindowLongA
SetWindowLongW
SetWindowTextW
SetWindowsHookExW
SetWindowsHookW
ShellAboutW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
StartDocPrinterW
StartDocW
SystemParametersInfoW
TabbedTextOutW
TextOutW
TranslateAcceleratorW
UnregisterClassW
UpdateICMRegKeyW
UpdateResourceA
UpdateResourceW
VerFindFileW
VerInstallFileW
VerLanguageNameW
VerQueryValueW
VkKeyScanExW
VkKeyScanW
WNetAddConnection2W
WNetAddConnection3W
WNetAddConnectionW
WNetCancelConnection2W
WNetCancelConnectionW
WNetConnectionDialog1W
WNetDisconnectDialog1W
WNetEnumResourceW
WNetGetConnectionW
WNetGetLastErrorW
WNetGetNetworkInformationW
WNetGetProviderNameW
WNetGetResourceInformationW
WNetGetResourceParentW
WNetGetUniversalNameW
WNetGetUserW
WNetOpenEnumW
WNetUseConnectionW
WaitNamedPipeW
WideCharToMultiByte
WinHelpW
WriteConsoleInputW
WriteConsoleOutputCharacterW
WriteConsoleOutputW
WriteConsoleW
WritePrivateProfileSectionW
WritePrivateProfileStringW
WritePrivateProfileStructW
WriteProfileSectionW
WriteProfileStringW
__FreeAllLibrariesInMsluDll
auxGetDevCapsW
capCreateCaptureWindowW
capGetDriverDescriptionW
joyGetDevCapsW
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW
mciGetDeviceIDW
mciGetErrorStringW
mciSendCommandW
mciSendStringW
midiInGetDevCapsW
midiInGetErrorTextW
midiOutGetDevCapsW
midiOutGetErrorTextW
mixerGetControlDetailsW
mixerGetDevCapsW
mixerGetLineControlsW
mixerGetLineInfoW
mmioInstallIOProcW
mmioOpenW
mmioRenameW
mmioStringToFOURCCW

Sections

.text
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

1dba24346e415c53ffa8a8a260a9f47e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CloseHandle
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
FindWindowExA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

2db813254ea8b4d2a92d703ecb659f39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpynA
lstrcmpA
lstrlenA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

48cfa0ea7e353e4a7dd23572da8374ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName

Sections

.text
Size: 1024B - Virtual size: 573B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1dba24346e415c53ffa8a8a260a9f47e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 152KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 12KB - Virtual size: 12KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 494B

48cfa0ea7e353e4a7dd23572da8374ef

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 573B

.rdata Size: 1024B - Virtual size: 576B

.data Size: 512B - Virtual size: 45B

.reloc Size: 512B - Virtual size: 132B

301d69c4c2a330e6c5b27536954310e0

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 9KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 152KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 1024B - Virtual size: 573B

.rdata
Size: 1024B - Virtual size: 576B

.data
Size: 512B - Virtual size: 45B

.reloc
Size: 512B - Virtual size: 132B

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 39KB - Virtual size: 3.8MB

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 8KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:0e:7d:a7:00:00:00:00:00:48
Certificate

a7:a2:13:01:eb:da:5d:60:b9:4a:67:90:6b:06:79:8b:f5:ed:1c:2f
Signer