boscaceoil_win_v2[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

boscaceoil_win_v2.zip
Size

21.7MB
MD5

62709f3caf0dbfb69ceb77516fd1d6d3
SHA1

b921d83c331da5794abb84c45ecdf2ff190ab8a1
SHA256

8d49cab031461fe681f6aaa3a7415baac27ca53cc89d23c58572459583eef55d
SHA512

73fa4bd00b85920197221ba0fb1dfc5412c98d6a7a6eebe8e4c46289a2846edfaede0feadd5e7b020c09b716206ca641e33b465c9968c4cbb6eb998b93593cc2
SSDEEP

393216:BENn8PSni6EyC8IlD+rPbNY1obZ3YlGU65ngwrBrCcgHfh3bXkoEOTPefs2SS:yNaNF10Pa1syGj5ngwd+HpooPPeEK

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Adobe AIR/Versions/1.0/Resources/CaptiveAppEntry.exe
unpack001/BoscaCeoil.exe

Files

boscaceoil_win_v2.zip
.zip
Adobe AIR/Versions/1.0/Adobe AIR.dll
.dll windows:5 windows x86 arch:x86

d659434f223335ff8a8a7fc8bfc73854

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

07/06/2012, 00:00

Not After

06/06/2022, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:ed:67:42:55:61:4b:f4:ed:3e:d4:23:cc:93:ca:7d
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/01/2014, 00:00

Not After

07/01/2016, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Flash Player,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a5:ee:74:2e:c4:77:88:43:45:0c:b1:97:a6:48:8d:fd:72:44:ca:7f
Signer

Actual PE Digest

a5:ee:74:2e:c4:77:88:43:45:0c:b1:97:a6:48:8d:fd:72:44:ca:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\r\ws\St_Make\code\build\win\results\Release\info\runtime_sdk_withdrm\Adobe AIR.pdb

Imports

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
RaiseException
InitializeCriticalSectionAndSpinCount
FreeLibrary
HeapReAlloc
VirtualAlloc
GetLocaleInfoA
GetLocaleInfoW
IsValidCodePage
GetOEMCP
IsDBCSLeadByte
GlobalUnlock
GlobalLock
SystemTimeToFileTime
GetLocalTime
GlobalAlloc
GlobalSize
GetDriveTypeW
GetVolumeInformationW
GetLogicalDriveStringsW
CloseHandle
CreateEventW
TerminateThread
SetEvent
ResetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateWaitableTimerW
ExitThread
SetThreadPriority
CreateThread
GetSystemTime
GetSystemDirectoryA
GetVersionExW
QueryPerformanceFrequency
QueueUserAPC
OpenThread
SetCurrentDirectoryW
GetCurrentDirectoryW
GetSystemDirectoryW
SleepEx
GetProcessTimes
LoadLibraryW
ExpandEnvironmentStringsW
MoveFileExW
DeleteFileW
GetFileAttributesW
VirtualQuery
GetUserDefaultLangID
GetUserDefaultUILanguage
GlobalFree
SetFilePointer
CreateFileW
ReadFile
GetFileSize
CreateFileA
VerifyVersionInfoW
VerSetConditionMask
CreateProcessA
LockResource
LoadResource
FindResourceExA
FindResourceExW
GetModuleFileNameW
GetTempPathW
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesA
CreateDirectoryA
DeleteFileA
DeviceIoControl
GetTempPathA
CreateMutexA
GetFileAttributesExW
GetFileInformationByHandle
GetLongPathNameW
GetTempFileNameW
GetFullPathNameW
ExpandEnvironmentStringsA
CreateProcessW
OutputDebugStringA
GetTempFileNameA
lstrlenW
CreateDirectoryW
SetFilePointerEx
GetFileSizeEx
SetEndOfFile
RemoveDirectoryW
FlushInstructionCache
CompareFileTime
LocalFree
ReleaseSemaphore
CreateSemaphoreW
SetNamedPipeHandleState
EndUpdateResourceW
BeginUpdateResourceW
UpdateResourceW
lstrlenA
GetExitCodeThread
DuplicateHandle
OpenProcess
GetExitCodeProcess
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeA
GetCommandLineW
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
CreateFileMappingA
GetComputerNameExW
CreateNamedPipeW
CancelIo
GetProcessHeap
GenerateConsoleCtrlEvent
FormatMessageW
SetHandleInformation
lstrcmpiW
SizeofResource
FindResourceW
LoadLibraryExW
SetThreadAffinityMask
VirtualProtect
FormatMessageA
CreateEventA
FlushFileBuffers
AreFileApisANSI
UnlockFile
LockFile
LockFileEx
UnlockFileEx
GetFullPathNameA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
CreateFileMappingW
CreateWaitableTimerA
SetWaitableTimer
CancelWaitableTimer
InterlockedExchangeAdd
GetVersionExA
GetVersion
FileTimeToSystemTime
GetNumberFormatW
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
EnumSystemLocalesW
GetProcessAffinityMask
GetNativeSystemInfo
LocalAlloc
lstrcpynW
GlobalMemoryStatus
FlushConsoleInputBuffer
SetStdHandle
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
PeekNamedPipe
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
IsProcessorFeaturePresent
GetACP
GetCPInfo
LoadLibraryA
SetConsoleCtrlHandler
HeapAlloc
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
HeapFree
GetCurrentThread
GetLastError
SetLastError
TlsFree
TlsAlloc
GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetStdHandle
WriteFile
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetCommandLineA
GetSystemInfo
SwitchToThread
TlsGetValue
TlsSetValue
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
InterlockedCompareExchange
GetModuleHandleA
Sleep

ole32

RegisterDragDrop
OleGetClipboard
PropVariantClear
OleInitialize
OleUninitialize
OleSetClipboard
RevokeDragDrop
OleIsCurrentClipboard
OleFlushClipboard
ReleaseStgMedium
DoDragDrop
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
CreateStreamOnHGlobal
CoSetProxyBlanket
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoGetInterfaceAndReleaseStream
CoTaskMemAlloc
CoTaskMemRealloc
MkParseDisplayName
CreateBindCtx
CoFreeUnusedLibraries

oleaut32

VariantInit
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysAllocString
LoadTypeLi
SysAllocStringLen
SysStringLen
LoadRegTypeLi
VarUI4FromStr
SysFreeString

ws2_32

htonl
inet_ntoa
gethostbyname
accept
listen
gethostname
WSAEnumNetworkEvents
WSAEventSelect
WSACreateEvent
WSACloseEvent
recv
setsockopt
sendto
send
recvfrom
connect
bind
getpeername
getsockname
WSAAddressToStringA
ioctlsocket
select
WSAStartup
WSASocketW
socket
ntohl
WSAIoctl
WSAAsyncSelect
WSAGetLastError
inet_addr
closesocket
WSACleanup
getservbyname
htons
gethostbyaddr
getservbyport
ntohs
WSASetLastError

version

VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoA

crypt32

CertFindCertificateInStore
CryptProtectData
CryptUnprotectData
CryptFindLocalizedName
CertGetEnhancedKeyUsage
CertAddEncodedCertificateToStore
CertDuplicateCertificateContext
CryptImportPublicKeyInfo
CertGetCertificateChain
CertFreeCertificateChain
CertCompareCertificateName
CertAddCertificateContextToStore
CertNameToStrW
CryptDecodeObjectEx
CertFindRDNAttr
CertRDNValueToStrW
CryptFindOIDInfo
CertEnumCertificatesInStore
CertCompareCertificate
CertVerifyTimeValidity
CertVerifyRevocation
CertOpenStore
CertAddStoreToCollection
CryptVerifyMessageSignature
CryptGetMessageCertificates
CertCreateCertificateContext
CertVerifySubjectCertificateContext
CertFreeCertificateContext
CertCloseStore

winmm

waveOutUnprepareHeader
mixerSetControlDetails
waveInGetPosition
waveOutPause
waveOutRestart
mixerGetControlDetailsA
mixerOpen
mixerGetDevCapsA
mixerGetLineInfoA
mixerGetLineControlsA
mixerClose
waveInMessage
waveOutMessage
waveOutGetDevCapsA
waveInGetDevCapsA
mixerGetID
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInStop
waveInReset
waveInUnprepareHeader
waveInClose
waveInGetNumDevs
waveOutGetNumDevs
waveInGetDevCapsW
waveOutGetDevCapsW
waveOutGetPosition
waveOutOpen
waveOutClose
waveOutReset
timeEndPeriod
waveOutPrepareHeader
waveOutWrite
timeSetEvent
timeKillEvent
timeGetDevCaps
timeBeginPeriod
timeGetTime

oleacc

AccessibleObjectFromWindow

user32

EnumWindows
DeleteMenu
EnumDisplayMonitors
PostQuitMessage
GetMessageW
ShowCaret
CreateCaret
DestroyCaret
SetCaretPos
InsertMenuItemW
CreateMenu
GetMenuItemInfoW
SetMenuItemInfoW
RemoveMenu
EnumDisplayDevicesA
UpdateLayeredWindow
GetKeyboardLayout
ActivateKeyboardLayout
OffsetRect
GetLastInputInfo
GetAsyncKeyState
UnregisterClassA
DdeUninitialize
DdeFreeStringHandle
DdeDisconnect
DdeClientTransaction
DdeConnect
DdeCreateStringHandleA
DdeInitializeW
SetMenuInfo
GetMenuInfo
DestroyMenu
TrackPopupMenu
CreatePopupMenu
CharLowerW
CharUpperW
MapVirtualKeyW
CharNextW
EnumDisplayDevicesW
PostMessageA
RegisterWindowMessageA
MonitorFromRect
GetMonitorInfoA
GetUserObjectInformationW
GetProcessWindowStation
wsprintfW
GetWindowTextW
GetClassLongW
BeginPaint
EndPaint
EnumDisplaySettingsW
IsWindow
GetClassInfoExW
ShowWindowAsync
SetWindowRgn
GetWindow
IsWindowVisible
ShowWindow
SetWindowPlacement
GetWindowPlacement
DrawMenuBar
GetSystemMenu
SetMenu
FlashWindowEx
GetActiveWindow
MapWindowPoints
IsIconic
ReleaseCapture
GetMessageTime
SetCapture
SetCursorPos
TrackMouseEvent
GetCapture
GetWindowThreadProcessId
AttachThreadInput
LoadStringW
LoadCursorW
GetQueueStatus
SetTimer
GetWindowInfo
CopyRect
InvalidateRect
KillTimer
GetForegroundWindow
WaitForInputIdle
RegisterClassExW
DefWindowProcW
CloseWindow
CreateWindowExW
RemovePropW
SetForegroundWindow
CallWindowProcW
FindWindowExW
EnumChildWindows
GetFocus
GetAncestor
EnableWindow
GetWindowTextLengthW
GetDlgItemTextA
IsWindowEnabled
SetDlgItemTextA
SetRectEmpty
CreateIconIndirect
DialogBoxParamW
GetDlgItemTextW
SetDlgItemTextW
GetClientRect
MoveWindow
MessageBoxA
SendMessageTimeoutW
FillRect
ClientToScreen
MonitorFromWindow
GetMonitorInfoW
DialogBoxIndirectParamW
EndDialog
GetParent
GetWindowRect
GetDesktopWindow
SetWindowPos
LoadIconW
GetDlgItem
SetWindowTextW
SetFocus
PostMessageW
DestroyWindow
SetCursor
GetCursor
DestroyIcon
GetMenuBarInfo
IsZoomed
UpdateWindow
GetDoubleClickTime
RegisterClipboardFormatA
RegisterClipboardFormatW
GetClipboardFormatNameA
ReleaseDC
GetDC
ScreenToClient
GetKeyState
GetCursorPos
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
PeekMessageW
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
SetClipboardData
EmptyClipboard
InflateRect
GetPropW
SetPropW
SendInput
MessageBoxW
PostThreadMessageW
SystemParametersInfoW
GetWindowLongW
SetWindowLongW
PtInRect
SetRect
GetSystemMetrics
SendMessageW

gdi32

SetTextColor
CreateFontIndirectA
IntersectClipRect
GetClipRgn
CreateRectRgn
ExtTextOutW
StretchBlt
GetCurrentObject
GdiAlphaBlend
GdiFlush
GetClipBox
CreateRectRgnIndirect
SelectPalette
RealizePalette
CreateCompatibleBitmap
EnumFontFamiliesA
CreateBitmap
SetPixel
AbortDoc
GetStockObject
CreateDCA
GetICMProfileA
GetObjectW
BitBlt
CreateDIBSection
StartPage
EndPage
BeginPath
SetStretchBltMode
SetBkColor
GetTextMetricsW
EndPath
SetPolyFillMode
GetTextExtentPoint32W
ExtTextOutA
GetTextExtentPoint32A
GetStretchBltMode
GetDIBits
CreateCompatibleDC
SelectObject
SetDIBitsToDevice
PolyBezierTo
DeleteDC
SelectClipPath
SaveDC
RestoreDC
LPtoDP
StartDocW
StretchDIBits
GetSystemPaletteEntries
CreatePalette
GetFontData
EnumFontFamiliesExW
CreateSolidBrush
EndDoc
CreateICW
ResetDCW
DeleteObject
CreateDCW
GetTextCharacterExtra
GetDeviceCaps
EnumFontFamiliesW
SetTextAlign
SetBkMode
GetTextAlign
GetBkMode
GetTextColor
SelectClipRgn
GetBkColor
SetWorldTransform
SetGraphicsMode
GetWorldTransform
SetTextCharacterExtra
LineTo
MoveToEx
CreatePen
DPtoLP
FillPath
ExtCreatePen
CreateFontIndirectW
StrokePath

msimg32

AlphaBlend

advapi32

RegOpenKeyA
SetSecurityInfo
CryptDestroyKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
MakeSelfRelativeSD
SetEntriesInAclW
RegEnumKeyExW
CryptGenRandom
RegisterEventSourceA
ReportEventA
DeregisterEventSource
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
CryptExportKey
CryptEncrypt
CryptImportKey
CryptGenKey
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
CryptReleaseContext
CryptDestroyHash
CryptCreateHash
CryptAcquireContextW
CryptGetHashParam
CryptHashData
RegQueryInfoKeyW
GetTokenInformation
OpenProcessToken
InitializeAcl

comdlg32

GetSaveFileNameW
PageSetupDlgW
PrintDlgW
CommDlgExtendedError
GetOpenFileNameW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteExW
CommandLineToArgvW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHChangeNotify
Shell_NotifyIconW
SHGetDiskFreeSpaceExW
SHFileOperationW
SHGetFolderPathW
SHGetSettings
SHGetFolderPathA
SHBrowseForFolderW
SHAppBarMessage
SHGetFolderLocation
SHGetPathFromIDListW
ord2
ord4

shlwapi

PathAppendA
PathAppendW
StrDupW
AssocQueryStringW
StrStrIW
StrRStrIW
StrCmpW
PathFileExistsW
ord219
PathRemoveFileSpecW

wininet

InternetErrorDlg
InternetSetCookieW
InternetGetCookieW

msi

ord72
ord96
ord37
ord17
ord125
ord121
ord32
ord159
ord20
ord205
ord151
ord153
ord141
ord88
ord16
ord137
ord70
ord90
ord173
ord92
ord8
ord84
ord113
ord78

urlmon

CoInternetParseUrl
CoInternetCompareUrl
CopyStgMedium

comctl32

ImageList_Draw
ImageList_GetIconSize

mscms

TranslateBitmapBits
CloseColorProfile
CreateColorTransformW
OpenColorProfileW
DeleteColorTransform

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData

dsound

ord8
ord1

iphlpapi

GetAdaptersAddresses

dnsapi

DnsQuery_UTF8
DnsRecordListFree

dinput8

DirectInput8Create

winspool.drv

EnumPrintersW
OpenPrinterW
GetPrinterW
ClosePrinter

Exports

Exports

ADLWMain
AdobeCPGetAPI
AppEntryWinMain
AppInstallWinMain
CaptiveAppEntryWinMain
ExtendedAppEntryWinMain
FREAcquireBitmapData
FREAcquireBitmapData2
FREAcquireByteArray
FRECallObjectMethod
FREDispatchStatusEventAsync
FREGetArrayElementAt
FREGetArrayLength
FREGetContextActionScriptData
FREGetContextNativeData
FREGetObjectAsBool
FREGetObjectAsDouble
FREGetObjectAsInt32
FREGetObjectAsUTF8
FREGetObjectAsUint32
FREGetObjectProperty
FREGetObjectType
FREInvalidateBitmapDataRect
FRENewObject
FRENewObjectFromBool
FRENewObjectFromDouble
FRENewObjectFromInt32
FRENewObjectFromUTF8
FRENewObjectFromUint32
FREReleaseBitmapData
FREReleaseByteArray
FRESetArrayElementAt
FRESetArrayLength
FRESetContextActionScriptData
FRESetContextNativeData
FRESetObjectProperty
NAIPWMain
RuntimeInstallerWinMain

Sections

.text
Size: 12.1MB - Virtual size: 12.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 445KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 827KB - Virtual size: 827KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Adobe AIR/Versions/1.0/Resources/Adobe AIR.vch
Adobe AIR/Versions/1.0/Resources/AdobeCP15.dll
.dll windows:4 windows x86 arch:x86

5654f6bff0dd174f50c057d3f5682311

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:36:78:f6:2d:28:f5:8f:09:d1:6a:dd:15:b9:c0:71
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/10/2006, 00:00

Not After

02/10/2009, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Universal Client,O=Adobe Systems Incorporated,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e8:b0:ea:0a:41:61:02:e3:b2:62:68:45:b3:b3:9c:19:38:0c:5c:80
Signer

Actual PE Digest

e8:b0:ea:0a:41:61:02:e3:b2:62:68:45:b3:b3:9c:19:38:0c:5c:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

g:\Acro_root_apms\Main\build\win\results\Release\runtime\Adobe AIR\Versions\1.0\Resources\AdobeCP.pdb

Imports

kernel32

GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
CreateFileA
SetHandleCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
CreateFileW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFilePointer
ReadFile
GetOEMCP
GetACP
HeapSize
GetModuleFileNameA
GetStdHandle
WriteFile
SetLastError
lstrlenA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapCreate
HeapDestroy
GetStringTypeW
GetStringTypeA
DeleteFileA
GetFileSize
GetFileTime
SetFileTime
CompareFileTime
GetSystemInfo
LocalFree
GlobalFree
FormatMessageA
ReleaseMutex
CreateMutexA
LCMapStringW
LCMapStringA
GetCPInfo
RaiseException
RtlUnwind
GetProcessHeap
GetVersionExA
GetCommandLineA
GetCurrentThreadId
ExitProcess
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapFree
GetLastError
MultiByteToWideChar
InterlockedExchange
InterlockedCompareExchange
WideCharToMultiByte
VirtualFree
VirtualAlloc
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
CreateThread
CloseHandle
DeleteCriticalSection
EnterCriticalSection
ExitThread
LeaveCriticalSection
CreateEventA
Sleep
InitializeCriticalSection
SetEvent
WaitForSingleObject
GetCurrentThread
GetTickCount
SetStdHandle

user32

GetCursorPos

advapi32

CryptAcquireContextW
CryptImportKey
CryptDecrypt
CryptGetUserKey
CryptDestroyKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyA
RegCloseKey
RegSetValueExA
CryptReleaseContext
CryptSetKeyParam
CryptGenRandom
CryptAcquireContextA
CryptSetProvParam
CryptGetProvParam

wininet

InternetCloseHandle
HttpOpenRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetConnectA
InternetSetOptionA
InternetSetStatusCallback
InternetOpenA
InternetReadFile
HttpAddRequestHeadersA
HttpQueryInfoA
HttpSendRequestA
InternetQueryOptionA

ws2_32

getsockopt
shutdown
closesocket
select
inet_addr
gethostbyname
WSAGetLastError
WSAStartup
connect
ioctlsocket
htons
setsockopt
socket
recv
__WSAFDIsSet
send
accept

crypt32

CryptMsgOpenToDecode
CryptMsgGetParam
CryptDecodeObject
CertFindCertificateInStore
CertEnumCertificatesInStore
CryptMsgUpdate
CryptMsgOpenToEncode
CryptMsgClose
CertGetEnhancedKeyUsage
CertAddCertificateContextToStore
CertDuplicateCertificateContext
CryptImportPublicKeyInfo
CertFreeCertificateContext
CertFindExtension
CertSetCertificateContextProperty
CertGetCertificateContextProperty
CertGetNameStringW
CertGetNameStringA
CryptProtectData
CryptUnprotectData
CertCloseStore
CertDeleteCertificateFromStore
CertOpenStore
CryptFindLocalizedName
CryptAcquireCertificatePrivateKey
CertAddEncodedCertificateToStore

Exports

Exports

AdobeCPGetAPI
C_EDCAuthenticationManager_allowHttpConnection
C_EDCAuthenticationManager_deleteUserCredentials
C_EDCAuthenticationManager_getAuthenticatedPrincipal
C_EDCAuthenticationManager_getClientVersion
C_EDCAuthenticationManager_getSAMLToken
C_EDCAuthenticationManager_getServerVersion
C_EDCAuthenticationManager_getUserCredentials
C_EDCAuthenticationManager_isAllowHttpConnection
C_EDCAuthenticationManager_isLoggedIn
C_EDCAuthenticationManager_isUserCredentialsCachingEnabled
C_EDCAuthenticationManager_login
C_EDCAuthenticationManager_logout
C_EDCAuthenticationManager_setSAMLToken
C_EDCByteBuffer_delete
C_EDCByteBuffer_getBytes
C_EDCByteBuffer_getLength
C_EDCCertificateInfoList_delete
C_EDCClientCallbacks_new
C_EDCClient_terminate
C_EDCConsumer_DownloadVoucher
C_EDCConsumer_delete
C_EDCConsumer_getBackgroundSyncFrequency
C_EDCConsumer_getDocHistoryURL
C_EDCConsumer_getLicenseId
C_EDCConsumer_getRevocationURL
C_EDCConsumer_getSecureTime
C_EDCConsumer_getSynchronizationProgress
C_EDCConsumer_getURL
C_EDCConsumer_isAnonymous
C_EDCConsumer_isOffline
C_EDCConsumer_isSyncing
C_EDCConsumer_iterate
C_EDCConsumer_logCustomEvents
C_EDCConsumer_logEvents
C_EDCConsumer_new
C_EDCConsumer_newFromIterationResponse
C_EDCConsumer_newFromPublishAsResponse
C_EDCConsumer_publishAs
C_EDCConsumer_requestAccess
C_EDCConsumer_setBackgroundSyncFrequency
C_EDCConsumer_setOffline
C_EDCConsumer_startSynchronization
C_EDCDecryptor_decryptBytes
C_EDCDecryptor_delete
C_EDCDecryptor_getDecryptionKey
C_EDCDecryptor_setDecryptionKey
C_EDCDeleteString
C_EDCPermSet_delete
C_EDCRevocationData_delete
C_EDCVoucherPropList_delete
C_EDCVoucherStore_get
C_EDCVoucherStore_new
C_EDCVoucherStore_put
C_EDCVoucherStore_remove
C_EDCVoucherStore_removeFromDisk
C_EDCVoucher_canRevoke
C_EDCVoucher_canViewAuditHistory
C_EDCVoucher_delete
C_EDCVoucher_getAuthenticatedUserFriendlyName
C_EDCVoucher_getAuthenticatedUserId
C_EDCVoucher_getClockSkew
C_EDCVoucher_getDecryptor
C_EDCVoucher_getEncryptor
C_EDCVoucher_getExpirationDate
C_EDCVoucher_getExtendedVoucherProperties
C_EDCVoucher_getExternalAuthLeasePeriod
C_EDCVoucher_getFirstPlaybackDate
C_EDCVoucher_getLicenseId
C_EDCVoucher_getOfflineLeasePeriodExpirationDate
C_EDCVoucher_getOfflineLeasePeriodRemaining
C_EDCVoucher_getOfflineLeaseStartDate
C_EDCVoucher_getPermissions
C_EDCVoucher_getPlaybackWindowExpirationDate
C_EDCVoucher_getPolicy
C_EDCVoucher_getRevocationData
C_EDCVoucher_getStartDate
C_EDCVoucher_getWatermark
C_EDCVoucher_isAudited
C_EDCVoucher_isExternalAuthorizationSet
C_EDCVoucher_isRevoked
C_EDCWatermarkTemplate_delete
C_EDCvoucherStore_delete
C_PDRLPolicyPropertyList_delete
C_PDRLPolicy_addPolicyEntry
C_PDRLPolicy_clearPolicyEntries
C_PDRLPolicy_countPolicyEntries
C_PDRLPolicy_delete
C_PDRLPolicy_getCreationDate
C_PDRLPolicy_getEncryptionMethod
C_PDRLPolicy_getInstanceVersionNum
C_PDRLPolicy_getLastModifiedDate
C_PDRLPolicy_getOfflineLeasePeriod
C_PDRLPolicy_getPolicyDescription
C_PDRLPolicy_getPolicyEntry
C_PDRLPolicy_getPolicyId
C_PDRLPolicy_getPolicyName
C_PDRLPolicy_getPolicyType
C_PDRLPolicy_getProperty
C_PDRLPolicy_getSchemaVersion
C_PDRLPolicy_getValidityPeriod
C_PDRLPolicy_getWatermarkId
C_PDRLPolicy_isAudited
C_PDRLPolicy_isCertifiedMode
C_PDRLPolicy_isEncryptAttachments
C_PDRLPolicy_isPlaintextMetadata
C_PDRLPolicy_isWatermarked
C_PDRLPolicy_new
C_PDRLPolicy_policyFromXML
C_PDRLPolicy_removePolicyEntry
C_PDRLPolicy_setAudited
C_PDRLPolicy_setCertifiedMode
C_PDRLPolicy_setEncryptAttachments
C_PDRLPolicy_setEncryptionMethod
C_PDRLPolicy_setOfflineLeasePeriod
C_PDRLPolicy_setPlaintextMetadata
C_PDRLPolicy_setPolicyDescription
C_PDRLPolicy_setPolicyName
C_PDRLPolicy_setProperty
C_PDRLPolicy_setValidityPeriod
C_PDRLPolicy_setWatermarkId
C_PDRLPolicy_toXML

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 468KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 588KB - Virtual size: 597KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Adobe AIR/Versions/1.0/Resources/CaptiveAppEntry.exe
.exe windows:5 windows x86 arch:x86

9b8cde1048803eb9f29e20b92535d1cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\r\ws\St_Make\code\build\win\results\Release\info\CaptiveAppEntry.pdb

Imports

kernel32

SetStdHandle
ExitProcess
CreateFileW
GetModuleHandleW
WriteConsoleW
GetStdHandle
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetUserDefaultUILanguage
GetCommandLineW
HeapAlloc
GetProcessHeap
GetFullPathNameW
HeapFree
GetCommandLineA
GetStartupInfoA
SetUnhandledExceptionFilter
Sleep
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
GetFileAttributesW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
CloseHandle
InitializeCriticalSection
SetFilePointer
LoadLibraryW
GetProcAddress
VirtualFree
GetModuleFileNameW
CreateFileA

shell32

CommandLineToArgvW

user32

MessageBoxExW

shlwapi

PathAppendW
PathRemoveFileSpecW
StrCmpW

msi

ord90

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Adobe AIR/Versions/1.0/Resources/NPSWF32.dll
.dll regsvr32 windows:5 windows x86 arch:x86

3f314bd00a39599d215e0f7d36cb5182

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

07/06/2012, 00:00

Not After

06/06/2022, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:ed:67:42:55:61:4b:f4:ed:3e:d4:23:cc:93:ca:7d
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/01/2014, 00:00

Not After

07/01/2016, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Flash Player,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ad:b2:ef:5c:13:b1:fb:c8:21:44:32:5d:4d:4f:fa:02:47:c0:f5:73
Signer

Actual PE Digest

ad:b2:ef:5c:13:b1:fb:c8:21:44:32:5d:4d:4f:fa:02:47:c0:f5:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

NPSWF32.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

winmm

mixerClose
waveInMessage
waveOutMessage
waveOutGetDevCapsA
waveInGetDevCapsA
mixerGetID
mixerGetLineControlsA
mixerGetLineInfoA
mixerGetDevCapsA
mixerOpen
waveOutGetDevCapsW
waveInGetDevCapsW
waveOutGetNumDevs
waveInGetNumDevs
waveInStart
mixerGetControlDetailsA
waveInStop
waveInClose
waveInUnprepareHeader
waveInReset
waveInPrepareHeader
waveInOpen
timeSetEvent
timeKillEvent
timeEndPeriod
timeBeginPeriod
timeGetDevCaps
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutReset
waveOutClose
waveOutOpen
waveOutGetPosition
timeGetTime
waveOutRestart
waveOutPause
waveInGetPosition
waveInAddBuffer
mixerSetControlDetails

wininet

HttpSendRequestA
InternetReadFile
InternetCloseHandle
InternetSetOptionA
HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpQueryInfoA

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertCompareCertificateName
CryptFindOIDInfo
CertRDNValueToStrW
CertFindRDNAttr
CryptDecodeObjectEx
CertNameToStrW
CertVerifyTimeValidity
CertVerifyRevocation
CertOpenStore
CertAddStoreToCollection
CryptVerifyMessageSignature
CryptGetMessageCertificates
CertCreateCertificateContext
CertVerifySubjectCertificateContext
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CertCompareCertificate

rpcrt4

RpcStringFreeA
UuidToStringA

oleaut32

VariantClear
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysAllocString
SysStringLen
SysFreeString
VariantInit

urlmon

CopyStgMedium

dsound

ord8
ord1

dinput8

DirectInput8Create

kernel32

GetSystemInfo
GetUserDefaultUILanguage
MoveFileExW
VirtualQuery
GetUserDefaultLangID
GetVersionExA
SetFilePointer
VerifyVersionInfoW
VerSetConditionMask
CreateThread
ReadFile
GetFileSize
FindResourceExA
FindResourceExW
SetUnhandledExceptionFilter
GetTempPathW
GetTimeZoneInformation
ReleaseSemaphore
CreateSemaphoreW
DeviceIoControl
GetTempFileNameW
GetSystemDirectoryW
GetSystemWow64DirectoryW
ExpandEnvironmentStringsA
GetLongPathNameW
GetTempPathA
GetFileAttributesA
CreateMutexA
SetFilePointerEx
GetFileAttributesExW
GetFileInformationByHandle
GetVolumeInformationW
GetCurrentDirectoryW
SetCurrentDirectoryW
OutputDebugStringA
TlsSetValue
ReleaseMutex
CreateFileMappingA
GetExitCodeThread
DuplicateHandle
TerminateThread
CreateWaitableTimerW
SetThreadPriority
GetSystemDirectoryA
CompareFileTime
LocalFree
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
OpenThread
SleepEx
SwitchToThread
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetCommandLineA
RtlUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetProcessAffinityMask
HeapSize
HeapFree
GetProcessHeap
HeapAlloc
EnumSystemLocalesW
IsValidLocale
GetUserDefaultLCID
GetTimeFormatW
GetDateFormatW
CompareStringW
GetCurrencyFormatW
GetNumberFormatW
VirtualProtect
SetSystemTime
DebugBreak
CreateSemaphoreA
VirtualFree
VirtualAlloc
GetVersion
GlobalAlloc
SetWaitableTimer
CreateWaitableTimerA
CreateEventA
FlushFileBuffers
SetEndOfFile
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetNativeSystemInfo
RegisterWaitForSingleObject
UnregisterWaitEx
GlobalMemoryStatusEx
IsDebuggerPresent
FileTimeToSystemTime
TlsAlloc
TlsFree
GetSystemTimeAsFileTime
GetStdHandle
ResumeThread
GetModuleHandleExA
OpenProcess
CreateToolhelp32Snapshot
Thread32First
GetThreadTimes
Thread32Next
InitializeCriticalSectionAndSpinCount
FormatMessageA
CreateProcessW
CreateFileMappingW
CreateMutexW
GetNamedPipeInfo
CreateNamedPipeW
CancelIo
ConnectNamedPipe
InterlockedExchangeAdd
ExitProcess
TerminateProcess
SetConsoleCtrlHandler
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
HeapDestroy
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteConsoleA
GetConsoleOutputCP
CancelWaitableTimer
GlobalSize
WriteConsoleW
SetStdHandle
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
EnumSystemLocalesA
CompareStringA
SetEnvironmentVariableA
LocalAlloc
lstrcpynW
GlobalMemoryStatus
FlushConsoleInputBuffer
lstrlenA
ReadConsoleInputA
SetConsoleMode
TlsGetValue
InitializeCriticalSection
GlobalLock
GlobalUnlock
UnmapViewOfFile
MapViewOfFile
GetProcessTimes
GlobalFree
GetEnvironmentVariableA
CreateDirectoryA
GetCurrentDirectoryA
GetTempFileNameA
CreateFileA
WriteFile
DeleteFileA
GetCurrentProcessId
GetModuleHandleA
CreateProcessA
WideCharToMultiByte
CreateDirectoryW
GetFileAttributesW
CreateFileW
GetFileSizeEx
GetSystemTime
SystemTimeToFileTime
FindFirstFileW
RemoveDirectoryW
DeleteFileW
FindNextFileW
FindClose
GetModuleFileNameA
FindResourceA
SizeofResource
LoadResource
LockResource
OpenFile
_lwrite
_lclose
FreeResource
GetModuleFileNameW
lstrlenW
SetLastError
GetCurrentProcess
FlushInstructionCache
RaiseException
LCMapStringW
GetTickCount
GetCurrentThreadId
GetLocaleInfoW
TryEnterCriticalSection
LoadLibraryW
GetVersionExW
LoadLibraryA
GetProcAddress
WaitForMultipleObjects
GetLastError
FreeLibrary
WaitForSingleObject
ResetEvent
CloseHandle
CreateEventW
SetEvent
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
GetCurrentThread
SetThreadAffinityMask
IsDBCSLeadByte
GetACP
GetCPInfo
MultiByteToWideChar
ExitThread
ExpandEnvironmentStringsW
InterlockedExchange
InterlockedCompareExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
LCMapStringA

user32

EnumDisplayMonitors
RegisterWindowMessageA
PostMessageA
SetWindowLongA
GetWindowLongA
DefWindowProcA
LoadIconA
LoadCursorA
RegisterClassExA
MsgWaitForMultipleObjectsEx
UnregisterClassW
CallMsgFilterW
MsgWaitForMultipleObjects
GetClassNameA
CallNextHookEx
GetUpdateRect
ValidateRect
GetClassNameW
FindWindowExW
RemovePropW
SetWinEventHook
MonitorFromRect
UnhookWindowsHookEx
SetActiveWindow
SetParent
UpdateWindow
GetAncestor
IsIconic
MapWindowPoints
GetWindowTextW
SetWindowPlacement
GetWindowPlacement
IsZoomed
GetSystemMenu
FlashWindowEx
GetActiveWindow
MoveWindow
SetCaretPos
CreateCaret
ShowCaret
DestroyCaret
EnumDisplayDevicesW
EmptyClipboard
GetMonitorInfoA
GetUserObjectInformationW
GetProcessWindowStation
wsprintfW
GetDesktopWindow
MonitorFromWindow
EnumDisplaySettingsW
SetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
RegisterClipboardFormatW
RemoveMenu
SetMenuItemInfoW
GetForegroundWindow
SetRect
EnumDisplayDevicesA
GetMenuItemInfoW
InsertMenuItemW
CreatePopupMenu
TrackPopupMenu
DestroyMenu
DrawMenuBar
GetMenuInfo
CreateMenu
SetMenuInfo
MapVirtualKeyW
CharUpperW
CharLowerW
PostThreadMessageW
GetMessageW
TranslateMessage
OffsetRect
CreateWindowExW
ShowWindow
GetWindow
ShowWindowAsync
GetWindowTextLengthW
DestroyWindow
GetDoubleClickTime
DeleteMenu
SetWindowsHookExW
DispatchMessageW
CloseWindow
WaitForInputIdle
MessageBoxA
DialogBoxParamW
SetWindowTextA
RedrawWindow
DialogBoxIndirectParamW
SetWindowTextW
SendMessageTimeoutW
CreateIconIndirect
GetMonitorInfoW
SetRectEmpty
GetCursor
DestroyIcon
LoadImageW
GetPropW
SetPropW
PtInRect
InflateRect
GetClipboardFormatNameA
RegisterClipboardFormatA
SetWindowPos
RegisterClassA
CreateWindowExA
SetCapture
ReleaseCapture
SetCursorPos
GetSubMenu
GetCapture
SystemParametersInfoW
ScreenToClient
GetMessageTime
GetCursorPos
WindowFromPoint
LoadIconW
RegisterClassW
PeekMessageW
GetQueueStatus
KillTimer
SetTimer
IsWindowVisible
PostMessageW
GetFocus
GetParent
GetWindowThreadProcessId
AttachThreadInput
GetDlgItem
IsWindow
EnableWindow
SendMessageW
InvalidateRect
GetKeyState
ReleaseDC
LoadStringW
MessageBoxW
SetCursor
EnableMenuItem
CheckMenuItem
FillRect
GetDC
BeginPaint
GetClientRect
EndPaint
GetSystemMetrics
EndDialog
UnregisterClassA
SetFocus
GetWindowInfo
CopyRect
RegisterClassExW
CallWindowProcW
PostQuitMessage
LoadCursorW
GetClassInfoExW
SetWindowLongW
DefWindowProcW
ClientToScreen
SendInput
ActivateKeyboardLayout
GetKeyboardLayout
GetWindowLongW
GetWindowRect
UpdateLayeredWindow

gdi32

EnumFontFamiliesExW
CreateDCW
GetFontData
RestoreDC
SaveDC
SelectClipPath
PolyBezierTo
SetPolyFillMode
EndPath
BeginPath
EndPage
StartPage
FillPath
ExtCreatePen
StrokePath
EndDoc
StartDocW
CreatePalette
GetWorldTransform
SetGraphicsMode
SetWorldTransform
GetTextCharacterExtra
DPtoLP
EnumFontFamiliesA
GetCurrentObject
CreatePen
MoveToEx
LineTo
SetTextCharacterExtra
GetBkColor
SelectClipRgn
GetTextColor
GetBkMode
GetTextAlign
SetBkMode
SetTextAlign
CreateRectRgn
GetClipRgn
IntersectClipRect
CreateFontIndirectA
SetTextColor
GetTextMetricsW
GetTextExtentPoint32W
ExtTextOutA
GetTextExtentPoint32A
CreateFontIndirectW
CreateBitmap
SetPixel
CreateDCA
GetICMProfileA
SelectPalette
RealizePalette
RectVisible
LPtoDP
StretchDIBits
GetStockObject
Rectangle
GetDeviceCaps
GetSystemPaletteEntries
GetClipBox
CreateSolidBrush
EnumFontFamiliesW
GetStretchBltMode
CreateCompatibleBitmap
SetStretchBltMode
SetBkColor
ExtTextOutW
BitBlt
StretchBlt
GdiAlphaBlend
CreateDIBSection
GetObjectW
SelectObject
DeleteObject
GdiFlush
DeleteDC
CreateCompatibleDC

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
PrintDlgW

advapi32

CryptDecrypt
CryptSetKeyParam
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptAcquireContextA
CryptCreateHash
RegisterEventSourceA
ReportEventA
DeregisterEventSource
IsValidSid
CryptImportKey
CryptGenKey
CryptDestroyKey
CryptExportKey
CryptEncrypt
RegOpenKeyA
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegCreateKeyExA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegDeleteValueA
RegOpenKeyExW
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
RegQueryValueExW

shell32

SHGetFolderPathW
SHGetFolderPathA
SHGetPathFromIDListW
SHBrowseForFolderW
SHAppBarMessage
SHGetFolderLocation
SHGetSettings
ord165
ShellExecuteW
SHGetDiskFreeSpaceExW
SHGetSpecialFolderPathW
SHFileOperationW

ole32

OleGetClipboard
OleInitialize
CoUninitialize
CoSetProxyBlanket
CoInitializeEx
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoTaskMemFree
CoFreeUnusedLibraries
CoInitialize
CoCreateInstance
CoTaskMemAlloc
OleUninitialize
ReleaseStgMedium
CreateBindCtx
MkParseDisplayName
PropVariantClear

ws2_32

WSAAsyncSelect
closesocket
WSACleanup
WSAStartup
WSASocketA
ntohl
select
gethostname
connect
WSAGetLastError
WSAEnumNetworkEvents
WSAEventSelect
WSACreateEvent
WSAAddressToStringA
bind
sendto
setsockopt
recv
send
ntohs
getsockname
WSAIoctl
socket
ioctlsocket
WSASocketW
htons
WSACloseEvent
gethostbyname
inet_ntoa
htonl
getservbyname
gethostbyaddr
getservbyport
WSASetLastError
recvfrom
inet_addr

shlwapi

StrStrIW
StrRStrIW
UrlCanonicalizeW
AssocQueryStringW
PathRemoveFileSpecA

mscms

OpenColorProfileW
CreateColorTransformW
CloseColorProfile
TranslateBitmapBits
DeleteColorTransform

iphlpapi

GetAdaptersAddresses

winspool.drv

GetPrinterW
ClosePrinter
OpenPrinterW

Exports

Exports

AdobeCPGetAPI
BrokerMainW
DllRegisterServer
DllUnregisterServer
FlashPlayer_17_0_0_188_FlashPlayer
Flash_DisableLocalSecurity
Flash_EnforceLocalSecurity
IAEModule_AEModule_PutKernel
IAEModule_IAEKernel_LoadModule
IAEModule_IAEKernel_UnloadModule
Java_ShockwaveFlash_CurrentFrame_stub
Java_ShockwaveFlash_FlashVersion_stub
Java_ShockwaveFlash_FrameLoaded_stub
Java_ShockwaveFlash_GetVariable_stub
Java_ShockwaveFlash_GotoFrame_stub
Java_ShockwaveFlash_IsPlaying_stub
Java_ShockwaveFlash_LoadMovie_stub
Java_ShockwaveFlash_Pan_stub
Java_ShockwaveFlash_PercentLoaded_stub
Java_ShockwaveFlash_Play_stub
Java_ShockwaveFlash_SetVariable_stub
Java_ShockwaveFlash_SetZoomRect_stub
Java_ShockwaveFlash_StopPlay_stub
Java_ShockwaveFlash_TCallFrame_stub
Java_ShockwaveFlash_TCallLabel_stub
Java_ShockwaveFlash_TCurrentFrame_stub
Java_ShockwaveFlash_TCurrentLabel_stub
Java_ShockwaveFlash_TGetProperty_stub
Java_ShockwaveFlash_TGotoFrame_stub
Java_ShockwaveFlash_TGotoLabel_stub
Java_ShockwaveFlash_TPlay_stub
Java_ShockwaveFlash_TSetProperty_stub
Java_ShockwaveFlash_TStopPlay_stub
Java_ShockwaveFlash_TotalFrames_stub
Java_ShockwaveFlash_Zoom_stub
NP_Acrobat_GetEntryPoints
NP_Acrobat_Initialize
NP_GetEntryPoints
NP_Initialize
NP_SetBrokerClient
NP_SetNPAPIHostProxy
NP_Shutdown
native_ShockwaveFlash_CurrentFrame
native_ShockwaveFlash_FlashVersion
native_ShockwaveFlash_FrameLoaded
native_ShockwaveFlash_GetVariable
native_ShockwaveFlash_GotoFrame
native_ShockwaveFlash_IsPlaying
native_ShockwaveFlash_LoadMovie
native_ShockwaveFlash_Pan
native_ShockwaveFlash_PercentLoaded
native_ShockwaveFlash_Play
native_ShockwaveFlash_SetVariable
native_ShockwaveFlash_SetZoomRect
native_ShockwaveFlash_StopPlay
native_ShockwaveFlash_TCallFrame
native_ShockwaveFlash_TCallLabel
native_ShockwaveFlash_TCurrentFrame
native_ShockwaveFlash_TCurrentLabel
native_ShockwaveFlash_TGetProperty
native_ShockwaveFlash_TGotoFrame
native_ShockwaveFlash_TGotoLabel
native_ShockwaveFlash_TPlay
native_ShockwaveFlash_TSetProperty
native_ShockwaveFlash_TStopPlay
native_ShockwaveFlash_TotalFrames
native_ShockwaveFlash_Zoom
register_ShockwaveFlash
unregister_ShockwaveFlash
unuse_ShockwaveFlash
unuse_netscape_plugin_Plugin
use_ShockwaveFlash
use_netscape_plugin_Plugin

Sections

.text
Size: 11.5MB - Virtual size: 11.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 802KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 586KB - Virtual size: 586KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Adobe AIR/Versions/1.0/Resources/WebKit.dll
.dll windows:5 windows x86 arch:x86

44c4900fff525e0c6852d942ff9958f5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

07/06/2012, 00:00

Not After

06/06/2022, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:ed:67:42:55:61:4b:f4:ed:3e:d4:23:cc:93:ca:7d
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/01/2014, 00:00

Not After

07/01/2016, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Flash Player,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a3:33:8c:59:15:f4:a7:b9:19:aa:09:06:7d:54:a2:2c:8e:bc:30:0c
Signer

Actual PE Digest

a3:33:8c:59:15:f4:a7:b9:19:aa:09:06:7d:54:a2:2c:8e:bc:30:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\r\ws\St_Make\code\build\win\results\Release\info\WebKit.pdb

Imports

kernel32

GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetDriveTypeW
FindFirstFileW
GetModuleHandleW
Sleep
CreateDirectoryA
SetStdHandle
GetFileType
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetModuleHandleA
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
TerminateProcess
HeapDestroy
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryA
GetFullPathNameW
FlushFileBuffers
LCMapStringA
LCMapStringW
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap
CompareStringA
SetEnvironmentVariableA
RaiseException
GetDateFormatA
GetTimeFormatA
LeaveCriticalSection
EnterCriticalSection
GetTimeZoneInformation
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
LoadLibraryW
FormatMessageW
LocalFree
GetFileAttributesA
lstrlenA
ExitProcess
GetVersionExW
GetLocaleInfoW
MultiByteToWideChar
GetLastError
GetCurrentDirectoryW
SetCurrentDirectoryW
LoadLibraryExW
FreeLibrary
GetProcAddress
GetFileAttributesExW
CreateFileW
GetFileSize
ReadFile
FoldStringW
GetCurrentThread
GetThreadTimes
GetSystemInfo
VirtualFree
VirtualAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteFileA
CreateFileA
SetFilePointer
WriteFile
CloseHandle
InterlockedDecrement
InterlockedIncrement
GetTickCount
HeapCreate
CompareStringW

user32

FillRect
SystemParametersInfoW
GetDC
ReleaseDC
GetLastInputInfo
SendMessageW
GetPropW
ReleaseCapture
SetCapture
CallWindowProcW
SetParent
CreateWindowExW
DefWindowProcA
SetWindowLongA
SetPropW
SetWindowRgn
MoveWindow
DestroyWindow
UpdateWindow
InvalidateRect
GetFocus
IsChild
GetUpdateRect
IntersectRect
EqualRect
GetWindowRgn
DefWindowProcW
LoadCursorW
RegisterClassExW
GetKeyboardState
SetKeyboardState
ShowWindow
SetFocus
GetWindowRect
ClientToScreen
SetWindowLongW
GetWindowLongW

gdi32

ModifyWorldTransform
RestoreDC
SaveDC
CreateCompatibleDC
CreateDIBSection
SelectObject
SetGraphicsMode
GetWorldTransform
SetWorldTransform
GetClipBox
CreateRectRgn
GetRgnBox
DeleteObject
RemoveFontMemResourceEx
CreateFontIndirectW
GetTextFaceW
EnumFontFamiliesExW
GetFontUnicodeRanges
GetStockObject
DeleteEnhMetaFile
EnumEnhMetaFile
CloseEnhMetaFile
CreateEnhMetaFileW
IntersectClipRect
GetOutlineTextMetricsW
GetGlyphOutlineW
GetTextMetricsW
GetCharWidthI
GetGlyphIndicesW
GetFontData
DeleteDC
GdiFlush
BitBlt
GetClipRgn
GetGraphicsMode
ExtSelectClipRgn
ExtCreateRegion
SelectClipRgn
CreateCompatibleBitmap
ExtTextOutW
SetBkMode
SetTextAlign
SetTextColor
SetMapMode
GetCharWidth32W
GetDeviceCaps
StretchDIBits
CreateSolidBrush
AddFontMemResourceEx
GetObjectW

usp10

ScriptStringAnalyse
ScriptShape
ScriptXtoCP
ScriptPlace
ScriptItemize
ScriptFreeCache
ScriptStringFree
ScriptStringOut

urlmon

FindMimeFromData

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeBeginPeriod
timeEndPeriod

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

ole32

CoCreateGuid
CoTaskMemFree
CoCreateInstance

Exports

Exports

WebKitGetAPI
cairo_append_path
cairo_arc
cairo_arc_negative
cairo_clip
cairo_clip_extents
cairo_clip_preserve
cairo_close_path
cairo_copy_clip_rectangle_list
cairo_copy_page
cairo_copy_path
cairo_copy_path_flat
cairo_create
cairo_curve_to
cairo_debug_reset_static_data
cairo_destroy
cairo_device_acquire
cairo_device_destroy
cairo_device_finish
cairo_device_flush
cairo_device_get_reference_count
cairo_device_get_type
cairo_device_get_user_data
cairo_device_reference
cairo_device_release
cairo_device_set_user_data
cairo_device_status
cairo_device_to_user
cairo_device_to_user_distance
cairo_fill
cairo_fill_extents
cairo_fill_preserve
cairo_font_extents
cairo_font_face_destroy
cairo_font_face_get_reference_count
cairo_font_face_get_type
cairo_font_face_get_user_data
cairo_font_face_reference
cairo_font_face_set_user_data
cairo_font_face_status
cairo_font_options_copy
cairo_font_options_create
cairo_font_options_destroy
cairo_font_options_equal
cairo_font_options_get_antialias
cairo_font_options_get_hint_metrics
cairo_font_options_get_hint_style
cairo_font_options_get_subpixel_order
cairo_font_options_hash
cairo_font_options_merge
cairo_font_options_set_antialias
cairo_font_options_set_hint_metrics
cairo_font_options_set_hint_style
cairo_font_options_set_subpixel_order
cairo_font_options_status
cairo_format_stride_for_width
cairo_get_antialias
cairo_get_current_point
cairo_get_dash
cairo_get_dash_count
cairo_get_fill_rule
cairo_get_font_face
cairo_get_font_matrix
cairo_get_font_options
cairo_get_group_target
cairo_get_line_cap
cairo_get_line_join
cairo_get_line_width
cairo_get_matrix
cairo_get_miter_limit
cairo_get_operator
cairo_get_reference_count
cairo_get_scaled_font
cairo_get_source
cairo_get_target
cairo_get_tolerance
cairo_get_user_data
cairo_glyph_allocate
cairo_glyph_extents
cairo_glyph_free
cairo_glyph_path
cairo_has_current_point
cairo_identity_matrix
cairo_image_surface_create
cairo_image_surface_create_for_data
cairo_image_surface_create_from_png
cairo_image_surface_create_from_png_stream
cairo_image_surface_get_data
cairo_image_surface_get_format
cairo_image_surface_get_height
cairo_image_surface_get_stride
cairo_image_surface_get_width
cairo_in_clip
cairo_in_fill
cairo_in_stroke
cairo_line_to
cairo_mask
cairo_mask_surface
cairo_matrix_init
cairo_matrix_init_identity
cairo_matrix_init_rotate
cairo_matrix_init_scale
cairo_matrix_init_translate
cairo_matrix_invert
cairo_matrix_multiply
cairo_matrix_rotate
cairo_matrix_scale
cairo_matrix_transform_distance
cairo_matrix_transform_point
cairo_matrix_translate
cairo_mesh_pattern_begin_patch
cairo_mesh_pattern_curve_to
cairo_mesh_pattern_end_patch
cairo_mesh_pattern_get_control_point
cairo_mesh_pattern_get_corner_color_rgba
cairo_mesh_pattern_get_patch_count
cairo_mesh_pattern_get_path
cairo_mesh_pattern_line_to
cairo_mesh_pattern_move_to
cairo_mesh_pattern_set_control_point
cairo_mesh_pattern_set_corner_color_rgb
cairo_mesh_pattern_set_corner_color_rgba
cairo_move_to
cairo_new_path
cairo_new_sub_path
cairo_paint
cairo_paint_with_alpha
cairo_path_destroy
cairo_path_extents
cairo_pattern_add_color_stop_rgb
cairo_pattern_add_color_stop_rgba
cairo_pattern_create_for_surface
cairo_pattern_create_linear
cairo_pattern_create_mesh
cairo_pattern_create_radial
cairo_pattern_create_raster_source
cairo_pattern_create_rgb
cairo_pattern_create_rgba
cairo_pattern_destroy
cairo_pattern_get_color_stop_count
cairo_pattern_get_color_stop_rgba
cairo_pattern_get_extend
cairo_pattern_get_filter
cairo_pattern_get_linear_points
cairo_pattern_get_matrix
cairo_pattern_get_radial_circles
cairo_pattern_get_reference_count
cairo_pattern_get_rgba
cairo_pattern_get_surface
cairo_pattern_get_type
cairo_pattern_get_user_data
cairo_pattern_reference
cairo_pattern_set_extend
cairo_pattern_set_filter
cairo_pattern_set_matrix
cairo_pattern_set_user_data
cairo_pattern_status
cairo_pop_group
cairo_pop_group_to_source
cairo_push_group
cairo_push_group_with_content
cairo_raster_source_pattern_get_acquire
cairo_raster_source_pattern_get_callback_data
cairo_raster_source_pattern_get_copy
cairo_raster_source_pattern_get_finish
cairo_raster_source_pattern_get_snapshot
cairo_raster_source_pattern_set_acquire
cairo_raster_source_pattern_set_callback_data
cairo_raster_source_pattern_set_copy
cairo_raster_source_pattern_set_finish
cairo_raster_source_pattern_set_snapshot
cairo_recording_surface_create
cairo_recording_surface_get_extents
cairo_recording_surface_ink_extents
cairo_rectangle
cairo_rectangle_list_destroy
cairo_reference
cairo_region_contains_point
cairo_region_contains_rectangle
cairo_region_copy
cairo_region_create
cairo_region_create_rectangle
cairo_region_create_rectangles
cairo_region_destroy
cairo_region_equal
cairo_region_get_extents
cairo_region_get_rectangle
cairo_region_intersect
cairo_region_intersect_rectangle
cairo_region_is_empty
cairo_region_num_rectangles
cairo_region_reference
cairo_region_status
cairo_region_subtract
cairo_region_subtract_rectangle
cairo_region_translate
cairo_region_union
cairo_region_union_rectangle
cairo_region_xor
cairo_region_xor_rectangle
cairo_rel_curve_to
cairo_rel_line_to
cairo_rel_move_to
cairo_reset_clip
cairo_restore
cairo_rotate
cairo_save
cairo_scale
cairo_scaled_font_create
cairo_scaled_font_destroy
cairo_scaled_font_extents
cairo_scaled_font_get_ctm
cairo_scaled_font_get_font_face
cairo_scaled_font_get_font_matrix
cairo_scaled_font_get_font_options
cairo_scaled_font_get_reference_count
cairo_scaled_font_get_scale_matrix
cairo_scaled_font_get_type
cairo_scaled_font_get_user_data
cairo_scaled_font_glyph_extents
cairo_scaled_font_reference
cairo_scaled_font_set_user_data
cairo_scaled_font_status
cairo_scaled_font_text_extents
cairo_scaled_font_text_to_glyphs
cairo_select_font_face
cairo_set_antialias
cairo_set_dash
cairo_set_fill_rule
cairo_set_font_face
cairo_set_font_matrix
cairo_set_font_options
cairo_set_font_size
cairo_set_line_cap
cairo_set_line_join
cairo_set_line_width
cairo_set_matrix
cairo_set_miter_limit
cairo_set_operator
cairo_set_scaled_font
cairo_set_source
cairo_set_source_rgb
cairo_set_source_rgba
cairo_set_source_surface
cairo_set_tolerance
cairo_set_user_data
cairo_show_glyphs
cairo_show_page
cairo_show_text
cairo_show_text_glyphs
cairo_status
cairo_status_to_string
cairo_stroke
cairo_stroke_extents
cairo_stroke_preserve
cairo_surface_copy_page
cairo_surface_create_similar
cairo_surface_create_similar_image
cairo_surface_destroy
cairo_surface_finish
cairo_surface_flush
cairo_surface_get_content
cairo_surface_get_device
cairo_surface_get_device_offset
cairo_surface_get_fallback_resolution
cairo_surface_get_font_options
cairo_surface_get_mime_data
cairo_surface_get_reference_count
cairo_surface_get_type
cairo_surface_get_user_data
cairo_surface_has_show_text_glyphs
cairo_surface_map_to_image
cairo_surface_mark_dirty
cairo_surface_mark_dirty_rectangle
cairo_surface_reference
cairo_surface_set_device_offset
cairo_surface_set_fallback_resolution
cairo_surface_set_mime_data
cairo_surface_set_user_data
cairo_surface_show_page
cairo_surface_status
cairo_surface_supports_mime_type
cairo_surface_unmap_image
cairo_surface_write_to_png
cairo_surface_write_to_png_stream
cairo_text_cluster_allocate
cairo_text_cluster_free
cairo_text_extents
cairo_text_path
cairo_toy_font_face_create
cairo_toy_font_face_get_family
cairo_toy_font_face_get_slant
cairo_toy_font_face_get_weight
cairo_transform
cairo_translate
cairo_user_font_face_create
cairo_user_font_face_get_init_func
cairo_user_font_face_get_render_glyph_func
cairo_user_font_face_get_text_to_glyphs_func
cairo_user_font_face_get_unicode_to_glyph_func
cairo_user_font_face_set_init_func
cairo_user_font_face_set_render_glyph_func
cairo_user_font_face_set_text_to_glyphs_func
cairo_user_font_face_set_unicode_to_glyph_func
cairo_user_to_device
cairo_user_to_device_distance
cairo_win32_font_face_create_for_hfont
cairo_win32_font_face_create_for_logfontw
cairo_win32_font_face_create_for_logfontw_hfont
cairo_win32_scaled_font_done_font
cairo_win32_scaled_font_get_device_to_logical
cairo_win32_scaled_font_get_logical_to_device
cairo_win32_scaled_font_get_metrics_factor
cairo_win32_scaled_font_select_font
cairo_win32_surface_create
cairo_win32_surface_create_with_ddb
cairo_win32_surface_create_with_dib
cairo_win32_surface_get_dc
cairo_win32_surface_get_image

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 858KB - Virtual size: 858KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.unwante
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Adobe AIR/Versions/1.0/Resources/WebKit/LGPL License.txt
Adobe AIR/Versions/1.0/Resources/WebKit/Notice WebKit.txt
BoscaCeoil.exe
.exe windows:5 windows x86 arch:x86

9b8cde1048803eb9f29e20b92535d1cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\r\ws\St_Make\code\build\win\results\Release\info\CaptiveAppEntry.pdb

Imports

kernel32

SetStdHandle
ExitProcess
CreateFileW
GetModuleHandleW
WriteConsoleW
GetStdHandle
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetUserDefaultUILanguage
GetCommandLineW
HeapAlloc
GetProcessHeap
GetFullPathNameW
HeapFree
GetCommandLineA
GetStartupInfoA
SetUnhandledExceptionFilter
Sleep
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
GetFileAttributesW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
CloseHandle
InitializeCriticalSection
SetFilePointer
LoadLibraryW
GetProcAddress
VirtualFree
GetModuleFileNameW
CreateFileA

shell32

CommandLineToArgvW

user32

MessageBoxExW

shlwapi

PathAppendW
PathRemoveFileSpecW
StrCmpW

msi

ord90

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BoscaCeoil.swf
META-INF/AIR/application.xml
.xml
META-INF/AIR/hash
META-INF/signatures.xml
assets/bc_128.png
.png
assets/bc_16.png
.png
assets/bc_32.png
.png
assets/bc_48.png
.png
mimetype

Sharing

General

Malware Config

Signatures

Files

d659434f223335ff8a8a7fc8bfc73854

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59Certificate

Extended Key Usages

Key Usages

50:ed:67:42:55:61:4b:f4:ed:3e:d4:23:cc:93:ca:7dCertificate

Extended Key Usages

Key Usages

a5:ee:74:2e:c4:77:88:43:45:0c:b1:97:a6:48:8d:fd:72:44:ca:7fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

oleaut32

ws2_32

version

crypt32

winmm

oleacc

user32

gdi32

msimg32

advapi32

comdlg32

shell32

shlwapi

wininet

msi

urlmon

comctl32

mscms

secur32

dsound

iphlpapi

dnsapi

dinput8

winspool.drv

Exports

Exports

Sections

.text Size: 12.1MB - Virtual size: 12.1MB

.rodata Size: 4KB - Virtual size: 4KB

.rdata Size: 6.3MB - Virtual size: 6.3MB

.data Size: 445KB - Virtual size: 1.4MB

.data1 Size: 512B - Virtual size: 84B

.rsrc Size: 209KB - Virtual size: 208KB

.reloc Size: 827KB - Virtual size: 827KB

5654f6bff0dd174f50c057d3f5682311

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

30:36:78:f6:2d:28:f5:8f:09:d1:6a:dd:15:b9:c0:71Certificate

Extended Key Usages

Key Usages

e8:b0:ea:0a:41:61:02:e3:b2:62:68:45:b3:b3:9c:19:38:0c:5c:80Signer

Headers

File Characteristics

PDB Paths

Imports

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59
Certificate

50:ed:67:42:55:61:4b:f4:ed:3e:d4:23:cc:93:ca:7d
Certificate

a5:ee:74:2e:c4:77:88:43:45:0c:b1:97:a6:48:8d:fd:72:44:ca:7f
Signer

.text
Size: 12.1MB - Virtual size: 12.1MB

.rodata
Size: 4KB - Virtual size: 4KB

.rdata
Size: 6.3MB - Virtual size: 6.3MB

.data
Size: 445KB - Virtual size: 1.4MB

.data1
Size: 512B - Virtual size: 84B

.rsrc
Size: 209KB - Virtual size: 208KB

.reloc
Size: 827KB - Virtual size: 827KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

30:36:78:f6:2d:28:f5:8f:09:d1:6a:dd:15:b9:c0:71
Certificate

e8:b0:ea:0a:41:61:02:e3:b2:62:68:45:b3:b3:9c:19:38:0c:5c:80
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 468KB - Virtual size: 465KB

.data
Size: 588KB - Virtual size: 597KB

.data1
Size: 4KB - Virtual size: 84B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 156KB - Virtual size: 154KB

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 704B

.reloc
Size: 4KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59
Certificate

50:ed:67:42:55:61:4b:f4:ed:3e:d4:23:cc:93:ca:7d
Certificate

ad:b2:ef:5c:13:b1:fb:c8:21:44:32:5d:4d:4f:fa:02:47:c0:f5:73
Signer