d61b1fc124bd8bb4f962749caca3246e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d61b1fc124bd8bb4f962749caca3246e_JaffaCakes118
Size

6.0MB
MD5

d61b1fc124bd8bb4f962749caca3246e
SHA1

8fc1a894520bb5056caa079798b24ad4e842917b
SHA256

15170d5abbc01a2377d4b94094e7082dd3198c6e3325c7df1fbb497cfaa1d469
SHA512

787220ea5fce83ccbcd0c0956de3137cf054ce03010a9716c52ffcbd5d855004a454dd608e8e0337e4b937e5d8a35df02b44e235231581f335fe247566c41f7e
SSDEEP

98304:0v4r2F4GNCFWrC6OXKJc2WdT37I21VqXoDBkUMYuC7uVbs9Sr4k/t3oRCG:0QKjUW2V72CT3021VrBkUMLC2OSJ3CD

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$SYSDIR/dhRichClient3.dll	acprotect
static1/unpack001/$SYSDIR/sqlite36_engine.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$SYSDIR/dhRichClient3.dll	upx
static1/unpack001/$SYSDIR/sqlite36_engine.dll	upx

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack001/$SYSDIR/DirectCOM.dll
unpack001/$SYSDIR/NTSVC.ocx
unpack001/$SYSDIR/RegistryHelperLM.ocx
unpack001/$SYSDIR/WSHOM.OCX
unpack001/$SYSDIR/dhRichClient3.dll
unpack002/out.upx
unpack001/$SYSDIR/scrrun.dll
unpack001/$SYSDIR/shdocvw.dll
unpack001/$SYSDIR/sqlite36_engine.dll
unpack003/out.upx
unpack001/Registry Helper Screen Saver Setup.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

d61b1fc124bd8bb4f962749caca3246e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c523d8653da5455667e3f82274f2f88

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:5b:df:bd:ae:79:49:e2:74:8a:5e:45:cb:06:f5:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/06/2009, 00:00

Not After

11/07/2010, 23:59

Subject

CN=SafeApp Software\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SafeApp Software\, LLC,L=Harrison,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
lstrcmpiA
CopyFileA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCurrentProcess

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

2457671c10c5aa708d9619798ec0139c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
SetLastError
CloseHandle
GlobalFree
LocalFree
FormatMessageA
MultiByteToWideChar
GetLastError
CreateProcessA
GlobalAlloc
lstrlenA
GetVersionExA
LoadLibraryA
lstrcatA
GetProcAddress
lstrcpynA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiA
lstrcpyA
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
Sleep
CreateThread
GetStartupInfoA
GetCommandLineA
GetPrivateProfileIntA
GetPrivateProfileStringA
FreeLibrary
GetModuleHandleA

user32

EnableWindow
GetWindowLongA
DestroyWindow
LoadImageA
SetWindowLongA
EndDialog
MessageBoxA
SendMessageW
DialogBoxParamA
CharNextA
SendMessageTimeoutA
WaitForInputIdle
DefWindowProcA
PostMessageA
GetLastActivePopup
PostQuitMessage
SetForegroundWindow
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassA
UnregisterClassA
GetWindowTextA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
ShowWindow
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
SetWindowTextA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CoInitialize
CoUninitialize

Exports

Exports

Exec
ExecCodeSegment
ExecWait
GetElevationType
GetOuterHwnd
IsAdmin
RunElevated
ShellExec
ShellExecWait
StackPush
SupportsUAC
Unload

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

48cfa0ea7e353e4a7dd23572da8374ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName

Sections

.text
Size: 1024B - Virtual size: 573B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/countries.ini
$PLUGINSDIR/disclosure1.ini
$PLUGINSDIR/email.ini
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/review.bmp
$SYSDIR/DirectCOM.dll
.dll windows:4 windows x86 arch:x86

c3667292e5beb8f7231eebb0ccf02bfd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyExA
RegCloseKey

gdi32

MoveToEx

kernel32

CloseHandle
CreateThread
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsA
GetCommandLineA
GetCurrentThreadId
GetEnvironmentStringsA
GetExitCodeThread
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemInfo
GetVersionExA
GlobalAlloc
GlobalFree
LoadLibraryA
MultiByteToWideChar
ReadFile
ResumeThread
SetEndOfFile
SetErrorMode
SetFilePointer
SetLastError
Sleep
SuspendThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WideCharToMultiByte
WriteFile
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
InitializeCriticalSection
LeaveCriticalSection
RtlMoveMemory
LoadLibraryExW
LoadLibraryW

ole32

CLSIDFromProgID
CoCreateGuid
CoCreateInstance
CoInitialize
CoUninitialize
ProgIDFromCLSID

oleaut32

GetActiveObject
SafeArrayCreate
SysAllocStringByteLen
SysFreeString
SysStringByteLen
VariantClear
VariantCopy
LoadTypeLibEx

user32

CreateDialogIndirectParamA
CreateDialogParamA
CreateWindowExA
DialogBoxIndirectParamA
PeekMessageA
DialogBoxParamA
GetWindow

Exports

Exports

ASSIGN
ASSIGNADDREF
ASSIGNSWAP
CLOSETHREADHANDLE
DEREF
GETDLLCLASSOBJECT
GETINSTANCE
GETINSTANCELASTERROR
GETTHREADCOUNT
GETTHREADSTATUS
GetInstanceEx
READTSC
STARTCOMOBJECT
UNLOADCOMDLL

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.link
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/MSINET.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

d940cf5b3d0dfb340396c0608ef1a0c5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8a:cb:1c:af:c1:a1:9a:a8:ba:91:ac:e1:6b:ab:e7:b6:18:25:e9:91
Signer

Actual PE Digest

8a:cb:1c:af:c1:a1:9a:a8:ba:91:ac:e1:6b:ab:e7:b6:18:25:e9:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wininet

FtpSetCurrentDirectoryA
FtpCreateDirectoryA
InternetCrackUrlA
InternetSetOptionA
InternetCreateUrlA
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetFindNextFileA
FtpDeleteFileA
FtpGetFileA
FtpPutFileA
FtpRenameFileA
InternetReadFile
InternetConnectA
FtpGetCurrentDirectoryA
FtpRemoveDirectoryA
FtpFindFirstFileA
HttpQueryInfoA
HttpOpenRequestA
HttpSendRequestA
InternetOpenUrlA

kernel32

LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
GetProcessHeap
CloseHandle
LocalFree
FormatMessageA
SetEvent
CreateEventA
GetLastError
MultiByteToWideChar
lstrcatA
lstrcpyA
lstrlenA
ResetEvent
SetLastError
lstrcpynA
WaitForSingleObject
WaitForMultipleObjects
GetTickCount
IsBadWritePtr
DisableThreadLibraryCalls
GetVersion
GetProcAddress
GetFileAttributesA
GetModuleFileNameA
GetWindowsDirectoryA
LoadLibraryA
GetLocaleInfoA
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
lstrcmpiA
LockResource
LoadResource
FindResourceA
lstrcmpA

user32

SetDlgItemInt
SendDlgItemMessageA
GetMessageA
PostQuitMessage
GetDlgItemInt
GetDlgItemTextA
SendMessageA
ReleaseDC
GetDC
CharNextA
SetDlgItemTextA
SetWindowPos
SetWindowLongA
SetParent
EndPaint
GetClientRect
BeginPaint
GetWindowLongA
SetFocus
GetDlgItem
MoveWindow
GetWindow
GetActiveWindow
IsWindowVisible
TranslateMessage
GetParent
OffsetRect
EqualRect
DispatchMessageA
GetWindowThreadProcessId
ShowWindow
PtInRect
WinHelpA
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBoxA
MessageBeep
SetTimer
PeekMessageA
MsgWaitForMultipleObjects
PostMessageA
ClientToScreen
GetWindowRect
CreateWindowExA
EndDialog
LoadIconA
DrawEdge
DrawIcon
LoadCursorA
RegisterClassA
DestroyIcon
KillTimer
DestroyWindow
GetSystemMetrics
LoadStringA
wsprintfA
DialogBoxParamA
IntersectRect
SetWindowRgn
DefWindowProcA
PostThreadMessageA
UnregisterClassA

ole32

CoUninitialize
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegEnumKeyExA
RegQueryValueExA
RegQueryValueA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

oleaut32

OleCreatePropertyFrame
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
SafeArrayCreate
SetErrorInfo
CreateErrorInfo
GetErrorInfo
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
VariantChangeTypeEx
SysAllocString

gdi32

GetWindowExtEx
SetViewportOrgEx
LPtoDP
DeleteDC
SetWindowExtEx
SetMapMode
SetViewportExtEx
GetViewportExtEx
SetWindowOrgEx
CreateDCA
GetDeviceCaps
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/NTSVC.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

04932912f61a6a88e80105ab937594ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5150
ord3952
ord2724
ord6354
ord599
ord1216
ord1168
ord1243
ord1227
ord823
ord1877
ord4249
ord2486
ord2687
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3353
ord3681
ord446
ord743
ord1177
ord1226
ord1210
ord3530
ord2439
ord1693
ord5618
ord994
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord561
ord825
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord2976
ord4741
ord4738
ord4409
ord4603
ord3868
ord3670
ord4979
ord2488
ord3081
ord2985
ord2954
ord6055
ord4078
ord1776
ord4407
ord5241
ord2384
ord5163
ord6370
ord4353
ord5290
ord3798
ord815
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord3571
ord3573
ord800
ord723
ord6004
ord1641
ord1146
ord860
ord2636
ord3946
ord540
ord423
ord640
ord5873
ord5785
ord1640
ord323
ord3663
ord3626
ord2414
ord2379
ord4992
ord5327
ord5333
ord537
ord5328
ord5314
ord5334
ord2541
ord4949
ord641
ord2514
ord324
ord6030
ord1601
ord2795
ord5572
ord2915
ord6262
ord539
ord861
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord3401
ord4415
ord5008
ord3262
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord3136
ord4465
ord3259
ord3404
ord4539
ord4739
ord4837
ord269
ord1131
ord1132
ord1116
ord1176
ord6412
ord1575
ord1577
ord1182
ord1197
ord1578
ord1255
ord1253
ord600
ord826
ord342
ord1570

msvcrt

malloc
_mbsnbcpy
__CxxFrameHandler
__dllonexit
_onexit
_adjust_fdiv
??1type_info@@UAE@XZ
vsprintf
_initterm
free
_EH_prolog

kernel32

LocalAlloc
LocalFree
SetEvent
CloseHandle
CreateThread
GetModuleFileNameA
CreateEventA
WaitForSingleObject
OutputDebugStringA
GetCurrentThreadId

user32

FillRect
GetSysColor
LoadBitmapA
DrawEdge
wsprintfA
PostMessageA
PostQuitMessage
EnableWindow

gdi32

CreateCompatibleDC
BitBlt
GetObjectA
CreateSolidBrush
CreateBitmap
GetPixel

advapi32

CreateServiceA
DeregisterEventSource
SetServiceStatus
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegCloseKey
RegSetValueExA
RegCreateKeyA
CloseServiceHandle
OpenSCManagerA
DeleteService
OpenServiceA
ReportEventA
RegisterEventSourceA
RegEnumValueA
RegOpenKeyA
RegDeleteKeyA
RegQueryValueExA

oleaut32

VariantInit
SafeArrayCreate
SafeArrayRedim
LoadRegTypeLi
SafeArrayPutElement

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/RICHTX32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

aaca01ab2cd35af160b8025e9dcfad9f

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c6:be:da:cb:6f:7c:07:ce:80:06:10:c2:9a:0c:17:6f:0c:b4:42:44
Signer

Actual PE Digest

c6:be:da:cb:6f:7c:07:ce:80:06:10:c2:9a:0c:17:6f:0c:b4:42:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

shell32

DragAcceptFiles
DragQueryFileA
DragFinish

oledlg

ord1

kernel32

GlobalUnlock
GetVersionExA
GlobalSize
GlobalLock
FindResourceA
GlobalAlloc
GlobalFree
GetLocaleInfoA
LoadResource
LockResource
GetModuleFileNameA
GetWindowsDirectoryA
HeapReAlloc
GetFileAttributesA
lstrcatA
lstrcpynA
DisableThreadLibraryCalls
GetProcAddress
GetVersion
GetAtomNameA
FindAtomA
AddAtomA
IsBadWritePtr
DeleteAtom
InterlockedIncrement
FreeLibrary
LoadLibraryA
InterlockedDecrement
GetProcessHeap
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
WriteFile
GetLastError
ReadFile
LeaveCriticalSection
CreateFileA
lstrcmpA
lstrcpyA
HeapAlloc
lstrlenA
HeapFree
WideCharToMultiByte
lstrlenW
SetFilePointer
MultiByteToWideChar
IsDBCSLeadByte
CloseHandle
lstrcmpiA

user32

SetCursorPos
ScreenToClient
GetClipboardFormatNameA
PeekMessageW
PostMessageW
PeekMessageA
RegisterWindowMessageA
IsDlgButtonChecked
SetDlgItemInt
SetDlgItemTextA
CheckDlgButton
ReleaseCapture
DefWindowProcA
LoadCursorA
SetCursor
CreateDialogIndirectParamA
MapWindowPoints
FillRect
GetDlgItemTextA
GetClientRect
InvalidateRect
ValidateRect
SetRect
GetSysColor
InflateRect
GetClassInfoA
TrackPopupMenu
GetWindow
GetWindowTextA
CharNextA
MessageBoxA
SendDlgItemMessageA
GetDlgItem
PostMessageA
IsChild
TranslateMessage
DispatchMessageA
IsWindowEnabled
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
BeginPaint
MoveWindow
SetFocus
IsWindowVisible
EndPaint
SetParent
ShowWindow
EnableMenuItem
DeleteMenu
EqualRect
SetWindowRgn
IntersectRect
GetWindowRect
OffsetRect
GetDlgItemInt
GetActiveWindow
SetWindowLongA
SetWindowPos
LoadMenuA
UnregisterClassA
DestroyWindow
DestroyMenu
GetSubMenu
RemoveMenu
GetParent
GetMenuItemCount
GetFocus
IsWindow
WindowFromDC
RegisterClassA
LoadStringA
RegisterClipboardFormatA
GetCapture
GetCursorPos
EnableWindow
EndDialog
wsprintfA
GetKeyState
MessageBeep
CallWindowProcA
GetDC
GetSystemMetrics
ReleaseDC
UpdateWindow
SendMessageA
DialogBoxParamA
GetWindowLongA
CreateWindowExA
ClientToScreen
PtInRect

ole32

DoDragDrop
RegisterDragDrop
CreateOleAdviseHolder
OleCreateFromFile
CLSIDFromProgID
OleCreate
OleSetContainedObject
StringFromCLSID
OleGetIconOfClass
CoGetMalloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSaveToStream
OleLoadFromStream
RevokeDragDrop
CoTaskMemRealloc
ReleaseStgMedium
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA

oleaut32

SafeArrayGetElement
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetLBound
VariantCopyInd
VariantCopy
SafeArrayUnaccessData
SetErrorInfo
OleCreatePropertyFrame
CreateErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
OleCreatePictureIndirect
LoadRegTypeLi
GetErrorInfo
OleCreateFontIndirect
SysAllocStringLen
OleLoadPicture
OleTranslateColor
SysStringLen
SysFreeString
VariantChangeType
VariantClear
SysAllocString
VariantInit
SafeArrayCopy

comdlg32

GetOpenFileNameA
CommDlgExtendedError

gdi32

GetNearestColor
CreateSolidBrush
DeleteObject
EnumFontFamiliesExA
CreatePalette
GetBitmapBits
StretchBlt
GetObjectA
SelectPalette
CreateDIBitmap
GetDIBits
GetPaletteEntries
RealizePalette
CreateBitmap
CopyEnhMetaFileA
GetStockObject
CreateDCA
LPtoDP
CopyMetaFileA
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
GetClipBox
SetWindowExtEx
SetBkColor
SelectObject
CreateCompatibleBitmap
SetViewportExtEx
DeleteDC
EndDoc
PatBlt
StartPage
StartDocA
EndPage
SetWindowOrgEx
SetViewportOrgEx
DPtoLP
CreateCompatibleDC
GetMapMode
CreateICA
GetObjectType
SetMapMode
GetDeviceCaps

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VBFrameworkMapClassObject

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/RegistryHelperLM.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

c1efc96485e68b0decd94eb3299b9191

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaStrVarMove
__vbaAptOffset
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
ord519
__vbaStrCat
ord553
ord661
__vbaSetSystemError
__vbaRecDestruct
__vbaStrDate
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaLateMemSt
__vbaForEachCollObj
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
__vbaBoolVar
__vbaFpR8
_CIsin
ord631
ord525
__vbaNextEachCollObj
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaI2I4
ord561
DllFunctionCall
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
__vbaPrintFile
ord712
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
__vbaCheckType
ord644
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaR8Str
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord610
ord105
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
ord613
__vbaFpI2
ord616
__vbaFpI4
__vbaVarTstGe
ord617
__vbaR8IntI2
__vbaLateMemCallLd
_CIatan
ord618
__vbaAryCopy
__vbaStrMove
__vbaCastObj
ord542
_allmul
ord545
_CItan
ord546
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaFreeObj
__vbaRecAssign
ord581

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/SYSINFO.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

1982f39884ba6471cf2187fb256dc6d6

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcpyA
LoadLibraryA
HeapReAlloc
lstrcmpA
GetLocaleInfoA
GetWindowsDirectoryA
lstrcatA
MultiByteToWideChar
GetModuleFileNameA
GetFileAttributesA
lstrlenA
lstrcpynA
InterlockedIncrement
InterlockedDecrement
GetVersionExA
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
GetProcessHeap
GetSystemPowerStatus
MulDiv
GetVersion
DisableThreadLibraryCalls

user32

ShowWindow
PtInRect
SetWindowRgn
EqualRect
EndDialog
GetKeyState
OffsetRect
IntersectRect
DestroyWindow
DestroyIcon
RegisterClassA
SetWindowPos
CharNextA
wsprintfA
UnregisterClassA
SetWindowLongA
GetWindowLongA
DefWindowProcA
GetDC
ReleaseDC
SystemParametersInfoA
DialogBoxParamA
SetParent
GetParent
IsWindowVisible
MoveWindow
EndPaint
BeginPaint
DrawEdge
LoadIconA
DrawIcon
GetClientRect
LoadCursorA
CreateWindowExA
GetSystemMetrics
LoadStringA
GetWindowRect
ClientToScreen
SetFocus
SendMessageA
GetActiveWindow

ole32

CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

LoadRegTypeLi
OleCreatePropertyFrame
SetErrorInfo
VariantClear
SysAllocStringLen
VariantChangeType
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
SysFreeString
SysAllocString
RegisterTypeLi
CreateErrorInfo

gdi32

SetMapMode
LPtoDP
GetWindowExtEx
SetViewportExtEx
DeleteDC
SetWindowOrgEx
SetViewportOrgEx
CreateDCA
GetDeviceCaps
CreateRectRgnIndirect
SetWindowExtEx
GetViewportExtEx

Exports

Exports

DLLGetDocumentation
DeviceNameFromID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/WSHOM.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

f8093e3695dc7ce97988ae6553893f99

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winspool.drv

DeletePrinterConnectionW
OpenPrinterA
AddPrinterConnectionW
ClosePrinter
DeletePrinter
AddPrinterA
EnumPrintersA
EnumPrintersW
SetPrinterA
GetPrinterA

advapi32

GetUserNameA
RegOpenKeyExW
RegEnumKeyExA
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
GetUserNameW
RegCloseKey
RegCreateKeyExA
RegDeleteValueW
RegDeleteValueA
RegQueryInfoKeyA
RegEnumValueA
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegSetValueExA

shell32

ShellExecuteExA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

kernel32

FreeLibrary
GetFullPathNameA
GetComputerNameW
GetModuleHandleA
lstrcmpiA
GetProcessHeap
HeapAlloc
HeapFree
CreateEventA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
LeaveCriticalSection
EnterCriticalSection
GetLastError
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
WaitForMultipleObjects
CreateThread
InterlockedIncrement
SetEvent
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
LocalFree
LocalAlloc
FormatMessageA
FormatMessageW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetComputerNameA
GetVersionExA
lstrlenW
GetProcAddress
DuplicateHandle
GetExitCodeThread
lstrlenA
GetModuleFileNameA
GetLocaleInfoA
lstrcatA
FreeEnvironmentStringsW
GetEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
SetEnvironmentVariableW
SetEnvironmentVariableA
LoadLibraryA
lstrcmpA
DebugBreak
GetModuleFileNameW
lstrcpyA
GetCurrentProcess
CreatePipe
CreateProcessW
CreateProcessA
GetCurrentDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
GetWindowsDirectoryA
GetUserDefaultLCID
GetLocalTime
GetSystemDefaultLangID
CompareStringA

user32

SetKeyboardState
IsWindowEnabled
SendMessageTimeoutW
MessageBoxW
SetFocus
SetForegroundWindow
CharNextA
VkKeyScanA
GetKeyboardState
keybd_event
AttachThreadInput
GetWindow
FindWindowW
LoadStringA
LoadStringW
PostMessageA
EnumWindows
FindWindowA
GetDesktopWindow
GetWindowTextLengthW
GetWindowTextW
GetWindowTextLengthA
GetWindowTextA
IsWindowVisible
EnumThreadWindows
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
SendMessageTimeoutA
wsprintfA
GetWindowThreadProcessId

ole32

CoCreateInstance
CoGetMalloc

oleaut32

VariantCopy
SafeArrayCopy
VariantClear
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayRedim
VariantInit
SafeArrayPutElement
SafeArrayCreate
SafeArrayGetUBound
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
VarDateFromUdate
VariantChangeTypeEx
SafeArrayCreateVector
SafeArrayDestroy
SysAllocStringLen
SysStringLen
SysAllocString
CreateErrorInfo
SysFreeString
SetErrorInfo
VariantChangeType

mpr

WNetCloseEnum
WNetEnumResourceA
WNetEnumResourceW
WNetOpenEnumA
WNetAddConnection2A
WNetCancelConnection2A
WNetCancelConnection2W
WNetAddConnection2W

scrrun

DoOpenPipeStream

msvcrt

wcschr
_ismbcdigit
malloc
_adjust_fdiv
_ismbcspace
free
fopen
_initterm
_mbsrchr
_mbsnbcmp
isupper
tolower
_mbsicmp
fprintf
atoi
_wcsicmp
wcsrchr
fclose

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/dhRichClient3.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 350KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/mscomct2.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

748b8691a0d45b447a059b7ae299a0a2

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
VirtualFree
GetCPInfo
GetOEMCP
VirtualAlloc
FlushFileBuffers
SetStdHandle
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
IsBadReadPtr
GlobalReAlloc
UnmapViewOfFile
GetFileSize
CreateFileMappingA
MapViewOfFile
GetSystemDefaultLCID
GetCurrentThreadId
GetCurrentProcessId
HeapCreate
HeapDestroy
FreeResource
LocalSize
RtlMoveMemory
CreateThread
Sleep
WaitForSingleObject
GetTimeFormatA
GlobalHandle
lstrcmpA
GetThreadLocale
MulDiv
LocalAlloc
GetProfileIntA
LocalReAlloc
LocalFree
GetTickCount
GetModuleHandleA
GlobalAddAtomA
GetACP
CompareStringW
CompareStringA
GlobalSize
GetVersionExA
IsDBCSLeadByte
lstrcpynA
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
FindResourceA
LoadResource
LockResource
GetLastError
lstrcmpiA
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
MultiByteToWideChar
IsBadWritePtr
GetDateFormatA
lstrcpyA
GetLocaleInfoA
GetLocalTime
CreateFileA
CloseHandle
GlobalAlloc
WriteFile
GlobalLock
HeapAlloc
DeleteCriticalSection
WideCharToMultiByte
lstrlenW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapFree
FreeLibrary
lstrlenA
GetProcessHeap
GlobalFree
GlobalUnlock

user32

GrayStringA
HideCaret
DestroyCaret
CreateCaret
GetAsyncKeyState
SetCaretPos
DrawTextExA
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
MapVirtualKeyA
ShowCaret
GetUpdateRgn
DestroyCursor
GetWindowRgn
ValidateRect
GetDCEx
LockWindowUpdate
CharNextExA
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
GetKeyboardLayout
GetUpdateRect
DeferWindowPos
BeginDeferWindowPos
FindWindowA
TrackPopupMenu
GetKeyNameTextA
RemovePropA
SendNotifyMessageA
FrameRect
ChildWindowFromPoint
DrawIcon
TranslateMessage
DispatchMessageA
MessageBeep
UnregisterClassA
CreateDialogIndirectParamA
IsChild
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
ScrollWindowEx
InvalidateRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
RegisterClipboardFormatA
RegisterWindowMessageA
PeekMessageA
ScreenToClient
PostMessageW
PeekMessageW
RedrawWindow
InflateRect
AdjustWindowRectEx
CreatePopupMenu
DestroyMenu
DrawTextA
DrawFocusRect
AppendMenuA
AdjustWindowRect
IsZoomed
EnumChildWindows
GetDesktopWindow
ShowScrollBar
SetScrollRange
SetScrollPos
GetMessageA
GetScrollPos
IsRectEmpty
CallMsgFilterA
GetMessagePos
GetDoubleClickTime
InvertRect
GetSysColorBrush
SetCursor
GetWindowDC
UnionRect
SetTimer
SetScrollInfo
EnableScrollBar
UpdateWindow
KillTimer
LoadCursorA
GetMessageTime
GetDlgCtrlID
GetWindowThreadProcessId
WindowFromPoint
EndDeferWindowPos
EndDialog
ReleaseCapture
PtInRect
SetWindowRgn
IntersectRect
EqualRect
OffsetRect
GetParent
ClientToScreen
GetWindowRect
GetActiveWindow
GetWindow
MoveWindow
BeginPaint
EndPaint
SetParent
IsWindowVisible
CreateWindowExA
DestroyWindow
CharNextA
GetPropA
GetCursorPos
SetCursorPos
MapWindowPoints
DefWindowProcA
SetPropA
IsWindow
SetDlgItemTextA
CheckDlgButton
IsWindowEnabled
GetDlgItemTextA
GetDC
ReleaseDC
SetWindowPos
SetWindowLongA
GetWindowLongA
SendDlgItemMessageA
IsDlgButtonChecked
GetClientRect
GetFocus
LoadIconA
FillRect
DrawIconEx
ShowWindow
DestroyIcon
SetDlgItemInt
GetDlgItemInt
MessageBoxA
SetFocus
GetWindowTextLengthA
SetWindowTextA
GetWindowTextA
EnableWindow
DialogBoxParamA
SendMessageA
GetKeyState
SetCapture
GetCapture
CallWindowProcA
PostMessageA
GetSysColor
SetRect
DrawEdge
GetSystemMetrics
GetClassInfoA
RegisterClassA
GetDlgItem
LoadStringA
wsprintfA
GetScrollInfo
GetClassNameA
DrawFrameControl
CopyRect

ole32

OleLoadFromStream
ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
OleSaveToStream
CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegEnumKeyExA
RegCreateKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SafeArrayCopy
SafeArrayGetElement
SafeArrayCreate
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetLBound
VariantCopy
SafeArrayUnaccessData
OleCreateFontIndirect
GetErrorInfo
OleCreatePictureIndirect
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLibEx
SetErrorInfo
LoadTypeLi
CreateErrorInfo
VariantCopyInd
SafeArrayCreateVector
OleCreatePropertyFrame
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
OleTranslateColor
VariantChangeTypeEx
VariantChangeType
SysAllocStringLen
VariantInit
SysStringLen
SysAllocString
LoadRegTypeLi
VariantClear
SafeArrayRedim
SysFreeString

gdi32

ExcludeClipRect
SetBrushOrgEx
GetClipRgn
OffsetRgn
GetDIBColorTable
SetDIBColorTable
CreateDIBSection
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
CreateHalftonePalette
GetTextAlign
SetTextAlign
DeleteObject
GetDeviceCaps
SelectObject
CreateSolidBrush
PatBlt
Polyline
CreatePen
StretchDIBits
GetDIBits
GetSystemPaletteEntries
GetObjectA
CreateBitmap
DeleteDC
CreateCompatibleDC
CreateDCA
SetBkColor
GetStockObject
GetTextExtentPoint32A
CreateFontIndirectA
GetCurrentObject
GetTextMetricsA
SetViewportOrgEx
SetWindowOrgEx
CreateRectRgnIndirect
GetViewportExtEx
GetWindowExtEx
LPtoDP
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetTextColor
SelectClipRgn
CreateRectRgn
Rectangle
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
RealizePalette
SelectPalette
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
GetClipBox
TextOutA
SetBkMode
CreateFontA
CreatePatternBrush
ExtTextOutA
RestoreDC
IntersectClipRect
SaveDC
GetBkColor
GetCharWidthA
GetTextExtentPointA
Arc
RectVisible
Ellipse
LineTo
MoveToEx
GetPixel
CreateCompatibleBitmap
BitBlt
CombineRgn
GetTextColor

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 464KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/mscomctl.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

ce21923007044b1701a0b2dc4ac9396b

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c7:c4:89:65:e3:9c:c5:cd:87:45:a0:f0:e3:45:44:66:2e:8c:1e:27
Signer

Actual PE Digest

c7:c4:89:65:e3:9c:c5:cd:87:45:a0:f0:e3:45:44:66:2e:8c:1e:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
LocalReAlloc
GetProfileIntA
RtlMoveMemory
LocalSize
FreeResource
GetCurrentProcessId
MulDiv
GetTickCount
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GlobalReAlloc
IsBadReadPtr
Sleep
WaitForSingleObject
GlobalHandle
GetThreadLocale
LocalFree
LocalAlloc
GlobalAddAtomA
SetFilePointer
SetStdHandle
FlushFileBuffers
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
CompareStringW
GlobalSize
CreateFileA
GetFileSize
GlobalUnlock
GlobalLock
ReadFile
CloseHandle
IsDBCSLeadByte
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetLastError
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
IsBadWritePtr
lstrcmpiA
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpA
GlobalAlloc
GlobalFree
GetVersionExA
GetCurrentThreadId
MultiByteToWideChar
CompareStringA
lstrcpyA
InterlockedExchange
lstrlenA
GetSystemDefaultLCID
lstrcpynA
HeapAlloc
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
HeapReAlloc

user32

DrawFocusRect
AdjustWindowRect
DrawFrameControl
TrackPopupMenu
GetMessageA
AdjustWindowRectEx
CopyRect
GetKeyNameTextA
ShowCaret
SetCaretPos
GrayStringA
HideCaret
DestroyCaret
CreateCaret
SetWindowTextA
SetScrollInfo
DrawTextExA
InvertRect
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
GetScrollInfo
GetKeyboardLayout
DestroyCursor
GetUpdateRgn
GetUpdateRect
GetWindowRgn
ValidateRect
CallMsgFilterA
LockWindowUpdate
IsZoomed
GetDesktopWindow
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
EndDeferWindowPos
EnumChildWindows
GetDoubleClickTime
FindWindowA
GetMessageTime
GetWindowThreadProcessId
RemovePropA
SendNotifyMessageA
SetScrollPos
SetScrollRange
GetWindowTextLengthA
EnableScrollBar
ChildWindowFromPoint
EndDialog
GetWindow
GetPropA
GetCursorPos
WindowFromPoint
GetClassNameA
GetDlgCtrlID
IsWindow
SetPropA
SetTimer
KillTimer
SendDlgItemMessageA
IsWindowVisible
UnregisterClassA
CharNextA
SetActiveWindow
CheckRadioButton
SetFocus
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
IsWindowEnabled
GetDCEx
DrawIconEx
CreateIconIndirect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
SetCursorPos
RegisterClipboardFormatA
MessageBeep
RegisterWindowMessageA
PeekMessageA
PostMessageW
PeekMessageW
VkKeyScanA
SetParent
CharUpperA
GetDlgItemInt
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
IsDialogMessageA
ScrollWindowEx
GetDlgItemTextA
SetWindowRgn
IntersectRect
EqualRect
MoveWindow
BeginPaint
EndPaint
DeferWindowPos
BeginDeferWindowPos
CharNextExA
DrawIcon
DestroyIcon
MapWindowPoints
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
DestroyMenu
GetActiveWindow
MessageBoxA
WinHelpA
PtInRect
DefWindowProcA
GetWindowDC
SetRect
LoadCursorA
IsRectEmpty
ClientToScreen
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetAsyncKeyState
EnableWindow
PostMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DialogBoxParamA
UpdateWindow
GetWindowLongA
SetWindowLongA
GetDC
ReleaseDC
GetParent
OffsetRect
UnionRect
GetFocus
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetMessagePos
ScreenToClient
SetWindowPos
SetCapture
GetWindowTextA
WindowFromDC
GetClientRect
CallWindowProcA
DrawEdge
GetSysColor
FrameRect
InflateRect
FillRect
DrawTextA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
InvalidateRect
LoadIconA
GetSystemMetrics
CopyImage
SendMessageA
LoadStringA
RedrawWindow
ShowWindow
CreateAcceleratorTableA

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
OleLoadFromStream
OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

advapi32

RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
OleCreateFontIndirect
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLi
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysAllocStringLen
VariantCopy
OleTranslateColor
VariantChangeType
OleCreatePictureIndirect
VariantCopyInd
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

Arc
GetTextExtentPointA
GetCharWidthA
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
Polyline
GetTextAlign
SetTextAlign
OffsetRgn
GetTextColor
CombineRgn
GetTextMetricsA
MoveToEx
LineTo
Ellipse
DeleteObject
SelectObject
CreateSolidBrush
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetDeviceCaps
CreateFontIndirectA
GetObjectA
SelectClipRgn
ExcludeClipRect
RectVisible
GetClipBox
IntersectClipRect
GetClipRgn
CreateRectRgnIndirect
RealizePalette
SelectPalette
PatBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
GetTextExtentPoint32A
TextOutA
SetBkColor
SetTextColor
SetBkMode
Rectangle
CreatePen
GetStockObject
GetViewportExtEx
GetWindowExtEx
LPtoDP
DeleteDC
CreateDCA
CreateRectRgn
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
GetDIBits
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
CreatePatternBrush
CreateDIBSection
CreateHalftonePalette
BitBlt
SetDIBColorTable
GetDIBColorTable
GetPixel
StretchDIBits
SetBrushOrgEx
GetBkColor
ExtTextOutA
RestoreDC
SaveDC
CreateFontA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 692KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/msflxgrd.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

138f160cfefa07306f399d9bfa41ad11

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
GetStringTypeA
GetStringTypeW
GlobalFree
LCMapStringA
LCMapStringW
GlobalLock
GlobalSize
GetVersionExA
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
ExitProcess
GetCommandLineA
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
FindResourceA
LoadResource
LockResource
GetLastError
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
HeapReAlloc
GetModuleFileNameA
InterlockedDecrement
MultiByteToWideChar
GetProfileStringA
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
lstrcmpiA
lstrcpynA
InterlockedIncrement
GlobalUnlock
GlobalAlloc
lstrcmpA
HeapAlloc
lstrcatA
HeapFree
WideCharToMultiByte
lstrlenW
lstrcpyA
lstrlenA
MulDiv
GetProcessHeap
LeaveCriticalSection
EnterCriticalSection
lstrcpyW
IsDBCSLeadByte
InterlockedExchange

user32

GetDlgItemInt
IsDlgButtonChecked
RegisterWindowMessageA
PeekMessageA
SetFocus
GetFocus
GetSysColor
GetSystemMetrics
FillRect
PeekMessageW
PostMessageW
SetWindowPos
GetDlgItem
SendDlgItemMessageA
InvalidateRect
GetActiveWindow
DialogBoxParamA
EndDialog
GetWindowRect
SetDlgItemInt
MoveWindow
SetDlgItemTextA
GetDlgItemTextA
GetClipboardFormatNameA
MapWindowPoints
SetCursorPos
RegisterClipboardFormatA
UnregisterClassA
CreateDialogIndirectParamA
IsChild
IsWindowEnabled
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
ShowWindow
SetWindowRgn
IntersectRect
EqualRect
GetParent
ClientToScreen
GetWindow
BeginPaint
EndPaint
SendMessageA
MessageBeep
wsprintfA
DestroyWindow
GetWindowLongA
SetWindowLongA
DrawTextA
DrawTextExA
CheckDlgButton
ReleaseCapture
KillTimer
DrawFocusRect
SetTimer
SetCapture
SetCursor
DefWindowProcA
EnableWindow
GetCursorPos
ScreenToClient
PtInRect
PostMessageA
DrawEdge
FrameRect
InflateRect
LoadCursorA
RegisterClassA
GetDC
ReleaseDC
CharNextA
GetKeyState
SetRect
UpdateWindow
IsWindow
GetScrollRange
ScrollWindow
OffsetRect
SetScrollRange
GetClientRect
SetScrollPos
CreateWindowExA
IsWindowVisible
LoadStringA
MessageBoxA
SetParent

ole32

CreateOleAdviseHolder
ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CoCreateInstance
OleLoadFromStream
OleSaveToStream
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopyInd
VariantCopy
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadTypeLi
LoadRegTypeLi
OleCreatePropertyFrame
VariantClear
SysAllocString
GetErrorInfo
SysAllocStringLen
SysStringLen
VariantInit
VariantChangeType
OleCreatePictureIndirect
SysFreeString
OleTranslateColor
SafeArrayRedim
OleCreateFontIndirect

gdi32

SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
LPtoDP
SetWindowOrgEx
GetNearestColor
CreatePalette
GetBitmapBits
CreateDIBitmap
SelectPalette
RealizePalette
GetDIBits
GetPaletteEntries
CopyEnhMetaFileA
CopyMetaFileA
CreateDCA
CreatePen
DeleteObject
CreateSolidBrush
SelectObject
GetObjectA
DeleteDC
StretchBlt
GetStockObject
CreateCompatibleBitmap
CreateCompatibleDC
GetTextMetricsA
RestoreDC
ExcludeClipRect
SaveDC
LineTo
MoveToEx
SetTextColor
SetBkMode
GetCurrentPositionEx
SetViewportExtEx
SetWindowExtEx
DPtoLP
SetMapMode
GetTextColor
CreateBitmap
EnumFontFamiliesExA
GetDeviceCaps
GetTextExtentPoint32A
CreateFontIndirectA
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/scrrun.dll
.dll regsvr32 windows:5 windows x86 arch:x86

bca884b4afc80c860d8f651c1327bfa9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

scrrun.pdb

Imports

mfc42

ord823
ord825

msvcrt

__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_wcsnicmp
towlower
_itow
_wcsicmp
towupper
iswalpha
_mbctolower
_itoa
_mbctoupper
_ismbblead
_mbsdec
_mbsnbicmp
_mbsicmp
_mbsnbcpy
isalpha
strncpy
srand
rand
wcscpy
wcsncpy
__CxxFrameHandler
_purecall
wcscmp
sprintf
_vsnprintf
memmove
wcslen
malloc
free
?terminate@@YAXXZ
_except_handler3
_onexit

oleaut32

VarDecFromI4
VariantCopy
SysFreeString
SysAllocStringLen
UnRegisterTypeLi
SysStringLen
LoadRegTypeLi
VariantClear
LHashValOfNameSys
LHashValOfNameSysA
VarCyFromR8
VariantChangeTypeEx
SysAllocString
LoadTypeLi
SysReAllocStringLen
VarCyFromI4
SafeArrayUnlock
VarR4FromDec
VarCyFromR4
VarR4FromCy
SafeArrayDestroy
SafeArrayCreate
SafeArrayLock
LoadTypeLibEx

ole32

StringFromCLSID
StringFromGUID2
CoGetMalloc
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree

advapi32

RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyA
RegQueryValueA
RegSetValueA
RegSetValueExA
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyA
RegCloseKey
IsTextUnicode

kernel32

CreateDirectoryW
MoveFileW
RemoveDirectoryW
GetShortPathNameW
lstrcpyW
GetFullPathNameW
lstrcatW
FindNextFileW
GetSystemDirectoryW
GetWindowsDirectoryW
GetTempPathW
CopyFileW
DeleteFileW
GetFileAttributesW
CreateDirectoryA
MoveFileA
RemoveDirectoryA
GetShortPathNameA
GetFullPathNameA
lstrcatA
FindNextFileA
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA
CopyFileA
DeleteFileA
GetFileAttributesA
GetStdHandle
InterlockedDecrement
InterlockedIncrement
QueryPerformanceCounter
SetFileAttributesA
GetUserDefaultLCID
GetVersion
GetLocaleInfoA
lstrcpyA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVersionExA
LoadLibraryA
GetProcAddress
GetTickCount
GetFileType
GetFileInformationByHandle
SetFilePointer
WriteConsoleW
WriteFile
PeekNamedPipe
ReadFile
CloseHandle
CreateFileW
CreateFileA
FindFirstFileW
FindFirstFileA
FindClose
GetLogicalDrives
SetVolumeLabelW
SetVolumeLabelA
SetErrorMode
GetVolumeInformationW
GetVolumeInformationA
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
GetDiskFreeSpaceA
SetFileAttributesW
InitializeCriticalSection
LCMapStringW
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
SetLastError
CompareStringW
CompareStringA
GetDriveTypeW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetDriveTypeA
GetDiskFreeSpaceW

user32

CharNextA
wsprintfA
LoadStringA

version

GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DoOpenPipeStream

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/shdocvw.dll
.dll regsvr32 windows:5 windows x86 arch:x86

750571a77a01d5b22d2a1b26f513adbb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

shdocvw.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExW
RegQueryValueExW
RegEnumValueA

crypt32

CryptMsgClose
CryptQueryObject
CryptMsgGetParam
CertCloseStore

cryptui

CryptUIDlgViewSignerInfoW

gdi32

DeleteObject
DeleteDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
GetDeviceCaps
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
SetPaletteEntries
GetPaletteEntries
RealizePalette
SelectPalette
GetStockObject
CreatePalette
SetBkColor
SetBkMode
SetTextColor
SelectObject
GetTextExtentPointW
IntersectClipRect
CreateDCA
CloseEnhMetaFile
CreateEnhMetaFileA
LineTo
MoveToEx
Rectangle
StretchBlt
CreateCompatibleDC
BitBlt
GetTextCharset
CreateCompatibleBitmap
GetTextExtentPoint32W
RestoreDC

kernel32

GetSystemDefaultLCID
CreateThread
CompareFileTime
GetSystemTimeAsFileTime
IsDBCSLeadByte
CreateDirectoryA
SetCurrentDirectoryA
SetFilePointer
ReadFile
GetFileSize
WriteFile
FindClose
WaitForSingleObject
SetEvent
CreateFileA
ReleaseMutex
LocalFileTimeToFileTime
SystemTimeToFileTime
GetTempPathA
ExitProcess
GetCommandLineW
OpenMutexW
TlsGetValue
GetSystemTime
GetCurrentProcessId
GlobalFlags
lstrcmpiA
GlobalReAlloc
TlsSetValue
GetLocalTime
FileTimeToSystemTime
GetSystemInfo
ReleaseSemaphore
UnhandledExceptionFilter
SetErrorMode
GetCurrentDirectoryA
GetShortPathNameA
ResetEvent
HeapFree
GetProcessHeap
InterlockedExchange
TerminateThread
GetExitCodeThread
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
FileTimeToLocalFileTime
HeapAlloc
GetLocaleInfoW
LoadLibraryW
DosDateTimeToFileTime
GetModuleHandleW
CreateEventA
LoadLibraryA
VirtualFree
VirtualAlloc
lstrcpynW
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetProcAddress
LocalFree
LocalAlloc
MultiByteToWideChar
GetVersionExA
lstrcmpA
GetSystemDirectoryA
LocalReAlloc
GetDriveTypeW
CreateMutexA
lstrlenA
Sleep
WideCharToMultiByte
lstrcpynA
GetUserDefaultLCID
GlobalFree
LocalSize
GetTickCount
GetLastError
LoadLibraryExA
SetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
MulDiv
DisableThreadLibraryCalls
InitializeCriticalSection
TlsAlloc
GetACP
CloseHandle
TlsFree
DeleteCriticalSection
FreeLibrary
InterlockedDecrement
OpenMutexA
InterlockedIncrement
RaiseException
GlobalSize

msvcrt

_onexit
__dllonexit
_adjust_fdiv
_initterm
_ftol
wcslen
free
_vsnprintf
_except_handler3
_wcsnicmp
wcsrchr
_ltow
memmove
malloc
realloc
_vsnwprintf

shlwapi

ord561
ord231
wnsprintfW
ord24
ord516
ord517
ord446
SHDeleteKeyW
ord491
ord176
ord204
ord509
ord172
ord199
ord164
StrCpyNW
ord117
SHRegGetBoolUSValueW
ord163
ord133
ord154
ord240
ord178
ord84
ord171
ord249
PathCreateFromUrlW
StrChrW
ord346
ord184
SHStrDupW
ord212
ord174
ord284
ord282
PathFileExistsW
ord384
ord287
ord83
ord318
SHRegGetUSValueW
StrCmpNIW
StrStrIW
StrDupW
ord15
SHQueryValueExW
ord120
ord302
ord192
ord303
ord139
ord558
ord564
ord436
ord128
ord125
ord123
ord193
PathQuoteSpacesW
ord75
PathCombineW
ord97
ord299
PathRemoveFileSpecW
ord60
ord116
ord394
ord538
ord149
ord135
ord74
ord104
ord389
ord426
ord427
ord425
ord106
ord108
ord401
ord402
StrCatBuffW
ord57
ord80
ord542
UrlCanonicalizeW
AssocQueryStringW
ord124
SHRegCloseUSKey
SHRegDeleteUSValueW
SHRegOpenUSKeyW
StrDupA
ord122
ord13
ord175
ord127
StrCmpW
StrCmpNW
ord158
ord562
ord146
ord40
PathUnquoteSpacesW
PathRemoveBlanksW
ord539
ord186
ord181
ord237
ord217
ord382
ord168
SHRegSetUSValueW
ord221
ord173
ord220
ord248
ord198
ord79
ord467
ord100
ord2
ord484
ord383
StrStrW
StrChrIW
UrlGetPartW
ord81
ord559
PathAppendW
StrFromTimeIntervalW
ord336
ord99
ord143
ord67
ord216
PathFindExtensionA
UrlCanonicalizeA
ord218
AssocIsDangerous
AssocCreate
ord130
PathUndecorateW
ord103
ord313
PathParseIconLocationW
ord52
ord165
ord16
PathCompactPathW
ord331
ord72
PathIsRelativeW
ord476
ord134
ord87
ord140
PathRemoveExtensionW
ord334
ord50
ord333
PathCommonPrefixW
UrlIsW
StrTrimW
ord36
PathAddBackslashW
SHQueryValueExA
StrCatBuffA
StrStrIA
PathFindFileNameA
StrCmpNIA
SHSetValueA
wnsprintfA
SHGetValueA
ord126
SHDeleteOrphanKeyA
PathRemoveFileSpecA
SHDeleteKeyA
SHDeleteValueA
ord433
SHDeleteValueW
ord294
ord90
ord129
StrToIntExW
ord372
ord373
ord371
ord286
UrlCombineW
ord376
UrlGetLocationW
StrToIntW
ord283
ord281
PathIsURLW
ord51
ord28
ord39
UrlHashW
StrRChrW
StrChrIA
ord41
ord352
ord350
wvnsprintfA
ord65
ord341
ord403
ord360
ord137
ord305
ord71
wvnsprintfW
SHOpenRegStream2W
ord187
ord471
ord270
ord263
PathIsPrefixW
PathSearchAndQualifyW
ord73
ord298
ord296
PathRenameExtensionW
ord12
ord112
ord89
ord236
ord96
ord354
ord370
ord274
ord460
ord76
StrTrimA
ord295
ord98
ord260
ord49
PathCombineA
PathGetArgsW
ord347
ord366
ord121
ord43
ord362
SHRegDuplicateHKey
ord551
ord195
ord197
ord61
ord91
ord53
ord312
StrRetToBufW
ord279
ord479
StrPBrkW
ord113
SHCreateStreamOnFileW
PathCompactPathExW
ord338
ord142
ord182
ord428
ord132
ord355
SHSkipJunction
ord269
ord342
AssocQueryKeyW
PathIsContentTypeW
UrlEscapeW
ord316
PathCanonicalizeW
UrlCreateFromPathW
ord206
ord242
ord243
ord167
ord189
ord188
ord520
ord505
ord507
ord506
ord101
ord93
ord280
ord10
ord9
ord8
ord278
ord105
ord439
StrToIntExA
UrlUnescapeA
ord477
SHRegEnumUSValueW
UrlApplySchemeW
ord462
UrlIsNoHistoryW
StrCSpnW
StrSpnW
ord85
ord367
ord368
ord214
ord310
PathRemoveExtensionA
HashData
UrlUnescapeW
ord496
ord266
ord223
ord222
ord423
ord353
ord319
PathIsURLA
PathRemoveBackslashW
ord375
ord458
ord434
PathCreateFromUrlA
ord357
PathIsFileSpecW
PathIsDirectoryW
PathIsUNCW
SHAutoComplete
ord145
ord480
ord311
ord563
StrFormatKBSizeW
ChrCmpIW
ord229
ord560
SHRegGetValueW
ord157
StrRetToStrW
ord540
PathGetDriveNumberW
ord289
ord267
ord268
ord534
ord1
ord138
ord335
ord219
PathFindExtensionW
PathFindFileNameW
ord55
ord315
ord102
ord314
ord37
ord304
ord48
ord131
ord56
ord136
ord141
ord94
ord156
ord161
ord437
ord241
SHCreateShellPalette
ord239
ord461
ord309
SHSetValueW
SHGetValueW
StrCmpIW
ord68
ord95
ord340
ord418
ord549
ord276
ord406
ord416
ord398
ord414
ord107
ord378
ord431
ord215
StrFormatByteSizeW
PathIsUNCServerShareW
PathStripToRootW
ord59
AssocGetPerceivedType
ord351

user32

UnionRect
ReleaseDC
GetDC
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
EndPaint
BeginPaint
IsChild
GetFocus
IsWindow
DestroyAcceleratorTable
GetKeyState
InvalidateRect
wsprintfW
SetFocus
GetParent
EndDialog
GetWindowLongA
IsWindowEnabled
SetCursor
SetForegroundWindow
SetRect
IsWindowVisible
GetLastActivePopup
GetCapture
GetMenuItemCount
TranslateMessage
ChildWindowFromPointEx
ScreenToClient
GetDlgCtrlID
IsDlgButtonChecked
EnableMenuItem
CheckMenuItem
GetMenuItemID
GetSubMenu
CheckDlgButton
CheckRadioButton
EnableWindow
GetDlgItem
GetDesktopWindow
RemoveMenu
GetMenuState
CreateMenu
MessageBeep
InflateRect
MoveWindow
PostQuitMessage
MapWindowPoints
WaitMessage
GetAsyncKeyState
GetSystemMenu
CreatePopupMenu
SetParent
GetWindow
AdjustWindowRect
GetSysColor
GetNextDlgTabItem
CheckMenuRadioItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
MsgWaitForMultipleObjects
IsIconic
SetWindowPlacement
GetWindowPlacement
DdeCreateDataHandle
DdeDisconnect
DdeClientTransaction
DdeConnect
DdeFreeStringHandle
DdeUninitialize
DdeNameService
GetForegroundWindow
DdeFreeDataHandle
DdeGetData
CharLowerBuffA
RegisterWindowMessageA
CharNextA
GetActiveWindow
EnumWindows
ChildWindowFromPoint
SetMenuDefaultItem
GetMenuDefaultItem
GetSystemMetrics
SystemParametersInfoA
DrawIconEx
ChangeClipboardChain
SetClipboardViewer
CopyRect
IsRectEmpty
UpdateWindow
GetMessagePos
GetDoubleClickTime
SetRectEmpty
CallNextHookEx
UnhookWindowsHookEx
GetWindowThreadProcessId
SetWindowLongA
SendMessageTimeoutA
LoadMenuA
LoadMenuW
InsertMenuA
InsertMenuW
DrawFocusRect
ShowWindowAsync
GetShellWindow
ReleaseCapture
SetCapture
GetWindowDC
TrackMouseEvent
GetCursorPos
CharNextW
RegisterClipboardFormatW
DrawTextExW
SendMessageW
SetWindowTextW
PtInRect
SetTimer
GetSysColorBrush
FillRect
GetWindowRect
RedrawWindow
DestroyWindow
GetClientRect
AdjustWindowRectEx
SetWindowPos
KillTimer
ShowWindow
DestroyIcon
LoadStringA

Exports

Exports

AddUrlToFavorites
DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllRegisterWindowClasses
DllUnregisterServer
DoAddToFavDlg
DoAddToFavDlgW
DoFileDownload
DoFileDownloadEx
DoOrganizeFavDlg
DoOrganizeFavDlgW
DoPrivacyDlg
HlinkFindFrame
HlinkFrameNavigate
HlinkFrameNavigateNHL
IEWriteErrorLog
ImportPrivacySettings
OpenURL
SHAddSubscribeFavorite
SHGetIDispatchForFolder
SetQueryNetSessionCount
SetShellOfflineState
SoftwareUpdateMessageBox
URLQualifyA
URLQualifyW

Sections

.text
Size: 855KB - Virtual size: 855KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 543KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/sqlite36_engine.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

LzmaCompress
LzmaUncompress
compress
fastlz_compress
fastlz_decompress
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_table_name
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_data_count
sqlite3_db_handle
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_result_codes
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_key
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_load_extension
sqlite3_malloc
sqlite3_mprintf
sqlite3_open
sqlite3_open16
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_realloc
sqlite3_rekey
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_sleep
sqlite3_snprintf
sqlite3_step
sqlite3_table_column_metadata
sqlite3_thread_cleanup
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vmprintf
uncompress
vb_get_columns
vb_mcpy

Sections

UPX0
Size: - Virtual size: 332KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 296KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 520KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AdvisorLetters.exe
.exe windows:4 windows x86 arch:x86

31de67a99405f3f2e68fabf69d76ca1b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:5b:df:bd:ae:79:49:e2:74:8a:5e:45:cb:06:f5:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/06/2009, 00:00

Not After

11/07/2010, 23:59

Subject

CN=SafeApp Software\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SafeApp Software\, LLC,L=Harrison,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
ord517
_adj_fprem1
ord518
__vbaResume
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
ord669
__vbaLateMemSt
__vbaForEachCollObj
__vbaExitProc
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord520
__vbaBoolVarNull
_CIsin
ord631
__vbaVargVarMove
ord525
ord632
__vbaNextEachCollObj
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
ord563
__vbaVarOr
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaVarMul
__vbaExceptHandler
ord711
__vbaPrintFile
__vbaStrToUnicode
ord712
_adj_fprem
_adj_fdivr_m64
ord607
ord608
__vbaFPException
ord717
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaCheckType
ord536
__vbaI2Var
ord537
ord644
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
ord648
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
ord613
ord616
__vbaFpI4
__vbaVarCopy
__vbaR8IntI2
ord617
__vbaLateMemCallLd
_CIatan
__vbaAryCopy
__vbaUI1Str
__vbaStrMove
__vbaCastObj
ord619
__vbaStrVarCopy
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ErrorFound.wav
IEHandler.exe
.exe windows:4 windows x86 arch:x86

8ea9adf554d5ee2c46a4df74d2945bee

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:5b:df:bd:ae:79:49:e2:74:8a:5e:45:cb:06:f5:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/06/2009, 00:00

Not After

11/07/2010, 23:59

Subject

CN=SafeApp Software\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SafeApp Software\, LLC,L=Harrison,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
_CIcos
_adj_fptan
__vbaFreeVar
__vbaLenBstr
__vbaEnd
_adj_fdiv_m64
EVENT_SINK_Invoke
ord517
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord593
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
_CIsin
ord631
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
Zombie_GetTypeInfoCount
EVENT_SINK_Release
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaStrToAnsi
__vbaFpI4
ord616
_CIatan
ord618
__vbaCastObj
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Registry Helper Screen Saver Setup.exe
.exe windows:4 windows x86 arch:x86

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RegistryHelper.exe
.exe windows:4 windows x86 arch:x86

7d9394dfef07bb026e04c47665dfddfe

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:5b:df:bd:ae:79:49:e2:74:8a:5e:45:cb:06:f5:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/06/2009, 00:00

Not After

11/07/2010, 23:59

Subject

CN=SafeApp Software\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SafeApp Software\, LLC,L=Harrison,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
ord693
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
__vbaLineInputStr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaPut4
EVENT_SINK_Invoke
ord621
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord519
__vbaI2Abs
__vbaCopyBytes
__vbaResume
__vbaStrCat
__vbaVarCmpNe
__vbaLsetFixstr
ord553
__vbaStrDate
__vbaSetSystemError
ord661
__vbaRecDestruct
__vbaHresultCheckObj
ord662
ord663
ord557
__vbaVargVarCopy
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
ord666
Zombie_GetTypeInfo
__vbaVarCmpGe
__vbaAryDestruct
ord669
ord591
__vbaLateMemSt
ord592
__vbaStrBool
__vbaExitProc
ord593
__vbaForEachCollObj
ord300
ord594
__vbaI4Abs
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
ord702
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaFpR4
ord306
__vbaStrFixstr
ord520
__vbaBoolVar
ord522
__vbaRefVarAry
__vbaVarTstLt
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord709
ord631
__vbaVargVarMove
__vbaVarCmpGt
ord632
ord525
__vbaNextEachCollObj
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
ord528
__vbaVarAbs
__vbaStrCmp
__vbaGet3
ord529
__vbaPutOwner3
__vbaVarTstEq
__vbaAryConstruct2
__vbaI2I4
__vbaObjVar
ord561
DllFunctionCall
ord563
__vbaVarOr
__vbaCastObjVar
__vbaStrR4
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
ord711
ord605
__vbaPrintFile
__vbaStrToUnicode
ord712
ord606
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
ord607
__vbaLateIdStAd
__vbaI2Str
ord714
ord608
__vbaVarCmpLe
ord531
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaCheckType
__vbaDateVar
ord536
__vbaI2Var
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVarLateMemCallLdRf
__vbaVar2Vec
__vbaNew2
ord648
ord570
__vbaR8Str
__vbaInStr
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
__vbaVarNot
__vbaFreeStrList
__vbaVarCmpLt
ord576
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord578
ord100
ord579
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaAryLock
__vbaVarAdd
ord611
ord320
__vbaVarDup
ord612
__vbaStrToAnsi
ord321
ord613
__vbaFpI2
__vbaVarCopy
ord616
__vbaFpI4
__vbaVarLateMemCallLd
__vbaVarTstGe
__vbaRecDestructAnsi
__vbaR8IntI2
ord617
__vbaLateMemCallLd
_CIatan
__vbaUI1Str
__vbaStrMove
__vbaAryCopy
ord618
__vbaCastObj
__vbaStrVarCopy
ord619
__vbaR8IntI4
ord541
ord542
ord650
ord543
_allmul
__vbaLateIdSt
ord651
ord544
ord545
_CItan
ord546
__vbaAryUnlock
__vbaFPInt
ord547
_CIexp
__vbaMidStmtBstr
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj
ord580
__vbaRecAssign
ord581

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RegistryHelperActivator.exe
.exe windows:4 windows x86 arch:x86

2d752b4e603ce24d4729f7df375e72d4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:5b:df:bd:ae:79:49:e2:74:8a:5e:45:cb:06:f5:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/06/2009, 00:00

Not After

11/07/2010, 23:59

Subject

CN=SafeApp Software\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SafeApp Software\, LLC,L=Harrison,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
ord517
_adj_fprem1
__vbaResume
__vbaStrCat
__vbaVarCmpNe
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
ord669
__vbaExitProc
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord520
__vbaBoolVarNull
_CIsin
ord631
__vbaVargVarMove
ord525
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
ord561
__vbaI2I4
DllFunctionCall
ord563
__vbaVarOr
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord712
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord607
ord608
__vbaFPException
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord536
ord644
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaVarLateMemCallLdRf
__vbaVar2Vec
__vbaInStr
ord648
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
ord613
__vbaFpI2
__vbaVarLateMemCallLd
ord616
__vbaVarCopy
__vbaFpI4
__vbaR8IntI2
ord617
_CIatan
__vbaAryCopy
__vbaStrMove
__vbaUI1Str
__vbaStrVarCopy
ord619
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RegistryHelperBundle.exe
.exe windows:4 windows x86 arch:x86

12ca7fdd7f5e052609b83567a7d87a8f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:5b:df:bd:ae:79:49:e2:74:8a:5e:45:cb:06:f5:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/06/2009, 00:00

Not After

11/07/2010, 23:59

Subject

CN=SafeApp Software\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SafeApp Software\, LLC,L=Harrison,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
ord516
ord517
_adj_fprem1
__vbaResume
__vbaVarCmpNe
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord669
__vbaExitProc
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord520
__vbaBoolVarNull
_CIsin
ord631
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaI2I4
DllFunctionCall
ord563
__vbaVarOr
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
__vbaPrintFile
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
ord608
__vbaFPException
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord536
__vbaI2Var
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
ord648
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
ord613
__vbaVarCopy
__vbaFpI4
ord616
ord617
_CIatan
__vbaUI1Str
__vbaStrMove
__vbaCastObj
ord618
__vbaStrVarCopy
ord619
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RegistryHelperService.exe
.exe windows:4 windows x86 arch:x86

1b8d3ca8a3d7f5b6ce0289e3c4ca798f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:5b:df:bd:ae:79:49:e2:74:8a:5e:45:cb:06:f5:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/06/2009, 00:00

Not After

11/07/2010, 23:59

Subject

CN=SafeApp Software\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SafeApp Software\, LLC,L=Harrison,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaLateIdCall
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaPut4
ord621
__vbaFreeObjList
ord516
ord517
_adj_fprem1
__vbaRecAnsiToUni
__vbaResume
__vbaVarCmpNe
__vbaStrCat
ord660
ord553
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaForEachCollObj
__vbaExitProc
__vbaBoolStr
__vbaStrLike
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord520
__vbaBoolVar
__vbaBoolVarNull
_CIsin
ord709
ord631
ord525
__vbaNextEachCollObj
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaExitEachColl
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
ord563
__vbaVarOr
ord670
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
ord711
__vbaStrToUnicode
__vbaPrintFile
ord712
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord609
ord531
__vbaFPException
__vbaInStrVar
ord717
__vbaStrVarVal
__vbaUbound
__vbaVarCat
ord536
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord570
__vbaVar2Vec
ord648
__vbaNew2
__vbaInStr
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord578
ord685
ord100
__vbaI4Var
__vbaVarCmpEq
ord611
__vbaVarAdd
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
ord613
ord616
__vbaVarCopy
__vbaFpI4
__vbaRecDestructAnsi
ord617
_CIatan
__vbaCastObj
ord618
__vbaUI1Str
__vbaStrMove
__vbaAryCopy
__vbaStrVarCopy
ord619
ord542
ord650
ord543
_allmul
__vbaLateIdSt
ord544
ord545
_CItan
ord546
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord580
ord581

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RegistryHelperSetupCB.exe
.exe windows:4 windows x86 arch:x86

e6b98872ac9cae1fca463efc522af805

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:5b:df:bd:ae:79:49:e2:74:8a:5e:45:cb:06:f5:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/06/2009, 00:00

Not After

11/07/2010, 23:59

Subject

CN=SafeApp Software\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SafeApp Software\, LLC,L=Harrison,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaFreeVar
__vbaAryMove
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
ord517
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord519
__vbaResume
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord666
__vbaAryDestruct
ord669
__vbaForEachCollObj
__vbaExitProc
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord520
__vbaStrFixstr
__vbaBoolVarNull
_CIsin
ord631
__vbaNextEachCollObj
ord632
ord525
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord605
__vbaPrintFile
__vbaStrToUnicode
ord712
_adj_fprem
_adj_fdivr_m64
ord607
__vbaLateIdStAd
ord608
ord531
ord716
__vbaFPException
ord717
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord536
__vbaI2Var
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaVar2Vec
ord648
__vbaInStr
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaVarCmpEq
__vbaAryLock
__vbaVarAdd
__vbaLateMemCall
__vbaVarDup
__vbaStrToAnsi
__vbaVarCopy
__vbaVarLateMemCallLd
ord616
__vbaFpI4
__vbaLateMemCallLd
ord617
_CIatan
__vbaCastObj
__vbaAryCopy
__vbaStrMove
ord618
ord619
_allmul
__vbaLateIdSt
_CItan
ord546
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 864KB - Virtual size: 861KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 408KB - Virtual size: 406KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RegistryHelperSetupTR.exe
.exe windows:4 windows x86 arch:x86

ae247a53a76a0941011c89df89b69f74

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:5b:df:bd:ae:79:49:e2:74:8a:5e:45:cb:06:f5:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/06/2009, 00:00

Not After

11/07/2010, 23:59

Subject

CN=SafeApp Software\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SafeApp Software\, LLC,L=Harrison,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaAryMove
__vbaFreeVar
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
ord517
_adj_fprem1
ord518
__vbaRecAnsiToUni
__vbaResume
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord666
__vbaAryVar
__vbaAryDestruct
ord669
__vbaExitProc
ord300
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
ord702
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord306
ord520
__vbaBoolVar
__vbaStrFixstr
__vbaFpR8
__vbaBoolVarNull
_CIsin
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaPutOwner3
__vbaI2I4
DllFunctionCall
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
ord605
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaVar2Vec
ord648
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarDup
__vbaStrToAnsi
ord613
__vbaFpI4
ord617
_CIatan
__vbaAryCopy
__vbaStrMove
ord619
_allmul
__vbaLateIdSt
_CItan
ord546
_CIexp
__vbaMidStmtBstr
__vbaFreeStr
ord580
__vbaFreeObj
ord581

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Starter.exe
.exe windows:4 windows x86 arch:x86

c829c2ff04b87b0f8acac8b7d7bd357e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:5b:df:bd:ae:79:49:e2:74:8a:5e:45:cb:06:f5:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/06/2009, 00:00

Not After

11/07/2010, 23:59

Subject

CN=SafeApp Software\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SafeApp Software\, LLC,L=Harrison,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaStrI4
__vbaLenBstr
_adj_fdiv_m64
ord517
_adj_fprem1
__vbaSetSystemError
_adj_fdiv_m32
__vbaAryDestruct
ord669
_adj_fdiv_m16i
_adj_fdivr_m16i
ord598
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
DllFunctionCall
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaAryLock
__vbaStrToAnsi
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
background.jpg
.jpg
delete_invalid_entries_grey.jpg
.jpg
header.gif
.gif
help.chm
.chm
letter.htm
.html
letter1.htm
.html .js polyglot
letter2.htm
.html .js polyglot
letter3.htm
.html .js polyglot
letter4.htm
.html .js polyglot
letter5.htm
.html .js polyglot
logo.jpg
.jpg
print_16.gif
.gif
uninst.exe.nsis
vbrun60sp5.exe
.exe windows:5 windows x86 arch:x86

b83464d8132ecd9f810820e192566e15

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

lstrcatA
GetFileAttributesA
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentProcess
lstrlenA
lstrcmpiA
lstrcpyA
GetModuleFileNameA
FreeLibrary
LocalAlloc
GetLastError
GetSystemDirectoryA
LoadLibraryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
GetWindowsDirectoryA
GetProcAddress
RemoveDirectoryA
GlobalUnlock
GlobalLock
GlobalAlloc
ExitProcess
GetModuleHandleA
GetStartupInfoA
CloseHandle
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
GetVersionExA
LocalFree
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDiskFreeSpaceA
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetCommandLineA
CreateDirectoryA
GlobalFree
FormatMessageA
IsDBCSLeadByte

gdi32

GetDeviceCaps

user32

EndDialog
wsprintfA
ExitWindowsEx
CharNextA
CharUpperA
GetDesktopWindow
SetWindowLongA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
EnableWindow
GetDlgItemTextA
SendMessageA
DispatchMessageA
LoadStringA
PeekMessageA
MessageBoxA
CharPrevA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
MsgWaitForMultipleObjects

comctl32

ord17

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 970KB - Virtual size: 972KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c523d8653da5455667e3f82274f2f88

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

31:5b:df:bd:ae:79:49:e2:74:8a:5e:45:cb:06:f5:5fCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 110KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 3KB - Virtual size: 3KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 496B

2457671c10c5aa708d9619798ec0139c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

31:5b:df:bd:ae:79:49:e2:74:8a:5e:45:cb:06:f5:5f
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 110KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 3KB - Virtual size: 3KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 1008B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1024B - Virtual size: 573B

.rdata
Size: 1024B - Virtual size: 576B

.data
Size: 512B - Virtual size: 45B

.reloc
Size: 512B - Virtual size: 132B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 646B

.data
Size: - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 146B

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 1024B - Virtual size: 65KB

.link
Size: 2KB - Virtual size: 2KB

.rloc
Size: 512B - Virtual size: 512B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:0e:7d:a7:00:00:00:00:00:48
Certificate

8a:cb:1c:af:c1:a1:9a:a8:ba:91:ac:e1:6b:ab:e7:b6:18:25:e9:91
Signer