da38ff627347cd8d627f66e3f0dc730e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

da38ff627347cd8d627f66e3f0dc730e_JaffaCakes118
Size

8.1MB
MD5

da38ff627347cd8d627f66e3f0dc730e
SHA1

29c5671f3f6d467367a2965919537e50616b9272
SHA256

17314d53bc5e9cc8e64c4137f743913bd93e8455ad00a0e5884bb313937ba9f3
SHA512

c7105bedf583dbc40b99666219648d7655d58dd3d559b6e4b6dae17a9e663b2bd55deb34a278768e29ecb26b7661906489b6300258acc10abe5bcbaf186a2555
SSDEEP

196608:w7fndiuxhJUFOVPGUetwy87M35Il1mLpk0SL:w7PdfpUNZau5IXmLpkPL

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Kamera Resetleme Programı/ResetConfig.exe
unpack003/ResetACTool 20181224/NetSdk.dll
unpack003/ResetACTool 20181224/ResetACTool.exe
unpack003/ResetACTool 20181224/StreamReader.dll

Files

da38ff627347cd8d627f66e3f0dc730e_JaffaCakes118
.zip
IQ Kamera Sıfırlama/Uygulama hatasında yüklenecek 1.exe
.exe windows:5 windows x86 arch:x86

0ebb3c09b06b1666d307952e824c8697

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c0:34:f8:3d:7a:7c:a7:1c:a4:7f:96:82:5e:4d:67:05:56:d9:3e:65
Signer

Actual PE Digest

c0:34:f8:3d:7a:7c:a7:1c:a4:7f:96:82:5e:4d:67:05:56:d9:3e:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
lstrlenA
GetModuleFileNameA
GetSystemDirectoryA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
FreeResource
GetProcAddress
LoadResource
SizeofResource
FindResourceA
lstrcatA
CloseHandle
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReadFile
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
LockResource

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IQ Kamera Sıfırlama/Uygulama hatasında yüklenecek 2.EXE
.exe windows:5 windows x86 arch:x86

0ebb3c09b06b1666d307952e824c8697

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:9a:9e:30:e8:b4:79:bd:b9:25:8e:b1:69:72:67:0f:90:ec:0f:7f
Signer

Actual PE Digest

5d:9a:9e:30:e8:b4:79:bd:b9:25:8e:b1:69:72:67:0f:90:ec:0f:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
lstrlenA
GetModuleFileNameA
GetSystemDirectoryA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
FreeResource
GetProcAddress
LoadResource
SizeofResource
FindResourceA
lstrcatA
CloseHandle
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReadFile
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
LockResource

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IQ Kamera Sıfırlama/iq kamera reset V1.rar
.rar
Kamera Resetleme Programı/Config.ini
Kamera Resetleme Programı/ResetConfig.exe
.exe windows:4 windows x86 arch:x86

536ba5ba30ed5dd7b7186cfb1c0ec22b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\WORK\SVN_ALL\Tools\ResetTool\bin\ResetTool.pdb

Imports

mfc80

ord1671
ord1599
ord4890
ord1655
ord4735
ord1656
ord4212
ord1964
ord5182
ord1084
ord5175
ord310
ord1362
ord4967
ord1849
ord3345
ord578
ord1794
ord6277
ord3802
ord2322
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord1482
ord2403
ord4580
ord2468
ord2415
ord2392
ord6703
ord2408
ord2371
ord304
ord2413
ord2396
ord354
ord2398
ord2400
ord6067
ord2394
ord299
ord2657
ord2410
ord6168
ord1903
ord2390
ord5200
ord934
ord1489
ord2432
ord930
ord932
ord928
ord923
ord5233
ord501
ord5235
ord709
ord5960
ord1639
ord1600
ord1568
ord4282
ord6725
ord4722
ord5915
ord2372
ord3403
ord1402
ord5214
ord2991
ord3227
ord5203
ord4104
ord4185
ord6275
ord5073
ord1908
ord5152
ord4035
ord4244
ord1401
ord3946
ord1617
ord4749
ord1620
ord5912
ord2451
ord908
ord781
ord5403
ord2475
ord1063
ord1670
ord2862
ord1551
ord4486
ord4262
ord572
ord6724
ord3182
ord2714
ord2838
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4481
ord4261
ord3333
ord4038
ord4014
ord656
ord6278
ord605
ord3801
ord1207
ord2020
ord6276
ord4326
ord5975
ord2063
ord1054
ord2018
ord3830
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord757
ord2248
ord566
ord3948
ord4568
ord5230
ord5213
ord5566
ord3683
ord2537
ord2731
ord4541
ord2835
ord4307
ord3641
ord764

msvcr80

_stricmp
_read
_open
_write
_close
_strdup
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
__set_app_type
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_except_handler4_common
?terminate@@YAXXZ
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_initterm_e
_encode_pointer
__dllonexit
_unlock
__CxxFrameHandler3
malloc
_setmbcp
isgraph
isprint
isupper
islower
_stat64
isalpha
_gmtime64
fseek
getenv
fflush
atoi
_lseeki64
_fstat64
memchr
isspace
isalnum
__sys_nerr
strerror
_beginthreadex
fputc
sprintf
isdigit
strcat_s
sprintf_s
strncpy_s
strcpy_s
fputs
qsort
fopen
fgets
fclose
_strtoi64
strncmp
memmove
isxdigit
strtol
strrchr
strtoul
strncpy
strchr
__iob_func
_splitpath
calloc
free
strstr
fread
_controlfp_s
realloc
memset
memcpy
_errno
_time64
tolower
sscanf
fwrite
_strnicmp

kernel32

GetModuleFileNameA
GetLastError
GetSystemDirectoryA
GetPrivateProfileIntA
Sleep
OutputDebugStringA
GetPrivateProfileStringA
SetUnhandledExceptionFilter
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetThreadLocale
GetLocaleInfoA
GetACP
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
ReadFile
FormatMessageA
WaitForSingleObject
CloseHandle
LoadLibraryA
IsDebuggerPresent
GetProcAddress
FreeLibrary
GetVersionExA
SleepEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
UnhandledExceptionFilter

user32

GetSystemMenu
SendMessageA
AppendMenuA
DrawIcon
GetClientRect
EnableWindow
ReleaseCapture
GetSystemMetrics
SetCapture
SetCursor
LoadCursorFromFileA
LoadIconA
IsIconic

comctl32

InitCommonControlsEx

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

ws2_32

setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
getsockname
ntohs
bind
getsockopt
getpeername
closesocket
socket
connect
inet_addr
gethostbyname
inet_ntoa
htonl
getservbyname
gethostbyaddr
getservbyport
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
htons

wldap32

ord41
ord27
ord301
ord33
ord200
ord79
ord35
ord32
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord46

advapi32

CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
CryptGetHashParam

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Kamera Resetleme Programı/ResetConfig.pdb
Kamera Resetleme Programı/Wait.ani
IQ Kamera Sıfırlama/iq kamera reset V2.rar
.rar
ResetACTool 20181224/-¼-ÂË+¬ğ.doc
.doc windows office2003
ResetACTool 20181224/Config.ini
ResetACTool 20181224/NetSdk.dll
.dll windows:4 windows x86 arch:x86

df63a2468cd7be5edefe9542012df67f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\SDK_H264++\bin\netsdk\x86\release\NetSdk.pdb

Imports

streamreader

ord4
ord7
ord2
ord1

kernel32

ReleaseSemaphore
CreateSemaphoreA
ExitThread
QueryPerformanceFrequency
Sleep
WaitForMultipleObjects
GetLocalTime
GetCurrentThreadId
OutputDebugStringA
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FreeLibrary
GetModuleHandleA
GetProcAddress
CloseHandle
TerminateThread
CreateThread
WaitForSingleObject
InterlockedExchange
LoadLibraryA
GetModuleFileNameA
CreateDirectoryA
GetSystemInfo
SetLastError
GetSystemDefaultLCID
CreateEventA
GetTickCount
ReleaseMutex
CreateMutexA
ResetEvent
InterlockedIncrement
InterlockedDecrement
PostQueuedCompletionStatus
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
CreateIoCompletionPort
GetQueuedCompletionStatus
SetEvent

ws2_32

WSARecv
WSARecvFrom
WSASend
WSAGetLastError
WSASendTo
WSACleanup
getsockopt
ntohs
__WSAFDIsSet
inet_ntoa
sendto
gethostname
closesocket
connect
recvfrom
ntohl
socket
gethostbyname
inet_addr
htonl
ioctlsocket
send
select
htons
setsockopt
shutdown
WSAStartup
accept
listen
getsockname
bind
recv

winmm

timeBeginPeriod

msvcr80

_mktime32
_localtime32
_ftol
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
strstr
??2@YAPAXI@Z
memchr
atoi
sprintf
strcpy
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
strncpy
_invalid_parameter_noinfo
memcpy_s
memcmp
strlen
vsprintf
memset
memcpy
??3@YAXPAX@Z
memmove_s
??_V@YAXPAX@Z
sscanf
printf
fopen
fread
ferror
fclose
_localtime64
strchr
_snprintf
_mktime64
malloc
_strlwr
free
fwrite
fseek
fgetpos
fflush
strcmp
_purecall
memmove
strncmp
pow
tolower
floor
fabs
strcat
__CxxFrameHandler3
_CxxThrowException
_stricmp
sprintf_s
__CxxFrameHandler
exit
_errno
perror
rand
_vsnprintf
fputs
__iob_func
_itoa
_access
_unlock
__dllonexit
_encode_pointer

Exports

Exports

H264_DVR_CatchPic
H264_DVR_CatchPicInBuffer
H264_DVR_CatchPicUI
H264_DVR_CheckEncrypt
H264_DVR_Check_Device_Exist_V2
H264_DVR_Cleanup
H264_DVR_ClickKey
H264_DVR_CloseAlarmChan
H264_DVR_CloseSound
H264_DVR_CloseTransComChannel
H264_DVR_CloseUpgradeHandle
H264_DVR_ControlAudio
H264_DVR_ControlDVR
H264_DVR_ControlFile
H264_DVR_DelRealDataCallBack
H264_DVR_DelRealDataCallBack_V2
H264_DVR_FindAudioFile
H264_DVR_FindDVRLog
H264_DVR_FindFile
H264_DVR_FindFileByTime
H264_DVR_GetDDNSInfo
H264_DVR_GetDVRWorkState
H264_DVR_GetDevConfig
H264_DVR_GetDownloadPos
H264_DVR_GetFileByName
H264_DVR_GetFileByName_V2
H264_DVR_GetFileByTime
H264_DVR_GetFileByTime_V2
H264_DVR_GetFileControl
H264_DVR_GetLastError
H264_DVR_GetOEMInfo
H264_DVR_GetPlayPos
H264_DVR_GetUpgradeState
H264_DVR_GetUpgradeVersion
H264_DVR_Get_OutNet_IP
H264_DVR_Init
H264_DVR_LocalCatchPic
H264_DVR_LocalGetColor
H264_DVR_LocalPlayCtrl
H264_DVR_LocalSetColor
H264_DVR_Login
H264_DVR_LoginEx
H264_DVR_LoginEx_V2
H264_DVR_Login_Cloud
H264_DVR_Logout
H264_DVR_MakeKeyFrame
H264_DVR_OpenSound
H264_DVR_OpenTransComChannel
H264_DVR_PTZControl
H264_DVR_PTZControlEx
H264_DVR_PTZPostion
H264_DVR_PauseRealPlay
H264_DVR_PlayBackByName
H264_DVR_PlayBackByName_V2
H264_DVR_PlayBackByTime
H264_DVR_PlayBackByTimeEx
H264_DVR_PlayBackByTime_V2
H264_DVR_PlayBackControl
H264_DVR_RealPlay
H264_DVR_RecordInfo
H264_DVR_SearchDevice
H264_DVR_SearchDeviceEX
H264_DVR_SearchDevice_IPV6
H264_DVR_SearchDevice_V2
H264_DVR_SendNetAlarmMsg
H264_DVR_SerialRead
H264_DVR_SerialWrite
H264_DVR_SetConfigOverNet
H264_DVR_SetConnectTime
H264_DVR_SetDVRMessCallBack
H264_DVR_SetDevConfig
H264_DVR_SetFileEndCallBack
H264_DVR_SetInfoFrameCallBack
H264_DVR_SetKeepLifeTime
H264_DVR_SetLocalBindAddress
H264_DVR_SetPlayPos
H264_DVR_SetRealDataCallBack
H264_DVR_SetRealDataCallBack_V2
H264_DVR_SetSubDisconnectCallBack
H264_DVR_SetSystemDateTime
H264_DVR_SetTalkMode
H264_DVR_Set_UUid
H264_DVR_SetupAlarmChan
H264_DVR_StartActiveRigister
H264_DVR_StartAlarmCenterListen
H264_DVR_StartDVRRecord
H264_DVR_StartDevTalk
H264_DVR_StartLocalPlay
H264_DVR_StartLocalRecord
H264_DVR_StartLocalVoiceCom
H264_DVR_StartUploadData
H264_DVR_StartVoiceCom_MR
H264_DVR_StopActiveRigister
H264_DVR_StopAlarmCenterListen
H264_DVR_StopDVRRecord
H264_DVR_StopDevTalk
H264_DVR_StopGetFile
H264_DVR_StopLocalPlay
H264_DVR_StopLocalRecord
H264_DVR_StopPlayBack
H264_DVR_StopRealPlay
H264_DVR_StopUpgrade_Cloud
H264_DVR_StopUploadData
H264_DVR_StopVoiceCom
H264_DVR_StorageManage
H264_DVR_Upgrade
H264_DVR_Upgrade_Cloud
H264_DVR_Upgrade_Cloud_V2
H264_DVR_UserData
H264_DVR_VoiceComSendData
_H264_DVR_ClosePushChan@8
_H264_DVR_CmdGeneral@40
_H264_DVR_ConsumerCmd@16
_H264_DVR_EncryptPassword@8
_H264_DVR_GetDevConfig_JsonV2@32
_H264_DVR_GetIntellInfo@24
_H264_DVR_GetNetPic@20
_H264_DVR_GetUpgradeVersionV2@28
_H264_DVR_SearchCalendar@16
_H264_DVR_SendToDevice@16
_H264_DVR_SetDevConfig_JsonV2@28
_H264_DVR_SetupPushChan@16
_H264_DVR_UpgradeV2@20
_H264_DVR_Upgrade_CloudEX@16
_H264_DVR_WhiteListCmd@28
cJSON_AddItemReferenceToArray
cJSON_AddItemReferenceToObject
cJSON_AddItemToArray
cJSON_AddItemToObject
cJSON_AddItemToObjectCS
cJSON_CreateArray
cJSON_CreateBool
cJSON_CreateDoubleArray
cJSON_CreateFalse
cJSON_CreateFloatArray
cJSON_CreateIntArray
cJSON_CreateNull
cJSON_CreateNumber
cJSON_CreateObject
cJSON_CreateString
cJSON_CreateStringArray
cJSON_CreateTrue
cJSON_Delete
cJSON_DeleteItemFromArray
cJSON_DeleteItemFromObject
cJSON_DetachItemFromArray
cJSON_DetachItemFromObject
cJSON_Duplicate
cJSON_GetArrayItem
cJSON_GetArraySize
cJSON_GetErrorPtr
cJSON_GetObjectItem
cJSON_InitHooks
cJSON_InsertItemInArray
cJSON_Minify
cJSON_Parse
cJSON_ParseWithOpts
cJSON_Print
cJSON_PrintBuffered
cJSON_PrintUnformatted
cJSON_ReplaceItemInArray
cJSON_ReplaceItemInObject
cJSON_SetBoolValue
cJSON_SetStringValue

Sections

.text
Size: 812KB - Virtual size: 811KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ResetACTool 20181224/Portuguese.lang
ResetACTool 20181224/ResetACTool.exe
.exe windows:5 windows x86 arch:x86

610a3667c278a848df73469772c11a50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\SVN\Tools\ResetACTool\ResetACTool\bin\ResetACTool.pdb

Imports

netsdk

ord4
ord7
ord5
ord2
ord1

kernel32

GetTickCount
GetStartupInfoW
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
ExitThread
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetFileAttributesW
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetFileTime
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
FileTimeToLocalFileTime
SetErrorMode
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FileTimeToSystemTime
GetThreadLocale
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
GetFileSizeEx
SleepEx
GetSystemDirectoryA
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetFileInformationByHandle
GetDriveTypeA
FindFirstFileA
GetFullPathNameA
GetCurrentDirectoryA
GetProcessHeap
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetModuleHandleA
InterlockedDecrement
WritePrivateProfileStringW
GetCurrentProcessId
WaitForSingleObject
CloseHandle
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
FormatMessageW
LocalFree
MulDiv
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
LoadLibraryW
CompareStringW
LoadLibraryA
GetLastError
SetLastError
FreeLibrary
lstrcmpW
GetModuleHandleW
GetProcAddress
GetVersionExA
GlobalLock
GlobalUnlock
FreeResource
GetExitCodeThread
TerminateThread
Sleep
WritePrivateProfileStringA
CreateThread
GlobalAlloc
GlobalFree
GetPrivateProfileStringA
lstrlenA
OutputDebugStringW
GetModuleFileNameW
GetPrivateProfileStringW
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetPrivateProfileIntW
GetACP

user32

UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharNextW
CharUpperW
InvalidateRect
LoadCursorW
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
DestroyMenu
ShowWindow
MoveWindow
IsDialogMessageW
SetDlgItemTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
PostThreadMessageW
RegisterClipboardFormatW
SetWindowTextW
UpdateWindow
PostMessageW
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
LoadIconW
SetCapture
KillTimer
SetTimer
GetClientRect
GetWindowRect
IsIconic
DrawIcon
ReleaseCapture
LoadCursorFromFileW
SetCursor
GetSystemMetrics
GetWindow
EnableWindow
SendMessageW
GetSystemMenu
AppendMenuW
WinHelpW

gdi32

SelectObject
CreateRectRgnIndirect
GetStockObject
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetObjectW
SetBkColor
SetTextColor
GetClipBox
DeleteDC
CreateFontIndirectW
Escape
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetDeviceCaps
ExtTextOutW
CreateBitmap
SetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

CryptCreateHash
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptAcquireContextA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysFreeString
OleCreateFontIndirect
SysAllocString
SysAllocStringLen
VariantCopy

ws2_32

WSAStartup
accept
recvfrom
sendto
getservbyport
gethostbyaddr
getservbyname
htonl
inet_ntoa
gethostbyname
inet_addr
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
listen
ioctlsocket
gethostname
WSACleanup
WSASetLastError
__WSAFDIsSet
WSAGetLastError
select
recv
send
WSAIoctl
setsockopt
getsockname

iphlpapi

GetAdaptersInfo

wldap32

ord60
ord50
ord26
ord30
ord32
ord35
ord143
ord200
ord33
ord301
ord27
ord41
ord46
ord211
ord22
ord79

Exports

Exports

BlowfishDecrypt
BlowfishEncrypt
DesDecrypt
DesEncrypt
GetLastErrorCode
MD5Encrypt
MD5EncryptV2
OpenTelnet

Sections

.text
Size: 471KB - Virtual size: 470KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ResetACTool 20181224/ResetACTool.pdb
ResetACTool 20181224/SimpChinese.lang
ResetACTool 20181224/StreamReader.dll
.dll windows:4 windows x86 arch:x86

7667b90148038ea6085de93d7765f12c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
HeapFree
WideCharToMultiByte
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
UnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetConsoleCtrlHandler
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
CompareStringA
CompareStringW
SetEnvironmentVariableA
Sleep
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW

Exports

Exports

H264_PARSER_Create
H264_PARSER_CreateEx
H264_PARSER_Destroy
H264_PARSER_GetNextFrame
H264_PARSER_GetNextKeyFrame
H264_PARSER_GetStreamType
H264_PARSER_InputData
H264_PARSER_Reset

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ResetACTool 20181224/Wait.ani
ResetACTool 20181224/ã_=¿Ë+¬ğ.doc
.doc windows office2003

Sharing

General

Malware Config

Signatures

Files

0ebb3c09b06b1666d307952e824c8697

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7eCertificate

Extended Key Usages

Key Usages

61:05:87:58:00:03:00:00:00:5aCertificate

Extended Key Usages

Key Usages

c0:34:f8:3d:7a:7c:a7:1c:a4:7f:96:82:5e:4d:67:05:56:d9:3e:65Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 38KB - Virtual size: 38KB

.data Size: 1024B - Virtual size: 6KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

0ebb3c09b06b1666d307952e824c8697

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:b2:9b:00:00:00:00:00:15Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

5d:9a:9e:30:e8:b4:79:bd:b9:25:8e:b1:69:72:67:0f:90:ec:0f:7fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 38KB - Virtual size: 38KB

.data Size: 1024B - Virtual size: 6KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

536ba5ba30ed5dd7b7186cfb1c0ec22b

Headers

File Characteristics

PDB Paths

Imports

mfc80

msvcr80

kernel32

user32

comctl32

msvcp80

ws2_32

wldap32

advapi32

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

61:05:87:58:00:03:00:00:00:5a
Certificate

c0:34:f8:3d:7a:7c:a7:1c:a4:7f:96:82:5e:4d:67:05:56:d9:3e:65
Signer

.text
Size: 38KB - Virtual size: 38KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:b2:9b:00:00:00:00:00:15
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

5d:9a:9e:30:e8:b4:79:bd:b9:25:8e:b1:69:72:67:0f:90:ec:0f:7f
Signer

.text
Size: 38KB - Virtual size: 38KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 28KB - Virtual size: 96KB

.text
Size: 812KB - Virtual size: 811KB

.rdata
Size: 132KB - Virtual size: 128KB

.data
Size: 32KB - Virtual size: 37KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 52KB - Virtual size: 50KB

.text
Size: 471KB - Virtual size: 470KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 12KB - Virtual size: 29KB

.rsrc
Size: 39KB - Virtual size: 38KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 20KB - Virtual size: 20KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB