e20cf23b48d4c0dd37ebcdfc1828a54e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e20cf23b48d4c0dd37ebcdfc1828a54e_JaffaCakes118
Size

3.5MB
MD5

e20cf23b48d4c0dd37ebcdfc1828a54e
SHA1

8de0286778a499eec760d2f25c480ca36335642a
SHA256

f40912f20664da2cfa0ae49c0b31005e23fd941c7389cb13b277fd8026ed1c85
SHA512

bf275db859259e1ba761323117f58fbddecfdef9b9e4fb25873a862c24b402f47e028a374afb204132561b3674da3629fccfdc65e9455c82ca17daeb99502124
SSDEEP

98304:3+9k8q4uksjSTfoRHLUlNcyiDJZVmB5exzQUlU:3wq4DsGTf8rFtDJDE52K

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
static1/unpack004/LastActivityView.exe	Nirsoft

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack002/AnVir.Task.Manager.v7.5.2.exe
unpack003/$EXEDIR/AnVir/VirusTotalUpload.exe
unpack003/$PLUGINSDIR/nsProcess.dll
unpack003/VirusTotalUpload.exe
unpack001/Everything-1.2.1.371.exe

Files

e20cf23b48d4c0dd37ebcdfc1828a54e_JaffaCakes118
.zip
AnVir_Task_Manager_7.5.2_Final_RePack_by_KpoJIuK.zip
.zip
AnVir.Task.Manager.v7.5.2.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 900KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$EXEDIR/AnVir/AnVir.exe
.exe windows:5 windows x86 arch:x86

12e522087bd7db82b4cfaa49e82e656a

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27-09-2011 00:00

Not After

26-09-2014 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=29 Altaiskaya ul.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:a4:89:09:28:ec:22:b5:0f:17:0e:45:60:68:5e:19:06:ff:f6:27
Signer

Actual PE Digest

11:a4:89:09:28:ec:22:b5:0f:17:0e:45:60:68:5e:19:06:ff:f6:27

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

Shell_NotifyIconA
ord18
ord155
SHGetDesktopFolder
SHOpenFolderAndSelectItems
SHBrowseForFolderA
SHGetMalloc
ord680
ShellExecuteExA
SHGetPathFromIDListA
SHFileOperationA
SHGetFileInfoA
SHGetSpecialFolderPathA
ShellExecuteA

version

GetFileVersionInfoA
VerQueryValueA

shlwapi

ord8
ord9
ord10
StrFormatByteSizeW
PathFindOnPathA
PathCanonicalizeA

msi

ord216
ord172

kernel32

GetDriveTypeA
GetLogicalDriveStringsA
SetErrorMode
GetDateFormatA
GetLocaleInfoA
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsAlloc
OpenProcess
SetFilePointer
LockResource
CompareStringA
IsBadStringPtrA
GetCurrentProcessId
MulDiv
SetProcessAffinityMask
GetProcessAffinityMask
GlobalMemoryStatusEx
GlobalFree
GlobalReAlloc
FindNextFileA
FindClose
FindFirstFileA
SetFileTime
MoveFileA
CopyFileA
GetSystemPowerStatus
HeapFree
GetProcessHeap
GetProcessTimes
SetPriorityClass
GetPriorityClass
SuspendThread
SetProcessWorkingSetSize
QueryDosDeviceA
DuplicateHandle
GetFileType
VirtualFree
VirtualAlloc
VirtualFreeEx
VirtualAllocEx
GetTempPathA
GetSystemWow64DirectoryA
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
RemoveDirectoryA
CreateEventA
SetEvent
GetDiskFreeSpaceExA
GetLogicalDrives
DeviceIoControl
GetExitCodeProcess
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeW
LCMapStringW
GetModuleFileNameW
GetStdHandle
ExitProcess
HeapSize
HeapCreate
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
TlsFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetTimeZoneInformation
HeapReAlloc
CreateThread
ExitThread
DecodePointer
EncodePointer
GetSystemInfo
GetModuleHandleW
VirtualProtect
RtlUnwind
InitializeCriticalSection
InterlockedPopEntrySList
IsProcessorFeaturePresent
HeapAlloc
InterlockedPushEntrySList
InterlockedCompareExchange
GetSystemDirectoryA
SetFileAttributesA
GetFileAttributesA
LoadLibraryA
GetFileSize
TlsSetValue
TlsGetValue
LocalFree
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GlobalAlloc
GlobalLock
GlobalUnlock
SystemTimeToFileTime
DeleteFileA
TerminateThread
SetThreadPriority
ResumeThread
CreateDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStructA
GetPrivateProfileStructA
FormatMessageA
GetSystemTime
IsBadWritePtr
VirtualQuery
GetLocalTime
CreateFileA
WriteFile
ReadFile
GetFileTime
SetEndOfFile
GetLongPathNameA
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcpynA
lstrcatA
lstrcmpA
SetLastError
lstrcpyA
CreateProcessA
GetTickCount
SetUnhandledExceptionFilter
OpenMutexA
WaitForSingleObject
CloseHandle
CreateMutexA
GetModuleFileNameA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
IsDBCSLeadByte
lstrcmpiA
InterlockedIncrement
GetModuleHandleA
GetProcAddress
lstrlenW
WideCharToMultiByte
GetCurrentThreadId
lstrlenA
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
Sleep
MultiByteToWideChar
GetSystemTimeAsFileTime
LoadLibraryW
SetStdHandle
WriteConsoleW
CreateFileW
CompareStringW
SetEnvironmentVariableA
FileTimeToDosDateTime

user32

GetLayeredWindowAttributes
GetScrollPos
GetDialogBaseUnits
GetTopWindow
DrawAnimatedRects
SendDlgItemMessageA
ChildWindowFromPoint
DialogBoxIndirectParamA
CreateIconIndirect
GetGuiResources
FindWindowExA
EnumThreadWindows
SetScrollPos
SetScrollInfo
SetClassLongA
GetScrollRange
ScrollWindowEx
WaitForInputIdle
FlashWindow
GetMenuStringA
GetNextDlgTabItem
AdjustWindowRectEx
IsChild
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SetRect
GetDesktopWindow
LockWindowUpdate
EqualRect
IsRectEmpty
SetParent
GetDCEx
LoadBitmapA
RegisterWindowMessageA
GetMessagePos
WindowFromPoint
GetSysColorBrush
FrameRect
DrawFrameControl
GetWindowThreadProcessId
GetMenuItemID
DrawIconEx
CharUpperBuffA
IsCharAlphaNumericA
SetWindowsHookExA
UnhookWindowsHookEx
SetDlgItemTextA
InflateRect
DestroyIcon
DrawEdge
SetLayeredWindowAttributes
OffsetRect
GetCapture
ReleaseCapture
EndPaint
BeginPaint
GetFocus
DrawFocusRect
FillRect
GetDlgCtrlID
SetCapture
IsWindowEnabled
ScreenToClient
GetWindowTextLengthA
CallNextHookEx
SetRectEmpty
CallWindowProcA
PtInRect
GetSysColor
GetWindowDC
CheckMenuRadioItem
GetForegroundWindow
MonitorFromRect
AppendMenuA
ModifyMenuA
MonitorFromPoint
DefWindowProcA
LoadStringW
PostQuitMessage
SetMenuDefaultItem
CopyRect
KillTimer
ClientToScreen
IsZoomed
IsIconic
TranslateAcceleratorA
SetMenu
GetMenu
LockWorkStation
ExitWindowsEx
UnregisterHotKey
RegisterHotKey
CharLowerBuffA
GetKeyState
IsMenu
GetMenuItemInfoA
SetMenuItemInfoA
LoadIconA
DeleteMenu
InvalidateRect
UpdateWindow
MoveWindow
UnregisterClassA
GetWindowPlacement
GetMenuState
GetDlgItemTextA
DragDetect
IntersectRect
DrawStateA
GetCursorPos
CreateDialogParamA
IsDialogMessageA
GetSubMenu
GetMenuItemCount
SetCursor
SetTimer
RedrawWindow
BringWindowToTop
InsertMenuItemA
RemoveMenu
InsertMenuA
CharLowerA
CharUpperA
CreatePopupMenu
TrackPopupMenuEx
TrackPopupMenu
DestroyMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SendMessageTimeoutA
GetClassLongA
GetShellWindow
MessageBeep
GetAsyncKeyState
PostMessageA
FindWindowA
SetFocus
EnableWindow
SetDlgItemInt
IsDlgButtonChecked
GetDlgItemInt
CheckDlgButton
EndDialog
wvsprintfA
IsWindow
MessageBoxA
wsprintfA
GetActiveWindow
EnumChildWindows
GetSystemMetrics
DialogBoxParamA
GetWindowTextA
GetClassNameA
ReleaseDC
GetDC
DrawTextA
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetParent
GetWindowLongA
SendMessageA
SetWindowTextA
GetDlgItem
EnumWindows
IsWindowVisible
ShowWindowAsync
SetForegroundWindow
LoadMenuA
LoadAcceleratorsA
CreateWindowExA
GetClassInfoExA
LoadCursorA
LoadImageA
RegisterClassExA
DestroyWindow
CharNextA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
LoadStringA
ShowWindow
SetWindowLongA
SystemParametersInfoA

gdi32

TextOutW
CreateDCA
SetViewportOrgEx
LPtoDP
DPtoLP
LineTo
MoveToEx
CreateDIBSection
CreatePatternBrush
CreateBitmap
PatBlt
SetBrushOrgEx
GetClipBox
SetWindowOrgEx
RectVisible
GetCurrentObject
RoundRect
ExtTextOutA
SaveDC
Polygon
CreatePen
Rectangle
CreateFontIndirectA
GetDeviceCaps
GetObjectA
GetTextExtentPoint32A
GetStockObject
SelectObject
DeleteDC
SetBkColor
CreateSolidBrush
CreateCompatibleBitmap
BitBlt
SetTextColor
SetBkMode
CreateCompatibleDC
DeleteObject
GetTextMetricsA
RestoreDC
ExcludeClipRect

comdlg32

FindTextA
GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

advapi32

GetTokenInformation
QueryServiceStatusEx
ControlService
StartServiceA
DeleteService
CreateServiceA
ChangeServiceConfig2A
OpenSCManagerA
OpenServiceA
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
GetSecurityInfo
OpenProcessToken
DuplicateTokenEx
LookupAccountSidA
GetSecurityDescriptorSacl
SetSecurityInfo
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyW
ChangeServiceConfigA
QueryServiceConfigA
QueryServiceConfig2A
GetServiceDisplayNameA
LockServiceDatabase
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
UnlockServiceDatabase
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

ole32

CoTaskMemRealloc
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoUninitialize

oleaut32

VarUI4FromStr
SysAllocString
SysFreeString
VariantInit
VariantChangeType
VariantClear

comctl32

ImageList_Draw
ord17
CreatePropertySheetPageA
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_Create
ImageList_Remove
ImageList_ReplaceIcon
ImageList_LoadImageA
ImageList_Destroy
ImageList_GetImageCount
PropertySheetA
_TrackMouseEvent
ImageList_GetIcon
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_GetIconSize
ImageList_AddMasked

uxtheme

SetWindowTheme
IsAppThemed

psapi

GetModuleFileNameExA

crypt32

CertFindRDNAttr
CertFreeCertificateContext
CryptDecodeObjectEx

rpcrt4

UuidFromStringA

Sections

.text
Size: 969KB - Virtual size: 969KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$EXEDIR/AnVir/AnVir64.exe
.exe windows:5 windows x64 arch:x64

10b1ca48b80bbdf6a160cceb87bf5da9

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27-09-2011 00:00

Not After

26-09-2014 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=29 Altaiskaya ul.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a8:ae:a7:c4:8d:e4:e4:8a:3c:09:02:15:ce:75:8a:01:2b:97:dd:27
Signer

Actual PE Digest

a8:ae:a7:c4:8d:e4:e4:8a:3c:09:02:15:ce:75:8a:01:2b:97:dd:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVersionExA
GetProcAddress
GetModuleHandleA
TlsGetValue
WriteFile
CloseHandle
LoadLibraryA
GetCurrentProcess
FreeLibrary
LoadLibraryExA
lstrlenW
TlsAlloc
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FlushInstructionCache
GetCurrentThreadId
lstrcmpiA
IsDBCSLeadByte
SetLastError
CreateMutexA
SizeofResource
LoadResource
FindResourceA
GetModuleFileNameA
MapViewOfFile
OpenFileMappingA
OpenMutexA
FlushFileBuffers
CreateFileW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
HeapSize
LCMapStringW
GetStringTypeW
HeapCreate
GetVersion
HeapSetInformation
GetModuleFileNameW
GetStdHandle
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
Sleep
GetLastError
lstrlenA
lstrcatA
GetModuleHandleW
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetCommandLineA
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualProtect
DecodePointer
EncodePointer
lstrcpyA
WriteConsoleW
InterlockedPushEntrySList
HeapFree
HeapAlloc
GetProcessHeap
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx

user32

PostQuitMessage
IsDialogMessageA
SetTimer
SetWindowTextA
DefWindowProcA
CreateDialogParamA
DestroyWindow
SetWindowLongPtrA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
CharNextA
UnregisterClassA

advapi32

RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$EXEDIR/AnVir/AnvirHook75.dll
.dll windows:5 windows x86 arch:x86

ec3de3b28a50dfce0225085a2253b644

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27-09-2011 00:00

Not After

26-09-2014 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=29 Altaiskaya ul.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

89:3e:34:4a:9d:fa:b6:a1:88:3c:8c:35:c5:01:12:45:27:31:29:c2
Signer

Actual PE Digest

89:3e:34:4a:9d:fa:b6:a1:88:3c:8c:35:c5:01:12:45:27:31:29:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_ReplaceIcon

shell32

SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc

msimg32

TransparentBlt

kernel32

lstrcmpA
GetCurrentDirectoryA
MultiByteToWideChar
GetProcAddress
WideCharToMultiByte
lstrlenW
GetVersionExA
OpenProcess
GetFileAttributesA
SetPriorityClass
GetPriorityClass
WriteFile
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
RaiseException
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
GetTickCount
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
InterlockedDecrement
SetLastError
GetModuleHandleW
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapSize
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCommandLineA
GetCurrentThreadId
HeapReAlloc
DecodePointer
EncodePointer
RtlUnwind
HeapFree
GetLastError
lstrcatA
Sleep
GetCurrentProcessId
GetModuleFileNameA
LoadLibraryA
UnmapViewOfFile
lstrlenA
lstrcpyA
OpenFileMappingA
MapViewOfFile
CloseHandle
GetModuleFileNameW
LCMapStringW
GetStringTypeW
SetHandleCount

user32

GetWindowThreadProcessId
GetMenuItemInfoA
SetMenuItemInfoA
CopyRect
CheckMenuItem
RemoveMenu
DeleteMenu
IsMenu
GetMenuState
GetWindowPlacement
GetSystemMenu
GetKeyState
GetSystemMetrics
SendInput
LoadIconA
LoadImageA
SetWindowTextA
SetActiveWindow
TrackPopupMenuEx
RedrawWindow
InsertMenuA
GetLayeredWindowAttributes
LoadBitmapA
DrawFrameControl
GetDC
GetMenuItemID
DrawIconEx
SendMessageTimeoutA
PostMessageA
IsWindow
GetWindowLongA
SendMessageA
PtInRect
OffsetRect
InsertMenuItemA
wsprintfA
AppendMenuA
CheckMenuRadioItem
GetWindowTextA
FindWindowExA
GetDlgCtrlID
GetWindowTextLengthA
GetDlgItem
GetClassNameA
EnumWindows
SetTimer
IsWindowUnicode
SetCapture
ReleaseCapture
ShowWindowAsync
IsWindowVisible
ShowWindow
SetLayeredWindowAttributes
RegisterClassA
KillTimer
FillRect
DefWindowProcA
SetWindowPos
SetWindowLongW
SetWindowLongA
ReleaseDC
GetWindowDC
EndPaint
BeginPaint
GetCursorPos
InvalidateRect
UpdateWindow
CallWindowProcW
CallWindowProcA
CreatePopupMenu
TrackPopupMenu
DestroyMenu
ClientToScreen
GetParent
ScreenToClient
DestroyWindow
CreateWindowExA
GetWindowRect
GetClientRect
InflateRect

gdi32

SelectObject
SetWindowOrgEx
CreateCompatibleBitmap
GetClipBox
BitBlt
DeleteObject
DeleteDC
DPtoLP
LPtoDP
CreateSolidBrush
GetStockObject
Polyline
CreatePen
StretchBlt
GetObjectA
GetPixel
CreateCompatibleDC

ole32

CoTaskMemFree

uxtheme

IsAppThemed
CloseThemeData
OpenThemeData
GetThemeFilename
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetThemeInt
GetThemeEnumValue
GetThemeMargins
DrawThemeBackground

Exports

Exports

AddTitleIcons
ExtendSaveDialogs
ExtendSystemMenu

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$EXEDIR/AnVir/AnvirHook75_64.dll
.dll windows:5 windows x64 arch:x64

8ae098b4be43d469b6f6f1428369e6be

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27-09-2011 00:00

Not After

26-09-2014 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=29 Altaiskaya ul.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c6:3f:81:c3:63:fc:8a:7a:a4:9f:ed:0f:33:7b:85:6c:21:ae:1e:24
Signer

Actual PE Digest

c6:3f:81:c3:63:fc:8a:7a:a4:9f:ed:0f:33:7b:85:6c:21:ae:1e:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_ReplaceIcon

shell32

SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc

msimg32

TransparentBlt

kernel32

lstrcmpA
GetCurrentDirectoryA
MultiByteToWideChar
GetProcAddress
WideCharToMultiByte
lstrlenW
GetVersionExA
OpenProcess
GetFileAttributesA
SetPriorityClass
GetPriorityClass
WriteFile
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
HeapAlloc
IsValidCodePage
GetTickCount
GetACP
GetCPInfo
ExitProcess
GetModuleHandleW
RtlPcToFileHeader
RaiseException
FlsAlloc
SetLastError
FlsFree
FlsGetValue
HeapSize
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCommandLineA
FlsSetValue
GetCurrentThreadId
HeapReAlloc
DecodePointer
EncodePointer
RtlLookupFunctionEntry
HeapFree
GetLastError
RtlUnwindEx
lstrcatA
Sleep
GetCurrentProcessId
GetModuleFileNameA
LoadLibraryA
UnmapViewOfFile
lstrlenA
lstrcpyA
OpenFileMappingA
MapViewOfFile
CloseHandle
GetModuleFileNameW
LCMapStringW
GetStringTypeW
GetOEMCP

user32

GetWindowThreadProcessId
GetMenuItemInfoA
SetMenuItemInfoA
DrawIconEx
InflateRect
CheckMenuItem
RemoveMenu
DeleteMenu
IsMenu
GetWindowPlacement
GetMenuItemID
GetSystemMenu
GetKeyState
GetSystemMetrics
SendInput
LoadIconA
LoadImageA
SetWindowTextA
SetActiveWindow
TrackPopupMenuEx
RedrawWindow
GetLayeredWindowAttributes
SetWindowLongA
GetDC
LoadBitmapA
GetMenuState
DrawFrameControl
SendMessageTimeoutA
PostMessageA
IsWindow
GetWindowLongA
SendMessageA
PtInRect
OffsetRect
InsertMenuA
InsertMenuItemA
wsprintfA
AppendMenuA
CheckMenuRadioItem
GetWindowTextA
GetDlgCtrlID
GetWindowTextLengthA
FindWindowExA
GetDlgItem
GetClassNameA
EnumWindows
SetTimer
IsWindowUnicode
SetCapture
ReleaseCapture
ShowWindowAsync
IsWindowVisible
ShowWindow
SetLayeredWindowAttributes
RegisterClassA
KillTimer
GetWindowLongPtrA
FillRect
DefWindowProcA
SetWindowPos
SetWindowLongPtrW
SetWindowLongPtrA
ReleaseDC
GetWindowDC
EndPaint
BeginPaint
GetCursorPos
InvalidateRect
UpdateWindow
CallWindowProcW
CallWindowProcA
CreatePopupMenu
TrackPopupMenu
DestroyMenu
ClientToScreen
GetParent
ScreenToClient
DestroyWindow
CreateWindowExA
GetWindowRect
GetClientRect
CopyRect

gdi32

SelectObject
SetWindowOrgEx
CreateCompatibleBitmap
GetClipBox
BitBlt
DeleteObject
DeleteDC
DPtoLP
LPtoDP
CreateSolidBrush
GetStockObject
Polyline
CreatePen
StretchBlt
GetObjectA
GetPixel
CreateCompatibleDC

ole32

CoTaskMemFree

uxtheme

IsAppThemed
CloseThemeData
OpenThemeData
GetThemeFilename
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetThemeInt
GetThemeEnumValue
GetThemeMargins
DrawThemeBackground

Exports

Exports

AddTitleIcons
ExtendSaveDialogs
ExtendSystemMenu

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$EXEDIR/AnVir/AnvirRunServ.exe
.exe windows:4 windows x86 arch:x86

b02ec238d323162eb8e5d7854e0638a2

Code Sign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27-09-2011 00:00

Not After

26-09-2014 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=29 Altaiskaya ul.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:12:af:e8:d4:5d:0f:99:1c:1a:38:b4:1f:a7:ec:89:fd:90:c2:e4
Signer

Actual PE Digest

48:12:af:e8:d4:5d:0f:99:1c:1a:38:b4:1f:a7:ec:89:fd:90:c2:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
InitializeCriticalSection
InterlockedDecrement
GetCurrentThreadId
lstrlenA
CreateProcessA
CloseHandle
LoadLibraryA
GetProcAddress
lstrcpyA
GetLastError
FormatMessageA
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

user32

PostThreadMessageA
LoadStringA

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyA
RegQueryValueExA
RegCloseKey
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
SetServiceStatus

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$EXEDIR/AnVir/VirusTotalUpload.exe
.exe windows:5 windows x86 arch:x86

227974be97287d72a0c2564c9510f5b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetCrackUrlW
InternetConnectW
InternetOpenW
HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
HttpSendRequestW

comctl32

InitCommonControlsEx

psapi

GetModuleFileNameExW

kernel32

GetTempFileNameW
WriteFile
CreateFileW
GetTempPathW
GetLastError
CloseHandle
LocalFree
ExitProcess
GetModuleFileNameW
GetModuleHandleW
OpenProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CreateThread
GetFullPathNameW
GetTickCount
GetFileAttributesW
ReadFile
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
FlushFileBuffers
SetStdHandle
LCMapStringW
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
LoadLibraryA
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetFilePointer
WriteConsoleW
GetConsoleOutputCP
SetEndOfFile
GetDriveTypeA
GetProcessHeap
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileSizeEx
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleHandleA
IsDebuggerPresent
GetSystemTimeAsFileTime
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
HeapFree
HeapAlloc
GetStartupInfoW
RaiseException
RtlUnwind
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
Sleep
HeapSize
EnterCriticalSection
LeaveCriticalSection
GetCurrentDirectoryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc

user32

SendMessageW
MessageBoxW
CharToOemW
SendDlgItemMessageW
SetWindowTextW
CheckDlgButton
IsDlgButtonChecked
EnableWindow
SetTimer
GetWindowRect
SetForegroundWindow
DialogBoxParamW
GetDC
LoadImageW
GetDlgItem
EndDialog
GetDlgItemTextW
SetDlgItemTextW
MapWindowPoints
MoveWindow
ReleaseDC

gdi32

SelectObject
GetTextMetricsW

comdlg32

CommDlgExtendedError
GetOpenFileNameW

advapi32

CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptHashData

shell32

DragQueryFileW
DragFinish
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW

ole32

CoInitialize
CoTaskMemFree
CoUninitialize

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$EXEDIR/AnVir/XPTweaker.chm
.chm
$EXEDIR/AnVir/license_ru.rtf
.rtf
$EXEDIR/AnVir/portable.txt
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsProcess.dll
.dll windows:5 windows x86 arch:x86

439074d1c01f7b16781bdf060930814a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
OpenProcess
MultiByteToWideChar
lstrlenA
lstrlenW
LoadLibraryA
lstrcmpiW
lstrcpynW
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
GetVersionExW
GlobalFree
GlobalAlloc

user32

GetWindowThreadProcessId
EnumWindows
wsprintfW
PostMessageW

Exports

Exports

_CloseProcess
_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 927B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AnVir.exe
.exe windows:5 windows x86 arch:x86

12e522087bd7db82b4cfaa49e82e656a

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27-09-2011 00:00

Not After

26-09-2014 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=29 Altaiskaya ul.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:a4:89:09:28:ec:22:b5:0f:17:0e:45:60:68:5e:19:06:ff:f6:27
Signer

Actual PE Digest

11:a4:89:09:28:ec:22:b5:0f:17:0e:45:60:68:5e:19:06:ff:f6:27

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

Shell_NotifyIconA
ord18
ord155
SHGetDesktopFolder
SHOpenFolderAndSelectItems
SHBrowseForFolderA
SHGetMalloc
ord680
ShellExecuteExA
SHGetPathFromIDListA
SHFileOperationA
SHGetFileInfoA
SHGetSpecialFolderPathA
ShellExecuteA

version

GetFileVersionInfoA
VerQueryValueA

shlwapi

ord8
ord9
ord10
StrFormatByteSizeW
PathFindOnPathA
PathCanonicalizeA

msi

ord216
ord172

kernel32

GetDriveTypeA
GetLogicalDriveStringsA
SetErrorMode
GetDateFormatA
GetLocaleInfoA
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsAlloc
OpenProcess
SetFilePointer
LockResource
CompareStringA
IsBadStringPtrA
GetCurrentProcessId
MulDiv
SetProcessAffinityMask
GetProcessAffinityMask
GlobalMemoryStatusEx
GlobalFree
GlobalReAlloc
FindNextFileA
FindClose
FindFirstFileA
SetFileTime
MoveFileA
CopyFileA
GetSystemPowerStatus
HeapFree
GetProcessHeap
GetProcessTimes
SetPriorityClass
GetPriorityClass
SuspendThread
SetProcessWorkingSetSize
QueryDosDeviceA
DuplicateHandle
GetFileType
VirtualFree
VirtualAlloc
VirtualFreeEx
VirtualAllocEx
GetTempPathA
GetSystemWow64DirectoryA
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
RemoveDirectoryA
CreateEventA
SetEvent
GetDiskFreeSpaceExA
GetLogicalDrives
DeviceIoControl
GetExitCodeProcess
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeW
LCMapStringW
GetModuleFileNameW
GetStdHandle
ExitProcess
HeapSize
HeapCreate
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
TlsFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetTimeZoneInformation
HeapReAlloc
CreateThread
ExitThread
DecodePointer
EncodePointer
GetSystemInfo
GetModuleHandleW
VirtualProtect
RtlUnwind
InitializeCriticalSection
InterlockedPopEntrySList
IsProcessorFeaturePresent
HeapAlloc
InterlockedPushEntrySList
InterlockedCompareExchange
GetSystemDirectoryA
SetFileAttributesA
GetFileAttributesA
LoadLibraryA
GetFileSize
TlsSetValue
TlsGetValue
LocalFree
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GlobalAlloc
GlobalLock
GlobalUnlock
SystemTimeToFileTime
DeleteFileA
TerminateThread
SetThreadPriority
ResumeThread
CreateDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStructA
GetPrivateProfileStructA
FormatMessageA
GetSystemTime
IsBadWritePtr
VirtualQuery
GetLocalTime
CreateFileA
WriteFile
ReadFile
GetFileTime
SetEndOfFile
GetLongPathNameA
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcpynA
lstrcatA
lstrcmpA
SetLastError
lstrcpyA
CreateProcessA
GetTickCount
SetUnhandledExceptionFilter
OpenMutexA
WaitForSingleObject
CloseHandle
CreateMutexA
GetModuleFileNameA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
IsDBCSLeadByte
lstrcmpiA
InterlockedIncrement
GetModuleHandleA
GetProcAddress
lstrlenW
WideCharToMultiByte
GetCurrentThreadId
lstrlenA
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
Sleep
MultiByteToWideChar
GetSystemTimeAsFileTime
LoadLibraryW
SetStdHandle
WriteConsoleW
CreateFileW
CompareStringW
SetEnvironmentVariableA
FileTimeToDosDateTime

user32

GetLayeredWindowAttributes
GetScrollPos
GetDialogBaseUnits
GetTopWindow
DrawAnimatedRects
SendDlgItemMessageA
ChildWindowFromPoint
DialogBoxIndirectParamA
CreateIconIndirect
GetGuiResources
FindWindowExA
EnumThreadWindows
SetScrollPos
SetScrollInfo
SetClassLongA
GetScrollRange
ScrollWindowEx
WaitForInputIdle
FlashWindow
GetMenuStringA
GetNextDlgTabItem
AdjustWindowRectEx
IsChild
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SetRect
GetDesktopWindow
LockWindowUpdate
EqualRect
IsRectEmpty
SetParent
GetDCEx
LoadBitmapA
RegisterWindowMessageA
GetMessagePos
WindowFromPoint
GetSysColorBrush
FrameRect
DrawFrameControl
GetWindowThreadProcessId
GetMenuItemID
DrawIconEx
CharUpperBuffA
IsCharAlphaNumericA
SetWindowsHookExA
UnhookWindowsHookEx
SetDlgItemTextA
InflateRect
DestroyIcon
DrawEdge
SetLayeredWindowAttributes
OffsetRect
GetCapture
ReleaseCapture
EndPaint
BeginPaint
GetFocus
DrawFocusRect
FillRect
GetDlgCtrlID
SetCapture
IsWindowEnabled
ScreenToClient
GetWindowTextLengthA
CallNextHookEx
SetRectEmpty
CallWindowProcA
PtInRect
GetSysColor
GetWindowDC
CheckMenuRadioItem
GetForegroundWindow
MonitorFromRect
AppendMenuA
ModifyMenuA
MonitorFromPoint
DefWindowProcA
LoadStringW
PostQuitMessage
SetMenuDefaultItem
CopyRect
KillTimer
ClientToScreen
IsZoomed
IsIconic
TranslateAcceleratorA
SetMenu
GetMenu
LockWorkStation
ExitWindowsEx
UnregisterHotKey
RegisterHotKey
CharLowerBuffA
GetKeyState
IsMenu
GetMenuItemInfoA
SetMenuItemInfoA
LoadIconA
DeleteMenu
InvalidateRect
UpdateWindow
MoveWindow
UnregisterClassA
GetWindowPlacement
GetMenuState
GetDlgItemTextA
DragDetect
IntersectRect
DrawStateA
GetCursorPos
CreateDialogParamA
IsDialogMessageA
GetSubMenu
GetMenuItemCount
SetCursor
SetTimer
RedrawWindow
BringWindowToTop
InsertMenuItemA
RemoveMenu
InsertMenuA
CharLowerA
CharUpperA
CreatePopupMenu
TrackPopupMenuEx
TrackPopupMenu
DestroyMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SendMessageTimeoutA
GetClassLongA
GetShellWindow
MessageBeep
GetAsyncKeyState
PostMessageA
FindWindowA
SetFocus
EnableWindow
SetDlgItemInt
IsDlgButtonChecked
GetDlgItemInt
CheckDlgButton
EndDialog
wvsprintfA
IsWindow
MessageBoxA
wsprintfA
GetActiveWindow
EnumChildWindows
GetSystemMetrics
DialogBoxParamA
GetWindowTextA
GetClassNameA
ReleaseDC
GetDC
DrawTextA
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetParent
GetWindowLongA
SendMessageA
SetWindowTextA
GetDlgItem
EnumWindows
IsWindowVisible
ShowWindowAsync
SetForegroundWindow
LoadMenuA
LoadAcceleratorsA
CreateWindowExA
GetClassInfoExA
LoadCursorA
LoadImageA
RegisterClassExA
DestroyWindow
CharNextA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
LoadStringA
ShowWindow
SetWindowLongA
SystemParametersInfoA

gdi32

TextOutW
CreateDCA
SetViewportOrgEx
LPtoDP
DPtoLP
LineTo
MoveToEx
CreateDIBSection
CreatePatternBrush
CreateBitmap
PatBlt
SetBrushOrgEx
GetClipBox
SetWindowOrgEx
RectVisible
GetCurrentObject
RoundRect
ExtTextOutA
SaveDC
Polygon
CreatePen
Rectangle
CreateFontIndirectA
GetDeviceCaps
GetObjectA
GetTextExtentPoint32A
GetStockObject
SelectObject
DeleteDC
SetBkColor
CreateSolidBrush
CreateCompatibleBitmap
BitBlt
SetTextColor
SetBkMode
CreateCompatibleDC
DeleteObject
GetTextMetricsA
RestoreDC
ExcludeClipRect

comdlg32

FindTextA
GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

advapi32

GetTokenInformation
QueryServiceStatusEx
ControlService
StartServiceA
DeleteService
CreateServiceA
ChangeServiceConfig2A
OpenSCManagerA
OpenServiceA
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
GetSecurityInfo
OpenProcessToken
DuplicateTokenEx
LookupAccountSidA
GetSecurityDescriptorSacl
SetSecurityInfo
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyW
ChangeServiceConfigA
QueryServiceConfigA
QueryServiceConfig2A
GetServiceDisplayNameA
LockServiceDatabase
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
UnlockServiceDatabase
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

ole32

CoTaskMemRealloc
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoUninitialize

oleaut32

VarUI4FromStr
SysAllocString
SysFreeString
VariantInit
VariantChangeType
VariantClear

comctl32

ImageList_Draw
ord17
CreatePropertySheetPageA
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_Create
ImageList_Remove
ImageList_ReplaceIcon
ImageList_LoadImageA
ImageList_Destroy
ImageList_GetImageCount
PropertySheetA
_TrackMouseEvent
ImageList_GetIcon
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_GetIconSize
ImageList_AddMasked

uxtheme

SetWindowTheme
IsAppThemed

psapi

GetModuleFileNameExA

crypt32

CertFindRDNAttr
CertFreeCertificateContext
CryptDecodeObjectEx

rpcrt4

UuidFromStringA

Sections

.text
Size: 969KB - Virtual size: 969KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AnVir64.exe
.exe windows:5 windows x64 arch:x64

10b1ca48b80bbdf6a160cceb87bf5da9

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27-09-2011 00:00

Not After

26-09-2014 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=29 Altaiskaya ul.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a8:ae:a7:c4:8d:e4:e4:8a:3c:09:02:15:ce:75:8a:01:2b:97:dd:27
Signer

Actual PE Digest

a8:ae:a7:c4:8d:e4:e4:8a:3c:09:02:15:ce:75:8a:01:2b:97:dd:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVersionExA
GetProcAddress
GetModuleHandleA
TlsGetValue
WriteFile
CloseHandle
LoadLibraryA
GetCurrentProcess
FreeLibrary
LoadLibraryExA
lstrlenW
TlsAlloc
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FlushInstructionCache
GetCurrentThreadId
lstrcmpiA
IsDBCSLeadByte
SetLastError
CreateMutexA
SizeofResource
LoadResource
FindResourceA
GetModuleFileNameA
MapViewOfFile
OpenFileMappingA
OpenMutexA
FlushFileBuffers
CreateFileW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
HeapSize
LCMapStringW
GetStringTypeW
HeapCreate
GetVersion
HeapSetInformation
GetModuleFileNameW
GetStdHandle
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
Sleep
GetLastError
lstrlenA
lstrcatA
GetModuleHandleW
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetCommandLineA
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualProtect
DecodePointer
EncodePointer
lstrcpyA
WriteConsoleW
InterlockedPushEntrySList
HeapFree
HeapAlloc
GetProcessHeap
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx

user32

PostQuitMessage
IsDialogMessageA
SetTimer
SetWindowTextA
DefWindowProcA
CreateDialogParamA
DestroyWindow
SetWindowLongPtrA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
CharNextA
UnregisterClassA

advapi32

RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AnvirHook75.dll
.dll windows:5 windows x86 arch:x86

ec3de3b28a50dfce0225085a2253b644

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27-09-2011 00:00

Not After

26-09-2014 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=29 Altaiskaya ul.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

89:3e:34:4a:9d:fa:b6:a1:88:3c:8c:35:c5:01:12:45:27:31:29:c2
Signer

Actual PE Digest

89:3e:34:4a:9d:fa:b6:a1:88:3c:8c:35:c5:01:12:45:27:31:29:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_ReplaceIcon

shell32

SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc

msimg32

TransparentBlt

kernel32

lstrcmpA
GetCurrentDirectoryA
MultiByteToWideChar
GetProcAddress
WideCharToMultiByte
lstrlenW
GetVersionExA
OpenProcess
GetFileAttributesA
SetPriorityClass
GetPriorityClass
WriteFile
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
RaiseException
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
GetTickCount
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
InterlockedDecrement
SetLastError
GetModuleHandleW
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapSize
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCommandLineA
GetCurrentThreadId
HeapReAlloc
DecodePointer
EncodePointer
RtlUnwind
HeapFree
GetLastError
lstrcatA
Sleep
GetCurrentProcessId
GetModuleFileNameA
LoadLibraryA
UnmapViewOfFile
lstrlenA
lstrcpyA
OpenFileMappingA
MapViewOfFile
CloseHandle
GetModuleFileNameW
LCMapStringW
GetStringTypeW
SetHandleCount

user32

GetWindowThreadProcessId
GetMenuItemInfoA
SetMenuItemInfoA
CopyRect
CheckMenuItem
RemoveMenu
DeleteMenu
IsMenu
GetMenuState
GetWindowPlacement
GetSystemMenu
GetKeyState
GetSystemMetrics
SendInput
LoadIconA
LoadImageA
SetWindowTextA
SetActiveWindow
TrackPopupMenuEx
RedrawWindow
InsertMenuA
GetLayeredWindowAttributes
LoadBitmapA
DrawFrameControl
GetDC
GetMenuItemID
DrawIconEx
SendMessageTimeoutA
PostMessageA
IsWindow
GetWindowLongA
SendMessageA
PtInRect
OffsetRect
InsertMenuItemA
wsprintfA
AppendMenuA
CheckMenuRadioItem
GetWindowTextA
FindWindowExA
GetDlgCtrlID
GetWindowTextLengthA
GetDlgItem
GetClassNameA
EnumWindows
SetTimer
IsWindowUnicode
SetCapture
ReleaseCapture
ShowWindowAsync
IsWindowVisible
ShowWindow
SetLayeredWindowAttributes
RegisterClassA
KillTimer
FillRect
DefWindowProcA
SetWindowPos
SetWindowLongW
SetWindowLongA
ReleaseDC
GetWindowDC
EndPaint
BeginPaint
GetCursorPos
InvalidateRect
UpdateWindow
CallWindowProcW
CallWindowProcA
CreatePopupMenu
TrackPopupMenu
DestroyMenu
ClientToScreen
GetParent
ScreenToClient
DestroyWindow
CreateWindowExA
GetWindowRect
GetClientRect
InflateRect

gdi32

SelectObject
SetWindowOrgEx
CreateCompatibleBitmap
GetClipBox
BitBlt
DeleteObject
DeleteDC
DPtoLP
LPtoDP
CreateSolidBrush
GetStockObject
Polyline
CreatePen
StretchBlt
GetObjectA
GetPixel
CreateCompatibleDC

ole32

CoTaskMemFree

uxtheme

IsAppThemed
CloseThemeData
OpenThemeData
GetThemeFilename
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetThemeInt
GetThemeEnumValue
GetThemeMargins
DrawThemeBackground

Exports

Exports

AddTitleIcons
ExtendSaveDialogs
ExtendSystemMenu

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AnvirHook75_64.dll
.dll windows:5 windows x64 arch:x64

8ae098b4be43d469b6f6f1428369e6be

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27-09-2011 00:00

Not After

26-09-2014 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=29 Altaiskaya ul.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c6:3f:81:c3:63:fc:8a:7a:a4:9f:ed:0f:33:7b:85:6c:21:ae:1e:24
Signer

Actual PE Digest

c6:3f:81:c3:63:fc:8a:7a:a4:9f:ed:0f:33:7b:85:6c:21:ae:1e:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_ReplaceIcon

shell32

SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc

msimg32

TransparentBlt

kernel32

lstrcmpA
GetCurrentDirectoryA
MultiByteToWideChar
GetProcAddress
WideCharToMultiByte
lstrlenW
GetVersionExA
OpenProcess
GetFileAttributesA
SetPriorityClass
GetPriorityClass
WriteFile
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
HeapAlloc
IsValidCodePage
GetTickCount
GetACP
GetCPInfo
ExitProcess
GetModuleHandleW
RtlPcToFileHeader
RaiseException
FlsAlloc
SetLastError
FlsFree
FlsGetValue
HeapSize
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCommandLineA
FlsSetValue
GetCurrentThreadId
HeapReAlloc
DecodePointer
EncodePointer
RtlLookupFunctionEntry
HeapFree
GetLastError
RtlUnwindEx
lstrcatA
Sleep
GetCurrentProcessId
GetModuleFileNameA
LoadLibraryA
UnmapViewOfFile
lstrlenA
lstrcpyA
OpenFileMappingA
MapViewOfFile
CloseHandle
GetModuleFileNameW
LCMapStringW
GetStringTypeW
GetOEMCP

user32

GetWindowThreadProcessId
GetMenuItemInfoA
SetMenuItemInfoA
DrawIconEx
InflateRect
CheckMenuItem
RemoveMenu
DeleteMenu
IsMenu
GetWindowPlacement
GetMenuItemID
GetSystemMenu
GetKeyState
GetSystemMetrics
SendInput
LoadIconA
LoadImageA
SetWindowTextA
SetActiveWindow
TrackPopupMenuEx
RedrawWindow
GetLayeredWindowAttributes
SetWindowLongA
GetDC
LoadBitmapA
GetMenuState
DrawFrameControl
SendMessageTimeoutA
PostMessageA
IsWindow
GetWindowLongA
SendMessageA
PtInRect
OffsetRect
InsertMenuA
InsertMenuItemA
wsprintfA
AppendMenuA
CheckMenuRadioItem
GetWindowTextA
GetDlgCtrlID
GetWindowTextLengthA
FindWindowExA
GetDlgItem
GetClassNameA
EnumWindows
SetTimer
IsWindowUnicode
SetCapture
ReleaseCapture
ShowWindowAsync
IsWindowVisible
ShowWindow
SetLayeredWindowAttributes
RegisterClassA
KillTimer
GetWindowLongPtrA
FillRect
DefWindowProcA
SetWindowPos
SetWindowLongPtrW
SetWindowLongPtrA
ReleaseDC
GetWindowDC
EndPaint
BeginPaint
GetCursorPos
InvalidateRect
UpdateWindow
CallWindowProcW
CallWindowProcA
CreatePopupMenu
TrackPopupMenu
DestroyMenu
ClientToScreen
GetParent
ScreenToClient
DestroyWindow
CreateWindowExA
GetWindowRect
GetClientRect
CopyRect

gdi32

SelectObject
SetWindowOrgEx
CreateCompatibleBitmap
GetClipBox
BitBlt
DeleteObject
DeleteDC
DPtoLP
LPtoDP
CreateSolidBrush
GetStockObject
Polyline
CreatePen
StretchBlt
GetObjectA
GetPixel
CreateCompatibleDC

ole32

CoTaskMemFree

uxtheme

IsAppThemed
CloseThemeData
OpenThemeData
GetThemeFilename
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetThemeInt
GetThemeEnumValue
GetThemeMargins
DrawThemeBackground

Exports

Exports

AddTitleIcons
ExtendSaveDialogs
ExtendSystemMenu

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AnvirRunServ.exe
.exe windows:4 windows x86 arch:x86

b02ec238d323162eb8e5d7854e0638a2

Code Sign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27-09-2011 00:00

Not After

26-09-2014 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=29 Altaiskaya ul.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:12:af:e8:d4:5d:0f:99:1c:1a:38:b4:1f:a7:ec:89:fd:90:c2:e4
Signer

Actual PE Digest

48:12:af:e8:d4:5d:0f:99:1c:1a:38:b4:1f:a7:ec:89:fd:90:c2:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
InitializeCriticalSection
InterlockedDecrement
GetCurrentThreadId
lstrlenA
CreateProcessA
CloseHandle
LoadLibraryA
GetProcAddress
lstrcpyA
GetLastError
FormatMessageA
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

user32

PostThreadMessageA
LoadStringA

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyA
RegQueryValueExA
RegCloseKey
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
SetServiceStatus

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VirusTotalUpload.exe
.exe windows:5 windows x86 arch:x86

227974be97287d72a0c2564c9510f5b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetCrackUrlW
InternetConnectW
InternetOpenW
HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
HttpSendRequestW

comctl32

InitCommonControlsEx

psapi

GetModuleFileNameExW

kernel32

GetTempFileNameW
WriteFile
CreateFileW
GetTempPathW
GetLastError
CloseHandle
LocalFree
ExitProcess
GetModuleFileNameW
GetModuleHandleW
OpenProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CreateThread
GetFullPathNameW
GetTickCount
GetFileAttributesW
ReadFile
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
FlushFileBuffers
SetStdHandle
LCMapStringW
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
LoadLibraryA
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetFilePointer
WriteConsoleW
GetConsoleOutputCP
SetEndOfFile
GetDriveTypeA
GetProcessHeap
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileSizeEx
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleHandleA
IsDebuggerPresent
GetSystemTimeAsFileTime
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
HeapFree
HeapAlloc
GetStartupInfoW
RaiseException
RtlUnwind
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
Sleep
HeapSize
EnterCriticalSection
LeaveCriticalSection
GetCurrentDirectoryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc

user32

SendMessageW
MessageBoxW
CharToOemW
SendDlgItemMessageW
SetWindowTextW
CheckDlgButton
IsDlgButtonChecked
EnableWindow
SetTimer
GetWindowRect
SetForegroundWindow
DialogBoxParamW
GetDC
LoadImageW
GetDlgItem
EndDialog
GetDlgItemTextW
SetDlgItemTextW
MapWindowPoints
MoveWindow
ReleaseDC

gdi32

SelectObject
GetTextMetricsW

comdlg32

CommDlgExtendedError
GetOpenFileNameW

advapi32

CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptHashData

shell32

DragQueryFileW
DragFinish
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW

ole32

CoInitialize
CoTaskMemFree
CoUninitialize

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
XPTweaker.chm
.chm
license_ru.rtf
.rtf
portable.txt
Settings.reg
Распаковка portable.cmd
Тихая установка.cmd
Everything-1.2.1.371.exe
.exe windows:4 windows x86 arch:x86

8728651f82db62acdfa11d6bb6074453

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_DrawEx
CreateStatusWindowW
InitCommonControlsEx

ws2_32

inet_addr
WSAGetLastError
gethostbyname
inet_ntoa
htonl
getservbyname
htons
gethostbyaddr
getservbyport
ntohs
WSASetLastError
connect
setsockopt
getpeername
gethostname
recv
send
bind
listen
getsockname
__WSAFDIsSet
accept
select
shutdown
closesocket
WSACleanup
WSAStartup
socket

kernel32

GetStdHandle
QueryPerformanceCounter
QueryPerformanceFrequency
SetConsoleScreenBufferSize
AllocConsole
GetTimeFormatA
GetDateFormatA
GetLocalTime
FlushFileBuffers
SetFilePointer
GetProcAddress
FreeLibrary
LoadLibraryA
GetSystemDirectoryA
GetFileAttributesExW
FileTimeToSystemTime
FindClose
FindNextFileW
GetSystemTime
FindFirstFileW
GetModuleFileNameW
ExitProcess
FormatMessageA
GetCommandLineW
GetModuleHandleW
CreateMutexA
CreateMutexW
SetLastError
LocalFree
SetEvent
FileTimeToLocalFileTime
SetThreadPriority
GetDiskFreeSpaceExA
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceA
GetFileSize
GetSystemDefaultLangID
WriteConsoleW
HeapReAlloc
HeapFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetFileAttributesW
GetFileAttributesA
GetVolumeInformationW
CreateDirectoryW
GetFullPathNameW
GetLongPathNameW
RaiseException
ExpandEnvironmentStringsW
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetOEMCP
GetACP
GetCPInfo
HeapCreate
HeapDestroy
HeapSize
Sleep
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStartupInfoA
GetVersionExA
GetCommandLineA
GetSystemTimeAsFileTime
RtlUnwind
SetConsoleTextAttribute
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapCompact
GetFileInformationByHandle
CreateEventA
CreateThread
CloseHandle
CancelIo
WaitForSingleObject
GetSystemInfo
VirtualAlloc
DeviceIoControl
VirtualFree
GetOverlappedResult
WriteFile
ReadFile
GetDriveTypeA
GetVolumeInformationA
CreateFileA
CreateFileW
MoveFileExW
GetLastError
DeleteFileW
MoveFileW
LCMapStringA
LCMapStringW
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetTickCount
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
HeapAlloc

user32

CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnumWindows
GetSysColorBrush
IsDlgButtonChecked
GetDlgItemInt
InsertMenuW
GetSubMenu
GetMenuItemID
GetSysColor
DrawTextExA
ScreenToClient
GetScrollInfo
ScrollWindowEx
SetScrollInfo
GetWindowDC
MessageBeep
SetCursorPos
TrackMouseEvent
GetDoubleClickTime
SetDlgItemTextW
GetClassNameW
CallNextHookEx
SetDlgItemInt
SendDlgItemMessageW
GetWindow
UnhookWindowsHookEx
SetWindowsHookExW
IsCharAlphaNumericW
GetCursorPos
CreateMenu
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
GetClassInfoExW
RegisterClassExW
GetMenuItemCount
CreatePopupMenu
AppendMenuW
RemoveMenu
SetMenuItemInfoW
AdjustWindowRect
IsWindowEnabled
EnableWindow
CreateDialogIndirectParamW
BringWindowToTop
DialogBoxIndirectParamW
EnumChildWindows
RegisterClipboardFormatW
UpdateWindow
InvalidateRgn
ClientToScreen
OffsetRect
CopyRect
EnumDisplayMonitors
MonitorFromRect
CheckDlgButton
SendMessageW
CreateWindowExW
GetMonitorInfoW
SystemParametersInfoW
IntersectRect
GetDC
ReleaseDC
GetSystemMetrics
SetCapture
SetWindowPos
SetWindowLongW
GetWindowLongW
GetCapture
ReleaseCapture
DestroyIcon
PostQuitMessage
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
WaitMessage
LoadImageW
LoadIconW
FindWindowW
FindWindowA
GetWindowThreadProcessId
SendMessageTimeoutW
PostMessageW
MessageBoxA
GetDesktopWindow
FindWindowExA
GetFocus
IsClipboardFormatAvailable
GetMenuItemInfoW
RedrawWindow
SetActiveWindow
IsIconic
CallWindowProcW
IsWindowVisible
IsZoomed
MonitorFromWindow
SetMenu
GetWindowTextLengthW
GetWindowTextW
GetAsyncKeyState
RegisterWindowMessageA
CreateWindowExA
DefWindowProcW
RegisterHotKey
GetDlgItem
SetWindowTextW
FillRect
DrawTextExW
SetFocus
SetForegroundWindow
ShowWindow
GetWindowRect
GetParent
SetTimer
KillTimer
UnregisterHotKey
RegisterDeviceNotificationW
UnregisterDeviceNotification
MessageBoxW
CharLowerW
BeginPaint
LoadBitmapW
GetClientRect
EndPaint
SetCursor
LoadCursorW
InvalidateRect
EndDialog
DestroyWindow

gdi32

CombineRgn
CreateRectRgn
GetTextExtentPoint32A
RectVisible
GetTextExtentExPointW
GetTextExtentExPointA
CreateBitmapIndirect
TextOutW
TextOutA
GetBkColor
OffsetClipRgn
SelectClipRgn
OffsetRgn
CreateCompatibleBitmap
GetDCOrgEx
GetRandomRgn
CreatePatternBrush
SetBrushOrgEx
PatBlt
GetTextMetricsW
CreateCompatibleDC
SetTextColor
BitBlt
ExcludeClipRect
SetBkMode
GetStockObject
GetObjectW
CreateFontIndirectW
CreateDIBSection
GdiFlush
DeleteDC
SetBkColor
SelectObject
GetTextExtentPointW
CreateSolidBrush
GetTextExtentPoint32W
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
DeleteService
ControlService
CreateServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
StartServiceW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerA
SetServiceStatus
RegCloseKey
RegDeleteValueW
RegSetValueExA
RegOpenKeyExW

shell32

SHGetMalloc
SHGetSpecialFolderPathW
ord190
ord155
ord88
DragQueryFileW
SHFileOperationW
ord73
SHGetDesktopFolder
ShellExecuteA
Shell_NotifyIconW
SHChangeNotify
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoA
CommandLineToArgvW
ShellExecuteExW
SHGetFileInfoW

ole32

CoUninitialize
OleUninitialize
OleInitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance
OleDuplicateData
ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop

shlwapi

SHDeleteKeyW

Sections

.text
Size: 464KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lastactivityview.zip
.zip
LastActivityView.chm
.chm
LastActivityView.exe
.exe windows:4 windows x86 arch:x86

9e6de637c1df8e165f1295c4dcb58c5f

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-09-2014 00:00

Not After

12-09-2019 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30-03-2016 00:00

Not After

30-06-2019 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

58:1f:1e:fb:21:60:af:e2:e7:57:80:c6:52:2b:e6:05:4d:87:67:73:c7:8d:2b:b4:02:61:2c:a6:d2:8d:48:0c
Signer

Actual PE Digest

58:1f:1e:fb:21:60:af:e2:e7:57:80:c6:52:2b:e6:05:4d:87:67:73:c7:8d:2b:b4:02:61:2c:a6:d2:8d:48:0c

Digest Algorithm

sha256

PE Digest Matches

true

d7:21:ab:be:bc:2d:32:d4:b9:16:30:17:9f:69:da:49:01:16:97:4d
Signer

Actual PE Digest

d7:21:ab:be:bc:2d:32:d4:b9:16:30:17:9f:69:da:49:01:16:97:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\LastActivityView\Release\LastActivityView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
__p__fmode
_c_exit
_onexit
__dllonexit
calloc
realloc
_msize
_purecall
_wcslwr
strlen
qsort
_itow
_wcsnicmp
__set_app_type
_controlfp
_except_handler3
_exit
wcstoul
wcsrchr
malloc
_ultow
free
wcscmp
modf
_wtoi
memcmp
_memicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
wcslen
memcpy
wcscpy
memset
_wcsicmp
wcschr
wcscat
_snwprintf
wcsncat

comctl32

CreateToolbarEx
ImageList_Create
ord17
ImageList_Add
ImageList_SetImageCount
ImageList_AddMasked
CreateStatusWindowW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

GetLogicalDrives
GetLongPathNameW
GetVolumeInformationW
QueryDosDeviceW
GetCurrentProcessId
ReadProcessMemory
GetCurrentProcess
ExitProcess
DeleteFileW
SetErrorMode
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
GetProcAddress
GetStdHandle
GetTickCount
GetPrivateProfileStringW
EnumResourceNamesW
CloseHandle
GetFileSize
SystemTimeToFileTime
FileTimeToSystemTime
GetDriveTypeW
CompareFileTime
GetSystemTimeAsFileTime
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetLastError
FindResourceW
lstrlenW
LoadResource
GlobalAlloc
SystemTimeToTzSpecificLocalTime
GlobalUnlock
LoadLibraryExW
WideCharToMultiByte
GetTempPathW
FindNextFileW
SizeofResource
GlobalLock
FormatMessageW
FindClose
GetVersionExW
GetDateFormatW
GetTempFileNameW
FileTimeToLocalFileTime
FindFirstFileW
GetTimeFormatW
GetFileAttributesW
ReadFile
LocalFree
GetModuleFileNameW
WriteFile
LockResource
CreateFileW
lstrcpyW
MultiByteToWideChar
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
WritePrivateProfileStringW
GetPrivateProfileIntW

user32

CallWindowProcW
CreatePopupMenu
IsDialogMessageW
GetMessageW
PostQuitMessage
SetCursor
LoadCursorW
TrackPopupMenu
ShowWindow
ChildWindowFromPoint
SetDlgItemInt
GetSystemMetrics
BeginPaint
GetClientRect
DeferWindowPos
CreateWindowExW
SendDlgItemMessageW
EndDialog
SetWindowLongW
GetWindowRect
GetDlgItem
GetWindow
GetDlgItemInt
DrawFrameControl
InvalidateRect
SetWindowTextW
EndPaint
UpdateWindow
SendMessageW
SetDlgItemTextW
DefWindowProcW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
LoadImageW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
GetMenuStringW
MoveWindow
GetMenuItemCount
CloseClipboard
CheckMenuItem
CheckMenuRadioItem
GetParent
GetCursorPos
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
DestroyWindow
EnumChildWindows
LoadStringW
GetDesktopWindow
GetWindowTextW
DestroyIcon
LoadIconW
TranslateMessage
DrawTextExW
DispatchMessageW
GetKeyState
RegisterWindowMessageW
GetSysColorBrush

gdi32

SetBkMode
DeleteObject
GetTextExtentPoint32W
SetBkColor
GetStockObject
GetDeviceCaps
CreateCompatibleDC
GetObjectW
GetPixel
DeleteDC
SetPixel
SelectObject
SetTextColor
CreateFontIndirectW

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW

shell32

SHBindToParent
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
ShellExecuteW
SHGetDesktopFolder

ole32

CoUninitialize
CoInitialize
CoCreateInstance

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 900KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 4KB - Virtual size: 3KB

12e522087bd7db82b4cfaa49e82e656a

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0eCertificate

Extended Key Usages

Key Usages

11:a4:89:09:28:ec:22:b5:0f:17:0e:45:60:68:5e:19:06:ff:f6:27Signer

Headers

DLL Characteristics

File Characteristics

Imports

shell32

version

shlwapi

msi

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

comctl32

uxtheme

psapi

crypt32

rpcrt4

Sections

.text Size: 969KB - Virtual size: 969KB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 1.3MB - Virtual size: 1.4MB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

10b1ca48b80bbdf6a160cceb87bf5da9

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0eCertificate

Extended Key Usages

Key Usages

a8:ae:a7:c4:8d:e4:e4:8a:3c:09:02:15:ce:75:8a:01:2b:97:dd:27Signer

Headers

DLL Characteristics

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 900KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 4KB - Virtual size: 3KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

11:a4:89:09:28:ec:22:b5:0f:17:0e:45:60:68:5e:19:06:ff:f6:27
Signer

.text
Size: 969KB - Virtual size: 969KB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 1.3MB - Virtual size: 1.4MB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

a8:ae:a7:c4:8d:e4:e4:8a:3c:09:02:15:ce:75:8a:01:2b:97:dd:27
Signer

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 1KB - Virtual size: 1KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

89:3e:34:4a:9d:fa:b6:a1:88:3c:8c:35:c5:01:12:45:27:31:29:c2
Signer

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 3KB - Virtual size: 20KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 6KB - Virtual size: 6KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

c6:3f:81:c3:63:fc:8a:7a:a4:9f:ed:0f:33:7b:85:6c:21:ae:1e:24
Signer