eac5755ac9ce32484212bb80979a6356_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eac5755ac9ce32484212bb80979a6356_JaffaCakes118
Size

2.0MB
MD5

eac5755ac9ce32484212bb80979a6356
SHA1

6db81f38ae1e6c8099a4723c8b961bc495c9a48a
SHA256

853a22fbcdcdff08189f96dcf352d80e7fc7ebcb0b80db7ea5ef92bd7fb22349
SHA512

d28fda4b33ce3218ff075f8260344b93da8d5839e9881bdc1d0c618bc972d24ed476d8a2abfc787c573877b474468f37a8c509b817b00e16c7e13eaad9584166
SSDEEP

49152:A0W1r+cYeiVsBZfdPq7HfV2C3GFZRAYEyXQ1:TWVaei8TPq7HfV2DLRBC

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$COMMONFILES/SparkTrust/UUS3/LiteUnzip.dll
unpack001/$COMMONFILES/SparkTrust/UUS3/UUS3.dll
unpack001/$PLUGINSDIR/AdvSplash.dll
unpack001/$PLUGINSDIR/FindProcDLL.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/resources.dll
unpack002/$PLUGINSDIR/FindProcDLL.dll
unpack002/$PLUGINSDIR/KillProcDLL.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UserInfo.dll

Files

eac5755ac9ce32484212bb80979a6356_JaffaCakes118
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

06:67:81:e7:e4:5d:8f:4e:89:55:46:53:e7:58:8d:c8
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/03/2016, 00:00

Not After

03/04/2017, 12:00

Subject

SERIALNUMBER=FM0535136,CN=SparkTrust Systems,O=SparkTrust Systems,POSTALCODE=V8R 1J6,STREET=1839-A Fort St.,L=Victoria,ST=British Columbia,C=CA,1.3.6.1.4.1.311.60.2.1.2=#13104272697469736820436f6c756d626961,1.3.6.1.4.1.311.60.2.1.3=#13024341,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

99:8b:69:a0:92:ee:2a:c3:1a:28:62:8c:9d:02:d5:f6:ae:03:4b:6c
Signer

Actual PE Digest

99:8b:69:a0:92:ee:2a:c3:1a:28:62:8c:9d:02:d5:f6:ae:03:4b:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/SparkTrust/Privacy Cleaner/privacy.db
$APPDATA/SparkTrust/UUS3/Master.xml
$APPDATA/SparkTrust/UUS3/Patch.xml
$APPDATA/SparkTrust/UUS3/SparkTrust Privacy Cleaner/Database.xml
$APPDATA/SparkTrust/UUS3/SparkTrust Privacy Cleaner/Master.xml
$APPDATA/SparkTrust/UUS3/SparkTrust Privacy Cleaner/Patch.xml
$APPDATA/SparkTrust/UUS3/SparkTrust Privacy Cleaner/Update.xml
$APPDATA/SparkTrust/UUS3/Update.xml
$COMMONFILES/SparkTrust/UUS3/Images/Logo.png
.png
$COMMONFILES/SparkTrust/UUS3/Images/ad_generic.jpg
.jpg
$COMMONFILES/SparkTrust/UUS3/Images/close.png
.png
$COMMONFILES/SparkTrust/UUS3/Images/close_md.png
.png
$COMMONFILES/SparkTrust/UUS3/Images/close_mo.png
.png
$COMMONFILES/SparkTrust/UUS3/Images/close_pu.png
.png
$COMMONFILES/SparkTrust/UUS3/Images/close_pu_md.png
.png
$COMMONFILES/SparkTrust/UUS3/Images/close_pu_mo.png
.png
$COMMONFILES/SparkTrust/UUS3/Images/min.png
.png
$COMMONFILES/SparkTrust/UUS3/Images/min_md.png
.png
$COMMONFILES/SparkTrust/UUS3/Images/min_mo.png
.png
$COMMONFILES/SparkTrust/UUS3/Images/progress_glow.png
.png
$COMMONFILES/SparkTrust/UUS3/Images/topbar_gradient.png
.png
$COMMONFILES/SparkTrust/UUS3/LiteUnzip.dll
.dll windows:4 windows x86 arch:x86

f7a84048399bc4a2d1221cc8bdd7c96e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
GlobalFree
GlobalAlloc
CreateDirectoryA
GetLastError
CreateDirectoryW
CloseHandle
SetFileTime
WriteFile
CreateFileA
CreateFileW
IsBadReadPtr
SetFilePointer
lstrcmpA
LocalFileTimeToFileTime
SystemTimeToFileTime
MultiByteToWideChar
lstrlenA
lstrcpyA
lstrcmpiA
WideCharToMultiByte
GetCurrentDirectoryA
DuplicateHandle
GetCurrentProcess
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
DisableThreadLibraryCalls
FlushFileBuffers
LoadLibraryA
GetCommandLineA
GetProcAddress
GetVersion
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
SetStdHandle

user32

LoadStringA
LoadStringW

Exports

Exports

UnzipClose
UnzipFindItemA
UnzipFindItemW
UnzipFormatMessageA
UnzipFormatMessageW
UnzipGetItemA
UnzipGetItemW
UnzipItemToBuffer
UnzipItemToFileA
UnzipItemToFileW
UnzipItemToHandle
UnzipOpenBuffer
UnzipOpenFileA
UnzipOpenFileW
UnzipOpenHandle
UnzipSetBaseDirA
UnzipSetBaseDirW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 595B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/SparkTrust/UUS3/UUS3.dll
.dll windows:5 windows x86 arch:x86

d85694722aedbc4521bf434d2e9959ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Dev\Update\UniversalUpdate\Release\UUS.pdb

Imports

wininet

InternetOpenW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetCrackUrlW
InternetConnectW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteExW
ShellExecuteW

user32

CreateAcceleratorTableW
GetDesktopWindow
FillRect
GetFocus
LoadImageW
GetMenuItemCount
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
PostMessageW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
IsWindow
SetWindowLongW
ReleaseCapture
GetWindowLongW
GetSystemMetrics
SwitchToThisWindow
CallWindowProcW
TranslateAcceleratorW
LoadMenuW
LoadAcceleratorsW
PostQuitMessage
LoadStringA
MessageBeep
PtInRect
CreatePopupMenu
DestroyMenu
TrackPopupMenuEx
AppendMenuW
RemoveMenu
MonitorFromPoint
DefWindowProcW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
DestroyWindow
wsprintfW
UnregisterClassA
DestroyAcceleratorTable
GetSysColor
CharNextW
LoadStringW
GetMonitorInfoW
MonitorFromWindow
GetClassNameW
GetDlgItem
GetParent
IsChild
GetWindow
SetFocus
SetCapture
EnableWindow
RedrawWindow
IsWindowVisible
ShowWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
EndPaint
BeginPaint
MapWindowPoints
ScreenToClient
ClientToScreen
GetClientRect
GetWindowRect
SetWindowPos
MoveWindow
SetMenu
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SendMessageW
CreateWindowExW

kernel32

TerminateProcess
LCMapStringW
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
GetCPInfo
DecodePointer
EncodePointer
InitializeCriticalSection
GetStringTypeW
InterlockedExchange
InterlockedPopEntrySList
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
VirtualFree
VirtualAlloc
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
ExitProcess
GetStdHandle
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetHandleCount
GetFileType
GetStartupInfoW
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeZoneInformation
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
Sleep
OutputDebugStringW
CloseHandle
ReadFile
CreateFileW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetFileAttributesW
CreateDirectoryW
DeleteFileW
MoveFileW
GetModuleFileNameW
CreateThread
lstrcpyW
WaitForSingleObject
GetExitCodeThread
WaitForMultipleObjects
GetTempPathW
RaiseException
lstrcmpiW
WriteFile
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetFileSize
LoadLibraryW
GetProcAddress
FreeLibrary
GetLastError
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
DeleteCriticalSection
InterlockedDecrement
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
lstrcmpW
MulDiv
InterlockedIncrement
GlobalLock
GlobalUnlock
GetModuleHandleW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
SetEnvironmentVariableA
lstrcpynA
lstrcpynW
SetLastError
HeapFree
GetProcessHeap
HeapAlloc
WriteConsoleW
SetEndOfFile
CompareStringW
GetLocalTime

gdi32

BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps
SelectObject
DeleteObject

advapi32

RegCreateKeyExW
RegSetKeySecurity
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
AllocateAndInitializeSid
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
RegGetKeySecurity
IsTextUnicode
GetUserNameW
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyW
RegDeleteValueW
RegFlushKey
RegQueryValueExW

ole32

CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CoCreateInstance
CoInitialize
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
StringFromGUID2
OleLockRunning
OleInitialize
OleUninitialize
CoTaskMemRealloc
CoUninitialize

oleaut32

OleCreateFontIndirect
SafeArrayUnaccessData
SafeArrayAccessData
DispCallFunc
SafeArrayGetUBound
SafeArrayGetLBound
VarUI4FromStr
SysAllocStringLen
VariantInit
VariantClear
LoadRegTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString

shlwapi

PathAddBackslashW
PathRemoveBackslashW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW

Exports

Exports

CollectEmail
RegisterUns
RunUnsW
USCopySelfUpdateExe
USCreate
USDelete
USDoAllUpdates
USDoAllUpdatesWithUI
USDoAllUpdatesWithUIEx
USDoNag
USDoNewProduct
USDoSelfUpdate
USInitUns
USShowUpdatesSettingsDialog
UnsSetHtmlParam

Sections

.text
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/SparkTrust/UUS3/Update3.exe
.exe windows:5 windows x86 arch:x86

f592726dded90c4d7e23cee7f8218bbc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:88:e8:08:72:cb:93:aa:d5:f8:d9:ba:18:56:23:cf:a1
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

04/04/2013, 15:17

Not After

04/04/2014, 20:00

Subject

CN=SparkTrust Systems,O=SparkTrust Systems,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

17:25:bb:3b:f7:3d:bf:e2:cb:e1:45:ee:82:ae:62:aa:37:b1:c8:93
Signer

Actual PE Digest

17:25:bb:3b:f7:3d:bf:e2:cb:e1:45:ee:82:ae:62:aa:37:b1:c8:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Dev\Update\UniversalUpdate\Release\UniversalUpdate.pdb

Imports

wininet

InternetQueryDataAvailable
InternetGetLastResponseInfoW
InternetSetStatusCallbackW
InternetSetFilePointer
InternetWriteFile
InternetOpenW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW

shlwapi

PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathRemoveFileSpecW
PathIsUNCW

kernel32

SetEnvironmentVariableA
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
LCMapStringW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapDestroy
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapSize
HeapQueryInformation
GetFileType
SetStdHandle
ExitThread
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
HeapReAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineW
VirtualProtect
SearchPathW
GetProfileIntW
GetTempPathW
GetNumberFormatW
GetWindowsDirectoryW
SetErrorMode
GetCurrentDirectoryW
GetTempFileNameW
GetSystemDirectoryW
GlobalFlags
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
DeleteFileW
GetFileTime
GetFileSizeEx
GetFileAttributesW
GetFileAttributesExW
FindFirstFileW
FindClose
GetThreadLocale
GlobalGetAtomNameW
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedIncrement
ResumeThread
SetThreadPriority
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
GetCurrentProcessId
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
FreeResource
lstrlenA
lstrcmpA
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ActivateActCtx
DeactivateActCtx
FileTimeToLocalFileTime
FileTimeToSystemTime
SetLastError
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FreeLibrary
GetProcAddress
LoadLibraryW
FindResourceExW
GetModuleHandleW
LocalFree
FormatMessageW
RaiseException
WaitForSingleObject
Sleep
CreateThread
lstrcmpiW
SetCurrentDirectoryW
CreateMutexW
GetTickCount
CreateFileW
ReadFile
CloseHandle
GetLocalTime
HeapAlloc
GetLastError
GetCurrentProcess
GetProcessHeap
HeapFree
lstrlenW
lstrcpyW
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
MulDiv
GetVersionExW
FindResourceW
LoadResource
LockResource
SizeofResource
TlsFree
WriteConsoleW

user32

SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
DestroyMenu
GetMenuItemInfoW
RealChildWindowFromPoint
CharUpperW
GetSysColorBrush
LoadCursorW
OffsetRect
IsRectEmpty
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
IntersectRect
GetWindowThreadProcessId
MapVirtualKeyW
GetKeyNameTextW
ClientToScreen
LoadMenuW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
ValidateRect
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
DefWindowProcW
SubtractRect
CopyRect
GetWindowTextLengthW
GetFocus
SetFocus
SetWindowPos
CopyAcceleratorTableW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemInt
SendDlgItemMessageW
GetDlgItemTextW
GetDlgItemInt
CheckDlgButton
GetWindow
GetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
ExitWindowsEx
SetDlgItemTextW
GetWindowPlacement
IsDlgButtonChecked
DrawIcon
BringWindowToTop
SetActiveWindow
LoadIconW
SetForegroundWindow
FindWindowW
MessageBoxW
GetWindowTextW
GetDoubleClickTime
CharUpperBuffW
CopyIcon
CallWindowProcW
SetWindowLongW
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
GetDlgItem
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetTimer
KillTimer
ShowWindow
GetWindowLongW
FillRect
EndPaint
BeginPaint
SetRect
ReleaseCapture
SetCapture
PtInRect
ScreenToClient
GetCursorPos
GetSystemMetrics
IsWindowVisible
IsIconic
GetDesktopWindow
SetWindowRgn
GetWindowDC
IsWindow
MoveWindow
InvalidateRect
GetClientRect
GetParent
PostMessageW
SendMessageW
GetWindowRect
InvalidateRgn
TranslateAcceleratorW
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
DestroyIcon
LoadImageW
ReuseDDElParam
UnpackDDElParam
CharNextW
UnregisterClassW
WindowFromPoint
WaitMessage
DeleteMenu
RedrawWindow
EnableWindow
InflateRect
ReleaseDC
GetDC
SystemParametersInfoW
GetNextDlgGroupItem
CreateMenu
TranslateMDISysAccel
DrawMenuBar
GetWindowRgn
DestroyCursor
DefMDIChildProcW
DefFrameProcW
PostThreadMessageW
IsMenu
MonitorFromPoint
UpdateLayeredWindow
MapVirtualKeyExW
IsCharLowerW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
UnionRect
RegisterClipboardFormatW
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFrameControl
DrawEdge
DrawStateW
GetSystemMenu
SetClassLongW
DestroyAcceleratorTable
SetParent
IsZoomed
DrawIconEx
GetIconInfo
NotifyWinEvent
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
GetAsyncKeyState
GetMenuDefaultItem
GetMenu
MessageBeep

gdi32

GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetPixel
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
SetRectRgn
CombineRgn
CreateEllipticRgn
Ellipse
LineTo
GetTextExtentPoint32W
GetTextMetricsW
SetTextAlign
EnumFontFamiliesW
GetTextCharsetInfo
GetRgnBox
GetBkColor
GetTextColor
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreatePolygonRgn
Polyline
Polygon
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
OffsetRgn
EnumFontFamiliesExW
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceW
CreateDIBitmap
MoveToEx
IntersectClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
CreateDCW
CopyMetaFileW
ExcludeClipRect
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
BitBlt
DPtoLP
GetViewportExtEx
GetWindowExtEx
GetMapMode
CreateCompatibleBitmap
LPtoDP
CreateCompatibleDC
CreateRoundRectRgn
CreateFontIndirectW
GetObjectW
SetBkMode
CreateSolidBrush
DeleteObject
CreateDIBSection
GetDeviceCaps

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
RegQueryValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetUserNameW
RegOpenKeyExW
OpenProcessToken

shell32

ShellExecuteExW
SHGetFileInfoW
DragFinish
DragQueryFileW
SHAppBarMessage
SHBrowseForFolderW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder

comctl32

InitCommonControlsEx
ImageList_GetIconSize

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoInitializeEx
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
CreateStreamOnHGlobal
OleDraw
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
SafeArrayGetDim
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantChangeType
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
VarBstrFromDate
SysAllocStringByteLen
SysAllocString
VariantClear
SysAllocStringLen
OleCreateFontIndirect
SafeArrayGetElemsize
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdiplusShutdown
GdiplusStartup
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipDrawImageI
GdipDrawImage
GdipDrawImageRectI
GdipDrawImageRect
GdipGraphicsClear
GdipStartPathFigure
GdipGetFontHeight
GdipCreateBitmapFromFile
GdipCreateFromHDC
GdipAddPathLineI
GdipAddPathArcI
GdipClonePath
GdipAddPathEllipse
ord1
GdipClosePathFigure
GdipCreatePen1
GdipDeletePen
GdipCreatePath
GdipDeletePath
GdipDrawPath
GdipCreateSolidFill
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCloneBrush
GdipFillRectangle
GdipFillPath
GdipCreatePathGradientFromPath
GdipSetPathGradientCenterColor
GdipSetPathGradientCenterPoint
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipSetPathGradientFocusScales
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetTextRenderingHint
GdipDrawString
GdipDeleteGraphics
GdipCreateFontFromLogfontW
GdipSetSmoothingMode
GdipFillRectangleI
GdipLoadImageFromFile
GdipCloneImage
GdipDisposeImage

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$COMMONFILES/SparkTrust/UUS3/settings.xml
$PLUGINSDIR/AdvSplash.dll
.dll windows:5 windows x86 arch:x86

18323a9b4dffb5fab0a7a28a154efdfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynW
GetVersion
lstrcpyW
lstrcatW
GetModuleHandleW
GetProcAddress
GlobalAlloc
GlobalFree

user32

PostMessageW
UnregisterClassW
DispatchMessageW
GetMessageW
IsWindow
CreateWindowExW
LoadImageW
RegisterClassW
LoadCursorW
EnumDisplaySettingsW
SetWindowRgn
DestroyWindow
DefWindowProcW
BeginPaint
GetClientRect
EndPaint
SystemParametersInfoW
SetWindowLongW
SetWindowPos
wsprintfW

gdi32

BitBlt
SelectObject
CreateCompatibleDC
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
GetObjectW
DeleteDC

winmm

timeSetEvent
PlaySoundW
timeKillEvent

Exports

Exports

show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
HeapCreate
VirtualFree
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
FreeLibrary
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
DisableThreadLibraryCalls
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetACP
GetOEMCP
WriteFile
VirtualAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
GetCPInfo

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:5 windows x86 arch:x86

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/splash.bmp
HTML/0_days.htm
.html
HTML/15_days.htm
.html
HTML/1_days.htm
.html
HTML/2_days.htm
.html
HTML/30_days.htm
.html
HTML/5_days.htm
.html
HTML/email.htm
.html .js polyglot
HTML/images/10x10.gif
.gif
HTML/images/10x10tile.gif
.gif
HTML/images/contentwrapper.gif
.gif
HTML/images/footerbarfill.gif
.gif
HTML/images/info_bubble.jpg
.jpg
HTML/images/privacycontrols2.png
.png
HTML/images/tile_footerbarbase.jpg
.jpg
HTML/images/tile_titlebarbase.jpg
.jpg
HTML/images/tile_titlebarend.jpg
.jpg
HTML/images/tile_titlebarfloat.jpg
.jpg
HTML/main.css
SparkTrust_PC.exe
.exe windows:5 windows x86 arch:x86

aa3b40177a6c915f225599100afb8b64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:83:62:9a:a0:7b:e8:70:16:94:50:e9:d7:a2:dd:60
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/03/2016, 00:00

Not After

26/04/2017, 12:00

Subject

CN=SparkTrust Systems,O=SparkTrust Systems,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

df:59:64:4f:be:ee:67:b4:c8:ad:b3:71:60:72:cf:d4:fe:51:0a:89
Signer

Actual PE Digest

df:59:64:4f:be:ee:67:b4:c8:ad:b3:71:60:72:cf:d4:fe:51:0a:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Users\dan.daigle\Documents\dev temp\30152 remove email signup\xoftclean old build machine branch\IT FUCKING BUILDS\bin\Release\Pareto_PC.pdb

Imports

rpcrt4

UuidCreateSequential

kernel32

InterlockedPopEntrySList
VirtualFree
InterlockedPushEntrySList
InterlockedCompareExchange
DosDateTimeToFileTime
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
CreateTimerQueueTimer
DeleteTimerQueue
DeleteTimerQueueTimer
CreateTimerQueue
WaitForMultipleObjects
DeviceIoControl
MoveFileExW
GetDriveTypeW
GetLogicalDrives
ExpandEnvironmentStringsW
RemoveDirectoryW
CreateDirectoryW
WriteConsoleW
SetEnvironmentVariableA
GetModuleFileNameW
SizeofResource
LockResource
LoadResource
FindResourceW
GetConsoleMode
GetConsoleCP
LCMapStringW
GetStringTypeW
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
FindResourceExW
MulDiv
OutputDebugStringW
GetCurrentThread
GetLastError
GetCurrentProcess
HeapAlloc
GetProcessHeap
CloseHandle
HeapFree
GetVersionExA
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
CreateFileW
WideCharToMultiByte
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
TlsGetValue
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetFileAttributesW
GetFileSize
lstrcmpiW
lstrcpyW
FindFirstFileW
FindNextFileW
FindClose
GetDateFormatW
FileTimeToSystemTime
GetLocalTime
LeaveCriticalSection
RaiseException
EnterCriticalSection
CreateMutexW
FreeLibrary
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetSystemTimeAsFileTime
GetOEMCP
GetACP
GetCPInfo
GetTimeZoneInformation
GetStdHandle
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
ExitProcess
HeapQueryInformation
HeapSize
CreateThread
ExitThread
HeapReAlloc
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetTimeFormatW
DecodePointer
EncodePointer
GetDiskFreeSpaceW
VirtualProtect
SearchPathW
Sleep
GetProfileIntW
GetTickCount
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetCurrentDirectoryW
GetFileTime
GetFileSizeEx
SetFileTime
FileTimeToLocalFileTime
SetFileAttributesW
GetFileAttributesExW
GetSystemDirectoryW
GetUserDefaultUILanguage
GetLocaleInfoW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileW
DeleteFileW
GlobalFlags
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrcmpW
SystemTimeToFileTime
lstrlenA
lstrcmpA
GlobalGetAtomNameW
CompareStringW
CreateEventW
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
CopyFileW
GlobalSize
FormatMessageW
GetCurrentProcessId
ActivateActCtx
ReleaseActCtx
DeactivateActCtx
GlobalFree
LocalReAlloc
InitializeCriticalSection
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
LocalFree
LocalAlloc
GetVersionExW
SetLastError
LoadLibraryW
FlushInstructionCache
SetCurrentDirectoryW
InterlockedExchange

user32

TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
CreateDialogIndirectParamW
GetNextDlgGroupItem
GetIconInfo
GetNextDlgTabItem
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
CopyAcceleratorTableW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
MessageBeep
LoadMenuW
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
WindowFromPoint
DestroyAcceleratorTable
IsRectEmpty
DeleteMenu
ShowOwnedPopups
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetMenuItemInfoW
InflateRect
CharUpperW
RealChildWindowFromPoint
ClientToScreen
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
ScrollWindow
SetMenu
SetScrollRange
GetScrollRange
UnionRect
UpdateLayeredWindow
IsMenu
SetClipboardData
CloseClipboard
SetScrollPos
GetScrollPos
SetForegroundWindow
UpdateWindow
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DeferWindowPos
SetWindowPlacement
GetMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
CheckMenuItem
GetSysColor
GetSysColorBrush
GetKeyState
ValidateRect
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
EmptyClipboard
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
SystemParametersInfoW
GetDC
ReleaseDC
GetWindowRect
OffsetRect
MoveWindow
IsWindow
GetParent
GetDesktopWindow
IsIconic
UnregisterClassA
IsWindowVisible
GetWindowLongW
SetRect
GetWindowDC
SetWindowRgn
GetSystemMetrics
GetCursorPos
ScreenToClient
PtInRect
SetCapture
InvalidateRect
ReleaseCapture
PostMessageW
RedrawWindow
EndDialog
GetClientRect
BeginPaint
EndPaint
DefWindowProcW
SetWindowLongW
GetWindowPlacement
SystemParametersInfoA
IntersectRect
GetWindowTextW
TrackMouseEvent
MessageBoxW
SetDlgItemTextW
SetWindowTextW
SetWindowPos
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetDlgItem
SendMessageW
SetFocus
GetDlgItemTextW
EnableWindow
SetWindowsHookExW
UnhookWindowsHookEx
GetClassNameW
CallNextHookEx
CopyRect
CreateWindowExW
CallWindowProcW
LoadImageW
DestroyIcon
SetParent
GetActiveWindow
GetDlgCtrlID
CreateMenu
PostThreadMessageW
WaitMessage
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
EqualRect
OpenClipboard
ShowWindow
GetDialogBaseUnits
KillTimer
SetTimer
CheckDlgButton
IsDlgButtonChecked
FindWindowExW
IsDialogMessageW
LoadCursorW
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
GetUpdateRect
MonitorFromPoint
DestroyMenu
ScrollWindowEx
GetScrollInfo
ShowScrollBar
GetScrollBarInfo
GetFocus
SetScrollInfo
EnableMenuItem
GetSystemMenu
AppendMenuW
TrackPopupMenu
CreatePopupMenu
CreateDialogParamW
GetClassInfoExW
RegisterClassExW
DialogBoxParamW
DestroyWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
SwitchToThisWindow
FindWindowW
ExitWindowsEx
PostQuitMessage
IsZoomed
GetWindowTextLengthW
SetCursor

gdi32

SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetPixel
PtVisible
RectVisible
TextOutW
Escape
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
CreateDIBitmap
CreateRectRgnIndirect
EnumFontFamiliesW
GetTextCharsetInfo
SetRectRgn
CombineRgn
PatBlt
CreatePolygonRgn
GetBkColor
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
OffsetRgn
GetRgnBox
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExW
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceW
SetPixelV
SetLayout
GetLayout
SetROP2
SetPolyFillMode
ExtTextOutW
GetDeviceCaps
CreateRoundRectRgn
CreateSolidBrush
DeleteObject
SetBkColor
DeleteDC
SetViewportOrgEx
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
LPtoDP
DPtoLP
SaveDC
RestoreDC
GetClipBox
GetTextExtentPointW
SetBkMode
GetStockObject
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
GetSystemPaletteEntries
CreateBitmap
GetObjectW
SetTextColor
GetTextMetricsW
GetTextExtentPoint32W
CreateFontIndirectW
SetWindowOrgEx
CopyMetaFileW
CreateDCW
CreateDIBSection
GetWindowExtEx

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

comdlg32

GetOpenFileNameW
GetFileTitleW

advapi32

SetSecurityDescriptorDacl
AddAce
InitializeAcl
RegSetKeySecurity
GetLengthSid
CopySid
RegGetKeySecurity
RegNotifyChangeKeyValue
ConvertSidToStringSidW
RegEnumValueW
RegEnumKeyW
RegQueryValueExW
FreeSid
EqualSid
AllocateAndInitializeSid
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
OpenThreadToken
InitializeSecurityDescriptor

shell32

SHCreateDirectoryExW
SHBrowseForFolderW
SHAppBarMessage
DragFinish
SHGetPathFromIDListW
SHGetFileInfoW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderLocation
DragQueryFileW
DragAcceptFiles
SHGetDesktopFolder
SHGetMalloc
SHQueryRecycleBinW
SHEmptyRecycleBinW

ole32

DoDragDrop
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
OleDuplicateData
ReleaseStgMedium
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
StringFromGUID2
CoInitializeSecurity

oleaut32

VariantClear
VariantChangeType
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VarBstrFromDate
VariantInit
SysAllocString
VarUI4FromStr
SysAllocStringLen
SysFreeString

shlwapi

StrRetToBufW
PathAppendW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW

comctl32

ImageList_GetIconSize
InitCommonControlsEx

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipCloneImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStream
GdipSetTextRenderingHint
GdipGraphicsClear
GdipGetImageWidth
GdipGetImageHeight
GdipDrawPath
GdipCreatePen1
GdipDeletePen
GdipDrawRectangleI
GdipSetClipRectI
GdipFillEllipse
GdipDrawLineI
GdipDrawImageRectI
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeletePath
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDrawString
GdipGetFontHeight
GdipStartPathFigure
ord1
GdipClosePathFigure
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipSetStringFormatFlags
GdipSetStringFormatHotkeyPrefix
GdipAddPathString
GdipCreateBitmapFromHBITMAP
GdipMeasureString
GdipDrawImageI
GdiplusStartup
GdiplusShutdown
GdipSetPixelOffsetMode
GdipCreateLineBrushFromRect
GdipAddPathLine
GdipSetClipRect
GdipSetInterpolationMode
GdipDisposeImage
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipLoadImageFromFile
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetPathGradientCenterColor
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterPoint
GdipSetPathGradientFocusScales
GdipSetImageAttributesColorMatrix
GdipCreatePathGradientFromPath
GdipCreateFromHWND
GdipSetCompositingQuality
GdipGetCompositingQuality
GdipDrawLine
GdipDrawRectangle
GdipDrawImageRectRect
GdipCreateFont
GdipGetFontStyle
GdipGetFontSize
GdipCreatePath
GdipFillRectangle
GdipCreateSolidFill
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipFillRectangleI
GdipCreateLineBrushFromRectI
GdipCloneBrush
GdipDeleteBrush
GdipSetClipRegion
GdipGetClip
GdipCreateRegionPath
GdipFillPath
GdipCreateFontFromLogfontW
GdipDeleteRegion
GdipCreateRegion
GdipAlloc
GdipFree
GdipCreateFontFromDC
GdipAddPathLineI
GdipAddPathArcI
GdipGetImagePixelFormat
GdipClonePath
GdipSetStringFormatTrimming

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

iphlpapi

GetAdaptersInfo

wininet

FindFirstUrlCacheEntryW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
FindNextUrlCacheEntryW
InternetQueryDataAvailable
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW
DeleteUrlCacheEntryW
FindCloseUrlCache
InternetCloseHandle
InternetReadFile

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UNS.xml
app.ico
images/AppTitle.png
.png
images/Intro.png
.png
images/Logo.png
.png
images/about-large.png
.png
images/about-small.png
.png
images/arrow.png
.png
images/bg.png
.png
images/close.png
.png
images/dummy_small.png
.png
images/erase0001.png
.png
images/erase0002.png
.png
images/erase0003.png
.png
images/erase0004.png
.png
images/erase0005.png
.png
images/erase0006.png
.png
images/erase0007.png
.png
images/erase0008.png
.png
images/erase0009.png
.png
images/erase0010.png
.png
images/erase0011.png
.png
images/erase0012.png
.png
images/erase0013.png
.png
images/erase0014.png
.png
images/erase0015.png
.png
images/erase0016.png
.png
images/erase0017.png
.png
images/erase0018.png
.png
images/erase0019.png
.png
images/erase0020.png
.png
images/erase0021.png
.png
images/erase0022.png
.png
images/erase0023.png
.png
images/erase0024.png
.png
images/max-g.png
.png
images/max.png
.png
images/min-g.png
.png
images/min.png
.png
images/nav-about-lg.png
.png
images/nav-scan-lg.png
.png
images/nav-schedule-lg.png
.png
images/nav-settings-lg.png
.png
images/nav-shred-lg.png
.png
images/privacycontrols_logo.png
.png
images/saw.png
.png
images/scan-categories.png
.png
images/scan-large.png
.png
images/scan-small.png
.png
images/scan-splash.png
.png
images/search0001.png
.png
images/search0002.png
.png
images/search0003.png
.png
images/search0004.png
.png
images/search0005.png
.png
images/search0006.png
.png
images/search0007.png
.png
images/search0008.png
.png
images/search0009.png
.png
images/search0010.png
.png
images/search0011.png
.png
images/search0012.png
.png
images/search0013.png
.png
images/search0014.png
.png
images/search0015.png
.png
images/search0016.png
.png
images/search0017.png
.png
images/search0018.png
.png
images/search0019.png
.png
images/search0020.png
.png
images/search0021.png
.png
images/search0022.png
.png
images/search0023.png
.png
images/search0024.png
.png
images/settings-large.png
.png
images/settings-small.png
.png
images/shred-large.png
.png
images/shred-small.png
.png
resources.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Users\dan.daigle\Documents\dev temp\30152 remove email signup\xoftclean old build machine branch\IT FUCKING BUILDS\bin\Release\resources.pdb

Sections

.rdata
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ui.xml
uninstaller.exe
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:83:62:9a:a0:7b:e8:70:16:94:50:e9:d7:a2:dd:60
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/03/2016, 00:00

Not After

26/04/2017, 12:00

Subject

CN=SparkTrust Systems,O=SparkTrust Systems,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f9:6a:a1:da:a8:1e:dd:2f:fa:25:f7:7d:53:42:12:61:a1:e9:56:d5
Signer

Actual PE Digest

f9:6a:a1:da:a8:1e:dd:2f:fa:25:f7:7d:53:42:12:61:a1:e9:56:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
HeapCreate
VirtualFree
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
FreeLibrary
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
DisableThreadLibraryCalls
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetACP
GetOEMCP
WriteFile
VirtualAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
GetCPInfo

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:5 windows x86 arch:x86

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Code Sign

06:67:81:e7:e4:5d:8f:4e:89:55:46:53:e7:58:8d:c8Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

99:8b:69:a0:92:ee:2a:c3:1a:28:62:8c:9d:02:d5:f6:ae:03:4b:6cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 1.4MB

.rsrc Size: 56KB - Virtual size: 56KB

.reloc Size: 4KB - Virtual size: 3KB

f7a84048399bc4a2d1221cc8bdd7c96e

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 1024B - Virtual size: 595B

.data Size: 4KB - Virtual size: 8KB

.idata Size: 2KB - Virtual size: 1KB

shared Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

d85694722aedbc4521bf434d2e9959ec

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

shell32

user32

kernel32

gdi32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 251KB - Virtual size: 250KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 14KB - Virtual size: 27KB

.rsrc Size: 46KB - Virtual size: 46KB

.reloc Size: 22KB - Virtual size: 21KB

f592726dded90c4d7e23cee7f8218bbc

Code Sign

06:67:81:e7:e4:5d:8f:4e:89:55:46:53:e7:58:8d:c8
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

99:8b:69:a0:92:ee:2a:c3:1a:28:62:8c:9d:02:d5:f6:ae:03:4b:6c
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 1.4MB

.rsrc
Size: 56KB - Virtual size: 56KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 1024B - Virtual size: 595B

.data
Size: 4KB - Virtual size: 8KB

.idata
Size: 2KB - Virtual size: 1KB

shared
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 251KB - Virtual size: 250KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 14KB - Virtual size: 27KB

.rsrc
Size: 46KB - Virtual size: 46KB

.reloc
Size: 22KB - Virtual size: 21KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:88:e8:08:72:cb:93:aa:d5:f8:d9:ba:18:56:23:cf:a1
Certificate

17:25:bb:3b:f7:3d:bf:e2:cb:e1:45:ee:82:ae:62:aa:37:b1:c8:93
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 309KB - Virtual size: 309KB

.data
Size: 27KB - Virtual size: 57KB

.rsrc
Size: 74KB - Virtual size: 74KB

.reloc
Size: 181KB - Virtual size: 181KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 144B

.reloc
Size: 512B - Virtual size: 480B

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 2KB