ebb5c2d8ab3ecc6b85dc74dd72cbde39_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ebb5c2d8ab3ecc6b85dc74dd72cbde39_JaffaCakes118
Size

1.1MB
MD5

ebb5c2d8ab3ecc6b85dc74dd72cbde39
SHA1

d8bf985841f5bb385e9db7b115d7d6cf16f81405
SHA256

d129dae369d80975780b41a063984927aae5a4c0520fe63e40e704f2264e8e83
SHA512

6b2c0353a7ee275dd60c3e6310c9e8a9d51d49d56a619ec3de9f706a79a2ee460fccfab556d5c733e16a4975e22ff2b4fdd545a3fbfb16d7bd577e674729c75f
SSDEEP

24576:LEktP/xn4jF95PvALf0OMsFONjMBnt8mTqYaWD+nkZ9ch0pLJnnbXuzN:LEk9/x4pPgfTgwSmmYaW4sJnbw

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/AccessControl.dll
unpack001/GameLauncher.exe
unpack001/out.upx

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/out.upx	nsis_installer_2

Files

ebb5c2d8ab3ecc6b85dc74dd72cbde39_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4e
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

07/03/2011, 00:00

Not After

06/03/2013, 23:59

Subject

CN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:53:04:9e:cc:3d:89:75:7f:c2:08:cf:ed:b8:2e:df:82:3b:3f:9d
Signer

Actual PE Digest

3b:53:04:9e:cc:3d:89:75:7f:c2:08:cf:ed:b8:2e:df:82:3b:3f:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/$R2
$PLUGINSDIR/AccessControl.dll
.dll windows:4 windows x86 arch:x86

ed83f419402bc3b83a08e3aaf8b5b5b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

ConvertStringSidToSidA
LookupAccountNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
GetUserNameA
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
OpenProcessToken
LookupAccountSidA
ConvertSidToStringSidA
GetSidSubAuthority
GetSidSubAuthorityCount

kernel32

lstrcmpiA
lstrcpyA
LocalAlloc
lstrlenA
LocalFree
GetLastError
GlobalFree
lstrcpynA
GlobalAlloc
GetFileAttributesA
CloseHandle
GetCurrentProcess
lstrcatA

user32

wsprintfA

Exports

Exports

ClearOnFile
ClearOnRegKey
DenyOnFile
DenyOnRegKey
DisableFileInheritance
DisableRegKeyInheritance
EnableFileInheritance
EnableRegKeyInheritance
GetCurrentUserName
GetFileGroup
GetFileOwner
GetRegKeyGroup
GetRegKeyOwner
GrantOnFile
GrantOnRegKey
IsUserTheAdministrator
RevokeOnFile
RevokeOnRegKey
SetFileGroup
SetFileOwner
SetOnFile
SetOnRegKey
SetRegKeyGroup
SetRegKeyOwner
SidToName

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GameLauncher.exe
.exe windows:5 windows x86 arch:x86

f7d897fb697ad257fbcaa2dbb2ffc597

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\workspace\branch_protector3\Protector3\Build\Release\GameLauncher.pdb

Imports

dinput8

DirectInput8Create

kernel32

GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
RaiseException
SetLastError
GetWindowsDirectoryA
GetVolumeInformationA
DeviceIoControl
GetVersionExA
ResumeThread
FindFirstFileA
OutputDebugStringA
SizeofResource
LockResource
FindResourceA
LoadLibraryExA
OpenProcess
QueryInformationJobObject
GetProcessId
OpenThread
GetExitCodeProcess
ResetEvent
HeapFree
HeapAlloc
GetProcessHeap
GetModuleFileNameW
GetLocaleInfoW
GetSystemDefaultLangID
GetUserDefaultUILanguage
GetUserGeoID
GetUserDefaultLCID
FindNextFileW
GetFileAttributesW
GetPrivateProfileStringA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
OpenMutexA
OpenEventA
TerminateThread
MoveFileW
GetWindowsDirectoryW
DeleteFileW
GetFileAttributesExW
CreateDirectoryW
SetFileAttributesW
InterlockedExchange
GetFileAttributesA
TerminateProcess
AssignProcessToJobObject
CreateProcessA
SetInformationJobObject
lstrlenA
GetCurrentProcessId
VirtualFreeEx
SetEndOfFile
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
FlushFileBuffers
GetFullPathNameW
LocalFileTimeToFileTime
QueryPerformanceCounter
SetThreadAffinityMask
QueryPerformanceFrequency
DeleteFileA
CreateDirectoryA
MultiByteToWideChar
VirtualProtectEx
CreateThread
GetOEMCP
GetACP
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
HeapReAlloc
FindFirstFileExW
GetDriveTypeW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
VirtualQuery
ExitThread
GetStartupInfoW
HeapSetInformation
GetCommandLineW
EncodePointer
DecodePointer
ExitProcess
RtlUnwind
GetStdHandle
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
HeapDestroy
GetStringTypeW
LCMapStringW
GetFileInformationByHandle
PeekNamedPipe
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleW
CreateJobObjectA
lstrlenW
IsValidCodePage
CompareStringW
SetEnvironmentVariableA
InterlockedCompareExchange
SetEvent
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
WriteFile
ReadFile
ReleaseMutex
WaitForMultipleObjects
SystemTimeToFileTime
FileTimeToLocalFileTime
LoadLibraryA
FreeLibrary
GetSystemTime
GetTimeZoneInformation
FindResourceExW
LoadResource
GetSystemTimeAsFileTime
GetProcessTimes
IsDebuggerPresent
GetModuleHandleW
LoadLibraryW
GetCurrentThread
GetThreadContext
SetThreadContext
SetUnhandledExceptionFilter
OutputDebugStringW
FindFirstFileW
FindClose
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetModuleHandleA
GetProcAddress
GetCurrentThreadId
DebugBreak
FormatMessageA
CreateMutexA
GetFileSize
GetLastError
FileTimeToSystemTime
CreateFileW
LocalFree
IsBadReadPtr
CreateEventA
CreateFileA
GetCurrentProcess
DuplicateHandle
CloseHandle
GetCurrentDirectoryW
SetCurrentDirectoryW
GetTickCount
TerminateJobObject
GetPrivateProfileStringW
GetVersionExW
Sleep
InterlockedDecrement
InterlockedIncrement
ReadProcessMemory

user32

UnregisterClassA
GetClassNameA
GetParent
GetLastInputInfo
AttachThreadInput
BringWindowToTop
SetForegroundWindow
GetForegroundWindow
EnumWindows
GetWindowPlacement
GetWindowThreadProcessId
FindWindowExA
CharLowerBuffW
ChangeDisplaySettingsA
IsWindowVisible
ReleaseDC
GetDC
IsWindow
SetFocus
GetWindowRect
SetWindowPlacement
WaitForInputIdle
PostMessageA
FindWindowW
ShowWindow
MessageBoxW
wsprintfA
CreateDialogParamW
PostMessageW
LoadCursorW
RegisterClassExW
CreateWindowExW
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
DispatchMessageW
DialogBoxParamW
SetWindowTextW
SetDlgItemTextW
LoadIconW
SendMessageW
DestroyWindow
DefWindowProcW
BeginPaint
EndPaint
PostQuitMessage
FindWindowA
GetSystemMetrics

gdi32

GetDeviceCaps

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptSetKeyParam
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
GetUserNameA
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptDecrypt
RegEnumKeyExA
RegQueryInfoKeyA
RegSetKeySecurity
RegCreateKeyExW
RegSetValueExA
ImpersonateSelf
RevertToSelf
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
ShellExecuteExA

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

VariantChangeType
SysAllocString
SysAllocStringLen
VariantClear
VariantInit
SysFreeString

shlwapi

PathAppendW
PathStripPathA
PathFileExistsA
PathUnquoteSpacesW
PathRemoveFileSpecW
PathAppendA

iphlpapi

GetAdaptersInfo

ws2_32

gethostbyname
WSAStartup
ntohl

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
InternetQueryOptionA
InternetReadFile
InternetGetLastResponseInfoA
HttpAddRequestHeadersA
InternetCloseHandle
InternetGetConnectedStateExA
InternetGetCookieW

sensapi

IsNetworkAlive

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

rasapi32

RasEnumEntriesA

version

VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

psapi

GetProcessImageFileNameW

crypt32

CryptMsgGetAndVerifySigner
CertNameToStrA
CertFreeCertificateContext
CryptMsgClose
CryptQueryObject

wintrust

WinVerifyTrust

Sections

.text
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pecode
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pccode
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gchr
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PatchHelper.exe
.exe windows:5 windows x86 arch:x86

de899f8d2ce60120fe54bf8eb11a6af8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4e
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

07/03/2011, 00:00

Not After

06/03/2013, 23:59

Subject

CN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:95:6d:a2:2a:0a:34:af:3d:15:4f:43:49:58:ce:34:73:be:bc:15
Signer

Actual PE Digest

4d:95:6d:a2:2a:0a:34:af:3d:15:4f:43:49:58:ce:34:73:be:bc:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Workspace\onlinetech\GameConsole_Trunk\Source\SDK\PatchHelper\Release\PatchHelper.pdb

Imports

kernel32

LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
DebugBreak
GetCurrentThreadId
GetFileAttributesW
GetLastError
FormatMessageA
SetLastError
GetWindowsDirectoryA
InterlockedDecrement
GetVolumeInformationA
DeviceIoControl
HeapFree
HeapAlloc
IsBadReadPtr
WriteFile
ReadFile
FindFirstFileA
CreateDirectoryA
CreateMutexA
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileW
FlushFileBuffers
GetModuleFileNameA
GetModuleFileNameW
FreeLibrary
LocalFree
GetVersionExA
WaitForSingleObject
IsDebuggerPresent
SetUnhandledExceptionFilter
GetTickCount
LoadLibraryW
OutputDebugStringW
CreateFileA
FindClose
FindFirstFileW
GetModuleHandleW
SetThreadContext
GetThreadContext
GetCurrentThread
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemInfo
GetCurrentProcess
GetModuleHandleA
GetProcAddress
WriteConsoleW
SetStdHandle
GetStringTypeW
HeapReAlloc
GetConsoleMode
GetConsoleCP
SetFilePointer
VirtualQuery
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
CloseHandle
GetFileSize
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
IsProcessorFeaturePresent
Sleep
HeapSize
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

FindWindowA
MessageBoxW

advapi32

RegSetValueExA
RegOpenKeyExW
RegSetKeySecurity
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RevertToSelf
ImpersonateSelf
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExW
RegCloseKey

shell32

ShellExecuteExW
SHGetSpecialFolderPathA

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoCreateGuid

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit
VariantChangeType

shlwapi

PathFileExistsW

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pecode
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pccode
Size: 512B - Virtual size: 105B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gchr
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PatchTools/BSDiff_Patch.exe
.exe windows:5 windows x86 arch:x86

b8ce236a58c0e0fe4ecf19091aff1249

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4e
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

07/03/2011, 00:00

Not After

06/03/2013, 23:59

Subject

CN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:36:f5:00:17:07:e9:8c:7f:5c:7b:68:d6:d4:0f:ca:da:3b:19:50
Signer

Actual PE Digest

6e:36:f5:00:17:07:e9:8c:7f:5c:7b:68:d6:d4:0f:ca:da:3b:19:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Build\onlinetech\GameConsolePatchTools\BSDiff\Release\BSDiff_Patch.pdb

Imports

kernel32

GetLastError
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
MultiByteToWideChar
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
LoadLibraryA
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetFilePointer
CloseHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileW
FlushFileBuffers
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CreateFileA

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PatchTools/Park.exe
.exe windows:5 windows x86 arch:x86

928ede4c09d29f69ca90f3bc68a09830

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4e
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

07/03/2011, 00:00

Not After

06/03/2013, 23:59

Subject

CN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e5:42:03:15:85:9f:6c:96:e9:dc:2d:73:29:28:f0:95:a5:3e:d0:9a
Signer

Actual PE Digest

e5:42:03:15:85:9f:6c:96:e9:dc:2d:73:29:28:f0:95:a5:3e:d0:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Build\onlinetech\GameConsolePatchTools\Park\Release\Park.pdb

Imports

kernel32

CreateEventW
GetLastError
OutputDebugStringW
WaitForMultipleObjects
OpenEventW
SetEvent
CloseHandle
GetCommandLineW
GetFullPathNameW
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStartupInfoW
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA

user32

CharNextW
CharUpperW

shell32

ShellExecuteW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PatchTools/Updater.exe
.exe windows:5 windows x86 arch:x86

a7fe22ff978010f7544b4b8dfcff4f4b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4e
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

07/03/2011, 00:00

Not After

06/03/2013, 23:59

Subject

CN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:2b:05:62:bc:14:8b:5b:13:73:26:c1:92:80:cb:25:42:85:d1:39
Signer

Actual PE Digest

45:2b:05:62:bc:14:8b:5b:13:73:26:c1:92:80:cb:25:42:85:d1:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Build\onlinetech\GameConsolePatchTools\Build\Release\Updater.pdb

Imports

kernel32

InterlockedExchange
DuplicateHandle
GetFileAttributesW
MoveFileW
GetCurrentThread
GetCurrentDirectoryW
GetUserDefaultUILanguage
CreateMutexW
ResetEvent
CreateEventW
ResumeThread
GetFileAttributesExW
SetFileAttributesW
GetFullPathNameW
QueryPerformanceCounter
SetThreadAffinityMask
QueryPerformanceFrequency
LocalFileTimeToFileTime
FlushFileBuffers
HeapFree
HeapAlloc
GetProcessHeap
IsBadReadPtr
FindFirstFileA
CreateDirectoryA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetModuleHandleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryA
HeapCreate
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetDriveTypeW
CreateThread
ExitThread
VirtualQuery
GetSystemTimeAsFileTime
RtlUnwind
GetStartupInfoW
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
GetWindowsDirectoryW
LoadLibraryW
GetFileSize
CreateMutexA
FileTimeToSystemTime
CreateFileW
CreateEventA
SetEndOfFile
SetFilePointer
WriteFile
ReadFile
ReleaseMutex
SetEvent
SystemTimeToFileTime
FileTimeToLocalFileTime
GetSystemTime
GetTimeZoneInformation
GetProcAddress
DebugBreak
LoadLibraryA
InterlockedIncrement
FreeLibrary
SetLastError
GetCurrentThreadId
RaiseException
GetModuleFileNameW
GetVersionExA
GetVolumeInformationA
CreateFileA
DeviceIoControl
GetWindowsDirectoryA
FormatMessageA
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
FindNextFileW
FindClose
GetTickCount
FindFirstFileW
GetCommandLineW
LoadResource
FindResourceExW
GetCurrentProcessId
CloseHandle
IsWow64Process
GetExitCodeProcess
CopyFileW
WaitForSingleObject
GetCurrentProcess
LocalFree
VirtualAlloc
VirtualFree
InterlockedCompareExchange
DeleteFileW
GetLastError
CreateDirectoryW
GetVersionExW
Sleep
GetPrivateProfileStringW
InterlockedDecrement
GetLocaleInfoW

user32

GetDlgItem
CreateDialogParamW
PeekMessageW
LoadIconW
IsDialogMessageW
TranslateMessage
PostMessageW
SetDlgItemTextW
DestroyWindow
SendMessageW
UpdateWindow
MsgWaitForMultipleObjectsEx
ShowWindow
SetWindowTextW
DispatchMessageW
MessageBoxW
GetSystemMetrics
UnregisterClassA

advapi32

SetNamedSecurityInfoW
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetKeySecurity
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RevertToSelf
ImpersonateSelf
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExA
RegQueryValueExA
GetUserNameA

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
SHGetFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateGuid
StringFromCLSID
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantChangeType
VariantClear

shlwapi

PathUnquoteSpacesW
PathFileExistsW

iphlpapi

GetAdaptersInfo

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetGetCookieW
InternetGetConnectedStateExA
InternetOpenA
InternetConnectA
HttpQueryInfoA
HttpSendRequestA
InternetQueryOptionA
InternetReadFile
InternetGetLastResponseInfoA
HttpAddRequestHeadersA
InternetCloseHandle
HttpOpenRequestA

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

crypt32

CryptQueryObject
CryptMsgGetAndVerifySigner
CertNameToStrA
CertFreeCertificateContext
CryptMsgClose

wintrust

WinVerifyTrust

sensapi

IsNetworkAlive

rasapi32

RasEnumEntriesA

Sections

.text
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pecode
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4eCertificate

Extended Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

3b:53:04:9e:cc:3d:89:75:7f:c2:08:cf:ed:b8:2e:df:82:3b:3f:9dSigner

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 176KB

UPX1 Size: 17KB - Virtual size: 20KB

.rsrc Size: 3KB - Virtual size: 4KB

ed83f419402bc3b83a08e3aaf8b5b5b7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 348B

.reloc Size: 1024B - Virtual size: 780B

f7d897fb697ad257fbcaa2dbb2ffc597

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dinput8

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

ws2_32

wininet

sensapi

rpcrt4

rasapi32

version

psapi

crypt32

wintrust

Sections

.text Size: 380KB - Virtual size: 380KB

.pecode Size: 48KB - Virtual size: 48KB

.pccode Size: 7KB - Virtual size: 7KB

.rdata Size: 105KB - Virtual size: 105KB

.data Size: 9KB - Virtual size: 21KB

.gchr Size: 4KB - Virtual size: 3KB

.rsrc Size: 37KB - Virtual size: 37KB

de899f8d2ce60120fe54bf8eb11a6af8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4e
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

3b:53:04:9e:cc:3d:89:75:7f:c2:08:cf:ed:b8:2e:df:82:3b:3f:9d
Signer

UPX0
Size: - Virtual size: 176KB

UPX1
Size: 17KB - Virtual size: 20KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 348B

.reloc
Size: 1024B - Virtual size: 780B

.text
Size: 380KB - Virtual size: 380KB

.pecode
Size: 48KB - Virtual size: 48KB

.pccode
Size: 7KB - Virtual size: 7KB

.rdata
Size: 105KB - Virtual size: 105KB

.data
Size: 9KB - Virtual size: 21KB

.gchr
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 37KB - Virtual size: 37KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4e
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

4d:95:6d:a2:2a:0a:34:af:3d:15:4f:43:49:58:ce:34:73:be:bc:15
Signer

.text
Size: 119KB - Virtual size: 118KB

.pecode
Size: 21KB - Virtual size: 20KB

.pccode
Size: 512B - Virtual size: 105B

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 8KB - Virtual size: 17KB

.gchr
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4e
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

6e:36:f5:00:17:07:e9:8c:7f:5c:7b:68:d6:d4:0f:ca:da:3b:19:50
Signer

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 704B

.reloc
Size: 4KB - Virtual size: 3KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate