f0c7004734effdeb67cdeb846bf61e65_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f0c7004734effdeb67cdeb846bf61e65_JaffaCakes118
Size

2.5MB
MD5

f0c7004734effdeb67cdeb846bf61e65
SHA1

5b4147a91b815e1ee24684d57431e360945220f7
SHA256

7e5311dfd990052947a80ab177305ef804e0742a06511c0b41740d1335dc40af
SHA512

55dfa2a960d7d79ada7e07c0b60a558260578b9cd8aeb62455de1bf28356afd0848e82cf594bd0b58dd4b8a8ad6dd5ee50468bc47da1ac765099a5e9695504d3
SSDEEP

49152:Nu9Ybc15yiuePui4VMf4IQq3pSxejYxOO1/WjYIt1FjUXaNCsiBc9SNrjn:89Wc15Zz2764IQwAaYSc0fUXazWNrjn

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
f0c7004734effdeb67cdeb846bf61e65_JaffaCakes118
unpack001/$PROGRAM_FILES/DSPRAVA/uninstall.exe
unpack001/UnZip32.dll
unpack001/Zip32.dll
unpack001/dsprava.exe
unpack001/logging.dll
unpack001/mfc42.dll
unpack001/msvcrt.dll
unpack001/vnchooks.dll
unpack001/vncviewer.exe
unpack001/winvnc-t.exe
unpack001/winvnc-u102.exe
unpack001/winvnc-u104.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/$PROGRAM_FILES/DSPRAVA/uninstall.exe	nsis_installer_1

Files

f0c7004734effdeb67cdeb846bf61e65_JaffaCakes118
.exe windows:4 windows x86 arch:x86

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/DSPRAVA/cad.exe
.exe windows:4 windows x86 arch:x86

6ee35c3d8aedad42454d8c6d808b13a8

Code Sign

01:00:00:00:00:01:11:db:40:c7:65
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

10/04/2007, 11:28

Not After

10/04/2009, 11:28

Subject

CN=uvnc bvba,O=uvnc bvba,C=BE,1.2.840.113549.1.9.1=#0c15727564692e64652e766f7340736b796e65742e6265

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d7:dc:7e:98:18:b7:36:2c:9b:bf:2e:a3:e1:3b:fa:e4:40:8e:3f:b4
Signer

Actual PE Digest

d7:dc:7e:98:18:b7:36:2c:9b:bf:2e:a3:e1:3b:fa:e4:40:8e:3f:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\cad\release\cad.pdb

Imports

rpcrt4

RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
I_RpcExceptionFilter
NdrClientCall2

kernel32

FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FreeLibrary
GetProcAddress
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
SetLastError
GetVersionExA
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/DSPRAVA/uninstall.exe
.exe windows:4 windows x86 arch:x86

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DalkovaSpravaVIS.html
.html
DalkovaSpravaVIS_html_m1a0bafb8.png
.png
DalkovaSpravaVIS_html_m5b8e8b19.png
.png
UnZip32.dll
.dll windows:4 windows x86 arch:x86

c337d58e82eabb5406078a63592870d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
GetLastError
CreateFileA
GetCurrentProcess
GetVersion
SetEndOfFile
SetFilePointer
SetFileTime
SetFileAttributesA
LocalFileTimeToFileTime
DosDateTimeToFileTime
SystemTimeToFileTime
GetLocalTime
GetFullPathNameA
HeapFree
FindNextFileA
FindClose
SetVolumeLabelA
GetLocaleInfoA
GetFileAttributesA
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcpyA
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
CreateMutexA
InterlockedExchange
CloseHandle
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
lstrlenA
EnterCriticalSection
LeaveCriticalSection
lstrcmpiA
GetVolumeInformationA
GetDriveTypeA
lstrcpynA
FindFirstFileA

user32

OemToCharA

advapi32

AdjustTokenPrivileges
GetSecurityDescriptorControl
GetKernelObjectSecurity
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
IsValidAcl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
IsValidSid
GetSecurityDescriptorGroup
OpenProcessToken
LookupPrivilegeValueA

msvcrt

_get_osfhandle
_write
free
malloc
realloc
_setjmp3
qsort
sprintf
strncmp
fgets
_iob
_mbsinc
_mbschr
__mb_cur_max
mblen
strerror
_errno
fopen
longjmp
fflush
putc
mktime
localtime
time
tolower
_pctype
_isctype
_strnicmp
fclose
gmtime
strncpy
_mbsrchr
setlocale
toupper
_initterm
_adjust_fdiv
_read
_lseek
_setmode
_fileno
_open
_unlink
_chmod
_isatty
_tzset
_putenv
_close
_strupr
_stat
_mkdir

Exports

Exports

UzpFreeMemBuffer
UzpVersion
UzpVersion2
Wiz_Grep
Wiz_Init
Wiz_NoPrinting
Wiz_SetOpts
Wiz_SingleEntryUnzip
Wiz_Unzip
Wiz_UnzipToMemory
Wiz_Validate

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zip32.dll
.dll windows:4 windows x86 arch:x86

b8e0a2809321ada0ca7d0b7d3f353c7f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
CloseHandle
InterlockedExchange
CreateMutexA
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
CreateFileA
GetCurrentProcess
GetVolumeInformationA
FindClose
FindFirstFileA
GetVersion
GetFileType
GetFileTime
GetFullPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindNextFileA
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
RemoveDirectoryA
PeekNamedPipe
GetDriveTypeA
lstrcpynA
lstrcpyA
lstrcatA
GetFileAttributesA
lstrlenA
MultiByteToWideChar
GetTimeZoneInformation
GetSystemTime
GetLocalTime
MoveFileA
SetStdHandle
HeapReAlloc
Sleep
GetCommandLineA
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
ExitProcess
TerminateProcess
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
RtlUnwind
WideCharToMultiByte
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
WriteFile
ReadFile
GetStringTypeA
GetStringTypeW
SetFilePointer
FlushFileBuffers
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetEndOfFile
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
InterlockedDecrement
InterlockedIncrement
GetProcAddress
LoadLibraryA
LCMapStringA
LCMapStringW
GetLocaleInfoW
GetCurrentDirectoryA
SetCurrentDirectoryA
DeleteFileA
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetFileInformationByHandle
SetEnvironmentVariableW

user32

wvsprintfA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
GetSecurityDescriptorLength
GetKernelObjectSecurity
OpenProcessToken

Exports

Exports

ZpArchive
ZpGetOptions
ZpInit
ZpSetOptions
ZpVersion

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/license.txt
driver/vista/driver/mv2.cat
driver/vista/driver/mv2.dll
.dll windows:6 windows x86 arch:x86

03d53cf152ee4118997068de8ef776ae

Code Sign

01:00:00:00:00:01:11:db:40:c7:65
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

10/04/2007, 11:28

Not After

10/04/2009, 11:28

Subject

CN=uvnc bvba,O=uvnc bvba,C=BE,1.2.840.113549.1.9.1=#0c15727564692e64652e766f7340736b796e65742e6265

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fa:0c:51:c0:a5:10:a1:d6:a2:d5:61:ad:ea:4b:15:33:b6:45:ec:c5
Signer

Actual PE Digest

fa:0c:51:c0:a5:10:a1:d6:a2:d5:61:ad:ea:4b:15:33:b6:45:ec:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\winddk\6000\src\video\displays\mirror2\disp\objfre_wlh_x86\i386\mv2.pdb

Imports

win32k.sys

EngFreeMem
EngAllocMem
EngModifySurface
EngCreateDeviceSurface
EngMapFile
EngDeleteFile
EngUnmapFile
EngDeleteSurface
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
EngCopyBits
EngAlphaBlend
EngTransparentBlt
EngBitBlt
EngTextOut
EngStrokePath
EngFillPath
EngStrokeAndFillPath
EngLineTo
EngStretchBltROP
EngStretchBlt
EngGradientFill
EngPlgBlt
EngDeletePalette
EngCreatePalette
PALOBJ_cGetColors
EngBugCheckEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 627B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 626B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/vista/driver/mv2.inf
driver/vista/driver/mv2.sys
.sys windows:6 windows x86 arch:x86

518167d6aeefde1975592d28cbae7110

Code Sign

01:00:00:00:00:01:11:db:40:c7:65
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

10/04/2007, 11:28

Not After

10/04/2009, 11:28

Subject

CN=uvnc bvba,O=uvnc bvba,C=BE,1.2.840.113549.1.9.1=#0c15727564692e64652e766f7340736b796e65742e6265

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

83:51:9d:3b:ca:92:3c:f2:9a:93:d9:2e:a4:13:a5:ce:de:5b:be:00
Signer

Actual PE Digest

83:51:9d:3b:ca:92:3c:f2:9a:93:d9:2e:a4:13:a5:ce:de:5b:be:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\winddk\6000\src\video\displays\mirror\mini\objfre_wlh_x86\i386\mv2.pdb

Imports

ntoskrnl.exe

KeTickCount

videoprt.sys

VideoPortZeroMemory
VideoPortInitialize

Sections

.text
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 238B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/vista/setupdrv.exe
.exe windows:5 windows x86 arch:x86

3923eb013224ef7eb890763bd7abba1d

Code Sign

01:00:00:00:00:01:11:db:40:c7:65
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

10/04/2007, 11:28

Not After

10/04/2009, 11:28

Subject

CN=uvnc bvba,O=uvnc bvba,C=BE,1.2.840.113549.1.9.1=#0c15727564692e64652e766f7340736b796e65742e6265

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ae:8d:88:71:d1:bb:2e:ec:99:fc:ba:c6:29:41:ce:b5:e0:8a:6e:76
Signer

Actual PE Digest

ae:8d:88:71:d1:bb:2e:ec:99:fc:ba:c6:29:41:ce:b5:e0:8a:6e:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

setupapi

SetupDiSetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
CM_Get_Device_ID_ExA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailA
SetupDiOpenDeviceInfoA
SetupDiGetClassDevsExA
SetupDiCreateDeviceInfoListExA
SetupDiSetClassInstallParamsA
SetupDiGetDeviceInstallParamsA
SetupDiGetINFClassA
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoA
SetupDiClassGuidsFromNameExA
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyA

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
HeapReAlloc
VirtualAlloc
HeapSize
LocalFree
FormatMessageA
lstrlenA
GetLastError
FreeLibrary
GetProcAddress
SetStdHandle
GetFullPathNameA
lstrcpynA
WaitForSingleObject
SetThreadPriority
GetCurrentThread
LockResource
LoadResource
FindResourceA
CreateThread
CreateEventA
GetVersionExA
CloseHandle
GetModuleFileNameA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetCommandLineA
GetStartupInfoA
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
CreateFileA
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringA
MultiByteToWideChar
LCMapStringW
HeapAlloc
RaiseException
HeapFree
Sleep
ExitProcess
GetFileAttributesA
WriteFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode

user32

CharNextA
LoadStringA
SendMessageA
FindWindowA
EnumDisplayDevicesA
EnumDisplaySettingsA
MessageBoxA

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
driver/vista64/driver/mv2.cat
driver/vista64/driver/mv2.dll
.dll windows:6 windows x64 arch:x64

09b4a861ac1259f69d423ebbb4c3a1a9

Code Sign

01:00:00:00:00:01:11:db:40:c7:65
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

10/04/2007, 11:28

Not After

10/04/2009, 11:28

Subject

CN=uvnc bvba,O=uvnc bvba,C=BE,1.2.840.113549.1.9.1=#0c15727564692e64652e766f7340736b796e65742e6265

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:c9:cc:1b:21:18:10:c9:db:57:85:3b:08:51:7e:8e:fa:a7:6d:ce
Signer

Actual PE Digest

17:c9:cc:1b:21:18:10:c9:db:57:85:3b:08:51:7e:8e:fa:a7:6d:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\winddk\6000\src\video\displays\mv2_vncdrv\objfre_wlh_amd64\amd64\mv2.pdb

Imports

win32k.sys

EngLineTo
EngDeleteSurface
EngPlgBlt
EngCopyBits
EngGradientFill
EngUnmapFile
EngCreateDeviceSurface
EngModifySurface
EngStrokePath
EngAllocMem
CLIPOBJ_cEnumStart
EngStretchBltROP
CLIPOBJ_bEnum
EngTransparentBlt
EngAlphaBlend
EngBitBlt
EngStretchBlt
EngTextOut
EngDeleteFile
EngFillPath
EngStrokeAndFillPath
EngMapFile
EngFreeMem
EngCreatePalette
PALOBJ_cGetColors
EngDeletePalette
EngBugCheckEx

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 738B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/vista64/driver/mv2.inf
driver/vista64/driver/mv2.sys
.sys windows:6 windows x64 arch:x64

8201f3349e7fca04a64640d8bac5a3a6

Code Sign

01:00:00:00:00:01:11:db:40:c7:65
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

10/04/2007, 11:28

Not After

10/04/2009, 11:28

Subject

CN=uvnc bvba,O=uvnc bvba,C=BE,1.2.840.113549.1.9.1=#0c15727564692e64652e766f7340736b796e65742e6265

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a9:49:3c:b6:b6:be:da:b7:e8:3e:2b:8d:ec:19:56:92:7a:57:9a:6a
Signer

Actual PE Digest

a9:49:3c:b6:b6:be:da:b7:e8:3e:2b:8d:ec:19:56:92:7a:57:9a:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\winddk\6000\src\video\displays\mirror\mini\objfre_wlh_amd64\amd64\mv2.pdb

Imports

ntoskrnl.exe

KeBugCheckEx

videoprt.sys

VideoPortInitialize
VideoPortZeroMemory

Sections

.text
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/vista64/setupdrv.exe
.exe windows:5 windows x64 arch:x64

7527b5d13d9aacb2dbaa1f9c76b907b2

Code Sign

01:00:00:00:00:01:11:db:40:c7:65
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

10/04/2007, 11:28

Not After

10/04/2009, 11:28

Subject

CN=uvnc bvba,O=uvnc bvba,C=BE,1.2.840.113549.1.9.1=#0c15727564692e64652e766f7340736b796e65742e6265

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:14:8a:c3:26:a6:83:3a:a3:ba:71:d1:09:78:a9:5e:25:f0:66:d6
Signer

Actual PE Digest

1f:14:8a:c3:26:a6:83:3a:a3:ba:71:d1:09:78:a9:5e:25:f0:66:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

setupapi

SetupDiSetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
CM_Get_Device_ID_ExA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailA
SetupDiOpenDeviceInfoA
SetupDiGetClassDevsExA
SetupDiCreateDeviceInfoListExA
SetupDiSetClassInstallParamsA
SetupDiGetDeviceInstallParamsA
SetupDiGetINFClassA
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoA
SetupDiClassGuidsFromNameExA
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyA

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
HeapReAlloc
HeapSize
GetLocaleInfoA
LocalFree
FormatMessageA
lstrlenA
GetLastError
FreeLibrary
GetProcAddress
SetStdHandle
GetFullPathNameA
lstrcpynA
WaitForSingleObject
SetThreadPriority
GetCurrentThread
LockResource
LoadResource
FindResourceA
CreateThread
CreateEventA
GetVersionExA
CloseHandle
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
LoadLibraryA
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetCommandLineA
GetStartupInfoA
RtlUnwindEx
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateFileA
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
HeapAlloc
RaiseException
RtlPcToFileHeader
HeapFree
Sleep
GetModuleHandleW
ExitProcess
GetFileAttributesA
WriteFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

user32

CharNextA
LoadStringA
SendMessageA
FindWindowA
EnumDisplayDevicesA
EnumDisplaySettingsA
MessageBoxA

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
driver/xp/driver/mv2.cat
driver/xp/driver/mv2.dll
.dll windows:6 windows x86 arch:x86

03d53cf152ee4118997068de8ef776ae

Code Sign

01:00:00:00:00:01:11:db:40:c7:65
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

10/04/2007, 11:28

Not After

10/04/2009, 11:28

Subject

CN=uvnc bvba,O=uvnc bvba,C=BE,1.2.840.113549.1.9.1=#0c15727564692e64652e766f7340736b796e65742e6265

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:e4:48:77:4b:17:9b:36:84:d2:5a:75:9e:ff:fe:7e:b9:91:c0:ca
Signer

Actual PE Digest

3f:e4:48:77:4b:17:9b:36:84:d2:5a:75:9e:ff:fe:7e:b9:91:c0:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\winddk\6000\src\video\displays\mirror2\disp\objfre_wxp_x86\i386\mv2.pdb

Imports

win32k.sys

EngFreeMem
EngAllocMem
EngModifySurface
EngCreateDeviceSurface
EngMapFile
EngDeleteFile
EngUnmapFile
EngDeleteSurface
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
EngCopyBits
EngAlphaBlend
EngTransparentBlt
EngBitBlt
EngTextOut
EngStrokePath
EngFillPath
EngStrokeAndFillPath
EngLineTo
EngStretchBltROP
EngStretchBlt
EngGradientFill
EngPlgBlt
EngDeletePalette
EngCreatePalette
PALOBJ_cGetColors
EngBugCheckEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 627B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 626B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 478B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/xp/driver/mv2.inf
driver/xp/driver/mv2.sys
.sys windows:6 windows x86 arch:x86

518167d6aeefde1975592d28cbae7110

Code Sign

01:00:00:00:00:01:11:db:40:c7:65
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

10/04/2007, 11:28

Not After

10/04/2009, 11:28

Subject

CN=uvnc bvba,O=uvnc bvba,C=BE,1.2.840.113549.1.9.1=#0c15727564692e64652e766f7340736b796e65742e6265

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:21:e3:7e:c2:c6:84:89:e7:6d:5e:ca:04:da:35:16:b9:43:27:5f
Signer

Actual PE Digest

1e:21:e3:7e:c2:c6:84:89:e7:6d:5e:ca:04:da:35:16:b9:43:27:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\winddk\6000\src\video\displays\mirror\mini\objfre_wxp_x86\i386\mv2.pdb

Imports

ntoskrnl.exe

KeTickCount

videoprt.sys

VideoPortZeroMemory
VideoPortInitialize

Sections

.text
Size: 256B - Virtual size: 188B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 256B - Virtual size: 238B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/xp/setupdrv.exe
.exe windows:5 windows x86 arch:x86

3923eb013224ef7eb890763bd7abba1d

Code Sign

01:00:00:00:00:01:11:db:40:c7:65
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

10/04/2007, 11:28

Not After

10/04/2009, 11:28

Subject

CN=uvnc bvba,O=uvnc bvba,C=BE,1.2.840.113549.1.9.1=#0c15727564692e64652e766f7340736b796e65742e6265

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ae:8d:88:71:d1:bb:2e:ec:99:fc:ba:c6:29:41:ce:b5:e0:8a:6e:76
Signer

Actual PE Digest

ae:8d:88:71:d1:bb:2e:ec:99:fc:ba:c6:29:41:ce:b5:e0:8a:6e:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

setupapi

SetupDiSetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
CM_Get_Device_ID_ExA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailA
SetupDiOpenDeviceInfoA
SetupDiGetClassDevsExA
SetupDiCreateDeviceInfoListExA
SetupDiSetClassInstallParamsA
SetupDiGetDeviceInstallParamsA
SetupDiGetINFClassA
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoA
SetupDiClassGuidsFromNameExA
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyA

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
HeapReAlloc
VirtualAlloc
HeapSize
LocalFree
FormatMessageA
lstrlenA
GetLastError
FreeLibrary
GetProcAddress
SetStdHandle
GetFullPathNameA
lstrcpynA
WaitForSingleObject
SetThreadPriority
GetCurrentThread
LockResource
LoadResource
FindResourceA
CreateThread
CreateEventA
GetVersionExA
CloseHandle
GetModuleFileNameA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetCommandLineA
GetStartupInfoA
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
CreateFileA
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringA
MultiByteToWideChar
LCMapStringW
HeapAlloc
RaiseException
HeapFree
Sleep
ExitProcess
GetFileAttributesA
WriteFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode

user32

CharNextA
LoadStringA
SendMessageA
FindWindowA
EnumDisplayDevicesA
EnumDisplaySettingsA
MessageBoxA

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dsprava.exe
.exe windows:4 windows x86 arch:x86

86d4f7c08386ee66b16098aae33faf4b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohl
ntohs
WSASetLastError
inet_ntoa
accept
closesocket
recv
send
WSAAsyncSelect
socket
connect
getsockname
WSASocketA
setsockopt
htonl
htons
sendto
recvfrom
WSACleanup
WSAStartup
inet_addr
gethostbyname
ioctlsocket
listen
getpeername
shutdown
bind
WSAGetLastError

mfc42

ord2818
ord6215
ord860
ord4204
ord4129
ord940
ord825
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord2514
ord6117
ord2621
ord1199
ord1247
ord941
ord641
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord537
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord765
ord609
ord656
ord2370
ord2302
ord5981
ord2639
ord1088
ord2122
ord556
ord6334
ord4160
ord755
ord470
ord4224
ord6283
ord6282
ord924
ord926
ord939
ord2642
ord6403
ord6402
ord3521
ord3522
ord535
ord823
ord1106
ord2029
ord2077
ord2827
ord1168
ord2863
ord2379
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402
ord3574
ord567
ord3610
ord1576
ord3698
ord2086
ord5572
ord2915
ord6648
ord3870
ord538
ord2763
ord1158
ord1948
ord5303
ord4699
ord5715
ord565
ord817
ord6442
ord1233
ord2726
ord4226
ord795
ord2358
ord2301
ord3721
ord826
ord1169
ord3848
ord4185
ord1270
ord2152
ord5621
ord5590
ord2867
ord5628
ord1871
ord764
ord3742
ord818
ord4275
ord1083
ord909
ord3663
ord4411
ord4447
ord4919
ord278
ord605
ord1638
ord1971
ord1200
ord858
ord540
ord800
ord3570
ord966
ord5478
ord5796
ord4863
ord4335
ord2031
ord5481
ord5810
ord5065
ord1146

msvcrt

memcpy
sprintf
_snprintf
_vsnprintf
__p___argv
_chdir
fread
_spawnl
gmtime
fflush
vfprintf
_ftime
sscanf
memset
memmove
isspace
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
time
localtime
fprintf
rand
fclose
strcpy
_errno
strlen
isdigit
_mbscmp
strcmp
atoi
fopen
fwrite
__CxxFrameHandler
_getcwd
_stricmp
_setmbcp

kernel32

GetComputerNameA
GetStartupInfoA
HeapReAlloc
GetCurrentProcessId
GetProcessHeap
HeapAlloc
HeapFree
GlobalFree
ExitThread
GetModuleHandleA
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentProcess
GetFullPathNameA
WaitForSingleObject
GetExitCodeProcess
LoadLibraryA
GetVersionExA
GetCommandLineA
GetLastError
Sleep
GetExitCodeThread
ResumeThread
LocalFree
FormatMessageA
GetEnvironmentVariableA
SetLastError
FreeLibrary
GetTickCount
GetProcAddress
GetModuleFileNameA

user32

MessageBoxA
PostMessageA
OpenClipboard
mouse_event
EmptyClipboard
CloseClipboard
SetClipboardData
ExitWindowsEx
LoadIconA
PostThreadMessageA
EnableWindow
SendMessageA
GetForegroundWindow
GetSystemMetrics
FindWindowA
DispatchMessageA
TranslateMessage
PeekMessageA
DrawIcon
AppendMenuA
GetSystemMenu
IsIconic
GetClientRect
SetTimer
KillTimer

advapi32

RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteExA
ShellExecuteA

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
logging.dll
.dll windows:4 windows x86 arch:x86

8b8e2634be7742f8a54aac5db944e599

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLocalTime
lstrcatA
GetModuleFileNameA
lstrcpyA
lstrlenA
GetCommandLineA
GetVersion
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetLastError
CloseHandle
WriteFile
InitializeCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapAlloc
VirtualAlloc
HeapReAlloc
IsBadWritePtr
FatalAppExitA
RtlUnwind
SetStdHandle
FlushFileBuffers
SetFilePointer
CreateFileA
InterlockedDecrement
InterlockedIncrement
UnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
ReadFile
Sleep
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA

advapi32

RegisterEventSourceA
RegCreateKeyA
RegSetValueExA
RegCloseKey
ReportEventA
DeregisterEventSource

Exports

Exports

LOGEXIT
LOGFAILED
LOGFAILEDUSER
LOGLOGON
LOGLOGONUSER

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mfc42.dll
.dll regsvr32 windows:4 windows x86 arch:x86

a1581f1284d59a8a21a8782a38a2fea1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
?terminate@@YAXXZ
_except_handler3
_adjust_fdiv
_onexit
__dllonexit
??1type_info@@UAE@XZ
_mbsnbicmp
wcsncpy
wcscpy
_ltoa
_ultoa
swprintf
_itoa
modf
ceil
fabs
floor
labs
_ftol
_splitpath
_fullpath
atol
__p___argc
__p___argv
_EH_prolog
_beginthreadex
_endthreadex
_strdup
_mbsdec
_expand
strtod
strtol
strtoul
abs
calloc
_msize
_purecall
strftime
_mbctype
localtime
gmtime
time
_ismbcspace
atoi
_ismbcdigit
_mbsnbcmp
sprintf
strlen
_mbclen
vsprintf
_mbsrchr
_mbscspn
_mbsspn
_mbsstr
_mbsrev
_mbslwr
_mbsupr
_mbspbrk
_mbschr
wcslen
_mbscmp
realloc
fclose
fflush
fseek
ftell
fgets
fputs
fwrite
fread
clearerr
_open_osfhandle
_fdopen
__doserrno
_get_osfhandle
memset
_mbsinc
abort
free
malloc
memcmp
memmove
memcpy
_CxxThrowException
mktime
__CxxFrameHandler

kernel32

lstrcpyA
FindClose
MultiByteToWideChar
GetProcAddress
GetVolumeInformationA
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
lstrcmpiA
GetShortPathNameA
GetModuleFileNameA
GlobalSize
GlobalLock
GlobalAlloc
GlobalReAlloc
GlobalUnlock
GlobalFree
GetFileAttributesA
GetFileSize
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
LocalFree
FormatMessageA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
WaitForSingleObject
DeleteFileA
LoadLibraryA
CreateMutexA
InterlockedExchange
CreateEventA
WaitForMultipleObjects
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
lstrcatA
GetVersion
LockResource
LoadResource
FindResourceA
FreeLibrary
MulDiv
GetProfileIntA
VirtualProtect
SizeofResource
GetProcessVersion
GlobalFlags
GetTempFileNameA
GetDiskFreeSpaceA
LocalUnlock
LocalLock
GetTempPathA
SearchPathA
SetEvent
ResumeThread
SetThreadPriority
SuspendThread
GetCurrentThread
SetErrorMode
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentDirectoryA
FindNextFileA
GetTickCount
lstrlenW
CopyFileA
lstrcpyW
GetUserDefaultLCID
IsDBCSLeadByte
GetSystemDirectoryA
UnlockFile
MoveFileA
SetEndOfFile
FlushFileBuffers
LockFile
CloseHandle
ReadFile
SetFilePointer
WriteFile
DuplicateHandle
CreateFileA
GetCurrentProcess
lstrlenA
lstrcmpA
OutputDebugStringA
IsBadStringPtrA
IsBadReadPtr
IsBadWritePtr
GetLastError
IsBadStringPtrW
lstrcpynA
CreateSemaphoreA
SetLastError
ReleaseSemaphore
FindFirstFileA
ReleaseMutex
RaiseException

gdi32

TextOutA
GetStretchBltMode
EnumFontFamiliesA
GetPixel
CreatePalette
GetPaletteEntries
RealizePalette
OffsetRgn
SetBrushOrgEx
CreateMetaFileA
CopyMetaFileA
LPtoDP
SetAbortProc
StartPage
EndPage
EndDoc
AbortDoc
DPtoLP
CombineRgn
SetRectRgn
GetMapMode
CreateDIBPatternBrushPt
CreateHatchBrush
ExtCreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
CreateRectRgn
GetClipRgn
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
OffsetClipRgn
ExcludeClipRect
SelectClipRgn
OffsetWindowOrgEx
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
StartDocA
CreateDCA
CreateRectRgnIndirect
Rectangle
UnrealizeObject
PatBlt
CreateBitmap
CreatePatternBrush
CreatePen
CloseMetaFile
DeleteMetaFile
RectVisible
PtVisible
IntersectClipRect
GetViewportOrgEx
GetWindowOrgEx
SetWindowOrgEx
GetDeviceCaps
Escape
GetCurrentPositionEx
MoveToEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetTextFaceA
GetWindowExtEx
GetViewportExtEx
GetROP2
GetBkMode
GetTextAlign
GetPolyFillMode
GetBkColor
RestoreDC
GetNearestColor
GetStockObject
CreateFontA
SaveDC
DeleteObject
CreateCompatibleBitmap
GetCharWidthA
DeleteDC
CreateSolidBrush
StretchDIBits
ExtTextOutA
CreateCompatibleDC
GetTextExtentPoint32A
CreateFontIndirectA
SelectObject
BitBlt
GetObjectA
SetBkColor
GetTextMetricsA
GetClipBox
SetTextColor
GetTextColor

user32

SetCapture
CharToOemA
OemToCharA
UnhookWindowsHookEx
MsgWaitForMultipleObjects
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
RegisterWindowMessageA
SetWindowPos
SetWindowLongA
GetWindowLongA
GetWindow
SendMessageA
SetForegroundWindow
GetForegroundWindow
GetLastActivePopup
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetKeyState
GetDlgCtrlID
GetWindowTextA
GetWindowTextLengthA
GetDlgItem
SetWindowPlacement
TrackPopupMenu
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetParent
IsChild
MessageBoxA
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
IsWindowVisible
EnableWindow
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
GetClientRect
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
SetFocus
IsWindow
SetActiveWindow
GetFocus
DispatchMessageA
PeekMessageA
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
PostMessageA
LoadIconA
SetRectEmpty
LoadAcceleratorsA
TranslateAcceleratorA
ReleaseCapture
SetCursor
IsWindowEnabled
GetDesktopWindow
ShowWindow
GetActiveWindow
DestroyMenu
LoadMenuA
SetMenu
ReuseDDElParam
UnpackDDElParam
InvalidateRect
BringWindowToTop
LoadCursorA
GetSystemMetrics
WaitMessage
GetCursorPos
GetWindowThreadProcessId
WindowFromPoint
ClientToScreen
TranslateMessage
GetMessageA
DefFrameProcA
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
RedrawWindow
LoadBitmapA
InflateRect
PtInRect
ReleaseDC
InvertRect
GetWindowDC
FillRect
SetTimer
KillTimer
SetRect
GetDC
IsZoomed
SetParent
IsRectEmpty
AppendMenuA
DeleteMenu
GetSystemMenu
GetDCEx
LockWindowUpdate
GetTabbedTextExtentA
DrawTextA
GrayStringA
UnionRect
DrawFocusRect
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
wvsprintfA
GetAsyncKeyState
MapDialogRect
GetDialogBaseUnits
BeginPaint
EndPaint
TabbedTextOutA
GetSysColorBrush
GetClassNameA
SetWindowTextA
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageA
MoveWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
DestroyIcon
SetCursorPos
DestroyCursor
FindWindowA
IsClipboardFormatAvailable
MessageBeep
RemoveMenu
ValidateRect
PostQuitMessage
UnregisterClassA
ShowOwnedPopups
InsertMenuA
GetMenuStringA
RegisterClipboardFormatA
CopyAcceleratorTableA
InSendMessage
PostThreadMessageA
CreateMenu
WindowFromDC
CountClipboardFormats
SetWindowContextHelpId
CharNextA
GetNextDlgGroupItem
ClipCursor
DrawEdge
EnumChildWindows
InvalidateRgn
FrameRect
LoadStringA
CharUpperA
wsprintfA

Exports

Exports

?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B
?classCDataPathProperty@CDataPathProperty@@2UCRuntimeClass@@B
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 616KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcrt.dll
.dll windows:4 windows x86 arch:x86

8d26773106ed39fbb89a157d19d8aa89

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
RtlUnwind
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetUnhandledExceptionFilter
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
CloseHandle
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapAlloc
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetConsoleCtrlHandler
SetEnvironmentVariableW
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
RaiseException
SetStdHandle
Sleep
CompareStringA
CompareStringW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
GetTimeZoneInformation
SetEnvironmentVariableA
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
HeapSize
ReadConsoleA
SetConsoleMode
GetConsoleMode
SetEndOfFile
WriteConsoleA
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
GetSystemTimeAsFileTime
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
SetLocalTime
GetSystemTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_E__non_rtti_object@@UAEPAXI@Z
??_Ebad_cast@@UAEPAXI@Z
??_Ebad_typeid@@UAEPAXI@Z
??_Eexception@@UAEPAXI@Z
??_G__non_rtti_object@@UAEPAXI@Z
??_Gbad_cast@@UAEPAXI@Z
??_Gbad_typeid@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__argc
__argv
__badioinfo
__crtCompareStringA
__crtGetLocaleInfoW
__crtLCMapStringA
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__isascii
__iscsym
__iscsymf
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pioinfo
__pxcptinfoptrs
__set_app_type
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__unguarded_readlc_active
__wargv
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_creat
_cscanf
_ctype
_cwait
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirsti64
_findnext
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstati64
_ftime
_ftol
_fullpath
_futime
_gcvt
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getws
_global_unwind2
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putws
_pwctype
_read
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_searchenv
_seh_longjmp_unwind
_set_error_mode
_set_sbh_threshold
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snwprintf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_splitpath
_stat
_stati64
_statusfp
_strcmpi
_strdate
_strdup
_strerror
_stricmp
_stricoll
_strlwr
_strncoll
_strnicmp
_strnicoll
_strnset
_strrev
_strset
_strtime
_strupr
_swab
_sys_errlist
_sys_nerr
_tell
_telli64
_tempnam
_timezone
_tolower
_toupper
_tzname
_tzset
_ui64toa
_ui64tow
_ultoa
_ultow
_umask
_ungetch
_unlink
_unloaddll
_unlock
_utime
_vsnprintf
_vsnwprintf
_waccess
_wasctime
_wchdir
_wchmod
_wcmdln
_wcreat
_wcsdup
_wcsicmp
_wcsicoll
_wcslwr
_wcsncoll
_wcsnicmp
_wcsnicoll
_wcsnset
_wcsrev
_wcsset
_wcsupr

Sections

.text
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
schook.dll
.dll windows:4 windows x86 arch:x86

2f45ea1a1ae7241102c18407372fd445

Code Sign

01:00:00:00:00:01:11:db:40:c7:65
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

10/04/2007, 11:28

Not After

10/04/2009, 11:28

Subject

CN=uvnc bvba,O=uvnc bvba,C=BE,1.2.840.113549.1.9.1=#0c15727564692e64652e766f7340736b796e65742e6265

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a0:af:b6:65:29:1a:08:2a:0a:3c:a4:28:77:a9:bb:ef:9c:aa:04:14
Signer

Actual PE Digest

a0:af:b6:65:29:1a:08:2a:0a:3c:a4:28:77:a9:bb:ef:9c:aa:04:14

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MapViewOfFile
OpenFileMappingA
CreateFileMappingA
LoadLibraryA
GetModuleHandleA
lstrcmpiA
ReleaseMutex
CloseHandle
UnmapViewOfFile
GetProcAddress

user32

SetRectEmpty
GetCursorPos
CallNextHookEx
ClientToScreen
GetWindowRect
GetClientRect
GetUpdateRgn
IsWindowVisible
UnhookWindowsHookEx
SetWindowsHookExA
GetClassNameA

gdi32

DeleteObject
GetRegionData
CreateRectRgn

oleaut32

VariantInit

msvcrt

malloc
_initterm
free
_onexit
__dllonexit
memset
??2@YAPAXI@Z
__CxxFrameHandler
_adjust_fdiv
??3@YAXPAX@Z

Exports

Exports

SetHook
UnSetHook

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SharedD
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ultravnc.ini
vnchooks.dll
.dll windows:4 windows x86 arch:x86

50fc9b373e448b006e86e02d587478fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

PostMessageA
FindWindowA
GetClientRect
PostThreadMessageA
IsWindowVisible
GetWindowRect
GetUpdateRgn
ClientToScreen
GetCursor
GetPropA
SetPropA
CallNextHookEx
EnumWindows
RemovePropA
SetWindowsHookExA
UnhookWindowsHookEx
RegisterWindowMessageA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA

gdi32

GetRegionData
DeleteObject
CreateRectRgn

kernel32

IsValidLocale
GetStringTypeW
GetStringTypeA
IsValidCodePage
LCMapStringA
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
LCMapStringW
LeaveCriticalSection
Sleep
GetModuleFileNameA
GetModuleHandleA
GlobalAddAtomA
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FatalAppExitA
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
UnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA

Exports

Exports

HooksType
SetHooks
SetKeyboardFilterHook
SetMouseFilterHook
UnSetHooks

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SharedD
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vncviewer.exe
.exe windows:4 windows x86 arch:x86

486f8ecd119e22fbcbab0c2ac9c14f4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_ReplaceIcon
ord6
ord17
ImageList_Create
CreateToolbarEx

winmm

timeSetEvent
PlaySoundA
timeGetTime
timeKillEvent

kernel32

MoveFileA
CreateDirectoryA
GetVersionExA
MulDiv
GetStdHandle
AllocConsole
WriteConsoleA
OutputDebugStringA
GetComputerNameA
SearchPathA
GlobalFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
CreateSemaphoreA
SetThreadPriority
TlsSetValue
GetCurrentThreadId
DuplicateHandle
GetCurrentThread
GetCurrentProcess
TlsAlloc
TlsGetValue
GetSystemTime
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetStringTypeW
GetStringTypeA
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
ReadFile
GetCPInfo
MultiByteToWideChar
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentDirectoryA
InterlockedIncrement
InterlockedDecrement
HeapSize
SetHandleCount
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
FatalAppExitA
SetLastError
TlsFree
ExitThread
GetVersion
GetCommandLineA
GetStartupInfoA
TerminateProcess
ExitProcess
GetFullPathNameA
GetFileAttributesA
HeapAlloc
GetFileType
SetStdHandle
GetLocalTime
GetTimeZoneInformation
HeapFree
RaiseException
RtlUnwind
QueryPerformanceCounter
QueryPerformanceFrequency
GetFileTime
SetEndOfFile
FlushFileBuffers
SystemTimeToFileTime
SetFileTime
SetFilePointer
WriteFile
CreateFileA
GetLogicalDriveStringsA
GetDriveTypeA
lstrlenA
FileTimeToLocalFileTime
FileTimeToSystemTime
SetErrorMode
CopyFileA
LoadLibraryA
GetProcAddress
FreeLibrary
DeleteFileA
GetModuleFileNameA
FindFirstFileA
FindNextFileA
FindClose
WideCharToMultiByte
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
GlobalAlloc
GlobalLock
GlobalUnlock
GetLastError
FormatMessageA
GetSystemTimeAsFileTime
LocalFree
Beep
Sleep
SetEvent
CloseHandle
WaitForSingleObject
CreateThread
ResumeThread
CreateEventA
GetModuleHandleA
GetUserDefaultLCID
LCMapStringA
LCMapStringW
SetConsoleCtrlHandler
GetLocaleInfoW
CompareStringA

user32

GetKeyboardState
SetWindowsHookExA
GetWindowThreadProcessId
UnhookWindowsHookEx
CallNextHookEx
GetScrollInfo
IsDlgButtonChecked
GetMessageA
LoadKeyboardLayoutA
GetMenuStringA
ModifyMenuA
PtInRect
GetDesktopWindow
SetWindowRgn
FindWindowA
OpenDesktopA
EnumDesktopWindows
CloseDesktop
GetClassNameA
DestroyIcon
EnableWindow
GetWindowTextA
GetMenuItemCount
RemoveMenu
GetParent
PeekMessageA
TranslateMessage
DispatchMessageA
DestroyMenu
ToAscii
GetMenuItemID
SetMenuDefaultItem
TrackPopupMenu
LoadStringA
RegisterClassExA
LoadMenuA
GetCursorPos
SetCursorPos
GetSystemMetrics
RedrawWindow
EmptyClipboard
SetClipboardData
GetClipboardOwner
OpenClipboard
GetClipboardData
CloseClipboard
LoadImageA
IsRectEmpty
DialogBoxParamA
EndDialog
BeginPaint
EndPaint
GetFocus
GetForegroundWindow
GetWindow
SetCursor
IsWindow
DefWindowProcA
PostQuitMessage
ChangeClipboardChain
ShowScrollBar
GetKeyState
FillRect
GetSubMenu
LoadBitmapA
SetDlgItemTextA
SetForegroundWindow
CreateAcceleratorTableA
TranslateAcceleratorA
DestroyAcceleratorTable
SendDlgItemMessageA
GetDlgItemTextA
SetWindowLongA
GetWindowLongA
RegisterWindowMessageA
ShowWindow
CreateWindowExA
SendMessageA
GetClientRect
ReleaseDC
GetDC
RegisterClassA
LoadCursorA
LoadIconA
SetFocus
GetDlgItemInt
GetWindowRect
GetDlgItem
SetTimer
EnableMenuItem
KillTimer
wsprintfA
IsIconic
InvalidateRgn
PostMessageA
GetKeyboardLayoutNameA
SetScrollInfo
ScrollWindowEx
DestroyWindow
DrawTextA
InvalidateRect
SystemParametersInfoA
SetRect
AdjustWindowRectEx
SetWindowPos
MoveWindow
SetWindowTextA
UpdateWindow
SetDlgItemInt
MessageBoxA
GetSystemMenu
AppendMenuA
DrawMenuBar
CheckMenuItem
SetClipboardViewer

gdi32

CreateCompatibleBitmap
ExtTextOutA
RealizePalette
SelectPalette
SetDIBColorTable
CreateDIBSection
CombineRgn
CreateRectRgn
GetStockObject
SetBkColor
StretchBlt
SetBrushOrgEx
SetStretchBltMode
SetPixelV
CreateRectRgnIndirect
CreateFontIndirectA
GdiFlush
SetBkMode
Rectangle
CreateFontA
CreatePolygonRgn
LineTo
MoveToEx
CreatePen
SetTextColor
GetDeviceCaps
CreatePalette
GetClipBox
CreateCompatibleDC
CreateSolidBrush
SelectObject
PatBlt
BitBlt
DeleteObject
UpdateColors
DeleteDC

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

advapi32

RegQueryValueExA
RegCreateKeyA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyA
RegSetValueA
RegQueryInfoKeyA
RegEnumValueA
RegCloseKey

shell32

SHGetPathFromIDListA
Shell_NotifyIconA
SHGetSpecialFolderLocation

wsock32

recv
bind
listen
WSAAsyncSelect
send
shutdown
closesocket
inet_ntoa
ioctlsocket
gethostbyname
htons
connect
getpeername
select
WSAGetLastError
accept
WSACleanup
WSAStartup
setsockopt
socket

Sections

.text
Size: 592KB - Virtual size: 590KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winvnc-t.exe
.exe windows:4 windows x86 arch:x86

418c1bbabf0ce7bcf42d317136c46453

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

vnchooks

ord1
ord3
ord4
ord2

advapi32

CloseServiceHandle
ControlService
CreateServiceA
DeleteService
DeregisterEventSource
GetUserNameA
ImpersonateLoggedOnUser
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegisterEventSourceA
RegisterServiceCtrlHandlerA
ReportEventA
RevertToSelf
SetServiceStatus
StartServiceCtrlDispatcherA

kernel32

AllocConsole
CloseHandle
CreateFileA
CreateMutexA
CreateProcessA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
ExitProcess
ExitThread
FindResourceA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetComputerNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemTime
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalLock
GlobalMemoryStatus
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadResource
LockResource
MoveFileA
MultiByteToWideChar
OpenProcess
OutputDebugStringA
RaiseException
ReleaseSemaphore
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetFilePointer
SetHandleCount
SetLastError
SetProcessShutdownParameters
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteFile

wsock32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
closesocket
connect
gethostbyname
gethostname
getpeername
getsockname
htonl
htons
ioctlsocket
inet_addr
inet_ntoa
listen
recv
select
send
setsockopt
shutdown
socket
bind

gdi32

BitBlt
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreatePalette
CreateRectRgn
CreateRectRgnIndirect
DeleteDC
DeleteObject
GdiFlush
GetBitmapBits
GetDIBits
GetDeviceCaps
GetObjectA
GetRegionData
GetStockObject
GetSystemPaletteEntries
RealizePalette
SelectObject
SelectPalette

shell32

Shell_NotifyIconA

user32

ChangeClipboardChain
ChangeDisplaySettingsA
CheckDlgButton
CheckMenuItem
CloseClipboard
CloseDesktop
CreateWindowExA
DefWindowProcA
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawIconEx
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EnumDesktopWindows
EnumDisplaySettingsA
EnumThreadWindows
EnumWindows
ExitWindowsEx
FindWindowA
FlashWindow
GetAsyncKeyState
GetClassNameA
GetClipboardData
GetClipboardOwner
GetCursorPos
GetDC
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetForegroundWindow
GetIconInfo
GetKeyboardState
GetMenuItemID
GetMenuState
GetMessageA
GetProcessWindowStation
GetPropA
GetSubMenu
GetSystemMetrics
GetThreadDesktop
GetUserObjectInformationA
GetWindowLongA
GetWindowRect
GetWindowThreadProcessId
IntersectRect
IsDlgButtonChecked
IsRectEmpty
IsWindowVisible
KillTimer
LoadCursorA
LoadIconA
LoadMenuA
LoadStringA
MapVirtualKeyA
MessageBeep
MessageBoxA
OpenClipboard
OpenDesktopA
OpenInputDesktop
PeekMessageA
PostMessageA
PostQuitMessage
PostThreadMessageA
RegisterClassExA
RegisterWindowMessageA
ReleaseDC
RemovePropA
SendDlgItemMessageA
SendMessageA
SetActiveWindow
SetClipboardData
SetClipboardViewer
SetDlgItemInt
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetMenuDefaultItem
SetPropA
SetRect
SetRectEmpty
SetThreadDesktop
SetTimer
SetWindowLongA
SetWindowTextA
SystemParametersInfoA
TrackPopupMenu
TranslateMessage
UnionRect
VkKeyScanA
WindowFromPoint
keybd_event
mouse_event
wsprintfA

ole32

CoCreateInstance
CoInitialize

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 233KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
winvnc-u102.exe
.exe windows:4 windows x86 arch:x86

8ed6817cf96e4657a261bfc613d709d7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
gethostname
inet_addr
WSAStartup
WSAGetLastError
recv
send
getsockname
getpeername
accept
listen
ioctlsocket
connect
htons
htonl
bind
shutdown
closesocket
socket
setsockopt
gethostbyname

winmm

timeGetTime

kernel32

lstrlenA
SetErrorMode
GetDriveTypeA
GetLogicalDriveStringsA
FileTimeToSystemTime
GetFileTime
SetFilePointer
ReadFile
WriteFile
SetFileTime
SystemTimeToFileTime
SetEndOfFile
GetVersionExA
WaitForSingleObject
SetThreadPriority
GetCurrentThread
OpenEventA
GlobalUnlock
GlobalLock
GlobalAlloc
SetProcessShutdownParameters
TerminateProcess
CreateProcessA
LockResource
LoadResource
SizeofResource
FindResourceA
ReleaseMutex
CreateMutexA
GetStdHandle
AllocConsole
MoveFileExA
FormatMessageA
WriteConsoleA
OutputDebugStringA
GlobalDeleteAtom
GlobalGetAtomNameA
CreateDirectoryA
SearchPathA
GlobalFree
HeapReAlloc
ExitThread
GetVersion
GetCommandLineA
GetStartupInfoA
GetFileType
SetStdHandle
ExitProcess
InterlockedIncrement
InterlockedDecrement
HeapFree
HeapAlloc
RtlUnwind
RaiseException
GetLocalTime
GetTimeZoneInformation
TlsGetValue
TlsFree
TlsAlloc
DuplicateHandle
TlsSetValue
CreateSemaphoreA
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSection
SetUnhandledExceptionFilter
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
MultiByteToWideChar
LCMapStringA
MoveFileA
FlushFileBuffers
GetSystemTime
GetCurrentProcessId
GetModuleHandleA
GetSystemDirectoryA
GetCurrentThreadId
Beep
Sleep
DeviceIoControl
CreateFileA
IsBadReadPtr
IsBadWritePtr
CreateThread
ResumeThread
GetComputerNameA
GetLastError
SetLastError
CloseHandle
GetCurrentProcess
OpenProcess
LeaveCriticalSection
EnterCriticalSection
CopyFileA
FreeLibrary
DeleteFileA
GetModuleFileNameA
FindFirstFileA
FindNextFileA
FindClose
WideCharToMultiByte
LoadLibraryA
GetProcAddress
LCMapStringW
SetHandleCount
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadCodePtr
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalAddAtomA
InterlockedExchange

user32

CheckDlgButton
ExitWindowsEx
GetUserObjectInformationA
GetProcessWindowStation
CloseWindowStation
SetProcessWindowStation
OpenWindowStationA
EnumWindowStationsA
PostThreadMessageA
TrackPopupMenu
GetMenuItemID
EnableMenuItem
DestroyMenu
LoadMenuA
EnableWindow
VkKeyScanA
ToAscii
SetDlgItemInt
MapVirtualKeyA
SetRect
PeekMessageA
WaitMessage
IsIconic
WaitForInputIdle
GetParent
GetClipboardOwner
GetClipboardData
IsWindowVisible
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetIconInfo
DrawIconEx
SetClipboardViewer
IsWindow
GetDlgItemInt
IsDlgButtonChecked
GetSubMenu
GetAsyncKeyState
SetMenuDefaultItem
EnumWindows
GetWindowTextA
OpenDesktopA
EnumDesktopWindows
GetClassNameA
ChangeClipboardChain
DestroyWindow
GetDesktopWindow
WindowFromPoint
GetWindowRect
RegisterWindowMessageA
mouse_event
wsprintfA
GetKeyboardState
keybd_event
GetForegroundWindow
SetActiveWindow
MessageBeep
FlashWindow
GetThreadDesktop
OpenInputDesktop
SetThreadDesktop
GetCursorPos
SetCursorPos
CloseDesktop
EnumDisplaySettingsA
GetDC
ReleaseDC
EndDialog
SetWindowTextA
LoadStringA
GetDlgItemTextA
SetFocus
DialogBoxParamA
GetScrollInfo
PostMessageA
SetDlgItemTextA
GetDlgItem
SendDlgItemMessageA
SetForegroundWindow
MessageBoxA
FindWindowA
GetWindowThreadProcessId
SystemParametersInfoA
SendMessageA
GetMessageA
TranslateMessage
DispatchMessageA
SetTimer
KillTimer
PostQuitMessage
DefWindowProcA
LoadIconA
LoadCursorA
RegisterClassExA
AdjustWindowRect
CreateWindowExA
GetWindowLongA
SetWindowLongA
ShowWindow
GetSystemMetrics
SetWindowPos
IsRectEmpty
LoadImageA
InvalidateRect

gdi32

GetObjectA
GetBitmapBits
GdiFlush
CreateDIBSection
CreatePalette
SelectPalette
RealizePalette
SetDIBColorTable
GetDeviceCaps
CreateCompatibleBitmap
GetPixel
BitBlt
ExtEscape
GetSystemPaletteEntries
SetBkMode
GetStockObject
GetClipBox
CreateCompatibleDC
CreateSolidBrush
SelectObject
PatBlt
StretchBlt
DeleteObject
CreateDCA
DeleteDC
GetDIBits

shell32

SHAppBarMessage
SHGetSpecialFolderLocation
SHGetPathFromIDListA
Shell_NotifyIconA

advapi32

RevertToSelf
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetServiceStatus
RegOpenKeyA
RegDeleteValueA
ControlService
QueryServiceStatus
DeleteService
CreateServiceA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
DuplicateToken
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegCreateKeyA
RegCloseKey
RegSetValueExA
GetTokenInformation
AllocateAndInitializeSid
OpenProcessToken
ImpersonateLoggedOnUser
FreeSid
EqualSid

ole32

CoUninitialize
CoCreateInstance
CoInitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 488KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 252KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
winvnc-u104.exe
.exe windows:4 windows x86 arch:x86

6cbab967b89643b16cfdbc46546359d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

closesocket
WSACleanup
WSAStartup
inet_addr
gethostname
shutdown
bind
socket
gethostbyname
WSAGetLastError
recv
send
getsockname
getpeername
accept
setsockopt
listen
ioctlsocket
connect
htons
htonl

winmm

timeSetEvent
timeGetTime

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wtsapi32

WTSEnumerateProcessesA
WTSEnumerateSessionsA
WTSFreeMemory

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
WaitForSingleObject
CreateMutexA
ReleaseMutex
GetCurrentProcess
SetLastError
GetVersionExA
GetCurrentProcessId
Process32Next
Process32First
CreateToolhelp32Snapshot
Sleep
GetExitCodeProcess
SetEvent
CreateEventA
OutputDebugStringA
SetCurrentDirectoryA
GetComputerNameA
ResumeThread
CreateThread
IsBadWritePtr
IsBadReadPtr
CreateFileA
GetSystemInfo
GetSystemTime
SetFilePointer
ReadFile
CreateDirectoryA
SetErrorMode
SetFileTime
SystemTimeToFileTime
FlushFileBuffers
SetEndOfFile
WriteFile
MoveFileA
lstrlenA
GetDriveTypeA
GetLogicalDriveStringsA
FileTimeToSystemTime
GetFileTime
SetThreadPriority
GetCurrentThread
OpenEventA
GlobalUnlock
CreateFileMappingA
GlobalAlloc
TerminateProcess
GetPrivateProfileStructA
SetProcessShutdownParameters
LockResource
LoadResource
SizeofResource
FindResourceA
WriteConsoleA
GetStdHandle
FormatMessageA
MoveFileExA
AllocConsole
GlobalDeleteAtom
GlobalGetAtomNameA
GlobalAddAtomA
ResetEvent
GlobalFree
SearchPathA
InterlockedIncrement
ExitThread
HeapReAlloc
GetStartupInfoA
GetProcessHeap
GetCommandLineA
GetFileType
SetStdHandle
ExitProcess
FileTimeToLocalFileTime
HeapFree
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
TlsAlloc
DuplicateHandle
TlsSetValue
TlsFree
TlsGetValue
CreateSemaphoreA
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSection
GlobalLock
WritePrivateProfileStructA
HeapSize
GetCPInfo
GetACP
GetOEMCP
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
OpenProcess
CloseHandle
GetTempPathA
WinExec
CopyFileA
FreeLibrary
DeleteFileA
GetModuleFileNameA
FindFirstFileA
InterlockedDecrement
FindNextFileA
FindClose
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetCurrentThreadId
GetLastError
LoadLibraryA
GetProcAddress
GetModuleHandleA
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetFullPathNameA
GetCurrentDirectoryA
SetHandleCount
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
CreateProcessA
SetEnvironmentVariableA

user32

DestroyMenu
SetDlgItemInt
CheckDlgButton
IsDlgButtonChecked
GetDlgItemInt
ExitWindowsEx
GetProcessWindowStation
GetAsyncKeyState
MapVirtualKeyA
SetRect
PeekMessageA
WaitMessage
IsIconic
RegisterWindowMessageA
GetIconInfo
SetClipboardViewer
EnumWindows
ChangeClipboardChain
DestroyWindow
WaitForInputIdle
WindowFromPoint
GetClipboardOwner
GetClipboardData
IsWindowVisible
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawIconEx
IsWindow
GetWindowTextA
LoadMenuA
EnumDesktopWindows
GetClassNameA
mouse_event
GetKeyboardState
keybd_event
SetActiveWindow
MessageBeep
FlashWindow
GetDesktopWindow
ChangeDisplaySettingsExA
EnumDisplaySettingsA
DialogBoxParamA
EndDialog
SetWindowTextA
LoadStringA
GetWindowRect
InvalidateRect
GetDlgItemTextA
SetFocus
GetCursorPos
ScreenToClient
SetCursor
SetCapture
SetCaretBlinkTime
ReleaseCapture
MoveWindow
CallWindowProcA
GetParent
GetClientRect
GetDC
ReleaseDC
PostMessageA
SetDlgItemTextA
GetScrollInfo
GetDlgItem
GetSubMenu
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
EnableMenuItem
EnableWindow
GetKeyState
VkKeyScanA
OpenDesktopA
ToAscii
SendDlgItemMessageA
SetForegroundWindow
MessageBoxA
wsprintfA
FindWindowA
GetWindowThreadProcessId
SystemParametersInfoA
GetForegroundWindow
SendMessageA
OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationA
SetThreadDesktop
CloseDesktop
GetMessageA
DispatchMessageA
TranslateMessage
LoadIconA
LoadCursorA
RegisterClassExA
AdjustWindowRect
CreateWindowExA
GetWindowLongA
SetWindowLongA
ShowWindow
KillTimer
PostQuitMessage
SetTimer
DefWindowProcA
GetSystemMetrics
SetWindowPos
IsRectEmpty
LoadImageA
GetCaretBlinkTime

gdi32

GetObjectA
GetBitmapBits
GetPixel
GdiFlush
CreateCompatibleBitmap
CreateDIBSection
CreatePalette
SelectPalette
RealizePalette
SetDIBColorTable
GetDeviceCaps
BitBlt
ExtEscape
GetSystemPaletteEntries
SetROP2
MoveToEx
LineTo
SetBkMode
GetStockObject
GetClipBox
CreateCompatibleDC
CreateSolidBrush
SelectObject
PatBlt
StretchBlt
DeleteObject
CreateDCA
DeleteDC
GetDIBits

advapi32

RegCloseKey
LookupAccountSidA
GetUserNameA
RegCreateKeyA
CreateServiceA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
DeleteService
RegCreateKeyExA
SetServiceStatus
DuplicateTokenEx
SetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
RevertToSelf
ImpersonateLoggedOnUser
OpenProcessToken
CreateProcessAsUserA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

shell32

SHAppBarMessage
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHFileOperationA
SHGetFolderPathA
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

imm32

ImmGetDefaultIMEWnd

Sections

.text
Size: 440KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 804KB - Virtual size: 802KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 152KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 8KB

6ee35c3d8aedad42454d8c6d808b13a8

Code Sign

01:00:00:00:00:01:11:db:40:c7:65Certificate

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:08:d9:61:1c:d6Certificate

Key Usages

04:00:00:00:00:01:08:d9:61:24:48Certificate

Key Usages

d7:dc:7e:98:18:b7:36:2c:9b:bf:2e:a3:e1:3b:fa:e4:40:8e:3f:b4Signer

Headers

File Characteristics

PDB Paths

Imports

rpcrt4

kernel32

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 48KB - Virtual size: 47KB

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 152KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 8KB

c337d58e82eabb5406078a63592870d2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 16KB - Virtual size: 15KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 152KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 8KB

01:00:00:00:00:01:11:db:40:c7:65
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

d7:dc:7e:98:18:b7:36:2c:9b:bf:2e:a3:e1:3b:fa:e4:40:8e:3f:b4
Signer

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 48KB - Virtual size: 47KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 152KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 848B

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 20KB - Virtual size: 336KB

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 12KB - Virtual size: 8KB

01:00:00:00:00:01:11:db:40:c7:65
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

fa:0c:51:c0:a5:10:a1:d6:a2:d5:61:ad:ea:4b:15:33:b6:45:ec:c5
Signer

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1024B - Virtual size: 627B

.data
Size: 1024B - Virtual size: 832B

INIT
Size: 1024B - Virtual size: 626B

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 512B - Virtual size: 510B

01:00:00:00:00:01:11:db:40:c7:65
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

83:51:9d:3b:ca:92:3c:f2:9a:93:d9:2e:a4:13:a5:ce:de:5b:be:00
Signer