f00dc0fc90a70451244a474e3d8a96e3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f00dc0fc90a70451244a474e3d8a96e3_JaffaCakes118
Size

1.4MB
MD5

f00dc0fc90a70451244a474e3d8a96e3
SHA1

77732013c7f4db117cd1aed494b91ca21c729007
SHA256

a3e079c6659e74fe472cf29b2a86fb1db06cceff32d0c1a74f2dfd90e6e7c635
SHA512

8fd9da94a8dc2a78c207e112d5acba34a3148a5fe23fc55c2b8d016457d1134f0425d6e36aabe57ae9a3e270f69a2897789f6008c06077a0d6c0c2bd8e1b8425
SSDEEP

24576:pXYnUXZGGd0M0GXj76OpDmSyNoXMBJDgGDsbpgGiA9nHo1DwYosq:qUkM0Gz76OpDmSyGOpu+GHFZsq

Score

3^/10

Malware Config

Signatures

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/KillProcDLL.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsUnzip.dll
unpack002/$PROFILE/AppData/LocalLow/bbrs_002.tb/content/BCHelper.exe
unpack001/$PLUGINSDIR/IpConfig.dll
unpack001/$PLUGINSDIR/Math.dll
unpack001/$PLUGINSDIR/NSISpcre.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/amisid.exe
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/newadvsplash.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsisos.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$PLUGINSDIR/InstallerCOP.exe	nsis_installer_1
static1/unpack001/$PLUGINSDIR/InstallerCOP.exe	nsis_installer_2

Files

f00dc0fc90a70451244a474e3d8a96e3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f14aba31075188e8a83ea826ace3eca3

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:81:2d:a0:f7:cb:2e:cd:49:55:fd:76:e0:a6:c4:93
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

22/02/2012, 00:00

Not After

21/02/2013, 23:59

Subject

CN=Shetef Solutions & Consulting (1998) Ltd.,O=Shetef Solutions & Consulting (1998) Ltd.,L=Rannana,ST=N/A,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bd:31:83:d4:61:90:d3:e4:6d:89:11:bb:68:fc:8f:a4:48:bf:c0:9e
Signer

Actual PE Digest

bd:31:83:d4:61:90:d3:e4:6d:89:11:bb:68:fc:8f:a4:48:bf:c0:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
CompareFileTime
lstrlenA
lstrcpynA
lstrlenW
lstrcpynW
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryA
CreateProcessA
GetTempFileNameA
lstrcatA
GetProcAddress
OpenProcess
lstrcpyA
GetVersionExA
GetSystemDirectoryA
GetVersion
RemoveDirectoryA
SetFileTime
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleA
LoadLibraryExA
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
WideCharToMultiByte

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcA
IsWindowVisible
LoadBitmapA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
CheckDlgButton
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharUpperA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
SendMessageTimeoutA
FindWindowExA
LoadCursorA
SetCursor
GetWindowLongA
GetSysColor
CharNextA
DialogBoxParamA
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
wsprintfA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumValueA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 612KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BannerCOP.bmp
$PLUGINSDIR/InstallerCOP.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a5:6e:0c:91:f7:b1:25:dc:48:fc:a4:c6:07:7c:7b:c6
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

21/02/2012, 00:00

Not After

20/02/2014, 23:59

Subject

CN=Blabbers Communications Ltd,O=Blabbers Communications Ltd,POSTALCODE=43034,STREET=Arad 3,L=Tel Aviv,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/BrowserCompanion/tcbhn.exe
.exe windows:5 windows x86 arch:x86

805fc5fb72865e9165d6793f8916a6f9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a5:6e:0c:91:f7:b1:25:dc:48:fc:a4:c6:07:7c:7b:c6
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

21/02/2012, 00:00

Not After

20/02/2014, 23:59

Subject

CN=Blabbers Communications Ltd,O=Blabbers Communications Ltd,POSTALCODE=43034,STREET=Arad 3,L=Tel Aviv,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\UV\Documents\Visual Studio 2010\Projects\PlusNetwork\Release\PlusNetwork.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
CloseHandle
GetLastError
CreateFileW
GetProcAddress
GetModuleHandleW
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
GetPrivateProfileStringW
WideCharToMultiByte
GetVersion
CreateMutexW
ReleaseMutex
GetCommandLineW
LocalFree
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
MapViewOfFile
UnmapViewOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
UnlockFileEx
GetSystemTimeAsFileTime
GetUserDefaultLCID
InitializeCriticalSection
LoadLibraryW
Sleep
FormatMessageW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
GetVersionExA
DeleteFileW
GetCurrentProcessId
GetTempPathA
SetEnvironmentVariableA
AreFileApisANSI
DeleteFileA
GetConsoleCP
GetFileType
SetHandleCount
IsProcessorFeaturePresent
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
WriteConsoleW
SetStdHandle
CompareStringW
FormatMessageA
GetSystemTime
GetStdHandle
GetCurrentThreadId
SetLastError
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EncodePointer
DecodePointer
GetProcessHeap
ExitProcess
HeapSetInformation
GetStartupInfoW
RtlUnwind
RaiseException
LCMapStringW
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

user32

PostMessageW
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
SetTimer
FindWindowExW

advapi32

RegSetValueExW
RegCreateKeyExW
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW

shell32

SHFileOperationW
CommandLineToArgvW
SHGetFolderPathW

Sections

.text
Size: 572KB - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/BrowserCompanion/valuese.xml
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/mybar2.ini
$PLUGINSDIR/nsUnzip.dll
.dll windows:4 windows x86 arch:x86

f61b492d16b51856da71c9a124fee190

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
InterlockedExchange
CreateMutexA
GetDriveTypeA
GetVolumeInformationA
LeaveCriticalSection
EnterCriticalSection
lstrlenA
FindFirstFileA
FindNextFileA
FindClose
GetVersion
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SetEndOfFile
SetFilePointer
CreateFileA
GetFullPathNameA
GetLocaleInfoA
DosDateTimeToFileTime
SetFileAttributesA
GetFileAttributesA
GetFileTime
SetVolumeLabelA
GetCurrentDirectoryA
DeleteFileA
CreateDirectoryA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
HeapSize
LoadLibraryA
ReadFile
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
CloseHandle
GlobalUnlock
GlobalLock
lstrcpyA
lstrcmpA
lstrcmpiA
GlobalFree
GlobalAlloc
lstrcpynA
SetFileTime
GetSystemTimeAsFileTime
SetStdHandle
GetFileType
HeapReAlloc
MultiByteToWideChar
GetCurrentThreadId
GetCommandLineA
GetVersionExA
RtlUnwind
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetTimeZoneInformation
GetACP
GetOEMCP
WriteFile
FlushFileBuffers
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
VirtualProtect
GetSystemInfo
VirtualQuery
SetEnvironmentVariableW

user32

OemToCharA
CharToOemA
wsprintfA
DialogBoxParamA
GetDlgItem
SetWindowTextA
SetDlgItemTextA
SendMessageA
EnableWindow
GetWindowTextLengthA
GetWindowTextA
EndDialog
CharUpperA

advapi32

GetSecurityDescriptorControl
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetKernelObjectSecurity
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
IsValidAcl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
IsValidSid
GetSecurityDescriptorGroup

Exports

Exports

Extract
GetPassword

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROFILE/AppData/LocalLow/bbrs_002.tb/content/BCHelper.exe
.exe windows:5 windows x86 arch:x86

a1d3c1821c64b4d938de2b3d515255dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work\CoupishAgent\Release\BCHelper.pdb

Imports

sqlite3

sqlite3_prepare_v2
sqlite3_busy_timeout
sqlite3_close
sqlite3_open
sqlite3_errmsg
sqlite3_finalize
sqlite3_step
sqlite3_column_type
sqlite3_column_name
sqlite3_column_text
sqlite3_column_count
sqlite3_free
sqlite3_mprintf

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW

kernel32

SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
Sleep
HeapCreate
GetModuleFileNameW
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
GetFileAttributesW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetProcAddress
GetModuleHandleW
lstrlenW
CloseHandle
GetLastError
CreateFileW
GetFileSize
ReadFile
InterlockedDecrement
CreateDirectoryW
TerminateProcess
SetEndOfFile
SetFilePointer
WriteFile
GetFileType
DeleteFileW
FindResourceW
SizeofResource
LoadResource
LockResource
WideCharToMultiByte
FindResourceExW
GetCurrentProcess
HeapAlloc
GetProcessHeap
HeapFree
GetTempPathW
SetFileAttributesW
GetTickCount
GetVersionExW
SetLastError
SetUnhandledExceptionFilter
RemoveDirectoryW
GetCurrentThreadId
CreateMutexW
WaitForSingleObject
GetCommandLineW
GetStartupInfoW
HeapSetInformation
InterlockedIncrement
GetSystemTimeAsFileTime
DecodePointer
LoadLibraryW
EncodePointer
InterlockedExchange
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
HeapSize
HeapReAlloc
HeapDestroy
MultiByteToWideChar
QueryPerformanceCounter
GetCurrentProcessId
IsProcessorFeaturePresent
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
FlushFileBuffers
RtlUnwind
UnhandledExceptionFilter
LocalFree

user32

EndPaint
BeginPaint
KillTimer
SetTimer
UpdateWindow
DefWindowProcW
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
DispatchMessageW
TranslateMessage
ShowWindow
PostQuitMessage

advapi32

RegDeleteValueW
RegQueryValueExW
EqualSid
CreateWellKnownSid
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey

shell32

CommandLineToArgvW
SHFileOperationW
SHGetFolderPathW
SHGetMalloc
SHGetFolderLocation
SHGetPathFromIDListW

oleaut32

VariantClear

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROFILE/AppData/LocalLow/bbrs_002.tb/content/fix2.js
.js
$PROFILE/AppData/LocalLow/bbrs_002.tb/content/fix3.js
.js
$PROFILE/AppData/LocalLow/bbrs_002.tb/content/fix4.js
.js
$PROFILE/AppData/LocalLow/bbrs_002.tb/content/icon.png
.png
$PROFILE/AppData/LocalLow/bbrs_002.tb/content/jquery4toolbar.js
.js
$PROFILE/AppData/LocalLow/bbrs_002.tb/content/lock.js
.js
$PROFILE/AppData/LocalLow/bbrs_002.tb/content/witapi.js
.js
$PROFILE/AppData/LocalLow/bbrs_002.tb/content/witmain.js
.js
$PROFILE/AppData/LocalLow/bbrs_002.tb/content/wittoolbar.js
.js
$PROFILE/AppData/LocalLow/bbrs_002.tb/content/witwidgetapi.js
.js
$TEMP/$_1_
.zip
chrome.manifest
chrome/content/bubble.js
.js
chrome/content/bubble.xul
.xml
chrome/content/fix2.js
.js
chrome/content/fix3.js
.js
chrome/content/fix4.js
.js
chrome/content/icon.png
.png
chrome/content/jquery4toolbar.js
.js
chrome/content/lock.js
.js
chrome/content/style.xul
chrome/content/witapi.js
.js
chrome/content/witmain.js
.js
chrome/content/wittoolbar.js
.js
chrome/content/witutils.js
.js
components/handleProtocol.js
.js
install.rdf
.xml
blabbers-ch.crx
.zip
back.html
.html .js polyglot
chromeNPAPI.dll
.dll windows:5 windows x86 arch:x86

968790e7f75cd5cc43711d9e184b9763

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

d5:61:64:3a:76:97:d6:33:bc:b5:65:e2:e1:ef:73:65
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/02/2011, 00:00

Not After

10/02/2012, 23:59

Subject

CN=Blabbers Communications Ltd,O=Blabbers Communications Ltd,POSTALCODE=43034,STREET=Arad 3,L=Tel Aviv,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Sergey\Desktop\hw\chromeNPAPI.pdb

Imports

urlmon

URLDownloadToCacheFileW

kernel32

lstrlenW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
CreateDirectoryW
MultiByteToWideChar
LockResource
LoadResource
FindResourceW
FindResourceExW
CloseHandle
CreateFileW
WriteFile
WideCharToMultiByte
SizeofResource
Sleep
CreateFileA
SetEndOfFile
GetLocaleInfoA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetLastError
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetConsoleCP
GetConsoleMode
ReadFile
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegEnumKeyExW

shell32

ShellExecuteW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
SysAllocString
SysFreeString

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fix2.js
.js
fix3.js
.js
fix4.js
.js
frames.js
.js
icon.png
.png
inPage.js
.js
jquery4toolbar.js
.js
lock.js
.js
manifest.json
witmain.js
.js
wittoolbar.js
.js
blabbers-ff-full.xpi
.zip
chrome.manifest
chrome/content/bl985683.key
.html
chrome/content/bubble.js
.js
chrome/content/bubble.xul
.xml
chrome/content/fix2.js
.js
chrome/content/fix3.js
.js
chrome/content/fix4.js
.js
chrome/content/icon.png
.png
chrome/content/jquery4toolbar.js
.js
chrome/content/lock.js
.js
chrome/content/style.xul
chrome/content/witapi.js
.js
chrome/content/witmain.js
.js
chrome/content/wittoolbar.js
.js
chrome/content/witutils.js
.js
components/handleProtocol.js
.js
install.rdf
.xml
jsloader.dll
.dll regsvr32 windows:5 windows x86 arch:x86

edde8455e845da6920516ac7d1ada2f7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

d5:61:64:3a:76:97:d6:33:bc:b5:65:e2:e1:ef:73:65
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/02/2011, 00:00

Not After

10/02/2012, 23:59

Subject

CN=Blabbers Communications Ltd,O=Blabbers Communications Ltd,POSTALCODE=43034,STREET=Arad 3,L=Tel Aviv,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\tribar\IE\bho_toolbar\bin\jsloader.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
LoadLibraryW
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
GetCurrentThreadId
CloseHandle
CreateProcessW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
LoadLibraryExW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
SetThreadLocale
GetThreadLocale
RaiseException
GetProcessHeap
HeapFree
GetEnvironmentVariableW
SetEndOfFile
CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetVersion
GetFileAttributesW
GetModuleHandleA
OutputDebugStringW
DebugBreak
OpenMutexW
GetModuleHandleW
GetProcAddress
CreateDirectoryW
WideCharToMultiByte
InterlockedIncrement
lstrlenA
MultiByteToWideChar
InterlockedDecrement
lstrlenW
HeapAlloc
LCMapStringW
LCMapStringA
CreateFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
ReadFile
ExitProcess
Sleep
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
WriteFile
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetCurrentProcessId

user32

LoadStringW
wvsprintfW
CharNextW
MessageBoxW
SetWindowLongW
IsWindow
LoadCursorW
CallWindowProcW
GetWindowLongW
DefWindowProcW
SendMessageTimeoutW
FindWindowExW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
DestroyWindow
UnregisterClassA

advapi32

GetSidIdentifierAuthority
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CLSIDFromProgID
CoCreateInstance

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
DispCallFunc
VarUI4FromStr
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantCopy
SysStringLen
SysAllocString
VariantClear
VariantInit
SysFreeString

shlwapi

PathFileExistsW
PathRemoveFileSpecW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
logo.ico
tdataprotocol.dll
.dll regsvr32 windows:5 windows x86 arch:x86

46aa506096be44168bd5415bf2618c60

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

d5:61:64:3a:76:97:d6:33:bc:b5:65:e2:e1:ef:73:65
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/02/2011, 00:00

Not After

10/02/2012, 23:59

Subject

CN=Blabbers Communications Ltd,O=Blabbers Communications Ltd,POSTALCODE=43034,STREET=Arad 3,L=Tel Aviv,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\tribar\IE\chrome_protocol\bin\tdataprotocol.pdb

Imports

urlmon

URLDownloadToFileW

wininet

DeleteUrlCacheEntryW

kernel32

GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetProcAddress
GetModuleHandleW
lstrcmpiW
FlushInstructionCache
GetCurrentProcess
WideCharToMultiByte
GlobalUnlock
GlobalLock
GlobalAlloc
MultiByteToWideChar
lstrlenA
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
SetLastError
FreeLibrary
LoadLibraryExW
RaiseException
HeapFree
GetProcessHeap
GetSystemTimeAsFileTime
MoveFileW
DeleteFileW
ReadFile
CreateThread
HeapAlloc
SetThreadLocale
GetThreadLocale
CreateDirectoryW
GetEnvironmentVariableW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetFilePointer
lstrlenW
CreateFileW
GetFileSize
CloseHandle
GetModuleFileNameW
SetEndOfFile
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
GetCommandLineA
HeapCreate
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetModuleHandleA

user32

UnregisterClassA
CallWindowProcW
GetWindowLongW
CreateWindowExW
RegisterClassExW
DefWindowProcW
DestroyWindow
LoadCursorW
GetClassInfoExW
IsWindow
SetWindowLongW
CharNextW
PostMessageW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2

oleaut32

VarUI4FromStr
SysStringLen
SysAllocString
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysFreeString

shlwapi

PathFileExistsW
StrCpyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
terms.lnk.url
toolbar.dll
.dll regsvr32 windows:5 windows x86 arch:x86

a017b4c746dca8494d1bc98fd5595370

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

d5:61:64:3a:76:97:d6:33:bc:b5:65:e2:e1:ef:73:65
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/02/2011, 00:00

Not After

10/02/2012, 23:59

Subject

CN=Blabbers Communications Ltd,O=Blabbers Communications Ltd,POSTALCODE=43034,STREET=Arad 3,L=Tel Aviv,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\tribar\IE\bho_toolbar\bin\toolbar.pdb

Imports

kernel32

GetModuleHandleW
lstrcmpiW
FlushInstructionCache
GetCurrentProcess
FreeLibrary
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
SetLastError
GetModuleFileNameW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
FlushFileBuffers
GetProcAddress
CreateFileA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
GetCurrentThreadId
CloseHandle
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
RtlUnwind
GetCommandLineA
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentProcessId

user32

GetClassInfoExW
FindWindowExW
GetWindowThreadProcessId
SendMessageW
GetFocus
CharNextW
CallWindowProcW
CreateWindowExW
RegisterClassExW
DefWindowProcW
LoadMenuW
GetSubMenu
TrackPopupMenu
DestroyWindow
LoadCursorW
UnregisterClassA
GetWindowLongW
GetWindow
IsWindow
GetParent
KillTimer
SetTimer
ShowWindow
GetClientRect
GetWindowRect
SetWindowLongW

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SysStringLen
VariantClear
VariantInit
VarUI4FromStr
SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe.nsis
updatebhoWin32.dll
.dll regsvr32 windows:5 windows x86 arch:x86

8dd43e6cb658e5a48a9543b6e46b10d0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

d5:61:64:3a:76:97:d6:33:bc:b5:65:e2:e1:ef:73:65
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/02/2011, 00:00

Not After

10/02/2012, 23:59

Subject

CN=Blabbers Communications Ltd,O=Blabbers Communications Ltd,POSTALCODE=43034,STREET=Arad 3,L=Tel Aviv,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Documents\Projects\Blabbers\src\utils\bin\updatebhoWin32.pdb

Imports

wininet

DeleteUrlCacheEntryW

kernel32

lstrlenW
GetProcAddress
GetModuleHandleW
lstrcmpiW
GetLastError
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetVersion
GetSystemTime
CloseHandle
FreeLibrary
GetTempFileNameW
CreateDirectoryW
DeleteFileW
RemoveDirectoryW
EnterCriticalSection
LeaveCriticalSection
LockResource
FindResourceExW
GetThreadLocale
SetThreadLocale
CreateFileA
GetPrivateProfileStringW
GetModuleFileNameW
DeleteCriticalSection
RaiseException
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
GetTempPathW
ExitThread
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentThreadId
CreateThread
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
ExitProcess
VirtualFree
VirtualAlloc
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
RtlUnwind
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
ReadFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
InitializeCriticalSectionAndSpinCount
CreateFileW

user32

CharNextW
MessageBoxW

advapi32

RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegQueryValueExW

shell32

ShellExecuteExW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance

oleaut32

SysStringLen
VarUI4FromStr
UnRegisterTypeLi
SysAllocString
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysFreeString

urlmon

URLDownloadToFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updater.ini
widgetserv.exe
.exe windows:5 windows x86 arch:x86

ac4cc1b66a03a27486d28d7b5a3b3ad9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

d5:61:64:3a:76:97:d6:33:bc:b5:65:e2:e1:ef:73:65
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/02/2011, 00:00

Not After

10/02/2012, 23:59

Subject

CN=Blabbers Communications Ltd,O=Blabbers Communications Ltd,POSTALCODE=43034,STREET=Arad 3,L=Tel Aviv,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\tribar\IE\bho_toolbar\bin\widgetserv.pdb

Imports

gdiplus

GdipFree
GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCloneBitmapAreaI
GdipCloneImage
GdipGetImageThumbnail
GdiplusShutdown
GdiplusStartup
GdipAlloc

kernel32

MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
ExitProcess
DeleteFileW
CreateDirectoryW
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
GetEnvironmentVariableW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
GetProcAddress
LoadLibraryW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
WaitForSingleObject
Sleep
CreateThread
CreateEventW
SetEvent
GetCommandLineW
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
lstrcmpW
GetCPInfo
HeapSize
GetModuleFileNameA
GetStdHandle
WriteFile
HeapReAlloc
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCurrentProcessId
GetLocaleInfoA
SetStdHandle
GetLastError
InterlockedIncrement
lstrlenA
SetLastError
GetModuleFileNameW
GetCurrentThreadId
MultiByteToWideChar
lstrlenW
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetCurrentProcess
FlushInstructionCache
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetACP

user32

GetDesktopWindow
DestroyAcceleratorTable
GetWindow
CreateAcceleratorTableW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
LoadStringW
GetWindowRect
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
CharUpperW
UnregisterClassA
BeginPaint
EndPaint
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetParent
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
CharNextW
GetSysColor
RegisterClassExW
CreateWindowExW
SetForegroundWindow
LoadCursorW
GetClassInfoExW
SetFocus
SetActiveWindow
IsWindowVisible
ShowWindow
DestroyWindow
CallWindowProcW
DefWindowProcW
IsWindow
GetWindowLongW
SetWindowLongW
GetFocus
IsChild
SendMessageW
PostMessageW

gdi32

GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
GetStockObject

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegEnumValueW

ole32

CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
CreateStreamOnHGlobal
OleDraw
OleInitialize
OleUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject

oleaut32

SysStringLen
VariantInit
RegisterTypeLi
UnRegisterTypeLi
VarUI4FromStr
VarBstrCmp
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysAllocStringLen
VariantCopy
VariantClear
SysFreeString

shlwapi

PathFileExistsW

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/IpConfig.dll
.dll windows:5 windows x86 arch:x86

a9988f98d52a3c7d16228f87844f85ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\Visual Studio\NSIS Plugins\IpConfig\Output\Plugins\IpConfig.pdb

Imports

kernel32

lstrcpynA
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
MultiByteToWideChar
GlobalFree
lstrcpyA
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetLastError
lstrlenA
WideCharToMultiByte
HeapFree
GetProcessHeap
GetCurrentThreadId
GetCommandLineA
HeapAlloc
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

wsprintfA

ole32

CoSetProxyBlanket
CoCreateInstance

oleaut32

SafeArrayGetUBound
SysFreeString
SafeArrayGetElement
SysAllocStringLen
VariantInit
SysAllocStringByteLen
VariantCopy
VariantClear
SafeArrayGetLBound
SysStringLen
SysAllocString

Exports

Exports

GetAllNetworkAdaptersIDs
GetAllNetworkAdaptersIDsCB
GetDNSSuffixSearchList
GetEnabledNetworkAdaptersIDs
GetEnabledNetworkAdaptersIDsCB
GetHostName
GetNetworkAdapterConnectionID
GetNetworkAdapterConnectionSpecificDNSSuffix
GetNetworkAdapterDHCPLeaseExpires
GetNetworkAdapterDHCPLeaseObtained
GetNetworkAdapterDHCPServer
GetNetworkAdapterDNSServers
GetNetworkAdapterDNSServersCB
GetNetworkAdapterDefaultIPGateways
GetNetworkAdapterDefaultIPGatewaysCB
GetNetworkAdapterDescription
GetNetworkAdapterIDFromDescription
GetNetworkAdapterIDFromIPAddress
GetNetworkAdapterIDFromMACAddress
GetNetworkAdapterIPAddresses
GetNetworkAdapterIPAddressesCB
GetNetworkAdapterIPSubNets
GetNetworkAdapterIPSubNetsCB
GetNetworkAdapterMACAddress
GetNetworkAdapterPrimaryWINSServer
GetNetworkAdapterSecondaryWINSServer
GetNetworkAdapterType
GetNodeType
GetPrimaryDNSSuffix
IsIPRoutingEnabled
IsNetworkAdapterAutoSense
IsNetworkAdapterDHCPEnabled
IsWINSProxyEnabled

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LogoCOP.bmp
$PLUGINSDIR/Math.dll
.dll windows:5 windows x86 arch:x86

ca3979e781115e084d6dba5a3d99ffc7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrcmpA
GlobalFree
lstrlenA
lstrcatA
GlobalAlloc
lstrcpynA
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
CreateFileW
GetCurrentThreadId
DecodePointer
GetCommandLineA
IsProcessorFeaturePresent
EncodePointer
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
HeapAlloc
HeapReAlloc
LoadLibraryW
GetModuleFileNameW
RtlUnwind
LCMapStringW
GetStringTypeW
SetStdHandle
WriteConsoleW
HeapSize
FlushFileBuffers

Exports

Exports

Script

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISpcre.dll
.dll windows:4 windows x86 arch:x86

3efd46aba10b2e88f0bd15c6467e81ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\dev\ms_projects\NSISpcre\Release\NSISpcre.pdb

Imports

kernel32

GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
SetUnhandledExceptionFilter
HeapReAlloc
TerminateProcess
GetCurrentProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetFilePointer
LoadLibraryA
VirtualQuery
GetACP
GetOEMCP
VirtualProtect
GetSystemInfo
SetStdHandle
FlushFileBuffers
CloseHandle

Exports

Exports

RECheckPattern
REClearAllOptions
REClearOption
REFind
REFindClose
REFindNext
REGetOption
REMatches
REQuoteMeta
REReplace
RESetOption

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

aaa34d9251e34ceebd6bf5066471d799

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
GetProcAddress
lstrcatA
lstrlenA
lstrcmpiA
LoadLibraryA
GetModuleHandleA
WideCharToMultiByte
VirtualAlloc
VirtualProtect
MultiByteToWideChar
FreeLibrary

user32

wsprintfA

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 915B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 582B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/amisid.exe
.exe windows:5 windows x86 arch:x86

8c8da1191b7973581f6180edf436c9dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Amon\Current\BootStrapper\Release\amisid.pdb

Imports

kernel32

lstrlenA
GetComputerNameW
GetCurrentProcess
GetModuleHandleA
GetProcAddress
HeapAlloc
GetLastError
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DecodePointer
EncodePointer
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
LoadLibraryW
RtlUnwind
SetStdHandle
WriteConsoleW
MultiByteToWideChar
LCMapStringW
GetStringTypeW
HeapReAlloc
IsProcessorFeaturePresent
HeapSize
CreateFileW
CloseHandle
FlushFileBuffers

advapi32

CryptCreateHash
CryptGetHashParam
RegSetValueExA
RegCreateKeyExA
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptAcquireContextA
CryptHashData
CryptDestroyHash

iphlpapi

GetAdaptersAddresses

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

5bdcdde5acd7b395f3f3d19ebbb8c6cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

GlobalFree
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
GetFileSize
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx
SetFilePointer
GetTickCount

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
IsWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
GetWindowLongA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/newadvsplash.dll
.dll windows:4 windows x86 arch:x86

2e363db44011ed76701ec6ce62db36f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
CloseHandle
MultiByteToWideChar
lstrcpynA
lstrlenA
GetCurrentThreadId
CreateThread
Sleep
lstrcpyA
lstrcmpiA
GlobalAlloc
GlobalFree
WaitForSingleObject

user32

DefWindowProcA
DestroyWindow
IsWindowVisible
UnregisterClassA
EnumDisplaySettingsA
SendMessageA
wsprintfA
SystemParametersInfoA
BeginPaint
SetWindowPos
LoadCursorA
RegisterClassA
CreateWindowExA
IsWindow
GetMessageA
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetWindowLongA
EndPaint
TranslateMessage
DispatchMessageA
PostMessageA
SetWindowRgn
GetClientRect

gdi32

CombineRgn
GetObjectA
CreateCompatibleDC
SelectObject
GetDIBits
CreateRectRgn
DeleteObject

winmm

timeSetEvent
PlaySoundA
timeKillEvent

oleaut32

OleLoadPicturePath

msvcrt

_lseek
memset
memcmp
_read
memcpy
_close
_open
strtol

Exports

Exports

hwnd
play
show
stop

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 598B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

8349690a00ef0e1a0e53b015791d4cf4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenA
HeapFree
GetProcessHeap
lstrcmpiA
HeapReAlloc
lstrcpynA
GetFileAttributesA
lstrcpyA
GetCurrentDirectoryA
SetCurrentDirectoryA
HeapAlloc
GlobalFree

user32

LoadCursorA
RemovePropA
DrawFocusRect
GetPropA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
GetClientRect
CharPrevA
CallWindowProcA
SetPropA
DestroyWindow
MapDialogRect
CharNextA
SendMessageA
GetWindowLongA

gdi32

SetTextColor

shell32

SHGetPathFromIDListA
SHBrowseForFolderA

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisos.dll
.dll windows:1 windows x86 arch:x86

a70233c77fd258ec47709388c2338273

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetEnvironmentStringsA
GetVersionExA
RtlUnwind
RtlZeroMemory
lstrcpyA

crtdll

_fdopen
_open_osfhandle
_ultoa
fclose
_cexit
malloc
printf
raise
setbuf
strcpy

Exports

Exports

osplatform
osversion

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 80B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 588B - Virtual size: 588B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 156B - Virtual size: 156B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 96B - Virtual size: 96B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f14aba31075188e8a83ea826ace3eca3

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

40:81:2d:a0:f7:cb:2e:cd:49:55:fd:76:e0:a6:c4:93Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

bd:31:83:d4:61:90:d3:e4:6d:89:11:bb:68:fc:8f:a4:48:bf:c0:9eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 250KB

.ndata Size: - Virtual size: 612KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 3KB - Virtual size: 3KB

7fa974366048f9c551ef45714595665e

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

01Certificate

Key Usages

a5:6e:0c:91:f7:b1:25:dc:48:fc:a4:c6:07:7c:7b:c6Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 8KB - Virtual size: 7KB

805fc5fb72865e9165d6793f8916a6f9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

40:81:2d:a0:f7:cb:2e:cd:49:55:fd:76:e0:a6:c4:93
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

bd:31:83:d4:61:90:d3:e4:6d:89:11:bb:68:fc:8f:a4:48:bf:c0:9e
Signer

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 250KB

.ndata
Size: - Virtual size: 612KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 3KB - Virtual size: 3KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

01
Certificate

a5:6e:0c:91:f7:b1:25:dc:48:fc:a4:c6:07:7c:7b:c6
Certificate

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 8KB - Virtual size: 7KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

01
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

a5:6e:0c:91:f7:b1:25:dc:48:fc:a4:c6:07:7c:7b:c6
Certificate

.text
Size: 572KB - Virtual size: 572KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 10KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 23KB - Virtual size: 22KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B