f012011effe81d1647348ff0ac1bc3d0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f012011effe81d1647348ff0ac1bc3d0_JaffaCakes118
Size

4.6MB
MD5

f012011effe81d1647348ff0ac1bc3d0
SHA1

3354943ef434f9dd4c77f6f295d74523ef8dd579
SHA256

d044cabbdf62a9c32258c0f405a1a97f51fb396fc1f069824b4ed5a0d7ec55be
SHA512

29611980b3d30ec01d5f04882665a5d342f8b928c1055debc93b567969119e873c85a36947f31757c090461238cbe03678c21fe83f6b91a1f993287fb1e86c6a
SSDEEP

98304:8eZ1EfKL6aYIGujG18mgkMXiNKzxGo5egy7mzOjsP+k+YE3QIBCvHs0:8ScszYIGwG18E3NKzXzqQPl3E3avM0

Score

3^/10

qr link

Malware Config

Signatures

One or more HTTP URLs in qr code identified
Detects presence of HTTP links in QR codes.
qr link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

f012011effe81d1647348ff0ac1bc3d0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

57e98d9a5a72c8d7ad8fb7a6a58b3daf

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

95:70:f3:54:ad:c3:88:1c:05:67:cf:f0:fa:32:c0:d6
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-11-2018 00:00

Not After

23-11-2019 23:59

Subject

CN=DRAIVERPAK\, OOO,O=DRAIVERPAK\, OOO,POSTALCODE=127051,STREET=d. 3 str. 2 etazh 3 MANS K 1\;2\;3\;3A\, per. Likhov,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

95:70:f3:54:ad:c3:88:1c:05:67:cf:f0:fa:32:c0:d6
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-11-2018 00:00

Not After

23-11-2019 23:59

Subject

CN=DRAIVERPAK\, OOO,O=DRAIVERPAK\, OOO,POSTALCODE=127051,STREET=d. 3 str. 2 etazh 3 MANS K 1\;2\;3\;3A\, per. Likhov,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b6:1e:eb:a1:b9:a2:a3:7a:1b:88:b4:28:b5:0f:ce:73:0c:ac:c7:63:52:f8:7d:13:59:f5:60:63:c7:86:79:41
Signer

Actual PE Digest

b6:1e:eb:a1:b9:a2:a3:7a:1b:88:b4:28:b5:0f:ce:73:0c:ac:c7:63:52:f8:7d:13:59:f5:60:63:c7:86:79:41

Digest Algorithm

sha256

PE Digest Matches

true

a4:1f:32:96:a5:77:18:11:09:44:fd:4f:13:3d:c9:a7:ae:93:98:fd
Signer

Actual PE Digest

a4:1f:32:96:a5:77:18:11:09:44:fd:4f:13:3d:c9:a7:ae:93:98:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
Sleep
GetTickCount
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
SetCurrentDirectoryA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
GlobalUnlock
GetDiskFreeSpaceA
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 352KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
DriverPackSolution.html
.hta .js polyglot
Tools/Icon.ico
Tools/load8.gif
.gif
Tools/modules/bugreport.hta
.hta .js polyglot
Tools/patch.reg
Tools/run.hta
.hta .js polyglot
config.js
.js
css/blank.gif
.gif
css/custom-control.css
css/fonts/DRPcheckbox/DRPcheckbox.eot
css/fonts/DRPcheckbox/DRPcheckbox.svg
.xml
css/fonts/DRPcheckbox/DRPcheckbox.ttf
css/fonts/DRPcheckbox/DRPcheckbox.woff
css/fonts/DRPicons/DRPicons-webfont.eot
css/fonts/DRPicons/DRPicons-webfont.svg
.xml
css/fonts/DRPicons/DRPicons-webfont.ttf
css/fonts/DRPicons/DRPicons-webfont.woff
css/fonts/Open-Sans/generator_config.txt
css/fonts/Open-Sans/opensans-bold-webfont.eot
css/fonts/Open-Sans/opensans-bold-webfont.ttf
css/fonts/Open-Sans/opensans-italic-webfont.eot
css/fonts/Open-Sans/opensans-italic-webfont.ttf
css/fonts/Open-Sans/opensans-regular-webfont.eot
css/fonts/Open-Sans/opensans-regular-webfont.ttf
css/fonts/Open-Sans/opensans-semibold-webfont.eot
css/fonts/Open-Sans/opensans-semibold-webfont.ttf
css/fonts/ProximaNova/proxima_nova_light-webfont.eot
css/fonts/ProximaNova/proxima_nova_light-webfont.svg
.xml
css/fonts/ProximaNova/proxima_nova_light-webfont.ttf
css/fonts/ProximaNova/proxima_nova_light-webfont.woff
css/fonts/ProximaNova/proxima_nova_regular-webfont.eot
css/fonts/ProximaNova/proxima_nova_regular-webfont.svg
.xml
css/fonts/ProximaNova/proxima_nova_regular-webfont.ttf
css/fonts/ProximaNova/proxima_nova_regular-webfont.woff
css/fonts/ProximaNova/proxima_nova_semibold-webfont.eot
css/fonts/ProximaNova/proxima_nova_semibold-webfont.svg
.xml
css/fonts/ProximaNova/proxima_nova_semibold-webfont.ttf
css/fonts/ProximaNova/proxima_nova_semibold-webfont.woff
css/fonts/Roboto/roboto-light-webfont.eot
css/fonts/Roboto/roboto-light-webfont.ttf
css/fonts/Roboto/roboto-regular-webfont.eot
css/fonts/Roboto/roboto-regular-webfont.ttf
css/fonts/Roboto/roboto-thin-webfont.eot
css/fonts/Roboto/roboto-thin-webfont.ttf
css/icons-checkbox.css
css/icons.css
css/ie6.css
css/ie7.css
css/lte-ie8.css
css/lte-ie9.css
css/normalize.min.css
css/open-sans.css
css/proximanova.css
css/roboto.css
css/style.css
drp.css
drp.js
.js
img/blank.gif
.gif
img/btn-icon-admin-mode.png
.png
img/bugreport/BugReport_icon_alert.png
.png
img/bugreport/BugReport_icon_ie.png
.png
img/bugreport/BugReport_icon_previous.png
.png
img/bugreport/BugReport_icon_skip.png
.png
img/bugreport/BugReport_loader.gif
.gif
img/burger/auto_installation.png
.png
img/cam.png
.png
img/charms/apps.jpg
.jpg
img/charms/arrow.png
.png
img/charms/computer.png
.png
img/charms/download.jpg
.jpg
img/charms/download.png
.png
img/charms/gears.png
.png
img/charms/help.png
.png
img/charms/info.png
.png
img/charms/line.jpg
.jpg
img/charms/pc.jpg
.jpg
img/charms/programms.png
.png
img/charms/reload-sm.png
.png
img/charms/setup.jpg
.jpg
img/charms/setup.png
.png
img/charms/store.png
.png
img/charms/toolkit.png
.png
img/device-class/bluetooth.png
.png
img/device-class/cardreader.png
.png
img/device-class/chipset.png
.png
img/device-class/default.png
.png
img/device-class/inputdev.png
.png
img/device-class/lan.png
.png
img/device-class/massstorage.png
.png
img/device-class/modem.png
.png
img/device-class/monitor.png
.png
img/device-class/other.png
.png
img/device-class/phone.png
.png
img/device-class/printer.png
.png
img/device-class/sound.png
.png
img/device-class/tvtuner.png
.png
img/device-class/undefined-device.png
.png
img/device-class/video.png
.png
img/device-class/webcamera.png
.png
img/device-class/wifi.png
.png
img/device-generic.png
.png
img/driver-row-arrow.png
.png
img/fake-installation/browser.png
.png
img/fake-installation/connect.png
.png
img/fake-installation/firewall.png
.png
img/fake-installation/torrent.png
.png
img/fake-installation/vpn.png
.png
img/final/final_aside-failure$2x.png
.png
img/final/final_button-warning$2x.png
.png
img/final/final_failure$2x.png
.png
img/final/final_main-cta-arrow$2x.png
.png
img/final/final_partial-success$2x.png
.png
img/final/final_success$2x.png
.png
img/games/games-bottom-logo.png
.png
img/games/games-button-icon-green.png
.png
img/games/games-button-icon-white.png
.png
img/games/games-cloud-big.png
.png
img/games/games-cloud.png
.png
img/games/games-top-civilization.jpg
.jpg
img/games/games-top-doom-large.jpg
.jpg
img/games/games-top-doom.jpg
.jpg
img/games/games-top-gta.jpg
.jpg
img/games/games-top-hitman.jpg
.jpg
img/games/games-top-mafia.jpg
.jpg
img/games/games-top-overwatch.jpg
.jpg
img/games/games-top-resident-evil.jpg
.jpg
img/games/games-top-witcher-large.jpg
.jpg
img/games/games-top-witcher.jpg
.jpg
img/header/header-bell.png
.png
img/header/header-logo$2x.png
.png
img/header/header-logo.png
.png
img/info.png
.png
img/installation/banner-arrow-left.png
.png
img/installation/banner-arrow-right.png
.png
img/installation/banner_auth-bg.jpg
.jpg
img/installation/banner_avast-bg.jpg
.jpg
img/installation/banner_browsers-bg.jpg
.jpg
img/installation/banner_bullit-active.png
.png
img/installation/banner_bullit-empty.png
.png
img/installation/banner_catalog-bg-en.jpg
.jpg
img/installation/banner_catalog-bg-pt-br.jpg
.jpg
img/installation/banner_catalog-bg-ru.jpg
.jpg
img/installation/banner_catalog-bg.jpg
.jpg
img/installation/banner_cloud-bg.jpg
.jpg
img/installation/banner_driverpack-for-all-bg.jpg
.jpg
img/installation/banner_how-it-works-bg.jpg
.jpg
img/installation/banner_istart-bg.jpg
.jpg
img/installation/banner_opera-bg.gif
.gif
img/installation/banner_protect-bg-de.jpg
.jpg
img/installation/banner_protect-bg-en.jpg
.jpg
img/installation/banner_protect-bg-es.jpg
.jpg
img/installation/banner_protect-bg-fr.jpg
.jpg
img/installation/banner_protect-bg-pt-br.jpg
.jpg
img/installation/banner_protect-bg-ru.jpg
.jpg
img/installation/banner_protect-bg.jpg
.jpg
img/installation/banner_restore-bg.jpg
.jpg
img/installation/banner_social-bg-en.jpg
.jpg
img/installation/banner_social-bg-ru.jpg
.jpg
img/installation/banner_social-fb.png
.png
img/installation/banner_social-vk.png
.png
img/installation/banner_virus-bg.png
.png
img/installation/banner_win-10-bg.jpg
.jpg
img/installation/banner_yandex.png
.png
img/installation/confirm-popup-check-mark.png
.png
img/installation/controls/cancel.png
.png
img/installation/controls/cancel_disable.png
.png
img/installation/controls/cancel_hover.png
.png
img/installation/controls/close.png
.png
img/installation/controls/close_hover.png
.png
img/installation/controls/info_hover.png
.png
img/installation/controls/info_normal.png
.png
img/installation/controls/less_hover.png
.png
img/installation/controls/less_normal.png
.png
img/installation/controls/more_hover.png
.png
img/installation/controls/more_normal.png
.png
img/installation/controls/pause.png
.png
img/installation/controls/pause_hover.png
.png
img/installation/controls/play.png
.png
img/installation/controls/play_hover.png
.png
img/installation/controls/reload.png
.png
img/installation/controls/reload_disable.png
.png
img/installation/controls/reload_hover.png
.png
img/installation/drivers/DP_Biometric.png
.png
img/installation/drivers/DP_Printer.png
.png
img/installation/drivers/DP_TV_DVB.png
.png
img/installation/drivers/DP_Touchpad.png
.png
img/installation/drivers/DP_xUSB.png
.png
img/installation/drivers/Notebook.png
.png
img/installation/drivers/Scanner.png
.png
img/installation/drivers/bluetooth.png
.png
img/installation/drivers/cardreader.png
.png
img/installation/drivers/chipset.png
.png
img/installation/drivers/inputdev.png
.png
img/installation/drivers/lan.png
.png
img/installation/drivers/massstorage.png
.png
img/installation/drivers/modem.png
.png
img/installation/drivers/monitor.png
.png
img/installation/drivers/other.png
.png
img/installation/drivers/phone.png
.png
img/installation/drivers/printer.png
.png
img/installation/drivers/restore_point.png
.png
img/installation/drivers/sound.png
.png
img/installation/drivers/tvtuner.png
.png
img/installation/drivers/vendor.png
.png
img/installation/drivers/video.png
.png
img/installation/drivers/webcamera.png
.png
img/installation/drivers/wifi.png
.png
img/installation/drivers/zBad.png
.png
img/installation/icon-details.png
.png
img/installation/icon-install.png
.png
img/installation/icon-installed.png
.png
img/installation/soft/Antivirus.png
.png
img/installation/soft/Archiver.png
.png
img/installation/soft/Backup.png
.png
img/installation/soft/Browser.png
.png
img/installation/soft/Drivers.png
.png
img/installation/soft/Internet.png
.png
img/installation/soft/Messenger.png
.png
img/installation/soft/Player.png
.png
img/installation/soft/System.png
.png
img/installation/soft/Viewer.png
.png
img/installation/statuses/done.png
.png
img/installation/statuses/error.png
.png
img/installation/statuses/progress.gif
.gif
img/installation/statuses/sleep.png
.png
img/loading-finish.png
.png
img/loading-spiner.gif
.gif
img/loading.gif
.gif
img/med_logo.png
.png
img/med_logo_dark.png
.png
img/med_logo_ui2.png
.png
img/new-logo.png
.png
img/no_internet/no_internet-complete.png
.png
img/no_internet/no_internet-connection.png
.png
img/no_internet/no_internet-step1.png
.png
img/no_internet/no_internet-step2.png
.png
img/onboarding/antiviruses.gif
.gif
img/onboarding/autostart.png
.png
img/onboarding/blocked.png
.png
img/onboarding/checking.png
.png
img/onboarding/cleaning.png
.png
img/onboarding/done.png
.png
img/onboarding/likes/down-active.png
.png
img/onboarding/likes/down-hover.png
.png
img/onboarding/likes/down.png
.png
img/onboarding/likes/up-active.png
.png
img/onboarding/likes/up-hover.png
.png
img/onboarding/likes/up.png
.png
img/onboarding/settings.png
.png
img/onboarding/social.png
.png
- https://vk.com/driverpacksolution
img/onboarding/soft.png
.png
img/programs/arrow-collapse.png
.png
img/programs/arrow-expand.png
.png
img/programs/btn-icon-install-all-soft.png
.png
img/programs/btn-icon.png
.png
img/programs/confirm-popup-accept.png
.png
img/programs/confirm-popup-deny.png
.png
img/programs/default-soft.png
.png
img/programs/expand-all.png
.png
img/programs/[email protected]
.xml
img/programs/installed-programs_info-success.png
.png
img/programs/installed-programs_info-warn.png
.png
img/programs/protector-bg.png
.png
img/programs/rolling-remove-single.gif
.gif
img/programs/rolling.gif
.gif
img/programs/scan.png
.png
img/programs/soft-bg.png
.png
img/programs/star-empty-protect.png
.png
img/programs/star-empty.png
.png
img/programs/star-full-protect.png
.png
img/programs/star-full.png
.png
img/programs/start_arrow.png
.png
img/programs/start_btn-icon.png
.png
img/programs/uninstall-all-loader.gif
.gif
img/programs/uninstall-single-loader.gif
.gif
img/screens/arrow-bottom.png
.png
img/screens/arrow-start-screen-toggle.png
.png
img/screens/arrow-top.png
.png
img/screens/backup-grey.png
.png
img/screens/checkbox.png
.png
img/screens/configurator-btn-icon.png
.png
img/screens/control-panel-grey.png
.png
img/screens/driver-filter-arrow.png
.png
img/screens/expert_hover.png
.png
img/screens/expert_normal.png
.png
img/screens/globe_hover.png
.png
img/screens/globe_normal.png
.png
img/screens/icon-device-manager.png
.png
img/screens/icon-driver-row-collapse.png
.png
img/screens/icon-support.png
.png
img/screens/icon-system-restore.png
.png
img/screens/install-programs-grey.png
.png
img/screens/kebab-icon.png
.png
img/screens/language-arrow.png
.png
img/screens/language-arrow_hover.png
.png
img/screens/load-screen-server.png
.png
img/screens/menu-diagnostics.png
.png
img/screens/menu-drivers.png
.png
img/screens/menu-games.png
.png
img/screens/menu-lang-arrow.png
.png
img/screens/menu-lang-icon.png
.png
img/screens/menu-offline.png
.png
img/screens/menu-protect.png
.png
img/screens/menu-report-icon.png
.png
img/screens/menu-settings-icon.png
.png
img/screens/menu-software.png
.png
img/screens/move-to-top_arrow.png
.png
img/screens/new-logo.png
.png
img/screens/settings-bg.png
.png
img/screens/start-info.png
.png
img/screens/startscreen-slider-oval-hover.png
.png
img/screens/startscreen-slider-oval-yellow-hover.png
.png
img/screens/startscreen-slider-oval.png
.png
img/screens/trusted.png
.png
img/screens/trusted_hover.png
.png
img/screens/zero-drivers_button-arrow.png
.png
img/screens/zero-drivers_logo.png
.png
img/server_err_no_internet/browser.png
.png
img/server_err_no_internet/connect.png
.png
img/server_err_no_internet/firewall.png
.png
img/server_err_no_internet/flash.png
.png
img/server_err_no_internet/no_internet-connection-cat.png
.png
img/server_err_no_internet/torrent.png
.png
img/server_err_no_internet/vpn.png
.png
img/speaker.png
.png
img/wifi-disabled.png
.png
img/wifi.png
.png
js/soft.js
.js
languages/ar.js
languages/az.js
languages/be.js
languages/bg.js
languages/bn.js
languages/ca.js
languages/cs.js
languages/de.js
languages/el.js
languages/en.js
languages/es-419.js
languages/es.js
languages/et.js
languages/fa.js
languages/fil.js
languages/fr.js
languages/gu.js
languages/hi.js
languages/hu.js
languages/hy.js
languages/id.js
languages/it.js
languages/ka.js
languages/ko.js
languages/ku.js
languages/nl.js
languages/no.js
languages/om.js
languages/pl.js
languages/ps.js
languages/pt-br.js
languages/pt-pt.js
languages/ro.js
languages/ru.js
languages/sk.js
languages/sl.js
languages/sq.js
languages/sr.js
languages/sw.js
languages/ta.js
languages/te.js
languages/tg.js
languages/th.js
languages/tr.js
languages/uk.js
languages/ur.js
languages/uz.js
languages/vi.js
languages/yo.js
languages/zh-cn.js
languages/zh.js
programs/AvastAntivirusA.exe
.exe windows:5 windows x86 arch:x86

0a0f9de72acbe572583c0fe9af381546

Code Sign

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16-05-2017 00:00

Not After

24-06-2020 12:00

Subject

CN=AVAST Software s.r.o.,O=AVAST Software s.r.o.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16-05-2017 00:00

Not After

24-06-2020 12:00

Subject

CN=AVAST Software s.r.o.,O=AVAST Software s.r.o.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:38:74:1f:c6:35:21:0e:fc:73:c3:af:9f:41:86:81:c4:8c:86:34:2c:a2:27:fc:ab:ae:1d:6b:c8:d0:ab:1b
Signer

Actual PE Digest

06:38:74:1f:c6:35:21:0e:fc:73:c3:af:9f:41:86:81:c4:8c:86:34:2c:a2:27:fc:ab:ae:1d:6b:c8:d0:ab:1b

Digest Algorithm

sha256

PE Digest Matches

true

cc:c9:d8:90:7b:2d:29:51:bb:0c:3a:a2:56:50:e8:04:f4:2e:de:63
Signer

Actual PE Digest

cc:c9:d8:90:7b:2d:29:51:bb:0c:3a:a2:56:50:e8:04:f4:2e:de:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BUILD\work\01\fd301531736b4da4\projects\avast\microstub\x86\Release\microstub.pdb

Imports

kernel32

LocalFree
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
FindResourceW
LoadResource
SizeofResource
CreateFileW
EnumResourceNamesW
lstrlenA
GetSystemTimeAsFileTime
GetVersionExA
GetNativeSystemInfo
lstrcatA
CreateThread
GetCurrentProcess
CreateMutexW
lstrcpynW
HeapFree
GetDiskFreeSpaceExW
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateProcessW
ResumeThread
CreateDirectoryW
GetExitCodeProcess
ReleaseMutex
VirtualQuery
VirtualProtect
GetSystemInfo
InterlockedExchangeAdd
WriteFile
SetEndOfFile
SetFilePointerEx
GetFileSizeEx
GetLastError
InterlockedExchange
ExitProcess
IsProcessorFeaturePresent
HeapSetInformation
SetDllDirectoryW
GetModuleHandleA
WriteConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringW
GetWindowsDirectoryW
Sleep
WaitForSingleObject
SetLastError
GetProcAddress
lstrcpyW
GetSystemDirectoryW
GetProcessHeap
MoveFileExW
HeapAlloc
GetVersionExW
DeviceIoControl
InitializeCriticalSectionAndSpinCount
GetVolumePathNameW
HeapSize
GetVersion
GetVolumeNameForVolumeMountPointW
MultiByteToWideChar
HeapReAlloc
RaiseException
DecodePointer
HeapDestroy
DeleteCriticalSection
GetModuleHandleW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetCommandLineA
GetCommandLineW
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
GetFileType
GetStringTypeW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
LoadLibraryExA

user32

AllowSetForegroundWindow
wsprintfA
MessageBoxExW
LoadStringW
wsprintfW
SetForegroundWindow
FindWindowW
DispatchMessageW
GetMessageW
PostMessageW
CreateWindowExW
SystemParametersInfoW
GetSystemMetrics
LoadImageW
DefWindowProcW
KillTimer
InvalidateRect
SetTimer
EndPaint
FillRect
BeginPaint
RegisterClassExW

gdi32

GetObjectW
CreateSolidBrush
CreatePatternBrush

advapi32

GetSidSubAuthority
CryptHashData
CryptCreateHash
CryptDestroyHash
ConvertStringSecurityDescriptorToSecurityDescriptorA
OpenProcessToken
GetTokenInformation
IsValidSid
CryptGetHashParam
GetSidSubAuthorityCount
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom

comctl32

ord17

crypt32

CryptStringToBinaryW

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
programs/AvastAntivirusWorldwideA.exe
.exe windows:5 windows x86 arch:x86

0a0f9de72acbe572583c0fe9af381546

Code Sign

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16-05-2017 00:00

Not After

24-06-2020 12:00

Subject

CN=AVAST Software s.r.o.,O=AVAST Software s.r.o.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16-05-2017 00:00

Not After

24-06-2020 12:00

Subject

CN=AVAST Software s.r.o.,O=AVAST Software s.r.o.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:80:fe:8e:d1:fd:4e:92:09:c1:a0:bf:96:d0:3b:f2:6c:b5:d2:00:61:e7:15:61:92:de:ed:2a:a7:79:0e:79
Signer

Actual PE Digest

75:80:fe:8e:d1:fd:4e:92:09:c1:a0:bf:96:d0:3b:f2:6c:b5:d2:00:61:e7:15:61:92:de:ed:2a:a7:79:0e:79

Digest Algorithm

sha256

PE Digest Matches

true

18:83:b6:58:26:ff:8d:fc:1a:8f:2f:f1:4a:41:18:b3:8b:c2:a8:fa
Signer

Actual PE Digest

18:83:b6:58:26:ff:8d:fc:1a:8f:2f:f1:4a:41:18:b3:8b:c2:a8:fa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BUILD\work\01\fd301531736b4da4\projects\avast\microstub\x86\Release\microstub.pdb

Imports

kernel32

LocalFree
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
FindResourceW
LoadResource
SizeofResource
CreateFileW
EnumResourceNamesW
lstrlenA
GetSystemTimeAsFileTime
GetVersionExA
GetNativeSystemInfo
lstrcatA
CreateThread
GetCurrentProcess
CreateMutexW
lstrcpynW
HeapFree
GetDiskFreeSpaceExW
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateProcessW
ResumeThread
CreateDirectoryW
GetExitCodeProcess
ReleaseMutex
VirtualQuery
VirtualProtect
GetSystemInfo
InterlockedExchangeAdd
WriteFile
SetEndOfFile
SetFilePointerEx
GetFileSizeEx
GetLastError
InterlockedExchange
ExitProcess
IsProcessorFeaturePresent
HeapSetInformation
SetDllDirectoryW
GetModuleHandleA
WriteConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringW
GetWindowsDirectoryW
Sleep
WaitForSingleObject
SetLastError
GetProcAddress
lstrcpyW
GetSystemDirectoryW
GetProcessHeap
MoveFileExW
HeapAlloc
GetVersionExW
DeviceIoControl
InitializeCriticalSectionAndSpinCount
GetVolumePathNameW
HeapSize
GetVersion
GetVolumeNameForVolumeMountPointW
MultiByteToWideChar
HeapReAlloc
RaiseException
DecodePointer
HeapDestroy
DeleteCriticalSection
GetModuleHandleW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetCommandLineA
GetCommandLineW
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
GetFileType
GetStringTypeW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
LoadLibraryExA

user32

AllowSetForegroundWindow
wsprintfA
MessageBoxExW
LoadStringW
wsprintfW
SetForegroundWindow
FindWindowW
DispatchMessageW
GetMessageW
PostMessageW
CreateWindowExW
SystemParametersInfoW
GetSystemMetrics
LoadImageW
DefWindowProcW
KillTimer
InvalidateRect
SetTimer
EndPaint
FillRect
BeginPaint
RegisterClassExW

gdi32

GetObjectW
CreateSolidBrush
CreatePatternBrush

advapi32

GetSidSubAuthority
CryptHashData
CryptCreateHash
CryptDestroyHash
ConvertStringSecurityDescriptorToSecurityDescriptorA
OpenProcessToken
GetTokenInformation
IsValidSid
CryptGetHashParam
GetSidSubAuthorityCount
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom

comctl32

ord17

crypt32

CryptStringToBinaryW

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
programs/downloader_browser.exe
.exe windows:5 windows x86 arch:x86

a05d88650e5594db2afe874ec2674b55

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

36:67:e1:58:b5:24:c8:ff:bf:e5:38:17:27:86:f1:e2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15-01-2013 00:00

Not After

15-01-2016 23:59

Subject

CN=YANDEX LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=YANDEX LLC,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:9c:dc:8f:04:3a:25:a6:e9:e1:2d:c8:83:77:2b:1c:1f:ff:a2:53
Signer

Actual PE Digest

69:9c:dc:8f:04:3a:25:a6:e9:e1:2d:c8:83:77:2b:1c:1f:ff:a2:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent2\work\a197c1fa8a223363\downloader\Release\downloader.pdb

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

kernel32

GetCurrentProcess
SetHandleInformation
WaitForSingleObject
Sleep
GetVersionExW
GetExitCodeProcess
GetLastError
CloseHandle
GetCurrentProcessId
HeapAlloc
HeapFree
InterlockedDecrement
GetProcessHeap
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
DuplicateHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
CreateProcessW
GetCommandLineW
CreateFileW
HeapReAlloc
GetConsoleMode
HeapSize
OutputDebugStringW
CompareStringW
LoadLibraryExW
SetEnvironmentVariableW
GetStringTypeW
GetConsoleCP
SetEndOfFile
ReadConsoleW
ReadFile
SetLastError
WriteFile
FlushFileBuffers
GetProcAddress
GetModuleHandleExW
ExitProcess
FreeEnvironmentStringsW
LCMapStringW
QueryPerformanceCounter
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetEnvironmentStringsW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
lstrlenA
LocalFree
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW

user32

CharLowerW
wsprintfW

advapi32

ConvertSidToStringSidW
GetLengthSid
LsaNtStatusToWinError
RegOpenKeyExW
RegQueryValueExW
CopySid
GetTokenInformation
OpenProcessToken
RegCloseKey

shell32

ShellExecuteExW
SHCreateDirectoryExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
OleRun

oleaut32

SysFreeString
VariantInit
VariantClear
GetErrorInfo
SysAllocString

urlmon

URLOpenBlockingStreamW

wintrust

WinVerifyTrust

ws2_32

send
freeaddrinfo
socket
WSACleanup
shutdown
htons
WSAGetLastError
getaddrinfo
htonl
WSAStartup
connect
closesocket
recv

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
programs/downloader_browser_tr.exe
.exe windows:5 windows x86 arch:x86

a05d88650e5594db2afe874ec2674b55

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

36:67:e1:58:b5:24:c8:ff:bf:e5:38:17:27:86:f1:e2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15-01-2013 00:00

Not After

15-01-2016 23:59

Subject

CN=YANDEX LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=YANDEX LLC,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:9c:dc:8f:04:3a:25:a6:e9:e1:2d:c8:83:77:2b:1c:1f:ff:a2:53
Signer

Actual PE Digest

69:9c:dc:8f:04:3a:25:a6:e9:e1:2d:c8:83:77:2b:1c:1f:ff:a2:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent2\work\a197c1fa8a223363\downloader\Release\downloader.pdb

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

kernel32

GetCurrentProcess
SetHandleInformation
WaitForSingleObject
Sleep
GetVersionExW
GetExitCodeProcess
GetLastError
CloseHandle
GetCurrentProcessId
HeapAlloc
HeapFree
InterlockedDecrement
GetProcessHeap
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
DuplicateHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
CreateProcessW
GetCommandLineW
CreateFileW
HeapReAlloc
GetConsoleMode
HeapSize
OutputDebugStringW
CompareStringW
LoadLibraryExW
SetEnvironmentVariableW
GetStringTypeW
GetConsoleCP
SetEndOfFile
ReadConsoleW
ReadFile
SetLastError
WriteFile
FlushFileBuffers
GetProcAddress
GetModuleHandleExW
ExitProcess
FreeEnvironmentStringsW
LCMapStringW
QueryPerformanceCounter
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetEnvironmentStringsW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
lstrlenA
LocalFree
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW

user32

CharLowerW
wsprintfW

advapi32

ConvertSidToStringSidW
GetLengthSid
LsaNtStatusToWinError
RegOpenKeyExW
RegQueryValueExW
CopySid
GetTokenInformation
OpenProcessToken
RegCloseKey

shell32

ShellExecuteExW
SHCreateDirectoryExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
OleRun

oleaut32

SysFreeString
VariantInit
VariantClear
GetErrorInfo
SysAllocString

urlmon

URLOpenBlockingStreamW

wintrust

WinVerifyTrust

ws2_32

send
freeaddrinfo
socket
WSACleanup
shutdown
htons
WSAGetLastError
getaddrinfo
htonl
WSAStartup
connect
closesocket
recv

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
programs/downloader_elements.exe
.exe windows:5 windows x86 arch:x86

a05d88650e5594db2afe874ec2674b55

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

36:67:e1:58:b5:24:c8:ff:bf:e5:38:17:27:86:f1:e2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15-01-2013 00:00

Not After

15-01-2016 23:59

Subject

CN=YANDEX LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=YANDEX LLC,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:9c:dc:8f:04:3a:25:a6:e9:e1:2d:c8:83:77:2b:1c:1f:ff:a2:53
Signer

Actual PE Digest

69:9c:dc:8f:04:3a:25:a6:e9:e1:2d:c8:83:77:2b:1c:1f:ff:a2:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent2\work\a197c1fa8a223363\downloader\Release\downloader.pdb

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

kernel32

GetCurrentProcess
SetHandleInformation
WaitForSingleObject
Sleep
GetVersionExW
GetExitCodeProcess
GetLastError
CloseHandle
GetCurrentProcessId
HeapAlloc
HeapFree
InterlockedDecrement
GetProcessHeap
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
DuplicateHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
CreateProcessW
GetCommandLineW
CreateFileW
HeapReAlloc
GetConsoleMode
HeapSize
OutputDebugStringW
CompareStringW
LoadLibraryExW
SetEnvironmentVariableW
GetStringTypeW
GetConsoleCP
SetEndOfFile
ReadConsoleW
ReadFile
SetLastError
WriteFile
FlushFileBuffers
GetProcAddress
GetModuleHandleExW
ExitProcess
FreeEnvironmentStringsW
LCMapStringW
QueryPerformanceCounter
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetEnvironmentStringsW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
lstrlenA
LocalFree
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW

user32

CharLowerW
wsprintfW

advapi32

ConvertSidToStringSidW
GetLengthSid
LsaNtStatusToWinError
RegOpenKeyExW
RegQueryValueExW
CopySid
GetTokenInformation
OpenProcessToken
RegCloseKey

shell32

ShellExecuteExW
SHCreateDirectoryExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
OleRun

oleaut32

SysFreeString
VariantInit
VariantClear
GetErrorInfo
SysAllocString

urlmon

URLOpenBlockingStreamW

wintrust

WinVerifyTrust

ws2_32

send
freeaddrinfo
socket
WSACleanup
shutdown
htons
WSAGetLastError
getaddrinfo
htonl
WSAStartup
connect
closesocket
recv

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
run.hta
.hta .js polyglot

Sharing

General

Malware Config

Signatures

Files

57e98d9a5a72c8d7ad8fb7a6a58b3daf

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

95:70:f3:54:ad:c3:88:1c:05:67:cf:f0:fa:32:c0:d6Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

95:70:f3:54:ad:c3:88:1c:05:67:cf:f0:fa:32:c0:d6Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

b6:1e:eb:a1:b9:a2:a3:7a:1b:88:b4:28:b5:0f:ce:73:0c:ac:c7:63:52:f8:7d:13:59:f5:60:63:c7:86:79:41Signer

a4:1f:32:96:a5:77:18:11:09:44:fd:4f:13:3d:c9:a7:ae:93:98:fdSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 246KB

.ndata Size: - Virtual size: 352KB

.rsrc Size: 39KB - Virtual size: 38KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 636B

0a0f9de72acbe572583c0fe9af381546

Code Sign

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

95:70:f3:54:ad:c3:88:1c:05:67:cf:f0:fa:32:c0:d6
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

95:70:f3:54:ad:c3:88:1c:05:67:cf:f0:fa:32:c0:d6
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

b6:1e:eb:a1:b9:a2:a3:7a:1b:88:b4:28:b5:0f:ce:73:0c:ac:c7:63:52:f8:7d:13:59:f5:60:63:c7:86:79:41
Signer

a4:1f:32:96:a5:77:18:11:09:44:fd:4f:13:3d:c9:a7:ae:93:98:fd
Signer

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 246KB

.ndata
Size: - Virtual size: 352KB

.rsrc
Size: 39KB - Virtual size: 38KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

06:38:74:1f:c6:35:21:0e:fc:73:c3:af:9f:41:86:81:c4:8c:86:34:2c:a2:27:fc:ab:ae:1d:6b:c8:d0:ab:1b
Signer

cc:c9:d8:90:7b:2d:29:51:bb:0c:3a:a2:56:50:e8:04:f4:2e:de:63
Signer

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 2KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 52B

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 7KB - Virtual size: 7KB

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

01:e9:39:99:f3:87:1d:10:91:dc:1e:8d:58:b8:d4:05
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

75:80:fe:8e:d1:fd:4e:92:09:c1:a0:bf:96:d0:3b:f2:6c:b5:d2:00:61:e7:15:61:92:de:ed:2a:a7:79:0e:79
Signer

18:83:b6:58:26:ff:8d:fc:1a:8f:2f:f1:4a:41:18:b3:8b:c2:a8:fa
Signer

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 2KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 52B

.rsrc
Size: 26KB - Virtual size: 25KB