f9c279c6b49363723438ff7fb07e127d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f9c279c6b49363723438ff7fb07e127d_JaffaCakes118
Size

483KB
MD5

f9c279c6b49363723438ff7fb07e127d
SHA1

2d228ca6a03a4af561f7b0e42f7c0a853025ebfb
SHA256

b97a960995b0556e1a4d7ddd6f3739a1fcb07d40b9d95f3bc6c2825b3e8c2c35
SHA512

7f3d26111b0f4f0d615575c5e2498500033382a4278f9ec1360ba9a2b99cc57ff4025aef9e84479fd4d277ec7dee33a1c9a32a761f3ff3c57bd523fe7288821e
SSDEEP

12288:nNmiUCJ1v9JQvcRUwTRq8MhZlyMaONz800AYoI3Z4LF4:n0Cc1w/MhmOF8+VI3a4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TCPZ-v2.3.1/VirtualDevice/RemoveWatermarkX64.exe

Files

f9c279c6b49363723438ff7fb07e127d_JaffaCakes118
.rar
TCPZ-v2.3.1/Files.EN.txt
TCPZ-v2.3.1/ReadMe.en.txt
TCPZ-v2.3.1/ReadMe.txt
TCPZ-v2.3.1/TCPZ.exe
.exe windows:4 windows x86 arch:x86

b19a2077d10ce7a22bc2fbc66ed246bc

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2011, 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

93:ef:3d:19:db:44:ee:6c:01:44:db:56:5c:13:cc:f8:00:3d:9c:b7
Signer

Actual PE Digest

93:ef:3d:19:db:44:ee:6c:01:44:db:56:5c:13:cc:f8:00:3d:9c:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

b:\Open_TCPZ\TCPZ\release\TCPZ.pdb

Imports

kernel32

GetTickCount
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
ExitProcess
RtlUnwind
HeapReAlloc
RaiseException
HeapSize
VirtualProtect
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
GetFileTime
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
FileTimeToLocalFileTime
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WritePrivateProfileStringW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
FileTimeToSystemTime
GetThreadLocale
GlobalFlags
lstrlenA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
CompareStringA
InterlockedExchange
GetCurrentProcessId
InterlockedDecrement
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetVersionExA
FormatMessageW
LocalFree
MulDiv
GetModuleHandleA
SetLastError
WideCharToMultiByte
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetLocaleInfoW
GetEnvironmentVariableW
DeviceIoControl
GetFileAttributesW
GetCurrentDirectoryW
GetSystemInfo
GetModuleHandleW
GetVersionExW
GetLastError
CreateMutexW
DeleteFileW
Sleep
GetTempPathW
lstrlenW
UnmapViewOfFile
IsBadReadPtr
MapViewOfFile
CreateFileMappingW
WriteFile
CopyFileW
SetFilePointer
lstrcmpW
GetModuleFileNameW
FindResourceExW
lstrcmpiW
GetWindowsDirectoryW
lstrcatW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersion
WaitForSingleObject
CreateRemoteThread
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
VirtualFree
CloseHandle
ReadFile
VirtualAlloc
GetFileSize
CreateFileW
GetSystemTimeAsFileTime
lstrcpyW

user32

RegisterClipboardFormatW
PostThreadMessageW
SetCapture
UnregisterClassW
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetMessageW
TranslateMessage
ValidateRect
PostQuitMessage
GetWindowThreadProcessId
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
IsWindowVisible
UpdateWindow
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
CallWindowProcW
IntersectRect
SystemParametersInfoA
GetMenuState
GetMenuItemID
GetMenuItemCount
EndPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
TabbedTextOutW
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
GetWindowTextLengthW
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
EndDialog
DrawTextW
GetTopWindow
SetParent
GetKeyState
ScrollDC
SetCursor
LoadCursorW
GetParent
DrawStateW
DrawEdge
CopyRect
PtInRect
InvalidateRect
GetSysColor
ReleaseDC
InflateRect
GetDC
GetWindowPlacement
DestroyMenu
TrackPopupMenu
GetSubMenu
LoadMenuW
GetCursorPos
OffsetRect
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
ReleaseCapture
PostMessageW
IsRectEmpty
CopyAcceleratorTableW
CharNextW
CharUpperW
DefWindowProcW
DrawIcon
IsIconic
CheckMenuItem
SetWindowPos
SetWindowRgn
GetClientRect
SetWindowLongW
GetWindowLongW
AppendMenuW
GetSystemMenu
LoadIconW
GetSystemMetrics
TranslateAcceleratorW
LoadAcceleratorsW
EnumWindows
FindWindowW
SetForegroundWindow
GetWindowTextW
MessageBoxW
GetClassNameW
RedrawWindow
LoadBitmapW
GetFocus
GetNextDlgTabItem
SetFocus
KillTimer
SetTimer
wsprintfW
SendMessageW
EnableWindow
DrawIconEx
GetWindowRect
LoadImageW
BeginPaint
UnregisterClassA

gdi32

MoveToEx
ExtSelectClipRgn
CreateBitmap
GetMapMode
DPtoLP
GetTextColor
GetRgnBox
LineTo
GetClipBox
SetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
CreateRectRgnIndirect
CreateSolidBrush
SetBkMode
RestoreDC
SaveDC
FloodFill
SetTextColor
SetBkColor
SetPixel
CreateFontW
EnumFontFamiliesExW
CreateFontIndirectW
GetTextExtentPoint32W
Rectangle
FrameRgn
DeleteObject
CreatePen
GetBkColor
GetObjectW
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCW
CombineRgn
CreateRectRgn
CreateRoundRectRgn
GetStockObject
SetTextAlign

comdlg32

GetSaveFileNameW
GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

OpenEventLogW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
CloseEventLog
ReadEventLogW
RegOpenKeyExW
ControlService
StartServiceW
DeleteService
CloseServiceHandle
OpenServiceW
CreateServiceW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegQueryValueExW

shell32

DragFinish
Shell_NotifyIconW
ShellExecuteW
DragQueryFileW

comctl32

_TrackMouseEvent

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathFileExistsW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoTaskMemAlloc
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen

iphlpapi

GetAdaptersInfo
GetTcpTable
GetTcpStatistics
GetIfEntry

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

imagehlp

CheckSumMappedFile

gdiplus

GdipFree
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipDisposeImage
GdipGetImageEncoders
GdipCloneImage
GdiplusShutdown
GdiplusStartup

Sections

.text
Size: 268KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCPZ-v2.3.1/TCPZ64.exe
.exe windows:4 windows x64 arch:x64

e9c8bdea88b80dd991ff98e1835bb2ed

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2011, 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

df:9e:54:20:ec:7a:ca:dd:2c:a2:a0:d9:2a:8f:df:25:4a:18:67:94
Signer

Actual PE Digest

df:9e:54:20:ec:7a:ca:dd:2c:a2:a0:d9:2a:8f:df:25:4a:18:67:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

b:\Open_TCPZ\TCPZ\x64\release\TCPZ64.pdb

Imports

kernel32

GetProcessHeap
GetStartupInfoW
ExitProcess
RtlLookupFunctionEntry
RtlUnwindEx
HeapReAlloc
RaiseException
RtlPcToFileHeader
HeapSize
VirtualProtect
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
HeapAlloc
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
HeapFree
GetTickCount
GetFileTime
FileTimeToLocalFileTime
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WritePrivateProfileStringW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FileTimeToSystemTime
GetThreadLocale
GlobalFlags
lstrlenA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
CompareStringA
GetCurrentProcessId
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetVersionExA
FormatMessageW
LocalFree
MulDiv
GetModuleHandleA
SetLastError
WideCharToMultiByte
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetLocaleInfoW
GetEnvironmentVariableW
DeviceIoControl
GetFileAttributesW
GetCurrentDirectoryW
GetSystemInfo
GetModuleHandleW
GetVersionExW
GetLastError
CreateMutexW
DeleteFileW
Sleep
GetTempPathW
lstrlenW
UnmapViewOfFile
IsBadReadPtr
MapViewOfFile
CreateFileMappingW
WriteFile
CopyFileW
SetFilePointer
lstrcmpW
GetModuleFileNameW
FindResourceExW
lstrcmpiW
GetWindowsDirectoryW
lstrcatW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersion
WaitForSingleObject
CreateRemoteThread
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
VirtualFree
CloseHandle
ReadFile
VirtualAlloc
GetFileSize
CreateFileW
lstrcpyW

user32

RegisterClipboardFormatW
PostThreadMessageW
SetCapture
UnregisterClassW
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetMessageW
TranslateMessage
ValidateRect
PostQuitMessage
GetWindowThreadProcessId
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetWindowLongPtrW
SetWindowLongPtrW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
IsWindowVisible
UpdateWindow
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DefWindowProcW
CallWindowProcW
IntersectRect
SystemParametersInfoA
GetMenuState
GetMenuItemID
GetMenuItemCount
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
GrayStringW
DrawTextExW
TabbedTextOutW
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
GetWindowTextLengthW
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
EndDialog
DrawTextW
GetTopWindow
SetParent
GetKeyState
ScrollDC
SetCursor
LoadCursorW
GetParent
DrawStateW
DrawEdge
CopyRect
PtInRect
InvalidateRect
GetSysColor
ReleaseDC
InflateRect
GetDC
GetWindowPlacement
DestroyMenu
TrackPopupMenu
GetSubMenu
LoadMenuW
GetCursorPos
OffsetRect
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
ReleaseCapture
PostMessageW
CharNextW
CharUpperW
DrawIcon
IsIconic
CheckMenuItem
SetWindowPos
SetWindowRgn
GetClientRect
SetWindowLongW
GetWindowLongW
AppendMenuW
GetSystemMenu
LoadIconW
GetSystemMetrics
TranslateAcceleratorW
LoadAcceleratorsW
EnumWindows
FindWindowW
SetForegroundWindow
GetWindowTextW
MessageBoxW
GetClassNameW
RedrawWindow
LoadBitmapW
GetFocus
GetNextDlgTabItem
SetFocus
KillTimer
SetTimer
wsprintfW
SendMessageW
EnableWindow
DrawIconEx
GetWindowRect
LoadImageW
ClientToScreen
UnregisterClassA

gdi32

ExtSelectClipRgn
MoveToEx
CreateBitmap
GetMapMode
DPtoLP
GetTextColor
GetRgnBox
LineTo
GetClipBox
SetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
CreateRectRgnIndirect
CreateSolidBrush
SetBkMode
RestoreDC
SaveDC
FloodFill
SetTextColor
SetBkColor
SetPixel
CreateFontW
EnumFontFamiliesExW
CreateFontIndirectW
GetTextExtentPoint32W
Rectangle
FrameRgn
DeleteObject
CreatePen
GetBkColor
GetObjectW
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCW
CombineRgn
CreateRectRgn
CreateRoundRectRgn
GetStockObject
SetTextAlign

comdlg32

GetSaveFileNameW
GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

OpenEventLogW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
CloseEventLog
ReadEventLogW
RegOpenKeyExW
ControlService
StartServiceW
DeleteService
CloseServiceHandle
OpenServiceW
CreateServiceW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegQueryValueExW

shell32

DragFinish
Shell_NotifyIconW
ShellExecuteW
DragQueryFileW

comctl32

_TrackMouseEvent

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathFileExistsW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoTaskMemAlloc
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString
SysStringLen

iphlpapi

GetAdaptersInfo
GetTcpTable
GetTcpStatistics
GetIfEntry

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

imagehlp

CheckSumMappedFile

gdiplus

GdipFree
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipDisposeImage
GdipGetImageEncoders
GdipCloneImage
GdiplusShutdown
GdiplusStartup

Sections

.text
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCPZ-v2.3.1/VirtualDevice/Driver/TcpzPropPage-x64.DLL
.dll windows:5 windows x64 arch:x64

c1de49a8d9e4547b2a474baa62696454

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2011, 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:86:40:c8:44:82:c3:2e:f7:5a:f8:7e:e7:f3:77:98:18:f8:d6:0c
Signer

Actual PE Digest

50:86:40:c8:44:82:c3:2e:f7:5a:f8:7e:e7:f3:77:98:18:f8:d6:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

b:\driver_new\tcpzproppage\x64\objfre_wnet_AMD64\TcpzPropPage-x64.pdb

Imports

msvcrt

_wtoi
free
malloc
memset
_initterm
??3@YAXPEAX@Z

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW

kernel32

GetCurrentProcess
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
GetModuleHandleW
CreateFileW
CloseHandle
DeviceIoControl
lstrcatW
DisableThreadLibraryCalls
lstrcpyW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameW
lstrcmpW
GetLocaleInfoW
GetVersion
GetSystemInfo
GetProcAddress
FindResourceExW
GetVersionExW
GetWindowsDirectoryW
lstrlenW
FreeResource
lstrcpynW
LockResource
LoadResource

user32

GetSystemMetrics
EnableWindow
GetDlgItem
SetDlgItemTextW
wsprintfW
SendMessageW
MessageBoxW
GetDlgItemTextW

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

DllMain
TcpzPropPageProvider

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCPZ-v2.3.1/VirtualDevice/Driver/TcpzPropPage-x86.DLL
.dll windows:5 windows x86 arch:x86

ec19c06e19e154f74cbda3a540bf4798

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2011, 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:97:4a:06:12:ce:28:57:bd:f6:26:a0:89:d2:c2:7e:ab:fb:94:22
Signer

Actual PE Digest

21:97:4a:06:12:ce:28:57:bd:f6:26:a0:89:d2:c2:7e:ab:fb:94:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

b:\driver_new\tcpzproppage\x86\objfre_wnet_x86\TcpzPropPage-x86.pdb

Imports

msvcrt

_adjust_fdiv
_initterm
??3@YAXPAX@Z
malloc
free
_wtoi
wcslen

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW

kernel32

UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
SetUnhandledExceptionFilter
Sleep
GetCurrentProcess
GetVersionExW
CreateFileW
CloseHandle
DeviceIoControl
lstrcatW
DisableThreadLibraryCalls
lstrcpyW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameW
lstrcmpW
GetLocaleInfoW
GetVersion
GetSystemInfo
GetProcAddress
GetModuleHandleW
GetCurrentThreadId
GetWindowsDirectoryW
lstrlenW
FreeResource
lstrcpynW
LockResource
LoadResource
FindResourceExW
QueryPerformanceCounter
GetTickCount

user32

SetDlgItemTextW
wsprintfW
SendMessageW
GetSystemMetrics
GetDlgItemTextW
GetDlgItem
EnableWindow
MessageBoxW

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DllMain
TcpzPropPageProvider

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCPZ-v2.3.1/VirtualDevice/Driver/tcpz-x64d.sys
.sys windows:5 windows x64 arch:x64

64260cc5baf777edc9741651db052262

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2011, 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c2:6c:25:f8:f0:c1:92:48:c3:96:02:8a:86:0d:26:26:6f:58:24:ea
Signer

Actual PE Digest

c2:6c:25:f8:f0:c1:92:48:c3:96:02:8a:86:0d:26:26:6f:58:24:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

b:\driver_new\amd64\tcpz-x64.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ExFreePoolWithTag
_stricmp
ExAllocatePoolWithTag
ZwQuerySystemInformation
RtlGetVersion
MmIsAddressValid
RtlQueryRegistryValues
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
KeDelayExecutionThread
IofCompleteRequest
PsCreateSystemThread
IoCreateSymbolicLink
IoCreateDevice
KeBugCheckEx

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 710B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCPZ-v2.3.1/VirtualDevice/Driver/tcpz-x86d.sys
.sys windows:5 windows x86 arch:x86

82b42a17eeb102b8e89ec0a6d2ae5cec

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2011, 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:c1:df:ad:a6:6e:06:df:73:c4:07:db:ec:53:98:3b:f6:13:d0:83
Signer

Actual PE Digest

23:c1:df:ad:a6:6e:06:df:73:c4:07:db:ec:53:98:3b:f6:13:d0:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

b:\driver_new\i386\tcpz-x86.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
_stricmp
ExAllocatePoolWithTag
ZwQuerySystemInformation
RtlGetVersion
MmIsAddressValid
RtlQueryRegistryValues
RtlInitUnicodeString
IofCompleteRequest
PsCreateSystemThread
KeInitializeSpinLock
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
IoDeleteSymbolicLink
KeDelayExecutionThread
IoDeleteDevice

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 666B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCPZ-v2.3.1/VirtualDevice/Driver/tcpz.cat
TCPZ-v2.3.1/VirtualDevice/Driver/tcpz.inf
TCPZ-v2.3.1/VirtualDevice/RemoveWatermarkX64.exe
.exe windows:4 windows x64 arch:x64

639fd801083073ce729fa3e3f7bbe58f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

imagehlp

CheckSumMappedFile

shlwapi

PathFileExistsA

kernel32

HeapAlloc
GetProcessHeap
lstrlenA
GetCommandLineA
ExitProcess
UnmapViewOfFile
IsBadReadPtr
CloseHandle
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
DeleteFileA
CopyFileA
MoveFileExA
GetTempFileNameA
GetModuleFileNameA
GetLastError
WaitForSingleObject
lstrcpyA
WriteFile
ReadFile
SetFilePointer
lstrcatA
GetWindowsDirectoryA
GetVersion
HeapFree
ReadConsoleA
GetStdHandle
WriteConsoleA
CreateProcessA

user32

wsprintfA
wvsprintfA

advapi32

RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCPZ-v2.3.1/VirtualDevice/TCPZ_Setup-x64.exe
.exe windows:5 windows x64 arch:x64

10afc90e59035551b6de2784fb57150c

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2011, 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:7e:f3:53:d1:2b:07:77:43:4b:a0:76:35:33:2f:77:2e:fd:89:c6
Signer

Actual PE Digest

53:7e:f3:53:d1:2b:07:77:43:4b:a0:76:35:33:2f:77:2e:fd:89:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

b:\tcpz_setup\x64\objfre_wnet_AMD64\TCPZ_Setup-x64.pdb

Imports

msvcrt

exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
malloc
free
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_wcsicmp
_wcsnicmp
iswalpha
towupper
towlower
wcschr
_wcsdup
wprintf
wcsstr
memset

advapi32

GetSidSubAuthorityCount
RegOpenKeyW
RegDeleteKeyW
DuplicateTokenEx
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

GetFullPathNameW
GetCurrentProcessId
LoadLibraryA
CreateProcessW
WaitForSingleObject
LoadLibraryW
GetProcAddress
GetStartupInfoA
lstrlenW
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
lstrcpynW
lstrcpyW
DeleteFileW
lstrcatW
GetWindowsDirectoryW
Sleep
GetFileAttributesW
CreateMutexW
GetCurrentProcess
FreeResource
LockResource
LoadResource
RtlCaptureContext
GetEnvironmentVariableW
GetVersion
lstrcmpW
GetLocaleInfoW
GetLastError
CloseHandle
HeapFree
HeapAlloc
GetProcessHeap
OpenProcess
FreeLibrary
FindResourceExW

user32

DialogBoxParamW
ExitWindowsEx
CharNextW
PostMessageW
SetWindowTextW
ShowWindow
EndDialog
LoadStringW
MessageBoxW
SetDlgItemTextW
GetDlgItem
EnableWindow
GetWindowThreadProcessId
FindWindowW

setupapi

SetupDiCallClassInstaller
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
SetupDiGetDeviceInstallParamsW
SetupDiSetClassInstallParamsW
CM_Get_Device_ID_ExW
SetupDiGetDeviceInfoListDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiOpenDeviceInfoW
SetupDiGetClassDevsExW
SetupDiCreateDeviceInfoListExW
SetupDiClassGuidsFromNameExW
CM_Get_DevNode_Status_Ex
SetupDiDestroyDeviceInfoList

shlwapi

PathFileExistsW

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCPZ-v2.3.1/VirtualDevice/TCPZ_Setup-x86.exe
.exe windows:5 windows x86 arch:x86

c71a614e4dfee7ebddb39579cd77a787

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2011, 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

df:20:77:4a:25:3b:97:56:6a:d0:92:38:97:81:5d:13:a7:4c:f4:73
Signer

Actual PE Digest

df:20:77:4a:25:3b:97:56:6a:d0:92:38:97:81:5d:13:a7:4c:f4:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

b:\tcpz_setup\x86\objfre_wnet_x86\TCPZ_Setup-x86.pdb

Imports

msvcrt

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
malloc
free
??3@YAXPAX@Z
??2@YAPAXI@Z
_wcsicmp
_wcsnicmp
iswalpha
towupper
towlower
wcschr
_wcsdup
wprintf
wcsstr

advapi32

LookupPrivilegeValueW
RegOpenKeyW
RegDeleteKeyW
DuplicateTokenEx
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

CreateProcessW
WaitForSingleObject
LoadLibraryW
GetProcAddress
FreeLibrary
OpenProcess
GetProcessHeap
GetStartupInfoA
SetUnhandledExceptionFilter
GetCurrentProcessId
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FindResourceExW
LoadResource
LockResource
FreeResource
GetFileAttributesW
GetFullPathNameW
lstrlenW
lstrcpynW
LoadLibraryA
lstrcpyW
DeleteFileW
lstrcatW
GetWindowsDirectoryW
Sleep
CreateMutexW
GetModuleFileNameW
UnhandledExceptionFilter
GetEnvironmentVariableW
GetVersion
lstrcmpW
GetLocaleInfoW
GetLastError
CloseHandle
HeapFree
HeapAlloc
GetCurrentProcess

user32

DialogBoxParamW
ExitWindowsEx
CharNextW
PostMessageW
SetWindowTextW
ShowWindow
EndDialog
LoadStringW
MessageBoxW
SetDlgItemTextW
GetDlgItem
EnableWindow
FindWindowW
GetWindowThreadProcessId

setupapi

SetupDiCallClassInstaller
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
SetupDiGetDeviceInstallParamsW
SetupDiSetClassInstallParamsW
CM_Get_Device_ID_ExW
SetupDiGetDeviceInfoListDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiOpenDeviceInfoW
SetupDiGetClassDevsExW
SetupDiCreateDeviceInfoListExW
SetupDiClassGuidsFromNameExW
CM_Get_DevNode_Status_Ex
SetupDiDestroyDeviceInfoList

shlwapi

PathFileExistsW

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCPZ-v2.3.1/VirtualDevice/readme.EN.txt
TCPZ-v2.3.1/VirtualDevice/readme.txt
TCPZ-v2.3.1/files.txt
TCPZ-v2.3.1/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

b19a2077d10ce7a22bc2fbc66ed246bc

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4cCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

93:ef:3d:19:db:44:ee:6c:01:44:db:56:5c:13:cc:f8:00:3d:9c:b7Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

iphlpapi

version

imagehlp

gdiplus

Sections

.text Size: 268KB - Virtual size: 264KB

.rdata Size: 76KB - Virtual size: 73KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 212KB - Virtual size: 209KB

e9c8bdea88b80dd991ff98e1835bb2ed

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4cCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

df:9e:54:20:ec:7a:ca:dd:2c:a2:a0:d9:2a:8f:df:25:4a:18:67:94Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

iphlpapi

version

imagehlp

gdiplus

Sections

.text Size: 372KB - Virtual size: 372KB

.rdata Size: 139KB - Virtual size: 139KB

.data Size: 15KB - Virtual size: 38KB

.pdata Size: 29KB - Virtual size: 29KB

.rsrc Size: 209KB - Virtual size: 209KB

c1de49a8d9e4547b2a474baa62696454

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4cCertificate

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

93:ef:3d:19:db:44:ee:6c:01:44:db:56:5c:13:cc:f8:00:3d:9c:b7
Signer

.text
Size: 268KB - Virtual size: 264KB

.rdata
Size: 76KB - Virtual size: 73KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 212KB - Virtual size: 209KB

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

df:9e:54:20:ec:7a:ca:dd:2c:a2:a0:d9:2a:8f:df:25:4a:18:67:94
Signer

.text
Size: 372KB - Virtual size: 372KB

.rdata
Size: 139KB - Virtual size: 139KB

.data
Size: 15KB - Virtual size: 38KB

.pdata
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 209KB - Virtual size: 209KB

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

50:86:40:c8:44:82:c3:2e:f7:5a:f8:7e:e7:f3:77:98:18:f8:d6:0c
Signer

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 360B

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 84B

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:97:4a:06:12:ce:28:57:bd:f6:26:a0:89:d2:c2:7e:ab:fb:94:22
Signer

.text
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 1008B

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 856B

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

c2:6c:25:f8:f0:c1:92:48:c3:96:02:8a:86:0d:26:26:6f:58:24:ea
Signer