fa0ff1ca1098aa22398801590e87d876_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa0ff1ca1098aa22398801590e87d876_JaffaCakes118
Size

2.3MB
MD5

fa0ff1ca1098aa22398801590e87d876
SHA1

99577ce4d609df1e76f007b290fd1b12b752793a
SHA256

aba50aaf397ede3be29fd7802028d190137f9fe1f9b3c2bc1c55523c12a590bb
SHA512

18035b95a7dd3933f37aadac3dceaa251248e96e6c3ce712b60657c2199965fbeb1f9978c0adf36325cfd6d3e44599cf3f93bdfa31bc2842713a2e3e23081f90
SSDEEP

49152:JjZkbRnVmmTGRHhVKvDxVELMQ37INHRFXz86RJobbUWuJSI9mMZ:JWBoxH8D/VHX/JCbBYzmMZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
fa0ff1ca1098aa22398801590e87d876_JaffaCakes118
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/guidlib.dll
unpack001/$PLUGINSDIR/isoinst.dll
unpack001/ISOMounter.exe
unpack001/guidlib.dll
unpack001/isoinst.dll
unpack001/uninst.exe
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsDialogs.dll
unpack002/$PLUGINSDIR/nsExec.dll
unpack001/x86/ibinldr.sys

Files

fa0ff1ca1098aa22398801590e87d876_JaffaCakes118
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/guidlib.dll
.dll windows:5 windows x86 arch:x86

fd5eab6035adf1d1ce06809b1dd435f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeviceIoControl
CloseHandle
CreateMutexW
SetFilePointer
CreateDirectoryW
WriteFile
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
GetLastError
CreateFileW
GetPrivateProfileSectionW
DeleteFileW
WritePrivateProfileStringW
GetPrivateProfileSectionNamesW
CreateFileA
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
InterlockedExchange
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteConsoleW
GetFileType
GetStdHandle
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
ExitProcess
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleFileNameA
HeapSize
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA

user32

wsprintfA

advapi32

RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoCreateGuid

shlwapi

PathIsDirectoryW
PathFileExistsW
PathFindFileNameW

iphlpapi

GetAdaptersAddresses

Exports

Exports

initlib

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/isoinst.dll
.dll windows:5 windows x86 arch:x86

416af359629d3f36aeaf16cdb1b2d9ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
MultiByteToWideChar
GetTimeZoneInformation
WideCharToMultiByte
HeapFree
HeapAlloc
GetProcessHeap
SetEndOfFile
GetACP
SetLastError
LoadLibraryA
WriteConsoleW
GetFileTime
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FreeLibrary
GetModuleHandleW
GlobalMemoryStatusEx
GetCurrentProcessId
FindVolumeClose
MoveFileExW
LocalFree
GetProcAddress
GetWindowsDirectoryW
LoadLibraryW
GetSystemInfo
CloseHandle
Process32FirstW
Process32NextW
GetLastError
CreateToolhelp32Snapshot
OpenProcess
DeleteCriticalSection
GetSystemDirectoryW
GetFileAttributesW
CreateFileW
LocalAlloc
GetModuleFileNameW
SetFileTime
InterlockedDecrement
DeviceIoControl
WriteFile
GetCommandLineW
FindFirstVolumeW
GetFileSizeEx
QueryDosDeviceW
ReadFile
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
GetModuleFileNameA
CreateThread
TerminateThread
QueryPerformanceFrequency
Sleep
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
InterlockedExchange
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RtlUnwind
InterlockedFlushSList
RaiseException
LoadLibraryExW
ExitProcess
GetModuleHandleExW

user32

wsprintfA
wsprintfW

advapi32

RegCreateKeyW
CryptDestroyKey
CryptAcquireContextA
CryptGetKeyParam
CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptHashData
CryptSetKeyParam
CryptImportKey
CryptGetHashParam
CryptReleaseContext
RegEnumKeyW
RegEnumValueW
CreateServiceW
RegCloseKey
QueryServiceLockStatusW
UnlockServiceDatabase
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
ChangeServiceConfig2W
LockServiceDatabase
RegEnumKeyExW
RegSetValueExW
FreeSid
StartServiceW
CheckTokenMembership
RegOpenKeyExW
RegQueryValueExW
OpenServiceW

shell32

CommandLineToArgvW

oleaut32

SysFreeString
SysAllocString

psapi

GetProcessImageFileNameW

shlwapi

SHDeleteKeyW
SHGetValueW
SHSetValueW

ws2_32

inet_addr
WSAStartup
send
gethostbyname
socket
connect
recv
closesocket
WSACleanup
htons
sendto
WSASetLastError
WSAGetLastError

iphlpapi

GetAdaptersAddresses

crypt32

CryptImportPublicKeyInfo
CryptBinaryToStringA
CryptStringToBinaryA
CryptDecodeObjectEx
CryptStringToBinaryW

Exports

Exports

init
release
start
stop

Sections

.text
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ISOMounter.exe
.exe windows:6 windows x86 arch:x86

6a073b8f40cb71e0e1508df47345d8db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
DeviceIoControl
GetLastError
CreateFileA
DefineDosDeviceA
CloseHandle
LocalFree
FormatMessageA
GetModuleFileNameA
SizeofResource
GetLogicalDrives
HeapFree
GetCommandLineW
InitializeCriticalSectionEx
CreateMutexA
ReleaseMutex
GetModuleHandleA
HeapSize
LoadLibraryA
LockResource
HeapReAlloc
RaiseException
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
GetProcAddress
DeleteCriticalSection
GetProcessHeap
FreeLibrary
WriteConsoleW
CreateFileW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
WriteFile
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
WideCharToMultiByte
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
MultiByteToWideChar
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlUnwind
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
SetEndOfFile

user32

FindWindowExA
GetCursorPos
IsIconic
SetForegroundWindow
GetMessageA
DispatchMessageA
GetParent
SetActiveWindow
wsprintfA
ShowWindow
IsWindowVisible
GetWindowTextA
TranslateMessage
LoadIconA

shell32

Shell_NotifyIconA
SHChangeNotify

ole32

CoUninitialize
CoInitialize
OleUninitialize
OleInitialize

shlwapi

PathRemoveFileSpecA

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
guidlib.dll
.dll windows:5 windows x86 arch:x86

fd5eab6035adf1d1ce06809b1dd435f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeviceIoControl
CloseHandle
CreateMutexW
SetFilePointer
CreateDirectoryW
WriteFile
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
GetLastError
CreateFileW
GetPrivateProfileSectionW
DeleteFileW
WritePrivateProfileStringW
GetPrivateProfileSectionNamesW
CreateFileA
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
InterlockedExchange
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteConsoleW
GetFileType
GetStdHandle
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
ExitProcess
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleFileNameA
HeapSize
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA

user32

wsprintfA

advapi32

RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoCreateGuid

shlwapi

PathIsDirectoryW
PathFileExistsW
PathFindFileNameW

iphlpapi

GetAdaptersAddresses

Exports

Exports

initlib

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
isoinst.dll
.dll windows:5 windows x86 arch:x86

416af359629d3f36aeaf16cdb1b2d9ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
MultiByteToWideChar
GetTimeZoneInformation
WideCharToMultiByte
HeapFree
HeapAlloc
GetProcessHeap
SetEndOfFile
GetACP
SetLastError
LoadLibraryA
WriteConsoleW
GetFileTime
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FreeLibrary
GetModuleHandleW
GlobalMemoryStatusEx
GetCurrentProcessId
FindVolumeClose
MoveFileExW
LocalFree
GetProcAddress
GetWindowsDirectoryW
LoadLibraryW
GetSystemInfo
CloseHandle
Process32FirstW
Process32NextW
GetLastError
CreateToolhelp32Snapshot
OpenProcess
DeleteCriticalSection
GetSystemDirectoryW
GetFileAttributesW
CreateFileW
LocalAlloc
GetModuleFileNameW
SetFileTime
InterlockedDecrement
DeviceIoControl
WriteFile
GetCommandLineW
FindFirstVolumeW
GetFileSizeEx
QueryDosDeviceW
ReadFile
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
GetModuleFileNameA
CreateThread
TerminateThread
QueryPerformanceFrequency
Sleep
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
InterlockedExchange
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RtlUnwind
InterlockedFlushSList
RaiseException
LoadLibraryExW
ExitProcess
GetModuleHandleExW

user32

wsprintfA
wsprintfW

advapi32

RegCreateKeyW
CryptDestroyKey
CryptAcquireContextA
CryptGetKeyParam
CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptHashData
CryptSetKeyParam
CryptImportKey
CryptGetHashParam
CryptReleaseContext
RegEnumKeyW
RegEnumValueW
CreateServiceW
RegCloseKey
QueryServiceLockStatusW
UnlockServiceDatabase
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
ChangeServiceConfig2W
LockServiceDatabase
RegEnumKeyExW
RegSetValueExW
FreeSid
StartServiceW
CheckTokenMembership
RegOpenKeyExW
RegQueryValueExW
OpenServiceW

shell32

CommandLineToArgvW

oleaut32

SysFreeString
SysAllocString

psapi

GetProcessImageFileNameW

shlwapi

SHDeleteKeyW
SHGetValueW
SHSetValueW

ws2_32

inet_addr
WSAStartup
send
gethostbyname
socket
connect
recv
closesocket
WSACleanup
htons
sendto
WSASetLastError
WSAGetLastError

iphlpapi

GetAdaptersAddresses

crypt32

CryptImportPublicKeyInfo
CryptBinaryToStringA
CryptStringToBinaryA
CryptDecodeObjectEx
CryptStringToBinaryW

Exports

Exports

init
release
start
stop

Sections

.text
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sciter.dat
sciter.dll
.dll windows:5 windows x86 arch:x86

580538c5def271f3317645e0ad611b53

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:72:bc:db:c9:9c:f7:d3:2a:87:e5:fc:c0:5b:d3:0c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/08/2017, 00:00

Not After

04/09/2018, 12:00

Subject

CN=Terra Informatica Software\, Inc.,O=Terra Informatica Software\, Inc.,L=Richmond,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:16:4c:15:e6:41:15:a8:8e:64:5f:76:23:9d:10:b9:71:42:93:2d
Signer

Actual PE Digest

8c:16:4c:15:e6:41:15:a8:8e:64:5f:76:23:9d:10:b9:71:42:93:2d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\sciter\sciter\sdk\bin\32\sciter.dll.pdb

Imports

user32

GetWindowLongW
SetWindowLongW
GetWindowRect
UpdateLayeredWindow
SetCursor
MapWindowPoints
UpdateWindow
SetFocus
GetFocus
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
DestroyIcon
KillTimer
GetParent
IsWindow
SendMessageW
GetCursorPos
InvalidateRect
GetDesktopWindow
GetClientRect
LoadCursorW
MoveWindow
RegisterClassW
RedrawWindow
ShowWindow
WindowFromPoint
CreateWindowExW
SetWindowPos
DestroyWindow
PostMessageW
DefWindowProcW
GetWindowThreadProcessId
GetWindowTextW
EnableWindow
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
IsWindowUnicode
SystemParametersInfoW
PostQuitMessage
GetClassLongW
SetWindowsHookExW
EnumThreadWindows
EndDeferWindowPos
SetCapture
LoadIconW
TranslateMessage
GetUpdateRect
IsRectEmpty
GetMessageTime
UnhookWindowsHookEx
IsWindowEnabled
GetDoubleClickTime
CallMsgFilterW
IsChild
PeekMessageW
ClientToScreen
GetMonitorInfoW
SetTimer
DispatchMessageW
GetCapture
GetAsyncKeyState
BeginDeferWindowPos
SetClassLongW
GetActiveWindow
RegisterClassExW
GetScrollInfo
NotifyWinEvent
SetWindowTextW
GetSystemMetrics
CallNextHookEx
ScreenToClient
MonitorFromWindow
GetDC
GetWindow
MonitorFromPoint
GetKeyState
AdjustWindowRectEx
DeferWindowPos
GetMessageW
SetScrollInfo
EnumDisplayDevicesW
EnumDisplayMonitors
GetSysColor
DestroyCaret
FindWindowW
GetKeyboardLayout
CreateCaret
SetCaretPos
RegisterClipboardFormatW
OpenClipboard
EmptyClipboard
CloseClipboard
CountClipboardFormats
EnumClipboardFormats
SetClipboardData
IsClipboardFormatAvailable
GetClipboardData
GetClipboardSequenceNumber
LoadStringW
MessageBeep
DestroyCursor
LoadCursorFromFileA
CreateIconIndirect
GetIconInfo
DrawIconEx
MessageBoxW
SetActiveWindow
MessageBoxA
GetQueueStatus
PostThreadMessageW
MsgWaitForMultipleObjects
SetWinEventHook
DispatchMessageA
MapVirtualKeyW
GetMessageA
AnimateWindow
IsWindowVisible
GetWindowPlacement

urlmon

FindMimeFromData

oleacc

AccessibleObjectFromWindow
LresultFromObject

uxtheme

GetThemePartSize
CloseThemeData
SetWindowTheme
OpenThemeData
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent

imm32

ImmGetCompositionStringW
ImmNotifyIME
ImmAssociateContextEx
ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmIsIME

comctl32

ImageList_Destroy
ImageList_GetIconSize
ImageList_DrawEx

winmm

timeEndPeriod
PlaySoundW
timeBeginPeriod
timeGetTime
timeSetEvent
timeKillEvent

usp10

ScriptBreak
ScriptPlace
ScriptApplyDigitSubstitution
ScriptFreeCache
ScriptItemize
ScriptShape

ws2_32

getsockopt
setsockopt
WSAGetLastError
GetAddrInfoW
FreeAddrInfoW
listen
shutdown
htons
WSAIoctl
bind
ioctlsocket
WSARecv
socket
WSASocketW
select
WSARecvFrom
WSASetLastError
WSAStartup
WSASend
closesocket

wininet

InternetOpenA
InternetSetOptionW
HttpSendRequestA
InternetErrorDlg
InternetQueryOptionW
HttpQueryInfoA
InternetConnectA
HttpOpenRequestA
HttpQueryInfoW
InternetReadFile
InternetCloseHandle

kernel32

ReadDirectoryChangesW
GetCurrentDirectoryW
GetShortPathNameW
GetLongPathNameW
WriteConsoleInputW
GetNumberOfConsoleInputEvents
FillConsoleOutputAttribute
CreateFileA
GetVolumeInformationW
GetLogicalDriveStringsW
ExitThread
SetInformationJobObject
AssignProcessToJobObject
CreateJobObjectW
FreeLibraryAndExitThread
SetFileAttributesW
UnregisterWaitEx
SetConsoleCursorPosition
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
LoadLibraryExW
GetProcAddress
GlobalUnlock
GlobalLock
GlobalSize
Sleep
MulDiv
QueryPerformanceFrequency
GlobalFree
GlobalAlloc
TlsSetValue
GetLocaleInfoW
MultiByteToWideChar
GetLastError
TlsAlloc
TlsGetValue
HeapFree
GetCommandLineW
HeapAlloc
LocalFree
GetProcessHeap
GetModuleFileNameA
LoadLibraryExA
GetEnvironmentVariableW
WideCharToMultiByte
FreeLibrary
GetCPInfo
RaiseException
DecodePointer
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetTempPathA
GetTempFileNameA
GetFileAttributesW
CompareStringW
GetModuleFileNameW
CompareStringA
GetUserDefaultLCID
GetNumberFormatW
GetCurrencyFormatW
GetTimeFormatW
VerSetConditionMask
GetComputerNameW
VerifyVersionInfoW
GetDateFormatW
OutputDebugStringW
FindFirstFileW
FindNextFileW
FindClose
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
SetFilePointer
SetEndOfFile
CreateFileW
UnmapViewOfFile
FlushViewOfFile
CloseHandle
GetFileSize
CreateFileMappingW
MapViewOfFile
AllocConsole
FormatMessageW
LocalAlloc
lstrlenW
LocalSize
EncodePointer
InterlockedFlushSList
SetLastError
RtlUnwind
TlsFree
ExitProcess
GetModuleHandleExW
GetCurrentThread
GetACP
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetStringTypeW
WriteFile
GetConsoleCP
GetConsoleMode
DeleteFileW
ReadFile
SetFilePointerEx
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteConsoleW
ReadConsoleW
GetFileAttributesExW
CreateThread
lstrcmpW
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
CreateEventW
ResetEvent
DuplicateHandle
SetEvent
WaitForMultipleObjects
ReleaseSemaphore
VirtualAlloc
VirtualFree
LoadLibraryW
GetTickCount
GetThreadPriority
SetThreadPriority
GetVersionExW
ResumeThread
CreateSemaphoreA
CreateEventA
SetErrorMode
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
CancelIo
SetHandleInformation
RegisterWaitForSingleObject
UnregisterWait
SetNamedPipeHandleState
CreateNamedPipeA
CreateNamedPipeW
PeekNamedPipe
QueueUserWorkItem
GetNamedPipeHandleStateA
SwitchToThread
WaitNamedPipeW
ConnectNamedPipe
CreateDirectoryW
DeviceIoControl
RemoveDirectoryW
SetFileTime
CreateHardLinkW
GetFileInformationByHandle
MoveFileExW
CopyFileW
GetModuleHandleA
LoadLibraryA
FormatMessageA
DebugBreak
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetConsoleCursorInfo
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW

gdi32

AddFontMemResourceEx
GetObjectW
GetDIBits
CreateBitmap
GetGlyphIndicesW
StartPage
CreateFontW
EnumFontFamiliesExW
EndDoc
BitBlt
CreateDCW
SetMapMode
GetFontUnicodeRanges
StartDocW
EndPage
GetDeviceCaps
GetStockObject
RestoreDC
SetViewportOrgEx
SaveDC
GetClipBox
SetLayout
CreateCompatibleDC
DeleteObject
DeleteDC
CreateDIBSection
GetObjectA
SelectObject

winspool.drv

ord203

comdlg32

GetSaveFileNameW
GetOpenFileNameW
PrintDlgW
CommDlgExtendedError

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
GetUserNameW
RegOpenKeyExW
RegQueryValueExW

shell32

ord727
ShellExecuteW
SHGetFileInfoW
ShellExecuteExW
CommandLineToArgvW
SHGetPathFromIDListW
SHBrowseForFolderW
ord74
DragQueryFileW
SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoUninitialize
CoFreeUnusedLibraries
CoCreateGuid
CoInitialize
OleInitialize
CoTaskMemFree
CoCreateInstance
OleUninitialize
RegisterDragDrop
RevokeDragDrop
DoDragDrop
ReleaseStgMedium
CreateStreamOnHGlobal

oleaut32

SysFreeString
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreateVector
SysAllocStringLen

gdiplus

GdipCreateFontFromLogfontA
GdipGetLineSpacing
GdipCreateFontFromDC
GdiplusStartup
GdipCreateBitmapFromGraphics
GdipDrawImageI
GdipCreateHBITMAPFromBitmap
GdipDrawDriverString
GdiplusShutdown
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipAlloc
GdipFree
GdipCreateBitmapFromScan0
GdipCloneImage
GdipDisposeImage
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFillRectangleI
GdipCreatePath
GdipDeletePath
GdipAddPathArcI
GdipAddPathLineI
GdipFillPath
GdipGetClipBoundsI
GdipCreateLineBrush
GdipMultiplyLineTransform
GdipCreateMatrix2
GdipSetLinePresetBlend
GdipSetLineWrapMode
GdipAddPathEllipse
GdipCreatePathGradientFromPath
GdipSetPathGradientPresetBlend
GdipSetPathGradientWrapMode
GdipSetPathGradientCenterPoint
GdipSetPathGradientTransform
GdipCreatePen1
GdipDeletePen
GdipDrawPath
GdipFillRectanglesI
GdipDrawLine
GdipSetClipRectI
GdipTranslateWorldTransform
GdipGetSmoothingMode
GdipSaveGraphics
GdipRestoreGraphics
GdipBeginContainer2
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipGetPathWorldBounds
GdipClonePath
GdipSetClipRect
GdipAddPathRectangleI
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipSetSmoothingMode
GdipEndContainer
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRect
GdipTransformPoints
GdipMultiplyWorldTransform
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipScaleMatrix
GdipShearMatrix
GdipCreateTexture
GdipFillEllipse
GdipDrawEllipse
GdipFillPie
GdipDrawPie
GdipDrawArc
GdipFillRectangle
GdipDrawRectangle
GdipResetPath
GdipIsVisiblePathPoint
GdipStartPathFigure
GdipAddPathLine
GdipClosePathFigure
GdipSetPathFillMode
GdipAddPathArc
GdipAddPathBezier
GdipSetPageUnit
GdipSetCompositingQuality
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipCreateFromHWND
GdipCreateFromHDC
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetFontHeightGivenDPI
GdipMeasureString
GdipDeleteFontFamily
GdipGetFamily
GdipGetCellAscent
GdipGetFontSize
GdipGetEmHeight
GdipGetCellDescent
GdipDrawString
GdipAddPathString
GdipGetFontStyle
GdipCreatePen2
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenLineJoin
GdipSetPenMiterLimit
GdipSetPenDashStyle
GdipSetPenDashArray
GdipSetPenDashOffset
GdipDeleteFont

Exports

Exports

SciterAPI

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 905KB - Virtual size: 904KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:5 windows x86 arch:x86

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrlenW
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
GetCommandLineW
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleW
GetTickCount
GetStartupInfoW
CreatePipe
GetVersionExW
GlobalLock
DeleteFileW
lstrcatW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

CharPrevW
CharNextW
SendMessageW
FindWindowExW
wsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/ibinldr.sys
.sys windows:6 windows x64 arch:x64

fd114cb4cf9543cdc9072698a34a9078

Code Sign

ea:f8:8b:27:84:f1:82:96:13:07:c7:19:42:76:e2:1f
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/05/2018, 00:00

Not After

28/05/2019, 23:59

Subject

CN=ANAX CORP LIMITED,O=ANAX CORP LIMITED,POSTALCODE=EC1V 2NX,STREET=Kemp House 152-160\, Capital Office City Road,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:18:54:86:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/04/2011, 22:06

Not After

11/04/2021, 22:16

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:5d:44:fd:7c:d3:95:f1:32:d2:a1:a9:7c:82:19:7a:c1:f7:54:f9:8d:f4:df:af:1b:d3:4d:8d:f5:f4:e1:88
Signer

Actual PE Digest

3d:5d:44:fd:7c:d3:95:f1:32:d2:a1:a9:7c:82:19:7a:c1:f7:54:f9:8d:f4:df:af:1b:d3:4d:8d:f5:f4:e1:88

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\pdb\isodisk.pdb

Imports

ntoskrnl.exe

ZwFsControlFile
ZwReadFile
KeSetPriorityThread
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
RtlAppendUnicodeToString
KeInitializeEvent
RtlQueryRegistryValues
ZwCreateDirectoryObject
ZwOpenProcessToken
ZwAdjustPrivilegesToken
ZwSetInformationFile
SeCreateClientSecurity
RtlFreeUnicodeString
ZwMakeTemporaryObject
ZwCreateFile
PsCreateSystemThread
MmMapLockedPagesSpecifyCache
RtlAnsiStringToUnicodeString
ExInterlockedInsertTailList
PsTerminateSystemThread
_vsnwprintf
ZwClose
IofCompleteRequest
ObReferenceObjectByHandle
KeWaitForSingleObject
PsRevertToSelf
ExInterlockedRemoveHeadList
PsDereferenceImpersonationToken
RtlCopyUnicodeString
ObfDereferenceObject
ZwQueryInformationFile
ZwWriteFile
DbgPrint
PsDereferencePrimaryToken
SeTokenType
KeBugCheckEx
ExFreePoolWithTag
SeImpersonateClient
ExAllocatePoolWithTag
ProbeForWrite
MmGetSystemRoutineAddress
IoFreeMdl
ExEventObjectType
MmProbeAndLockPages
RtlCompareMemory
MmUnlockPages
PsGetCurrentProcessId
RtlTimeToSecondsSince1970
ZwWaitForSingleObject
KeQueryTimeIncrement
RtlInitAnsiString
IoAllocateMdl
RtlUnicodeStringToAnsiString
RtlCompareString
_vsnprintf
ZwMapViewOfSection
RtlGetVersion
ExSystemTimeToLocalTime
ZwSetEvent
RtlTimeToTimeFields
RtlFreeAnsiString
RtlCompareUnicodeString
ZwCreateSection
ZwOpenSection
KeInitializeMutex
isspace
strstr
strchr
KeReleaseMutex
ZwFreeVirtualMemory
ExInitializeNPagedLookasideList
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
KeDelayExecutionThread
ExDeletePagedLookasideList
ExQueryDepthSList
ZwOpenProcess
ZwQueryInformationProcess
ExInitializePagedLookasideList
ExDeleteNPagedLookasideList
RtlAppendUnicodeStringToString
ZwEnumerateKey
ExDeleteResourceLite
ExInitializeResourceLite
ZwQuerySystemInformation
ZwCreateKey
ZwSetValueKey
ZwQueryValueKey
ZwDeleteKey
ZwOpenKey
ZwOpenEvent
ZwCreateEvent
RtlRandomEx
IoReuseIrp
KeResetEvent
KeReadStateEvent
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
IoCancelIrp
IoFreeIrp
IoAllocateIrp
KeWaitForMultipleObjects
IoCreateDevice
ObOpenObjectByPointer
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
__C_specific_handler

netio.sys

WskDeregister
WskReleaseProviderNPI

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/ibinldr.sys
.sys windows:6 windows x86 arch:x86

9095a6a2c5f1d4b9e5814b0f217ead94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\pdb\isodisk.pdb

Imports

ntoskrnl.exe

KeSetEvent
IofCompleteRequest
ExfInterlockedInsertTailList
SeCreateClientSecurity
ExAllocatePoolWithTag
memcpy
_aulldiv
memset
ZwQueryInformationFile
ZwClose
ZwSetInformationFile
ZwFsControlFile
RtlFreeUnicodeString
DbgPrint
ZwCreateFile
RtlAnsiStringToUnicodeString
ZwAdjustPrivilegesToken
ZwOpenProcessToken
KeWaitForSingleObject
ZwWriteFile
MmMapLockedPagesSpecifyCache
PsRevertToSelf
SeImpersonateClient
ExfInterlockedRemoveHeadList
PsTerminateSystemThread
KeSetPriorityThread
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeEvent
RtlInitUnicodeString
ZwMakeTemporaryObject
ZwCreateDirectoryObject
RtlQueryRegistryValues
RtlAppendUnicodeToString
RtlCopyUnicodeString
KeTickCount
ObfDereferenceObject
ZwReadFile
ExFreePoolWithTag
_vsnprintf
ZwWaitForSingleObject
ZwSetEvent
RtlGetVersion
RtlCompareMemory
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
RtlCompareString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ZwMapViewOfSection
ZwOpenSection
ZwCreateSection
RtlCompareUnicodeString
RtlInitAnsiString
isspace
strchr
strstr
memmove
KeReleaseMutex
KeInitializeMutex
_aullrem
IoFreeMdl
MmUnlockPages
SeTokenType
MmProbeAndLockPages
IoAllocateMdl
PsGetCurrentProcessId
ProbeForWrite
ExEventObjectType
MmGetSystemRoutineAddress
RtlTimeToSecondsSince1970
KeQueryTimeIncrement
_alldiv
_allmul
ZwFreeVirtualMemory
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExInitializePagedLookasideList
ExDeletePagedLookasideList
ExDeleteNPagedLookasideList
KeDelayExecutionThread
ZwCreateKey
ZwOpenKey
ZwQueryValueKey
ZwDeleteKey
ZwSetValueKey
ZwCreateEvent
ZwOpenEvent
ZwEnumerateKey
RtlRandomEx
KeResetEvent
IoReuseIrp
IoCancelIrp
KeReadStateEvent
KeWaitForMultipleObjects
IoFreeIrp
IoAllocateIrp
ZwQuerySystemInformation
RtlAppendUnicodeStringToString
ExInitializeResourceLite
ExDeleteResourceLite
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
IoCreateDevice
RtlUnwind
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
KeBugCheckEx
PsDereferencePrimaryToken
PsDereferenceImpersonationToken
IoDeleteDevice
_vsnwprintf
KeGetCurrentThread

netio.sys

WskDeregister
WskReleaseProviderNPI

hal

KeReleaseInStackQueuedSpinLock
KeGetCurrentIrql
KeAcquireInStackQueuedSpinLock

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 1.1MB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 4KB - Virtual size: 3KB

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

fd5eab6035adf1d1ce06809b1dd435f3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

iphlpapi

Exports

Exports

Sections

.text Size: 122KB - Virtual size: 122KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 8KB - Virtual size: 8KB

416af359629d3f36aeaf16cdb1b2d9ce

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

oleaut32

psapi

shlwapi

ws2_32

iphlpapi

crypt32

Exports

Exports

Sections

.text Size: 281KB - Virtual size: 280KB

.rdata Size: 92KB - Virtual size: 92KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 1.1MB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 122KB - Virtual size: 122KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 281KB - Virtual size: 280KB

.rdata
Size: 92KB - Virtual size: 92KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 14KB - Virtual size: 14KB

.text
Size: 142KB - Virtual size: 142KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 122KB - Virtual size: 122KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 281KB - Virtual size: 280KB

.rdata
Size: 92KB - Virtual size: 92KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 14KB - Virtual size: 14KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate