fa8a030c99801f436e974ded7d9e048c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa8a030c99801f436e974ded7d9e048c_JaffaCakes118
Size

925KB
MD5

fa8a030c99801f436e974ded7d9e048c
SHA1

a397758239ae02063d98d6fd6ba91047a6cf674e
SHA256

4db6c7b05b1b4dbfe515053edc73ef57121756189a98a764affd8262356bb21f
SHA512

55134fec0d96005b7baba6f274f76bbfe31c7092afb5db2d64bc1ffbc98cb5752aba62c290ae585d38e12c0cedcd3a6497b5d32eca382396e028e6479a19615f
SSDEEP

24576:umJLRWEFPc5PZ4CkXTvlUzl37fEi3Qj3Fn405Satloddy:u7EFc5PmXrwfEiArZoPo

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll

Files

fa8a030c99801f436e974ded7d9e048c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:be:00:40:f9:55:8f:86:56:9f:54:28:6e:f6:53:98
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/06/2010, 00:00

Not After

20/06/2013, 23:59

Subject

CN=Alot.com,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Alot.com,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:80:49:b0:9f:b9:49:ae:61:7b:28:60:c0:5d:9a:89:f8:2d:0a:1a
Signer

Actual PE Digest

08:80:49:b0:9f:b9:49:ae:61:7b:28:60:c0:5d:9a:89:f8:2d:0a:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 932KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$0/$PROGRAMFILES/alotappbar/alotUninst.exe.nsis
$0/resources/App_1008/images/88ac62cafc726fd05565fbb5981844b6.png
.png
$0/resources/App_1106/images/ea9f427546b5a19f3b121d652bf34b80.png
.png
$0/resources/App_173411/images/62da304c1068d118ce6fdf68b4a70e1f.png
.png
$0/resources/App_180111/images/87247ae99ea81812b6047cf06c05a833.png
.png
$0/resources/App_4626/images/a6c562dcfaa4d5179077ff65f48a61f3.png
.png
$0/resources/App_4629/images/7b2fdf9965fe4ff9b4ccddc50297c066.png
.png
$0/resources/App_5809/images/dea85611eacb320a29fe17b8907b7e05.png
.png
$0/resources/App_85411/images/daf526c54d0d724d9f291f8e4608bf7e.png
.png
$0/resources/shared/domains.dat
.xml
$0/resources/shared/images/DesktopAlertClose.png
.png
$0/resources/shared/images/PageAlertBkgnd.png
.png
$0/resources/shared/images/PageAlertButton.png
.png
$0/resources/shared/images/PageAlertButtonHot.png
.png
$0/resources/shared/images/PageAlertClose.png
.png
$0/resources/shared/images/PageAlertCloseHot.png
.png
$0/resources/shared/images/add-app-hover.png
.png
$0/resources/shared/images/add-app.png
.png
$0/resources/shared/images/alot-logo-100x51.png
.png
$0/resources/shared/images/alot-logo-13x13.png
.png
$0/resources/shared/images/alot-logo-16x16.png
.png
$0/resources/shared/images/alot-logo-65x34-hover.png
.png
$0/resources/shared/images/alot-logo-65x34.png
.png
$0/resources/shared/images/alot-logo-95x55.png
.png
$0/resources/shared/images/check.png
.png
$0/resources/shared/images/cog-hover.png
.png
$0/resources/shared/images/cog.png
.png
$0/resources/shared/images/desktopAlertAttrBkgnd.png
.png
$0/resources/shared/images/desktopAlertCloseHot.png
.png
$0/resources/shared/images/desktopAlertImage.png
.png
$0/resources/shared/images/desktopAlertImageBkgnd.png
.png
$0/resources/shared/images/desktopAlertTextBkgnd.png
.png
$0/resources/shared/images/error-icon.jpg
.jpg
$0/resources/shared/images/favicon.ico
$0/resources/shared/images/loading.bmp
$0/resources/shared/images/magnifying-glass.png
.png
$0/resources/shared/images/search-button-hover.png
.png
$0/resources/shared/images/search-button.png
.png
$0/resources/shared/images/theme/blue/appbar-bg.png
.png
$0/resources/shared/images/theme/blue/divider.png
.png
$0/resources/shared/images/theme/blue/page/bg.png
.png
$0/resources/shared/images/theme/blue/page/left/hover.png
.png
$0/resources/shared/images/theme/blue/page/left/normal.png
.png
$0/resources/shared/images/theme/blue/page/left/not-available.png
.png
$0/resources/shared/images/theme/blue/page/right/hover.png
.png
$0/resources/shared/images/theme/blue/page/right/normal.png
.png
$0/resources/shared/images/theme/blue/page/right/not-available.png
.png
$0/resources/shared/images/theme/blue/slider.png
.png
$0/resources/shared/images/theme/blue/swatch.png
.png
$0/resources/shared/images/theme/green/appbar-bg.png
.png
$0/resources/shared/images/theme/green/divider.png
.png
$0/resources/shared/images/theme/green/page/bg.png
.png
$0/resources/shared/images/theme/green/page/left/hover.png
.png
$0/resources/shared/images/theme/green/page/left/normal.png
.png
$0/resources/shared/images/theme/green/page/left/not-available.png
.png
$0/resources/shared/images/theme/green/page/right/hover.png
.png
$0/resources/shared/images/theme/green/page/right/normal.png
.png
$0/resources/shared/images/theme/green/page/right/not-available.png
.png
$0/resources/shared/images/theme/green/slider.png
.png
$0/resources/shared/images/theme/green/swatch.png
.png
$0/resources/shared/images/theme/orange/appbar-bg.png
.png
$0/resources/shared/images/theme/orange/divider.png
.png
$0/resources/shared/images/theme/orange/page/bg.png
.png
$0/resources/shared/images/theme/orange/page/left/hover.png
.png
$0/resources/shared/images/theme/orange/page/left/normal.png
.png
$0/resources/shared/images/theme/orange/page/left/not-available.png
.png
$0/resources/shared/images/theme/orange/page/right/hover.png
.png
$0/resources/shared/images/theme/orange/page/right/normal.png
.png
$0/resources/shared/images/theme/orange/page/right/not-available.png
.png
$0/resources/shared/images/theme/orange/slider.png
.png
$0/resources/shared/images/theme/orange/swatch.png
.png
$0/resources/shared/images/theme/palette-hover.png
.png
$0/resources/shared/images/theme/palette.png
.png
$0/resources/shared/images/theme/pink/appbar-bg.png
.png
$0/resources/shared/images/theme/pink/divider.png
.png
$0/resources/shared/images/theme/pink/page/bg.png
.png
$0/resources/shared/images/theme/pink/page/left/hover.png
.png
$0/resources/shared/images/theme/pink/page/left/normal.png
.png
$0/resources/shared/images/theme/pink/page/left/not-available.png
.png
$0/resources/shared/images/theme/pink/page/right/hover.png
.png
$0/resources/shared/images/theme/pink/page/right/normal.png
.png
$0/resources/shared/images/theme/pink/page/right/not-available.png
.png
$0/resources/shared/images/theme/pink/slider.png
.png
$0/resources/shared/images/theme/pink/swatch.png
.png
$0/resources/shared/images/theme/standard/appbar-bg.png
.png
$0/resources/shared/images/theme/standard/divider.png
.png
$0/resources/shared/images/theme/standard/page/bg.png
.png
$0/resources/shared/images/theme/standard/page/left/hover.png
.png
$0/resources/shared/images/theme/standard/page/left/normal.png
.png
$0/resources/shared/images/theme/standard/page/left/not-available.png
.png
$0/resources/shared/images/theme/standard/page/right/hover.png
.png
$0/resources/shared/images/theme/standard/page/right/normal.png
.png
$0/resources/shared/images/theme/standard/page/right/not-available.png
.png
$0/resources/shared/images/theme/standard/slider.png
.png
$0/resources/shared/images/theme/standardClassic/appbar-bg.png
.png
$0/resources/shared/images/theme/standardClassic/divider.png
.png
$0/resources/shared/images/theme/standardClassic/page/bg.png
.png
$0/resources/shared/images/theme/standardClassic/page/left/hover.png
.png
$0/resources/shared/images/theme/standardClassic/page/left/normal.png
.png
$0/resources/shared/images/theme/standardClassic/page/left/not-available.png
.png
$0/resources/shared/images/theme/standardClassic/page/right/hover.png
.png
$0/resources/shared/images/theme/standardClassic/page/right/normal.png
.png
$0/resources/shared/images/theme/standardClassic/page/right/not-available.png
.png
$0/resources/shared/images/theme/standardClassic/slider.png
.png
$0/resources/shared/images/theme/standardWin7/appbar-bg.png
.png
$0/resources/shared/images/theme/standardWin7/divider.png
.png
$0/resources/shared/images/theme/standardWin7/page/bg.png
.png
$0/resources/shared/images/theme/standardWin7/page/left/hover.png
.png
$0/resources/shared/images/theme/standardWin7/page/left/normal.png
.png
$0/resources/shared/images/theme/standardWin7/page/left/not-available.png
.png
$0/resources/shared/images/theme/standardWin7/page/right/hover.png
.png
$0/resources/shared/images/theme/standardWin7/page/right/normal.png
.png
$0/resources/shared/images/theme/standardWin7/page/right/not-available.png
.png
$0/resources/shared/images/theme/standardWin7/slider.png
.png
$0/resources/shared/images/widget/caption-bg.bmp
$0/resources/shared/images/widget/close-hover.bmp
$0/resources/shared/images/widget/close.bmp
$0/resources/shared/images/widget/configure-hover.bmp
$0/resources/shared/images/widget/configure.bmp
$0/resources/shared/images/widget/refresh-hover.bmp
$0/resources/shared/images/widget/refresh.bmp
$0/toolbar.xml
.xml
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetModuleHandleW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrcpynW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc

user32

OpenClipboard
DestroyIcon
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
MessageBoxW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyWindow

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/closeie.ini
$PLUGINSDIR/eula.html
.html
$PLUGINSDIR/eula.ini
$PLUGINSDIR/installhelper.dll
.dll windows:5 windows x86 arch:x86

d7cc17fe91ccc5f3bc45940baab8122e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:be:00:40:f9:55:8f:86:56:9f:54:28:6e:f6:53:98
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/06/2010, 00:00

Not After

20/06/2013, 23:59

Subject

CN=Alot.com,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Alot.com,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\LOCALPROJECTS\InstallHelper_1_0_6\Release\installhelper.pdb

Imports

shell32

ShellExecuteW

kernel32

GlobalAlloc
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetVersionExW
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
LCMapStringW
GetStringTypeW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GlobalLock
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
GetStdHandle
WriteFile
HeapDestroy
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
Sleep
HeapSize
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
GlobalUnlock
GetModuleFileNameW
MulDiv
lstrcmpW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
LoadLibraryW
GetProcAddress
FreeLibrary
GetLastError
InterlockedPushEntrySList
LocalFree
GetCurrentProcess
OpenProcess
CreateProcessW
CloseHandle
lstrlenW
InterlockedCompareExchange
GetTickCount
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
RtlUnwind
DecodePointer
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree

user32

GetWindowThreadProcessId
FindWindowW
DestroyWindow
SetWindowLongW
SetWindowPos
GetClassInfoExW
LoadCursorW
RegisterClassExW
CreateWindowExW
GetClientRect
wsprintfW
GetWindowLongW
UnregisterClassW
CharNextW
DefWindowProcW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
IsWindow
SendMessageW
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
MoveWindow
GetSysColor
UnregisterClassA

gdi32

GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
GetStockObject

advapi32

RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
GetSecurityInfo
GetAclInformation
GetAce
DeleteAce
SetSecurityInfo
GetTokenInformation
OpenProcessToken
DuplicateTokenEx

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocStringLen
SysStringByteLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SysStringLen
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysAllocStringByteLen

shlwapi

PathIsURLW
SHDeleteKeyW
UrlEscapeW
UrlCreateFromPathW

Exports

Exports

HtmlCreate
HtmlDestroy
HtmlDisplay
IEAddSearchProvider
IEApprove
IEGetDefaultSearchProvider
IEGetMajorVersion
IELaunch
IERemoveSearchProvider
IESetDefaultSearchProvider
IEShowToolbar
IEShowToolbarExW
IEUnblockExtension
WinGetKnownFolderPath

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PROGRAMFILES/alotappbar/bin/ALOTSettings.exe
.exe windows:4 windows x86 arch:x86

f81b6ccbaac6c55bf4bed6a36036db35

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:be:00:40:f9:55:8f:86:56:9f:54:28:6e:f6:53:98
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/06/2010, 00:00

Not After

20/06/2013, 23:59

Subject

CN=Alot.com,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Alot.com,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\Appbar\appbar_1_1_3000\bin\support\ALOTSettings.pdb

Imports

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

kernel32

GetCPInfo
LCMapStringW
GetLocaleInfoA
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
CreateRemoteThread
InitializeCriticalSection
OpenProcess
WideCharToMultiByte
VirtualFreeEx
GetVersionExW
TerminateProcess
GetACP
lstrlenW
InterlockedExchange
GetLastError
SetLastError
GetThreadLocale
VirtualAllocEx
GetExitCodeThread
GetModuleHandleA
DeleteCriticalSection
CloseHandle
WriteProcessMemory
GetProcessHeap
HeapAlloc
HeapSize
MultiByteToWideChar
HeapFree
HeapReAlloc
lstrcmpW
lstrcmpiW
SetUnhandledExceptionFilter
LoadLibraryA
GetOEMCP
IsBadReadPtr
GetProcAddress
IsBadCodePtr
LCMapStringA
GetStringTypeW
GetStringTypeA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetCurrentProcess
TlsAlloc
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter

user32

RegisterWindowMessageW
PostMessageW
SetParent
GetWindowLongW
SetWindowLongW
SendMessageTimeoutW
SendMessageW

advapi32

RegCreateKeyExW
RegSetValueExW

shlwapi

SHDeleteKeyW

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES/alotappbar/bin/alotappbar.dll
.dll regsvr32 windows:4 windows x86 arch:x86

3044212afc575c75584fb3e8e79dd127

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:be:00:40:f9:55:8f:86:56:9f:54:28:6e:f6:53:98
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/06/2010, 00:00

Not After

20/06/2013, 23:59

Subject

CN=Alot.com,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Alot.com,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Projects\Appbar\appbar_1_1_3000\bin\support\band_ew.pdb

Imports

uxtheme

SetWindowTheme

kernel32

SetEvent
CreateEventW
ReleaseMutex
WaitForMultipleObjects
CreateMutexW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
lstrcmpiW
LoadLibraryExW
lstrcpynW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpW
LockResource
FindResourceExW
LoadLibraryA
OpenMutexW
GetTempFileNameW
DeleteFileW
CopyFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
FindClose
FindFirstFileW
GetFileSize
SetFilePointer
ReadFile
WriteFile
WideCharToMultiByte
CreateFileW
SetEndOfFile
SetFileAttributesW
GetVersionExA
GetSystemDefaultLangID
ResumeThread
TerminateThread
ResetEvent
SetCurrentDirectoryW
GetSystemTimeAsFileTime
LocalFree
FormatMessageW
GetModuleFileNameA
GetFileAttributesExW
GetLongPathNameW
GetExitCodeProcess
CreateProcessW
TerminateProcess
lstrlenA
GetCurrentDirectoryW
FindNextFileW
OpenProcess
HeapSize
HeapReAlloc
SignalObjectAndWait
DisableThreadLibraryCalls
SystemTimeToFileTime
GetSystemTime
DuplicateHandle
VirtualProtect
VirtualQuery
Thread32Next
Thread32First
CreateToolhelp32Snapshot
SuspendThread
OpenThread
ExitThread
CreateThread
RtlUnwind
VirtualAlloc
GetSystemInfo
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCPInfo
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsBadReadPtr
IsBadCodePtr
QueryPerformanceCounter
GetLocaleInfoW
SetStdHandle
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
VirtualFreeEx
CloseHandle
GetCurrentProcessId
Sleep
lstrlenW
FreeLibrary
GetCurrentThreadId
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
LoadLibraryW
InterlockedDecrement
InterlockedIncrement
lstrcpyW
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
CreateDirectoryW
LocalAlloc

user32

GetMenuItemRect
GetSysColorBrush
ModifyMenuW
GetSystemMenu
SetClassLongW
DrawTextW
GetMonitorInfoW
MonitorFromPoint
EndDialog
SendNotifyMessageW
UpdateWindow
WindowFromPoint
FrameRect
CreatePopupMenu
TrackPopupMenu
GetActiveWindow
GetUpdateRect
AppendMenuW
InsertMenuW
SetMenuItemInfoW
SetDlgItemTextW
CheckDlgButton
CheckRadioButton
GetDlgItemTextW
IsDlgButtonChecked
SendDlgItemMessageW
GetWindowDC
DrawTextExW
GetSystemMetrics
GetTopWindow
IntersectRect
IsIconic
RegisterClipboardFormatW
GetMenuState
DeleteMenu
DestroyMenu
CopyRect
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenuItemInfoW
CopyImage
DialogBoxParamW
KillTimer
SetTimer
CharLowerW
CharUpperW
SendMessageTimeoutW
EnumChildWindows
GetAncestor
EnumWindows
OffsetRect
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
BroadcastSystemMessageW
LoadImageW
DestroyCursor
DestroyIcon
GetCursorPos
SetCursor
GetCursor
SetWindowRgn
ScreenToClient
MoveWindow
TrackMouseEvent
ClientToScreen
IsWindowEnabled
DialogBoxIndirectParamW
CreateDialogIndirectParamW
IsWindowVisible
MessageBoxW
GetWindowTextLengthW
CreateAcceleratorTableW
GetClassNameW
RedrawWindow
DestroyAcceleratorTable
SetFocus
BeginPaint
EndPaint
GetDesktopWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
FillRect
SetCapture
ReleaseCapture
GetSysColor
IsChild
GetDlgItem
CharNextW
GetWindowPlacement
SetForegroundWindow
EnableWindow
SetActiveWindow
GetParent
GetWindow
SystemParametersInfoW
MapWindowPoints
SetWindowPos
ShowWindow
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageA
DispatchMessageA
RegisterWindowMessageW
PostThreadMessageW
GetWindowThreadProcessId
CallWindowProcW
GetWindowLongW
LoadStringW
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetWindowTextW
GetKeyState
GetFocus
SetWindowTextW
GetWindowRect
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
DestroyWindow
PtInRect
LoadCursorW
wsprintfW
IsWindow
SendMessageW
PostMessageW
SetWindowLongW
GetClientRect

gdi32

DeleteObject
SelectObject
GetTextMetricsW
IntersectClipRect
SetBkMode
GetPixel
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
GetDIBColorTable
MoveToEx
LineTo
CreateFontIndirectW
SetBkColor
ExtTextOutW
GetTextExtentPoint32W
CreatePen
RoundRect
SetTextColor
CreateFontW
FrameRgn
SetDIBColorTable
CreateRoundRectRgn
CreatePolygonRgn
CreateRectRgn
CombineRgn
CreateDIBSection
SetStretchBltMode
StretchBlt
CreateSolidBrush
GetStockObject
GetObjectW
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC

shell32

ShellExecuteExW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
ord165
SHGetSpecialFolderPathW
ord92
SHFileOperationA
SHFileOperationW

ole32

CoMarshalInterThreadInterfaceInStream
OleDuplicateData
CoInitialize
RegisterDragDrop
ReleaseStgMedium
DoDragDrop
StringFromCLSID
OleInitialize
CoCreateInstance
CoGetInterfaceAndReleaseStream
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
OleUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CLSIDFromString

oleaut32

SafeArrayPutElement
SafeArrayCopy
SafeArrayGetVartype
VariantCopy
SafeArrayDestroy
SafeArrayAccessData
GetErrorInfo
SafeArrayCreateVector
SafeArrayUnaccessData
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysAllocString
SysAllocStringLen
VarUI4FromStr
SysFreeString
VariantCopyInd
VariantChangeType
VariantInit
DispCallFunc
VariantClear

shlwapi

PathIsURLW
SHGetValueW
UrlIsW
PathCreateFromUrlW
PathFindExtensionW
PathIsRelativeW
PathFindFileNameW
SHCopyKeyW
UrlGetPartW
SHRegWriteUSValueW
SHRegCreateUSKeyW
StrRetToStrW
UrlCanonicalizeW
SHDeleteKeyW
SHDeleteValueW
PathFileExistsW
PathAppendW
StrCmpIW
UrlUnescapeW

msimg32

AlphaBlend
TransparentBlt

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 726KB - Virtual size: 726KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/alotappbar/bin/alothelper.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f888f1aa557125dd6b56924d05a4202a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:be:00:40:f9:55:8f:86:56:9f:54:28:6e:f6:53:98
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/06/2010, 00:00

Not After

20/06/2013, 23:59

Subject

CN=Alot.com,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Alot.com,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Projects\Appbar\appbar_1_1_3000\bin\ALOTHelper.pdb

Imports

shlwapi

SHGetValueW

kernel32

GetCurrentProcess
GetModuleHandleA
GetModuleHandleW
lstrcpyW
GetProcAddress
GetFileAttributesW
GetVersion
lstrlenW
GetCurrentDirectoryW
SetCurrentDirectoryW
LoadLibraryW
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
FreeLibrary
lstrcatW
LCMapStringW
LCMapStringA
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetSystemInfo
VirtualProtect
InitializeCriticalSection
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapFree
RtlUnwind
InterlockedExchange
VirtualQuery
HeapAlloc
TerminateProcess
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo

user32

DestroyWindow
PostMessageW
GetClassInfoW
IsWindow
GetWindowLongW
SetWindowLongW
DefWindowProcW
ShowWindow
GetParent
CreateWindowExW
RegisterClassW
GetClientRect

oleaut32

VariantInit
SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/alotappbar/bin/alotwidgets.exe
.exe windows:4 windows x86 arch:x86

a8db2b3816a0e1e2493641727b8be7a7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:be:00:40:f9:55:8f:86:56:9f:54:28:6e:f6:53:98
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/06/2010, 00:00

Not After

20/06/2013, 23:59

Subject

CN=Alot.com,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Alot.com,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\Appbar\appbar_1_1_3000\bin\WidgetBox.pdb

Imports

urlmon

CoInternetCompareUrl
ObtainUserAgentString
IsValidURL
URLDownloadToFileW

oleacc

AccessibleObjectFromWindow
AccessibleChildren

wininet

InternetCloseHandle
InternetCrackUrlW
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetCreateUrlW

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

ws2_32

WSAGetLastError
gethostbyname

kernel32

IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetCPInfo
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
RaiseException
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryW
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
OpenMutexW
CreateMutexW
lstrlenW
CloseHandle
ReleaseMutex
ExitProcess
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
lstrcpyW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpW
GetCurrentThreadId
WideCharToMultiByte
GetWindowsDirectoryW
GetSystemDirectoryW
GetTempPathW
CreateDirectoryW
DeleteFileW
ResetEvent
CreateEventW
UnmapViewOfFile
GetStringTypeA
GetCurrentProcessId
CreateFileMappingW
Sleep
WriteFile
CreateFileW
MultiByteToWideChar
TerminateThread
MoveFileW
FreeLibrary
lstrlenA
FindClose
FindFirstFileW
GetFileSize
SetFilePointer
ReadFile
SetEndOfFile
SetFileAttributesW
GetExitCodeProcess
GetTickCount
GetVersionExA
GetSystemDefaultLangID
LocalFree
FormatMessageW
GetModuleFileNameA
GetSystemTimeAsFileTime
GetLongPathNameW
TerminateProcess
OpenProcess
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEvent
lstrcmpiW
WaitForMultipleObjects
LoadLibraryA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcpynW
HeapSize
HeapReAlloc
GetStartupInfoW
GetStringTypeW
CreateThread
ExitThread
VirtualQuery
GetSystemInfo
VirtualAlloc
LCMapStringA
LCMapStringW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
IsBadReadPtr
IsBadCodePtr
GetOEMCP
GetLocaleInfoW
QueryPerformanceCounter
HeapDestroy
HeapCreate
VirtualFree
SetStdHandle
IsBadWritePtr
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FlushFileBuffers
VirtualProtect
MapViewOfFile
RtlUnwind

user32

GetForegroundWindow
AttachThreadInput
AllowSetForegroundWindow
BringWindowToTop
SetForegroundWindow
SystemParametersInfoW
EnumWindows
MsgWaitForMultipleObjects
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetWindowThreadProcessId
BroadcastSystemMessageW
GetWindowPlacement
IsWindowVisible
GetWindowRect
IsIconic
FindWindowExW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
LoadCursorW
SetWindowRgn
GetWindowDC
TrackMouseEvent
MonitorFromRect
GetSystemMetrics
FindWindowW
GetClassInfoW
CreateWindowExW
CopyRect
CharNextW
GetClassNameW
SetWindowPos
RedrawWindow
GetDlgItem
DestroyAcceleratorTable
GetFocus
SetFocus
BeginPaint
GetDesktopWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
GetClientRect
FillRect
SetCapture
ReleaseCapture
GetSysColor
GetWindow
GetClassInfoExW
RegisterClassExW
DefWindowProcW
CallWindowProcW
DestroyWindow
PostMessageW
GetKeyState
ShowWindow
GetParent
IsChild
SendMessageW
GetWindowLongW
SetWindowLongW
RegisterWindowMessageW
IsWindow
GetMonitorInfoW
MonitorFromPoint
SendNotifyMessageW
LoadImageW
ReplyMessage
InSendMessage
DrawTextW
ScreenToClient
SetTimer
KillTimer
CreateAcceleratorTableW
FrameRect
PostThreadMessageW
wsprintfW
UnregisterClassW
GetCursorPos
SetLayeredWindowAttributes
RegisterClassW
CopyImage
PtInRect
EndPaint

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
GetDeviceCaps
BitBlt
SetDIBitsToDevice
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
StretchBlt
ExtTextOutW
RoundRect
SetPixel
CreateFontW
CreateDIBSection
CreatePen
MoveToEx
LineTo
GetTextExtentPoint32W
SetDIBColorTable
SetTextColor
SetBkMode
CreateSolidBrush
GetStockObject
GetObjectW
DeleteObject

advapi32

RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW

shell32

ShellExecuteExW
ord165
ord92

ole32

OleUninitialize
StringFromGUID2
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleInitialize
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysStringLen
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
VariantChangeType
LoadRegTypeLi
LoadTypeLi
SysFreeString
VariantCopyInd
VariantCopy
SafeArrayUnaccessData
SafeArrayAccessData
VarUI4FromStr
SafeArrayCreateVector
SafeArrayDestroy
SysAllocString
SysAllocStringLen
VariantInit
DispCallFunc
VariantClear
OleCreateFontIndirect

shlwapi

PathFileExistsW
PathAppendW
SHGetValueW
UrlIsW
PathCreateFromUrlW
PathIsRelativeW
UrlGetPartW

msimg32

TransparentBlt

gdiplus

GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipDrawImageI
GdipGetImageGraphicsContext
GdipFree
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipDeleteGraphics

Sections

.text
Size: 369KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0e:be:00:40:f9:55:8f:86:56:9f:54:28:6e:f6:53:98Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

08:80:49:b0:9f:b9:49:ae:61:7b:28:60:c0:5d:9a:89:f8:2d:0a:1aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 932KB

.rsrc Size: 28KB - Virtual size: 27KB

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 899B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 574B

d7cc17fe91ccc5f3bc45940baab8122e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0e:be:00:40:f9:55:8f:86:56:9f:54:28:6e:f6:53:98Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0e:be:00:40:f9:55:8f:86:56:9f:54:28:6e:f6:53:98
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

08:80:49:b0:9f:b9:49:ae:61:7b:28:60:c0:5d:9a:89:f8:2d:0a:1a
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 932KB

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 899B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 574B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0e:be:00:40:f9:55:8f:86:56:9f:54:28:6e:f6:53:98
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 9KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0e:be:00:40:f9:55:8f:86:56:9f:54:28:6e:f6:53:98
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0e:be:00:40:f9:55:8f:86:56:9f:54:28:6e:f6:53:98
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate