Overview
overview
7Static
static
3fc238d5603...18.exe
windows7-x64
7fc238d5603...18.exe
windows10-2004-x64
7$PLUGINSDI...EN.exe
windows7-x64
3$PLUGINSDI...EN.exe
windows10-2004-x64
3$PLUGINSDI...er.exe
windows7-x64
3$PLUGINSDI...er.exe
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3AdminWorker.exe
windows7-x64
3AdminWorker.exe
windows10-2004-x64
3WebInstaller.exe
windows7-x64
6WebInstaller.exe
windows10-2004-x64
6WebUpdater.exe
windows7-x64
3WebUpdater.exe
windows10-2004-x64
3content/iwa-ovr.js
windows7-x64
3content/iwa-ovr.js
windows10-2004-x64
3firefox/iW...er.exe
windows7-x64
3firefox/iW...er.exe
windows10-2004-x64
3iWinGames.exe
windows7-x64
7iWinGames.exe
windows10-2004-x64
7iWinGamesHookIE.dll
windows7-x64
6iWinGamesHookIE.dll
windows10-2004-x64
6iWinGamesI...er.exe
windows7-x64
3iWinGamesI...er.exe
windows10-2004-x64
3pages/blank.html
windows7-x64
3pages/blank.html
windows10-2004-x64
3pages/blank2.html
windows7-x64
3pages/blank2.html
windows10-2004-x64
3pages/error.html
windows7-x64
3pages/error.html
windows10-2004-x64
3Static task
static1
Behavioral task
behavioral1
Sample
fc238d56038e9e5094038122ab07f016_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fc238d56038e9e5094038122ab07f016_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/GoogleInstAppTB_EN.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/GoogleInstAppTB_EN.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstGameInfoHelper.exe
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstGameInfoHelper.exe
Resource
win10v2004-20240910-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
AdminWorker.exe
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
AdminWorker.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
WebInstaller.exe
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
WebInstaller.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
WebUpdater.exe
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
WebUpdater.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
content/iwa-ovr.js
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
content/iwa-ovr.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
firefox/iWinArcadeLauncher.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
firefox/iWinArcadeLauncher.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
iWinGames.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
iWinGames.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
iWinGamesHookIE.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
iWinGamesHookIE.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
iWinGamesInstaller.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
iWinGamesInstaller.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
pages/blank.html
Resource
win7-20240704-en
Behavioral task
behavioral28
Sample
pages/blank.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
pages/blank2.html
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
pages/blank2.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
pages/error.html
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
pages/error.html
Resource
win10v2004-20240802-en
General
-
Target
fc238d56038e9e5094038122ab07f016_JaffaCakes118
-
Size
3.2MB
-
MD5
fc238d56038e9e5094038122ab07f016
-
SHA1
a6eb33748cf13f597e58f6d54e07dde03f5d041f
-
SHA256
15be226231ee990233f181c74ad81a71205dcad0d212f33acf6c997f2867462f
-
SHA512
76cad4bae7cb4c54c3b6ccbba6fc0e2d6511c8dbca07ae15738f4216c0e37be15e3a73b0b9a2fa4fd4be38d088694f2528a3f7fc3a313b4eb2c87a462a6b49a1
-
SSDEEP
98304:zvtgs39n1t0udUbvSIzHqxrweXZFhmU5j3sY:zvSs39nT7ivPKVtmd
Malware Config
Signatures
-
Unsigned PE 5 IoCs
Checks for missing Authenticode signature.
resource unpack001/$PLUGINSDIR/GoogleInstAppTB_EN.exe unpack001/$PLUGINSDIR/InstGameInfoHelper.exe unpack001/$PLUGINSDIR/System.dll unpack001/$PLUGINSDIR/nsExec.dll unpack001/AdminWorker.exe -
NSIS installer 1 IoCs
resource yara_rule sample nsis_installer_1
Files
-
fc238d56038e9e5094038122ab07f016_JaffaCakes118.exe windows:4 windows x86 arch:x86
7fa974366048f9c551ef45714595665e
Code Sign
01Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before01-08-1996 00:00Not After31-12-2020 23:59SubjectCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d0aCertificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before06-08-2003 00:00Not After05-08-2013 23:59SubjectCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZAExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87Certificate
IssuerCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZANot Before17-11-2006 00:00Not After16-11-2008 23:59SubjectCN=iWin\, Inc,OU=Secure Application Development,O=iWin\, Inc,L=San Francisco,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA
user32
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 40KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/GoogleInstAppTB_EN.exe.exe windows:4 windows x86 arch:x86
398279f28b68127e6d2744eb3595a6c4
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
wininet
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
kernel32
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetModuleHandleA
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
GetLastError
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapFree
CompareStringA
lstrcpyA
CloseHandle
CreateThread
GetPrivateProfileStringA
GetFileAttributesA
WriteFile
SetFilePointer
LockResource
LoadLibraryA
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
CreateProcessA
CreateFileA
lstrcmpA
GetStringTypeW
GetACP
GetProcessHeap
IsBadReadPtr
LCMapStringW
LCMapStringA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetCPInfo
GetOEMCP
HeapSize
GetProcAddress
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineA
GetStartupInfoA
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
ExitProcess
HeapAlloc
GetCurrentProcess
FlushInstructionCache
InterlockedExchange
FlushFileBuffers
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
IsBadCodePtr
GetLocaleInfoA
SetStdHandle
GetStringTypeA
user32
IsWindowEnabled
LoadImageA
GetFocus
DrawFocusRect
FillRect
EndPaint
GetSystemMetrics
LoadStringA
CharUpperA
GetSysColor
BeginPaint
GetDlgCtrlID
GetCursorPos
ScreenToClient
SetCursor
InvalidateRect
PtInRect
SetFocus
SetCapture
GetCapture
ReleaseCapture
GetClassNameA
CreateCursor
CallWindowProcA
OffsetRect
DestroyCursor
SetRectEmpty
ReleaseDC
GetDC
DrawTextA
EndDialog
GetWindow
GetWindowRect
SystemParametersInfoA
MapWindowPoints
SetWindowPos
IsWindow
IsDialogMessageA
GetDlgItem
GetParent
EnableWindow
GetClientRect
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
SendMessageA
GetWindowLongA
CreateWindowExA
DefWindowProcA
GetActiveWindow
CharNextA
DialogBoxParamA
DestroyWindow
UnregisterClassA
SetWindowLongA
UpdateWindow
gdi32
SelectObject
GetStockObject
GetObjectA
CreateFontIndirectA
SetTextColor
DeleteObject
DeleteDC
SetBkMode
comdlg32
CommDlgExtendedError
advapi32
RegQueryInfoKeyA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
shell32
ShellExecuteA
ole32
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
VarUI4FromStr
comctl32
InitCommonControlsEx
_TrackMouseEvent
Exports
Exports
GDSCompatibilityCheck
Sections
.text Size: 60KB - Virtual size: 56KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/InstGameInfoHelper.exe.exe windows:5 windows x86 arch:x86
1d5d6b9f66cad7d9949d68c639b3a18e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\Users\vorona\Documents\iwin\games\iWinArcade\Runnable\InstGameInfoHelper.pdb
Imports
wininet
InternetOpenA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
kernel32
FreeEnvironmentStringsA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
RaiseException
RtlUnwind
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
MultiByteToWideChar
ReadFile
CloseHandle
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
VirtualAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
CreateFileA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
GetProcessHeap
Sections
.text Size: 64KB - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 75KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
4ec328f99bdd944fc98d8a5cf11f7a62
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 92B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 496B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/defaultthumbnail.bmp
-
$PLUGINSDIR/ftdownload.dat
-
$PLUGINSDIR/modern-header.bmp
-
$PLUGINSDIR/nsExec.dll.dll windows:4 windows x86 arch:x86
053c8c5da7b5f6a2513024b82859e1b0
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GlobalLock
DeleteFileA
lstrcmpiA
TerminateProcess
lstrcatA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CloseHandle
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
WaitForSingleObject
GetCommandLineA
Sleep
lstrlenA
GetExitCodeProcess
user32
SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA
advapi32
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
Exports
Exports
Exec
ExecToLog
ExecToStack
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 370B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
AdminWorker.exe.exe windows:5 windows x86 arch:x86
03946eb0a6b29fed2a45e60d4b6b35b4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shlwapi
SHGetValueW
SHGetValueA
kernel32
HeapAlloc
GetVersionExA
TerminateProcess
WaitForSingleObject
MultiByteToWideChar
CreateFileA
CreateFileW
GetCurrentDirectoryW
CreateDirectoryA
GetFullPathNameW
DeleteFileA
GetModuleFileNameA
GetModuleFileNameW
DeleteFileW
HeapFree
Sleep
GetModuleHandleA
CopyFileA
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
GetLocaleInfoA
WideCharToMultiByte
SetLastError
OpenProcess
CloseHandle
FreeLibrary
LoadLibraryA
GetProcAddress
GetCurrentDirectoryA
CompareStringA
CompareStringW
WriteFile
RaiseException
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
HeapReAlloc
VirtualAlloc
GetSystemTimeAsFileTime
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetEnvironmentVariableA
RtlUnwind
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLastError
FindFirstFileA
FindNextFileA
GetCommandLineA
GetStartupInfoA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
ReadFile
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
user32
SetForegroundWindow
SendMessageA
EnumWindows
GetWindowThreadProcessId
PostMessageA
MessageBoxA
FindWindowA
ShowWindow
SetActiveWindow
advapi32
RegEnumKeyW
RegEnumValueW
RegOpenKeyW
RegOpenKeyExA
RegEnumKeyA
RegOpenKeyA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
shell32
SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
ShellExecuteExA
ShellExecuteA
SHFileOperationW
SHFileOperationA
SHGetSpecialFolderLocation
ole32
CoUninitialize
CoCreateInstance
CoInitialize
oleaut32
SysAllocString
SysFreeString
Sections
.text Size: 155KB - Virtual size: 155KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Uninstall.exe.nsis
-
WebInstaller.exe.exe windows:5 windows x86 arch:x86
fe31a1ea0465cd2d80098af8995d27d2
Code Sign
0aCertificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before06-08-2003 00:00Not After05-08-2013 23:59SubjectCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZAExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87Certificate
IssuerCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZANot Before17-11-2006 00:00Not After16-11-2008 23:59SubjectCN=iWin\, Inc,OU=Secure Application Development,O=iWin\, Inc,L=San Francisco,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
42:2d:d2:af:fb:86:5f:cc:97:52:8c:54:18:da:14:cc:ed:c1:3b:ceSigner
Actual PE Digest42:2d:d2:af:fb:86:5f:cc:97:52:8c:54:18:da:14:cc:ed:c1:3b:ceDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Users\vorona\Documents\iwin\games\iWinArcade2_50\WebInterceptor\WebInstaller\Release\WebInstaller.pdb
Imports
shlwapi
SHGetValueA
advapi32
RegDeleteValueW
RegSetValueExW
RegSetValueExA
RegCreateKeyExW
RegQueryValueExA
RegQueryValueExW
RegOpenKeyW
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegEnumValueA
RegEnumValueW
RegOpenKeyExW
RegOpenKeyA
RegFlushKey
RegCloseKey
shell32
SHGetSpecialFolderPathW
SHFileOperationA
kernel32
FreeEnvironmentStringsW
GetModuleFileNameW
GetModuleFileNameA
GetVersionExA
WinExec
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
GetModuleHandleA
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
MultiByteToWideChar
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
ReadFile
CreateFileA
CloseHandle
FlushFileBuffers
Sections
.text Size: 75KB - Virtual size: 74KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
WebUpdater.bmp
-
WebUpdater.exe.exe windows:4 windows x86 arch:x86
09d0478591d4f788cb3e5ea416c25237
Code Sign
0aCertificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before06-08-2003 00:00Not After05-08-2013 23:59SubjectCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZAExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87Certificate
IssuerCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZANot Before17-11-2006 00:00Not After16-11-2008 23:59SubjectCN=iWin\, Inc,OU=Secure Application Development,O=iWin\, Inc,L=San Francisco,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
b9:f3:64:6f:a0:25:dc:21:5d:72:24:99:4c:25:85:2f:21:01:77:8eSigner
Actual PE Digestb9:f3:64:6f:a0:25:dc:21:5d:72:24:99:4c:25:85:2f:21:01:77:8eDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
Sections
.text Size: 44KB - Virtual size: 5.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 30KB - Virtual size: 32KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
firefox/chrome/iwinarcade.jar.zip
-
content/contents.rdf.xml
-
content/iwa-ovr.js.js
-
content/iwa-ovr.xul.xml
-
firefox/iWinArcadeLauncher.exe.exe windows:4 windows x86 arch:x86
80ecfa2eb6a7155e205be13d4cdc1119
Code Sign
0aCertificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before06-08-2003 00:00Not After05-08-2013 23:59SubjectCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZAExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87Certificate
IssuerCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZANot Before17-11-2006 00:00Not After16-11-2008 23:59SubjectCN=iWin\, Inc,OU=Secure Application Development,O=iWin\, Inc,L=San Francisco,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before04-12-2003 00:00Not After03-12-2008 23:59SubjectCN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
c2:f2:b1:ce:35:01:13:e3:a2:5b:2f:4f:00:17:54:c6:c6:d7:b5:49Signer
Actual PE Digestc2:f2:b1:ce:35:01:13:e3:a2:5b:2f:4f:00:17:54:c6:c6:d7:b5:49Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegEnumValueW
RegOpenKeyW
RegCloseKey
shell32
ShellExecuteW
kernel32
GetStringTypeW
GetStringTypeA
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
RaiseException
HeapAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
HeapSize
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
Sections
.text Size: 24KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 684B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
firefox/install.rdf.xml
-
host.cfg
-
iWinGames.exe.exe windows:5 windows x86 arch:x86
4b09fd16efbd2085d61a666f62f86d90
Code Sign
0aCertificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before06-08-2003 00:00Not After05-08-2013 23:59SubjectCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZAExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87Certificate
IssuerCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZANot Before17-11-2006 00:00Not After16-11-2008 23:59SubjectCN=iWin\, Inc,OU=Secure Application Development,O=iWin\, Inc,L=San Francisco,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
e5:2f:5e:b3:b1:fe:cb:14:64:65:33:fb:62:20:21:09:38:84:e8:4bSigner
Actual PE Digeste5:2f:5e:b3:b1:fe:cb:14:64:65:33:fb:62:20:21:09:38:84:e8:4bDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ws2_32
WSAStartup
winmm
PlaySoundA
msimg32
GradientFill
shlwapi
SHGetValueA
user32
TranslateMDISysAccel
gdi32
SelectObject
comdlg32
GetFileTitleA
winspool.drv
DocumentPropertiesA
advapi32
RegQueryValueA
shell32
SHGetPathFromIDListW
oledlg
ord8
ole32
OleLoadFromStream
oleaut32
SafeArrayDestroy
wininet
InternetSetCookieA
version
GetFileVersionInfoSizeA
comctl32
ImageList_Duplicate
Sections
.text Size: 1.2MB - Virtual size: 11.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 303KB - Virtual size: 304KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
iWinGamesHookIE.dll.dll regsvr32 windows:4 windows x86 arch:x86
23331ce75f79e07fc2254800b337afe3
Code Sign
0aCertificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before06-08-2003 00:00Not After05-08-2013 23:59SubjectCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZAExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87Certificate
IssuerCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZANot Before17-11-2006 00:00Not After16-11-2008 23:59SubjectCN=iWin\, Inc,OU=Secure Application Development,O=iWin\, Inc,L=San Francisco,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before04-12-2003 00:00Not After03-12-2008 23:59SubjectCN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
5b:91:7d:78:fa:58:21:3b:4c:8f:8d:b5:4b:d2:2a:f7:b2:14:db:25Signer
Actual PE Digest5b:91:7d:78:fa:58:21:3b:4c:8f:8d:b5:4b:d2:2a:f7:b2:14:db:25Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
lstrcmpiA
GetShortPathNameA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrcpynA
DisableThreadLibraryCalls
CloseHandle
FlushFileBuffers
SetFilePointer
SetStdHandle
LCMapStringW
LCMapStringA
ReadFile
GetStringTypeW
GetStringTypeA
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
GetCommandLineA
GetVersion
HeapCreate
VirtualFree
ExitProcess
VirtualAlloc
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
RaiseException
user32
MessageBoxA
CharNextA
advapi32
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumValueA
shell32
ShellExecuteA
ole32
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
oleaut32
VariantCopy
VariantChangeType
VariantClear
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VarUI4FromStr
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
iWinGamesInstaller.exe.exe windows:5 windows x86 arch:x86
7845f67e9aeee62e2ae6194aaaf7667e
Code Sign
0aCertificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before06-08-2003 00:00Not After05-08-2013 23:59SubjectCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZAExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87Certificate
IssuerCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZANot Before17-11-2006 00:00Not After16-11-2008 23:59SubjectCN=iWin\, Inc,OU=Secure Application Development,O=iWin\, Inc,L=San Francisco,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
cb:29:3b:01:75:42:05:fc:46:6d:3a:18:24:6b:5a:8f:a7:c5:24:33Signer
Actual PE Digestcb:29:3b:01:75:42:05:fc:46:6d:3a:18:24:6b:5a:8f:a7:c5:24:33Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
user32
PostThreadMessageW
advapi32
ChangeServiceConfig2W
ole32
CoRevokeClassObject
shell32
CommandLineToArgvW
oleaut32
LoadRegTypeLi
Sections
.text Size: 51KB - Virtual size: 180KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 19KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
pages/alert32x32.gif.gif
-
pages/blank.html.html
-
pages/blank2.html.html
-
pages/error.html.html
-
pages/iwin_logo.gif.gif
-
pages/login.html.html
-
pages/maintenance.html.html
-
pages/offlineBg.gif.gif
-
pages/offline_tag.gif.gif
-
sounds/animation.wav
-
sounds/animationBack.wav
-
sounds/button_click.wav
-
sounds/download_completed.wav
-
sounds/slidebackin.wav
-
sounds/slideout.wav
-
sounds/start.wav