fd10d032978cbc5dad4e1a4c3e536de3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fd10d032978cbc5dad4e1a4c3e536de3_JaffaCakes118
Size

5.2MB
MD5

fd10d032978cbc5dad4e1a4c3e536de3
SHA1

9fe7aa2d0a8fd0786da743ef2da8ded9e3dba7ce
SHA256

ede6eee3285df1b1bdf3d13cbd7a311240cfac4ec03fd5af3af83c50c3a65d53
SHA512

0d2e8b74ec978f2ca886de6b7f97ab758de4b3120e9e8542aef030909a71098f2b4e8b45881370d916260c401b664c676a520e43bda34985096c571f2907da58
SSDEEP

98304:GbD8g3PsYnZIzS+fGvtP+JShLeUb8eqBfnK1GNvTmfO40oe:DgFZIFGV28L35+nBAO43e

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$R0
unpack001/Data/sqlite3.dll
unpack001/au32.exe
unpack001/da.exe
unpack001/hstdel.exe
unpack001/rc.exe
unpack001/regbak.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

fd10d032978cbc5dad4e1a4c3e536de3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:df:c0:f6:6f:62:65:f8:19:1c:a2:c2:22:e3:d0:23
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

20/02/2011, 00:00

Not After

18/02/2013, 23:59

Subject

CN=Acelogix Software,OU=SECURE APPLICATION DEVELOPMENT,O=Acelogix Software,L=Trivandrum,ST=Kerala,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:34:45:e7:4f:11:e0:39:f2:31:bc:8b:0d:1b:35:ed:e8:06:3c:4f
Signer

Actual PE Digest

55:34:45:e7:4f:11:e0:39:f2:31:bc:8b:0d:1b:35:ed:e8:06:3c:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

a648aeaa164b592c1e8892a10400b5ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrcatA
FindClose
FindNextFileA
MulDiv
GlobalFree
lstrcpynA
GlobalAlloc
lstrcmpiA
FindFirstFileA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioC.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$R0
.dll windows:5 windows x86 arch:x86

7b7cbbf65982ab631d06a933978dc514

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
LoadLibraryA
GlobalFindAtomW
HeapFree
GetSystemTimeAsFileTime
GetCommandLineA
HeapAlloc
RaiseException
RtlUnwind
HeapReAlloc
ExitProcess
ExitThread
CreateThread
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
HeapCreate
GlobalFlags
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
WritePrivateProfileStringW
InterlockedIncrement
GetModuleHandleA
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetCurrentProcessId
GlobalAddAtomW
SuspendThread
ResumeThread
SetThreadPriority
InterlockedDecrement
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
InterlockedExchange
lstrcmpW
GetModuleHandleW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
CreateEventW
FlushFileBuffers
CreateDirectoryW
GetCurrentProcess
GetFileTime
GetVolumeInformationW
GetFileAttributesW
SetLastError
SetEndOfFile
GetFileSize
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
LocalFree
FormatMessageW
MultiByteToWideChar
lstrlenA
CreateFileW
DeviceIoControl
ReadFile
GetLastError
CloseHandle
VirtualFree
GetShortPathNameW
VirtualAlloc
GetDiskFreeSpaceW
WideCharToMultiByte
lstrlenW
GetProcAddress
LoadLibraryW
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
GetExitCodeThread
GetCurrentThreadId
FindClose
FindNextFileW
FindFirstFileW
FindResourceW
LoadResource
LockResource
VirtualQuery
SizeofResource
Sleep
MoveFileW
GetVersionExW
FreeLibrary
SetEvent
TerminateThread
lstrcpynA
WriteFile
WaitForSingleObject
SetFilePointer
ResetEvent
GetTickCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
InitializeCriticalSection

user32

GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
LoadCursorW
GetSysColorBrush
GetWindowTextW
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
UnregisterClassW
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
SendMessageW
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
UnhookWindowsHookEx
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
IsWindow
PostMessageW
DestroyMenu
ShowWindow
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetSystemMetrics
GetForegroundWindow

gdi32

DeleteObject
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
GetTokenInformation
OpenProcessToken
DecryptFileW
FileEncryptionStatusW

shlwapi

PathFindFileNameW
PathFindExtensionW

oleaut32

VariantChangeType
VariantClear
VariantInit

Exports

Exports

wipeAlloc
wipeCheck
wipeFolder
wipeFree
wipeGetAttr
wipeGetInfo
wipeGetResult
wipeGetString
wipeInit
wipeItem
wipeSetAttr
wipeStart
wipeStop
wipeUninit

Sections

.text
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Balloon.wav
Command.wav
Data/Ignore_Dup/ignorelist.ini
Data/Ignore_Junk/Microsoft Publisher.ini
Data/Ignore_Junk/New2.41.ini
Data/Ignore_Junk/New3.ini
Data/Ignore_Junk/New4.ini
Data/Ignore_Junk/New5.ini
Data/Ignore_Junk/aceignore_junk.ini
Data/Ignore_Junk/additional.ini
Data/Ignore_Junk/hp.ini
Data/Ignore_Junk/mozilla.ini
Data/Ignore_Junk/new2.2.ini
Data/Ignore_Junk/new2.5.ini
Data/Ignore_Junk/powertech.ini
Data/Ignore_Junk/vista.ini
Data/Ignore_Reg/AFTERXP.INI
Data/Ignore_Reg/AFTERXPsp3.INI
Data/Ignore_Reg/Acrobat.dat
Data/Ignore_Reg/Autocad.dat
Data/Ignore_Reg/Careful241.ini
Data/Ignore_Reg/Careful3.ini
Data/Ignore_Reg/Diskeeper.dat
Data/Ignore_Reg/Dont Scan.ini
Data/Ignore_Reg/Easy CD Creator.dat
Data/Ignore_Reg/Easy media Creator.dat
Data/Ignore_Reg/Encarta.dat
Data/Ignore_Reg/Flash Player.dat
Data/Ignore_Reg/Genie Backup Manager.dat
Data/Ignore_Reg/HP fax machine.ini
Data/Ignore_Reg/IE7.dat
Data/Ignore_Reg/Kinko File Prep Tool.dat
Data/Ignore_Reg/MS DotNet.dat
Data/Ignore_Reg/MS Office.dat
Data/Ignore_Reg/MS Publisher.dat
Data/Ignore_Reg/MS VisualStudioNet.dat
Data/Ignore_Reg/MSN.dat
Data/Ignore_Reg/McAfee.dat
Data/Ignore_Reg/Microsoft Money.dat
Data/Ignore_Reg/New4.ini
Data/Ignore_Reg/Norton AntiVirus.dat
Data/Ignore_Reg/Norton Internet Security.dat
Data/Ignore_Reg/ORACLE.dat
Data/Ignore_Reg/Paint Shop Pro.dat
Data/Ignore_Reg/Panda AV.dat
Data/Ignore_Reg/PhotoShop.dat
Data/Ignore_Reg/PowerArchiver.dat
Data/Ignore_Reg/StandardScanOnly.ini
Data/Ignore_Reg/THE BAT!.dat
Data/Ignore_Reg/WS_FTP Pro.dat
Data/Ignore_Reg/Windows Desktop Search.dat
Data/Ignore_Reg/afterVista.ini
Data/Ignore_Reg/apps.ini
Data/Ignore_Reg/careful.ini
Data/Ignore_Reg/careful2.ini
Data/Ignore_Reg/dangerous.ini
Data/Ignore_Reg/roxio.dat
Data/Ignore_Reg/shlext_approved.ini
Data/Ignore_Reg/wordperfect.dat
Data/Info.ini
Data/RegFixer/ignorefolders.ini
Data/RegFixer/ignorekeys.ini
Data/Themes/Office2007Black.dll
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/10/2008, 00:00

Not After

20/10/2010, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:f3:e1:db:25:83:a0:4e:c3:49:6e:cb:41:f6:47:97:7c:9c:e4:bb
Signer

Actual PE Digest

01:f3:e1:db:25:83:a0:4e:c3:49:6e:cb:41:f6:47:97:7c:9c:e4:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Data/Themes/Office2007Blue.dll
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/10/2008, 00:00

Not After

20/10/2010, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cb:c3:c8:5d:63:53:09:02:d5:92:7e:10:d8:ed:60:ad:5e:77:3a:1d
Signer

Actual PE Digest

cb:c3:c8:5d:63:53:09:02:d5:92:7e:10:d8:ed:60:ad:5e:77:3a:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Data/Themes/Office2007Silver.dll
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/10/2008, 00:00

Not After

20/10/2010, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

56:ce:10:c5:23:9e:fa:92:35:17:00:dd:eb:e7:47:3f:86:87:3e:4b
Signer

Actual PE Digest

56:ce:10:c5:23:9e:fa:92:35:17:00:dd:eb:e7:47:3f:86:87:3e:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Data/Themes/themes.ini
Data/ignore_empty/ignore.ini
Data/images/Office2007_FrameCaptionClose23.png
.png
Data/images/Office2007_FrameCaptionMinimize23.png
.png
Data/images/Symbol Information.png
.png
Data/images/UI Blue.bmp
Data/images/UI Classic.bmp
Data/images/UI aqua.bmp
Data/images/UI black.bmp
Data/images/UI black2.bmp
Data/images/UI black3.bmp
Data/images/UI silver.bmp
Data/images/UI white.bmp
Data/images/close.png
.png
Data/images/min.png
.png
Data/sqlite3.dll
.dll windows:4 windows x86 arch:x86

3305ece755e5abe9967a388c51a4d903

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
CreateFileW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FormatMessageA
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetProcAddress
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
InitializeCriticalSection
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LockFile
LockFileEx
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
UnlockFile
WideCharToMultiByte
WriteFile

msvcrt

atoi
free
isalnum
isdigit
isspace
isxdigit
localtime
malloc
memcpy
memmove
memset
qsort
realloc
strcmp
strcpy
strncmp
tolower
toupper

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_handle
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf

Sections

.text
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Data/startup.dat
Default.wav
History.txt
Plugins/7-Zip.aup
Plugins/ACDSee Photo Manager 11.aup
Plugins/ACDSee Photo Manager 12.aup
Plugins/ACDSee Photo Manager.aup
Plugins/ACDSee.aup
Plugins/AOL 7.0 Chat Log.aup
Plugins/AOL Instant Messenger.aup
Plugins/AX-Icons.aup
Plugins/AbsoluteFTP.aup
Plugins/Acon Digital Media Acoustica 3.aup
Plugins/Acoustica CD Label Maker.aup
Plugins/Ad-Aware.aup
Plugins/Adaptec Easy CD Creator.aup
Plugins/AddSoft Log Files.aup
Plugins/AddWeb.aup
Plugins/Adobe Acrobat Reader.aup
Plugins/Adobe Photoshop.aup
Plugins/Advanced Disk Catalog.aup
Plugins/Advanced MP3 Catalog.aup
Plugins/Agent NewsReader.aup
Plugins/Alcohol 120.aup
Plugins/AltaVista Toolbar.aup
Plugins/Audio CD Info.aup
Plugins/AudioCatalyst.aup
Plugins/Avant Browser.aup
Plugins/AwIcons.aup
Plugins/Axialis Icon Workshop.aup
Plugins/Axialis Media Browser.aup
Plugins/Babylon Builder.aup
Plugins/Babylon.aup
Plugins/BearShare.aup
Plugins/Beyond Compare.aup
Plugins/BookReader.aup
Plugins/Borland Delphi.aup
Plugins/CRT.aup
Plugins/Cabinet Manager.aup
Plugins/Chameleon Web Browser.aup
Plugins/CoffeeCup DirectFTP.aup
Plugins/Coffeecup Gif Animator.aup
Plugins/Conexware PowerArchivier 8.6.aup
Plugins/CoolEditPro.aup
Plugins/Cute MX.aup
Plugins/CuteFTP.aup
Plugins/CuteHtml.aup
Plugins/Disk Explorer Professional.aup
Plugins/Diskeeper.aup
Plugins/Divx Player.aup
Plugins/Download Accelerator (DAP).aup
Plugins/Dreamweaver Ultradev_4.aup
Plugins/Dreamweaver.aup
Plugins/Easy CD Creator.aup
Plugins/Easy Icon Maker.aup
Plugins/Ebay Toolbar.aup
Plugins/EditPad.aup
Plugins/EditPlus.aup
Plugins/Enigma Browser.aup
Plugins/Eudora Mail.aup
Plugins/FAR.aup
Plugins/FTP Explorer.aup
Plugins/FTP Voyager.aup
Plugins/Flash.aup
Plugins/FlashGet(JetCar).aup
Plugins/FlashGet.aup
Plugins/Fotostation.aup
Plugins/Foxit Reader.aup
Plugins/Free Download Manager.aup
Plugins/FreeCell Statistics.aup
Plugins/Fun CD.aup
Plugins/GO!ZLLA.aup
Plugins/Gamani GIF Movie Gear.aup
Plugins/Game Maker.aup
Plugins/GetRight.aup
Plugins/Goldwave.aup
Plugins/Google DeskBar.aup
Plugins/Google Desktop.aup
Plugins/Google Toolbar.aup
Plugins/Google Video Player.aup
Plugins/Gravity Newsreader.aup
Plugins/HEX Workshop.aup
Plugins/Homesite (Allaire).aup
Plugins/HotJava Browser.aup
Plugins/Html Help Workshop.aup
Plugins/ICQ 2000.aup
Plugins/IE Default Download Dir.aup
Plugins/IZArc.aup
Plugins/Imaging.aup
Plugins/Indigo Rose Setup Factory.aup
Plugins/Inoculatelt PE Virus Scan.aup
Plugins/InterQuick.aup
Plugins/Internet Download Manager.aup
Plugins/Irfanview.aup
Plugins/Jasc Animation Shop.aup
Plugins/Jet Photo Shell.aup
Plugins/K-Lite Codec Pack.aup
Plugins/KaZaA.aup
Plugins/Kazaa media desktop.aup
Plugins/LView Pro.aup
Plugins/LeapFTP.aup
Plugins/Letterbox.aup
Plugins/MEDA MP3 Splitter.aup
Plugins/MS Movie Maker.aup
Plugins/MS Windows Media Player.aup
Plugins/MSN Tool Bar.aup
Plugins/MacroMedia Dreamweaver MX.aup
Plugins/MacroMedia Firework MX.aup
Plugins/MacroMedia Flash MX.aup
Plugins/Magic ISO Maker.aup
Plugins/Mass Download.aup
Plugins/MasterSplitter.aup
Plugins/McAfee Virus Scan.aup
Plugins/Media Player Classic.aup
Plugins/Metapad.aup
Plugins/MicroAngelo.aup
Plugins/Micrografx Picture Publisher.aup
Plugins/Microsoft Netmeeting.aup
Plugins/Microsoft Office InfoPath.aup
Plugins/Microsoft Photo Editor.aup
Plugins/Microsoft PictureIt.aup
Plugins/Microsoft Visual Studio.aup
Plugins/Microsoft Works.aup
Plugins/Miranda ICQ.aup
Plugins/Morpheus.aup
Plugins/Mozart.aup
Plugins/MusicMatch Jukebox.aup
Plugins/Naviscope.aup
Plugins/Negatory Assembly Studio 1.0.aup
Plugins/Nero - Burning ROM.aup
Plugins/NetAnts.aup
Plugins/NetCaptor.aup
Plugins/Netsonic.aup
Plugins/Netzip.aup
Plugins/NewsBin.aup
Plugins/Norton Anti-Virus.aup
Plugins/Norton File Manager.aup
Plugins/NortonAV2000.aup
Plugins/NortonCom.aup
Plugins/NotePad Plus.aup
Plugins/NotePad++.aup
Plugins/NoteTab Light.aup
Plugins/NoteTab Pro.aup
Plugins/Notepad2.aup
Plugins/Office 2003.aup
Plugins/Office 2007.aup
Plugins/Office XP.aup
Plugins/Office2000.aup
Plugins/Office97.aup
Plugins/OmniPage.aup
Plugins/Opera6.aup
Plugins/Opera7.aup
Plugins/PE Explorer.aup
Plugins/PKZip for Windows.aup
Plugins/Paint Shop Pro.aup
Plugins/PasswordSafe.aup
Plugins/Personal Ancestral File.aup
Plugins/PhotoDraw.aup
Plugins/PhotoExpress.aup
Plugins/PhotoImpact.aup
Plugins/Photocanvas.aup
Plugins/PicoZip.aup
Plugins/PolyView.aup
Plugins/PopUpCop.aup
Plugins/Popup Purger.aup
Plugins/PowerArchiver.aup
Plugins/PowerDVD.aup
Plugins/PowerDesk.aup
Plugins/PowerZip.aup
Plugins/QuickTime.aup
Plugins/RealNetworks Real Download.aup
Plugins/RealOne Player.aup
Plugins/RealPlayer.aup
Plugins/RealVNC.aup
Plugins/SWiSH.aup
Plugins/Smart Explorer.aup
Plugins/Sonique.aup
Plugins/Spinner Plus.aup
Plugins/Spybot.aup
Plugins/Star Downloader.aup
Plugins/StarOffice.aup
Plugins/SunJavaCache.aup
Plugins/Sygate Personal Firewall.aup
Plugins/System Mechanic.aup
Plugins/Teleport Pro.aup
Plugins/Tennyson Maxwell Teleport Pro.aup
Plugins/TextPad.aup
Plugins/The Playe.aup
Plugins/Trillian.aup
Plugins/Ulead GIF Animator.aup
Plugins/Ultimate Paint.aup
Plugins/Ultra Edit.aup
Plugins/UltraISO.aup
Plugins/VLC Media Player.aup
Plugins/WINRAR.AUP
Plugins/WebFerret.aup
Plugins/WinAce.aup
Plugins/WinME Regedit Recent Key.aup
Plugins/WinZip.aup
Plugins/Winamp.aup
Plugins/Windows Commander.aup
Plugins/Windows Logs.aup
Plugins/Windows Paint.aup
Plugins/Windows Word Pad.aup
Plugins/Windows.aup
Plugins/Wordperfect.aup
Plugins/Xara 3D.aup
Plugins/XingMp3 Player.aup
Plugins/XnView.aup
Plugins/Xnews.aup
Plugins/Xolox.aup
Plugins/Yahoo! Messenger.aup
Plugins/Yahoo! Toolbar.aup
Plugins/YahooPlayer.aup
Plugins/Yamaha XG.aup
Plugins/ZipMagic.aup
Plugins/ZoneAlarm.aup
Plugins/eMule.aup
Plugins/uTorrent.aup
au.chm
.chm
au.exe
.exe windows:5 windows x86 arch:x86

dc072b97ab69d9cf474e33b457c157dd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:df:c0:f6:6f:62:65:f8:19:1c:a2:c2:22:e3:d0:23
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

20/02/2011, 00:00

Not After

18/02/2013, 23:59

Subject

CN=Acelogix Software,OU=SECURE APPLICATION DEVELOPMENT,O=Acelogix Software,L=Trivandrum,ST=Kerala,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:32:85:a0:31:9d:c2:dd:ad:cb:2d:88:17:95:61:55:86:5a:f8:f1
Signer

Actual PE Digest

17:32:85:a0:31:9d:c2:dd:ad:cb:2d:88:17:95:61:55:86:5a:f8:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GetModuleHandleA
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
FreeConsole
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
GetProcAddress
GetLastError
LoadLibraryA
SetLastError
SetThreadPriority
GetCurrentThread
CreateProcessA
GetCommandLineA
GetStartupInfoA
SetEnvironmentVariableA
ReleaseMutex
WaitForSingleObject
CreateMutexA
OpenMutexA
GetCurrentThreadId
CreateFileA
FindClose
FindFirstFileA
FindFirstFileW
VirtualQueryEx
GetExitCodeProcess
ReadProcessMemory
UnmapViewOfFile
ContinueDebugEvent
SetThreadContext
GetThreadContext
WaitForDebugEvent
SuspendThread
DebugActiveProcess
ResumeThread
CreateProcessW
GetCommandLineW
GetStartupInfoW
CloseHandle
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
VirtualProtectEx
WriteProcessMemory
ExitProcess
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
HeapReAlloc
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwind
DeleteCriticalSection
GetStdHandle
WriteFile
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
Sleep
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameW
GetShortPathNameW
GetModuleFileNameA
MapViewOfFile
GetShortPathNameA
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage

user32

GetDesktopWindow
MoveWindow
SetPropA
EnumThreadWindows
GetPropA
GetMessageA
GetSystemMetrics
SetTimer
GetAsyncKeyState
KillTimer
BeginPaint
EndPaint
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
LoadStringA
LoadStringW
FindWindowA
WaitForInputIdle
MessageBoxA
InSendMessage
UnpackDDElParam
FreeDDElParam
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateWindowExA
GetWindowThreadProcessId
SendMessageW
SendMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
DestroyWindow

gdi32

CreateDCA
CreateDIBitmap
CreateCompatibleDC
SelectObject
SelectPalette
RealizePalette
BitBlt
DeleteDC
DeleteObject
CreatePalette

Sections

.text
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 612KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 264KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 44KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 448KB - Virtual size: 988KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
au32.exe
.exe windows:5 windows x86 arch:x86

bf36be9b9b9c27e50fdd32f7bbce113f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlGetPartW

kernel32

lstrcpyW
GetFileAttributesW
GetModuleHandleW
GetProcAddress
GetCommandLineW
CreateFileMappingW
MapViewOfFile
OpenEventW
CreateEventW
lstrlenW
WaitForSingleObject
UnmapViewOfFile
CloseHandle
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrcmpiW
SetEvent
IsValidCodePage
LocalAlloc
FreeLibrary
InterlockedExchange
GetLastError
LoadLibraryA
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringW
HeapCreate
VirtualFree
VirtualAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

advapi32

RegEnumValueW
RegOpenKeyExW
RegCloseKey

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
clearpasticonhistory.vbs
.vbs
createsrpoint.vbs
.vbs
da.exe
.exe windows:5 windows x86 arch:x86

44c7ff955754b7354f94488cd4c35fe0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
GetDriveTypeA
CreateFileA
SetEnvironmentVariableA
GetProcessHeap
SetLastError
MultiByteToWideChar
SizeofResource
VirtualFree
HeapCreate
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
SetUnhandledExceptionFilter
VirtualQuery
VirtualAlloc
HeapSize
ExitProcess
Sleep
CreateThread
ExitThread
HeapReAlloc
GetFileType
SetStdHandle
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetStartupInfoW
GetCurrentDirectoryW
GetFileTime
GetFileSizeEx
GetProfileIntW
GetExitCodeThread
TerminateThread
EnumResourceTypesW
EnumResourceNamesW
LockResource
LoadResource
FindResourceW
LoadLibraryW
GetProcAddress
FreeLibrary
GetLastError
GetModuleHandleW
GetFileAttributesW
ResumeThread
GetLogicalDrives
GetDriveTypeW
CreateProcessW
CloseHandle
GetLogicalDriveStringsW
GetCurrentProcess
LocalAlloc
LocalFree
CreateEventW
OpenEventW
SetEvent
WaitForSingleObject
CreateMutexW
GetModuleFileNameW
GetCommandLineW
GetPrivateProfileStringW
GetEnvironmentVariableA
lstrcpynW
lstrlenW
GetWindowsDirectoryW
DuplicateHandle
FormatMessageW
GetVersionExW
MulDiv
GetSystemInfo
GetVersion
ExpandEnvironmentStringsW
WideCharToMultiByte
lstrlenA
CreateFileW
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
FindFirstFileW
FindNextFileW
FindClose
VirtualProtect
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
CompareStringA
InterlockedExchange
InterlockedIncrement
SuspendThread
SetThreadPriority
lstrcmpA
GetCurrentProcessId
GetModuleHandleA
InterlockedDecrement
WritePrivateProfileStringW
GlobalAlloc
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
LoadLibraryA
ExpandEnvironmentStringsA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetFullPathNameW
GetDiskFreeSpaceExW
GetSystemDirectoryW
SetErrorMode
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocaleInfoW
GetVolumeInformationW
GetTickCount
QueryPerformanceCounter

user32

UnregisterClassW
CharUpperW
DestroyMenu
GetMenuItemInfoW
ShowOwnedPopups
RegisterClipboardFormatW
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
MapVirtualKeyW
GetKeyNameTextW
ReleaseDC
GetDC
GetMenuStringW
AppendMenuW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
DeleteMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
EnableWindow
LoadImageW
SystemParametersInfoW
GetSysColorBrush
ModifyMenuW
GetMenuState
CheckMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
CharNextW
SetRect
CopyAcceleratorTableW
InvalidateRgn
SetCapture
ReleaseCapture
GetNextDlgGroupItem
MessageBeep
PostThreadMessageW
DestroyIcon
TranslateAcceleratorW
BringWindowToTop
CreatePopupMenu
InsertMenuItemW
TrackPopupMenu
SetMenu
GetScrollPos
SetForegroundWindow
ReuseDDElParam
UnpackDDElParam
WindowFromPoint
GetSystemMenu
SetParent
UnionRect
GetDCEx
LockWindowUpdate
GetSysColor
LoadIconW
SetRectEmpty
SendMessageW
GetClientRect
IsRectEmpty
EqualRect
GetWindowRect
IsWindowVisible
UpdateWindow
UnregisterHotKey
InvalidateRect
PostMessageW
GetFocus
GetDesktopWindow
InflateRect
DrawTextExW
PtInRect
KillTimer
SetTimer
GetKeyState
LoadAcceleratorsW
WinHelpW
LoadCursorW
SetWindowLongW
GetParent
SetCursor
GetWindow
GetDlgItem
ScreenToClient
LoadMenuW
TranslateMDISysAccel
DrawMenuBar
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowPos
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetScrollInfo
GetWindowLongW
GetClassLongW
GetWindowRgn
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
MapWindowPoints
GetClassNameW
DispatchMessageW
PeekMessageW
IsWindow
OffsetRect
CopyRect
GetMessagePos
RegisterWindowMessageW
FillRect
DrawTextW
TabbedTextOutW
wsprintfW
DefFrameProcW
GrayStringW
MessageBoxW
GetSystemMetrics
EnableMenuItem
RedrawWindow
SetMenuDefaultItem
InsertMenuW
GetMenuItemID
GetMenuItemCount
GetSubMenu
IsZoomed
DrawStateW
WaitMessage
DrawFrameControl
DrawFocusRect
IsMenu
ShowCaret
HideCaret
InvertRect
GetMenuDefaultItem
GetIconInfo
GetCursor
SetWindowRgn
ToUnicodeEx
GetKeyboardState
GetKeyboardLayoutList
IsCharLowerW
MapVirtualKeyExW
GetKeyboardLayout
CopyIcon
CreateIconIndirect
CreateIconFromResourceEx
DrawIconEx
IsClipboardFormatAvailable
GetTabbedTextExtentW
GetDoubleClickTime
DrawEdge
SetCursorPos
LookupIconIdFromDirectoryEx
SendMessageTimeoutW
SetWindowLongA
GetWindowLongA
IsWindowUnicode

gdi32

RestoreDC
SetBkMode
SetPolyFillMode
SetStretchBltMode
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
DeleteObject
SelectClipRgn
GetClipRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SaveDC
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreatePatternBrush
GetStockObject
GetTextColor
GetRgnBox
EnumFontFamiliesExW
CreateFontW
StretchDIBits
PatBlt
SetViewportExtEx
CreateBitmap
SetBkColor
CreateCompatibleDC
GetDIBits
CreateDIBSection
BitBlt
CreateSolidBrush
CreateCompatibleBitmap
GetTextExtentPoint32W
GetObjectW
TextOutW
RectVisible
CreatePen
Escape
GetBkColor
PtVisible
ExtTextOutW
GetMapMode
Rectangle
DPtoLP
SelectObject
GetTextMetricsW
GetDeviceCaps
CreateRectRgn
OffsetRgn
SetRectRgn
CombineRgn
Polygon
StretchBlt
SetPixel
GetCurrentObject
PtInRegion
GetBitmapBits
ExtCreateRegion
GetViewportOrgEx
GetTextAlign
Polyline
GetTextCharsetInfo
CreatePolygonRgn
RoundRect
Ellipse
CreateRectRgnIndirect
FillRgn
GetWindowOrgEx
GetClipBox
ExtSelectClipRgn
CreateFontIndirectW
SetTextColor

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegOpenKeyW
GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegQueryValueW
OpenProcessToken
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW

shell32

ShellExecuteW
SHGetSpecialFolderLocation
ShellExecuteExW
SHFileOperationW
SHBrowseForFolderW
SHGetDesktopFolder
DragQueryFileW
DragFinish
SHGetFileInfoW

comctl32

ImageList_AddMasked
InitCommonControlsEx
_TrackMouseEvent
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Draw
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Destroy
ImageList_Create

shlwapi

PathSetDlgItemPathW
PathIsLFNFileSpecW
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathGetDriveNumberW

oledlg

OleUIAddVerbMenuW
OleUIBusyW

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoDisconnectObject
CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoRevokeClassObject
CoTaskMemFree
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoLockObjectExternal
RevokeDragDrop
RegisterDragDrop

oleaut32

SystemTimeToVariantTime
VarDateFromStr
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantCopy
SafeArrayDestroy
LoadTypeLi
OleCreateFontIndirect
SysAllocString
VariantTimeToSystemTime

winmm

PlaySoundW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
hstdel.exe
.exe windows:5 windows x86 arch:x86

c8ba5339b1a56cb9e399ec3315832974

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

n:\Win7\Ace Utilities 6\More\hstdel\Release\hstdel.pdb

Imports

kernel32

LockResource
LoadResource
FindResourceW
SizeofResource
LocalFree
GetCommandLineW
GetLastError
FindResourceExW
lstrcmpiW
LoadLibraryA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
InitializeCriticalSectionAndSpinCount
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

wsprintfW

advapi32

RegCloseKey
RegEnumValueW
RegOpenKeyExW

shell32

CommandLineToArgvW

wininet

FindCloseUrlCache
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rc.chm
.chm
rc.exe
.exe windows:5 windows x86 arch:x86

0bb96120804d409a7e6d55170ce87da1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
StrFormatKBSizeW

kernel32

LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
FindResourceExW
ReadFile
WriteFile
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetFileSizeEx
GetFileTime
WritePrivateProfileStringW
SetErrorMode
GetStartupInfoW
HeapFree
HeapAlloc
RtlUnwind
HeapReAlloc
RaiseException
SetStdHandle
GetFileType
Sleep
ExitProcess
InterlockedIncrement
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
GetDriveTypeA
CreateFileA
SetEnvironmentVariableA
GlobalFlags
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpA
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
VirtualProtect
InterlockedDecrement
GetCurrentProcessId
GetModuleHandleA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
SetLastError
GlobalAlloc
FormatMessageW
LocalFree
lstrlenW
MulDiv
WideCharToMultiByte
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
ExpandEnvironmentStringsA
LoadLibraryA
ReleaseMutex
CreateMutexW
SetEvent
OpenEventW
GetSystemInfo
GetVersion
SetFileAttributesW
GetFileAttributesW
ExpandEnvironmentStringsW
DeleteFileW
QueryDosDeviceW
GetVersionExW
GetCurrentProcess
SetEndOfFile
SetFilePointer
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
lstrcatW
GetShortPathNameW
MoveFileExW
GetTempFileNameW
CreateDirectoryW
GetWindowsDirectoryW
GetTempPathW
FreeLibrary
GetProcAddress
LoadLibraryW
lstrcpynW
GetModuleHandleW
lstrcpyW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
GetFileSize
MultiByteToWideChar
lstrlenA
GetModuleFileNameW
HeapSize

user32

GetCursorPos
TranslateMessage
GetMessageW
GetSysColorBrush
DestroyMenu
UnregisterClassW
CharUpperW
ValidateRect
MapDialogRect
GetAsyncKeyState
GetWindowThreadProcessId
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
IsWindowVisible
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
ScreenToClient
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
GetFocus
SetWindowPos
SetFocus
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
EnableWindow
InvalidateRect
UpdateWindow
LoadCursorW
GetWindow
GetMenuState
SetCursor
SendMessageW
GetClientRect
GetSysColor
GetParent
FillRect
wsprintfA
ExitWindowsEx
PostMessageW
GetProcessWindowStation
OpenWindowStationW
SetProcessWindowStation
GetClipCursor
GetWindowRect
ClipCursor
CloseWindowStation
PostQuitMessage
GetSystemMetrics
IsIconic
ShowWindow
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
MessageBoxW
LoadBitmapW
SetForegroundWindow
AdjustWindowRectEx

gdi32

DeleteDC
ScaleWindowExtEx
GetStockObject
CreateFontIndirectW
EnumFontFamiliesExW
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetObjectW
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

comctl32

_TrackMouseEvent

oleaut32

VariantClear
VariantChangeType
VariantInit

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shr
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt
regbak.chm
.chm
regbak.exe
.exe windows:5 windows x86 arch:x86

51492918bb0913dfdc1549e244da92ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringW
lstrcmpiW
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LocalFree
FreeLibrary
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
LoadLibraryExW
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
CreateMutexW
ReleaseMutex
GetCommandLineW
WideCharToMultiByte
CloseHandle
CreateThread
FormatMessageW
GetSystemTimeAsFileTime
GetDriveTypeW
CreateEventW
SetEvent
ResetEvent
GetLocalTime
GetDateFormatW
GetTimeFormatW
ExpandEnvironmentStringsW
GetTempPathW
GetWindowsDirectoryW
CreateDirectoryW
GetTempFileNameW
GetDiskFreeSpaceExW
CreateFileW
WriteFile
CopyFileW
LoadLibraryW
DeleteFileW
GetLogicalDriveStringsW
QueryDosDeviceW
GetShortPathNameW
WritePrivateProfileStructW
GetEnvironmentVariableW
lstrlenA
GetFileTime
FindFirstFileExW
FindNextFileW
FindClose
CompareFileTime
RemoveDirectoryW
WaitForMultipleObjects
FlushInstructionCache
GetVersionExA
GetSystemInfo
ExpandEnvironmentStringsA
LoadLibraryA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetModuleFileNameA
GetStdHandle
ExitProcess
Sleep
HeapCreate
GetStartupInfoW
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
VirtualQuery
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
InterlockedExchange
LocalAlloc
GetStringTypeExW
lstrlenW
lstrcmpW
GetModuleFileNameW
GetFileAttributesW
GetVersionExW
GetVersion
WaitForSingleObject
GetCurrentProcess
GetLastError
RaiseException
WritePrivateProfileStringW
GetPrivateProfileIntW
GetFileSize
GetPrivateProfileStringW

user32

GetMonitorInfoW
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
UnregisterClassA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
PeekMessageW
MsgWaitForMultipleObjects
wsprintfA
CharLowerBuffW
wsprintfW
GetWindowRect
GetSystemMetrics
DispatchMessageA
BeginPaint
EndPaint
FillRect
IsWindowEnabled
GetFocus
DrawFocusRect
SetCursor
SetFocus
SetCapture
GetCapture
ReleaseCapture
GetCursorPos
PtInRect
UpdateWindow
InvalidateRect
CallWindowProcW
DefWindowProcW
SetRectEmpty
DestroyWindow
wvsprintfW
EndDialog
DialogBoxParamW
GetClassNameW
LoadCursorW
CreateWindowExW
GetWindowTextLengthW
GetWindowTextW
GetDC
ReleaseDC
DrawTextW
OffsetRect
IsWindow
CharNextW
SetWindowLongW
GetActiveWindow
PostMessageW
GetSysColor
ShowWindow
ScreenToClient
LoadStringW
MessageBoxW
SetWindowTextW
GetDlgItemInt
IsDlgButtonChecked
GetDlgItemTextW
EnableWindow
SetDlgItemInt
CheckRadioButton
CheckDlgButton
SetDlgItemTextW
GetDlgItem
SendMessageW
GetWindow
GetWindowLongW
MonitorFromWindow
GetDlgCtrlID

gdi32

GetStockObject
GetObjectW
CreateFontIndirectW
SetBkMode
SetTextColor
DeleteObject
SelectObject

shell32

ShellExecuteExW
ShellExecuteW
CommandLineToArgvW
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize

oleaut32

VarUI4FromStr

shlwapi

PathIsRootW
PathIsDirectoryW
PathAddExtensionW
PathMatchSpecW
PathRemoveBackslashW
PathRemoveBlanksW
PathRenameExtensionW
PathStripPathW
PathStripToRootW
PathAddBackslashW
SHAutoComplete
PathRemoveFileSpecW
PathFileExistsW
PathCombineW
PathIsDirectoryEmptyW
PathAppendW
PathSearchAndQualifyW
PathIsLFNFileSpecW

comctl32

CreatePropertySheetPageW
PropertySheetW
DestroyPropertySheetPage
InitCommonControlsEx
_TrackMouseEvent

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

22:df:c0:f6:6f:62:65:f8:19:1c:a2:c2:22:e3:d0:23Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

55:34:45:e7:4f:11:e0:39:f2:31:bc:8b:0d:1b:35:ed:e8:06:3c:4fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 48KB

.rsrc Size: 29KB - Virtual size: 28KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

a648aeaa164b592c1e8892a10400b5ae

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 1024B - Virtual size: 518B

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

22:df:c0:f6:6f:62:65:f8:19:1c:a2:c2:22:e3:d0:23
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

55:34:45:e7:4f:11:e0:39:f2:31:bc:8b:0d:1b:35:ed:e8:06:3c:4f
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 48KB

.rsrc
Size: 29KB - Virtual size: 28KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 518B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 187KB - Virtual size: 186KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 8KB - Virtual size: 24KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 30KB - Virtual size: 30KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

01:f3:e1:db:25:83:a0:4e:c3:49:6e:cb:41:f6:47:97:7c:9c:e4:bb
Signer

.rsrc
Size: 342KB - Virtual size: 342KB

.reloc
Size: 512B - Virtual size: 12B

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

cb:c3:c8:5d:63:53:09:02:d5:92:7e:10:d8:ed:60:ad:5e:77:3a:1d
Signer

.rsrc
Size: 313KB - Virtual size: 312KB

.reloc
Size: 512B - Virtual size: 12B

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate