02f4c3b73934e85cb12fce174c88d8eb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

02f4c3b73934e85cb12fce174c88d8eb_JaffaCakes118
Size

3.1MB
MD5

02f4c3b73934e85cb12fce174c88d8eb
SHA1

a0e7cd517f33e42061660f01ccd17235831cd6e2
SHA256

250cb7272042f63b528621fb10da0050b8937f9b9bead39757110baad858f692
SHA512

e45179ca5c88a493153dc532fe3e9fd0c731b295d82d84b4e48237e70fb2ddfeee3be1c15bb7d3daf418638dab19545c5912aaa701c1bccdd115b7f2cd0b4b24
SSDEEP

98304:I1k8VO82XHJjC+56Natnm6k7g4QTgDvasops1bc:a2XHJj7FtP4/DvRNc

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack002/$APPDATA/Unitech LLC/sqlite3.dll	acprotect
static1/unpack006/$PLUGINSDIR/md5dll.dll	acprotect
static1/unpack001/$PLUGINSDIR/nsJSON.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/$APPDATA/Unitech LLC/sqlite3.dll	upx
static1/unpack006/$PLUGINSDIR/md5dll.dll	upx
static1/unpack001/$PLUGINSDIR/nsJSON.dll	upx

Unsigned PE 40 IoCs

Checks for missing Authenticode signature.

resource
02f4c3b73934e85cb12fce174c88d8eb_JaffaCakes118
unpack001/$PLUGINSDIR/IS.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/NET.dll
unpack001/$PLUGINSDIR/System.dll
unpack002/$APPDATA/Unitech LLC/sqlite3.dll
unpack003/out.upx
unpack002/$PLUGINSDIR/IEFunctions.dll
unpack002/$PLUGINSDIR/InetLoad.dll
unpack002/$PLUGINSDIR/Processes.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/Time.dll
unpack002/$PLUGINSDIR/UserInfo.dll
unpack002/$PLUGINSDIR/chrmPref.dll
unpack002/$PLUGINSDIR/mt.dll
unpack002/$PLUGINSDIR/nsisos.dll
unpack004/$PLUGINSDIR/Processes.dll
unpack004/$PLUGINSDIR/System.dll
unpack004/$PLUGINSDIR/Time.dll
unpack004/$PLUGINSDIR/mt.dll
unpack004/$PLUGINSDIR/nsisos.dll
unpack004/$_0_/extensions/[email protected]/components/FFDisp.dll
unpack004/$_0_/extensions/[email protected]/components/ffdisp.dll
unpack005/components/FFDisp.dll
unpack006/$LOCALAPPDATA/Google/Chrome/User Data/default/extensions/kpdhgpkkloealnjnmepfhanpcleldbef/1.0_0/CTB.dll
unpack006/$LOCALAPPDATA/Google/Chrome/User Data/default/extensions/kpdhgpkkloealnjnmepfhanpcleldbef/1.0_0/CrmAdpt.dll
unpack006/$PLUGINSDIR/System.dll
unpack006/$PLUGINSDIR/Time.dll
unpack006/$PLUGINSDIR/UserInfo.dll
unpack006/$PLUGINSDIR/md5dll.dll
unpack007/out.upx
unpack006/$PLUGINSDIR/mt.dll
unpack006/$PLUGINSDIR/nsisos.dll
unpack008/CTB.dll
unpack008/CrmAdpt.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsJSON.dll
unpack009/out.upx
unpack001/$R9/Plugins/npffividiplg.dll
unpack001/IEhelperActiveX.dll

NSIS installer 6 IoCs

installer

resource	yara_rule
static1/unpack001/$PLUGINSDIR/ividi_1.8.23.0.exe	nsis_installer_1
static1/unpack001/$PLUGINSDIR/ividi_1.8.23.0.exe	nsis_installer_2
static1/unpack002/ividi4ffx.exe	nsis_installer_1
static1/unpack002/ividi4ffx.exe	nsis_installer_2
static1/unpack002/ividi4ie.exe	nsis_installer_1
static1/unpack002/ividi4ie.exe	nsis_installer_2

Files

02f4c3b73934e85cb12fce174c88d8eb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/IS.dll
.dll windows:6 windows x86 arch:x86

43087810d965c117d20dd5225a45da5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Work\TopMedia\SVN\iVIDIInstaller\with_nation_toolbar\DLLs\InstallerService.pdb

Imports

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA

kernel32

SetEndOfFile
WriteConsoleW
GetFileType
GetLastError
HeapFree
WideCharToMultiByte
HeapAlloc
ReadFile
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetFilePointerEx
GetConsoleMode
ReadConsoleW
DeleteCriticalSection
GetStartupInfoW
CloseHandle
HeapSize
Sleep
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetStringTypeW
LoadLibraryExW
OutputDebugStringW
LoadLibraryW
CreateFileW
SetStdHandle
FlushFileBuffers
GetConsoleCP
HeapReAlloc
LCMapStringW

Exports

Exports

_GetAdditionalBinaryStr@4
_init_uid_1@8

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:5 windows x86 arch:x86

03f929832e821ea56617f74371196241

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyW
lstrcpyA
GetCurrentThreadId
DecodePointer
GetCommandLineA
GetLastError
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
WriteFile
GetModuleFileNameW
HeapReAlloc
LoadLibraryW
RtlUnwind
IsProcessorFeaturePresent
HeapSize

Exports

Exports

KillProc

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NET.dll
.dll windows:6 windows x86 arch:x86

13747ecad4b929762d73c9d1ad62f57f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Work\TopMedia\SVN\iVIDIInstaller\with_nation_toolbar\DLLs\NETWrapper.pdb

Imports

kernel32

LocalAlloc
ReadFile
LocalFree
CloseHandle
GetFileSize
CreateFileA
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
LCMapStringW
LoadLibraryW
OutputDebugStringW
WideCharToMultiByte
GetCommandLineA
GetCurrentThreadId
EncodePointer
DecodePointer
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
InterlockedIncrement
InterlockedDecrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
HeapAlloc
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetProcessHeap
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
Sleep
WriteFile
GetModuleFileNameW
HeapSize
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
LoadLibraryExW
HeapReAlloc
CreateFileW

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

wininet

HttpQueryInfoA
InternetReadFile
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCloseHandle
InternetAttemptConnect
InternetConnectA
InternetOpenA

Exports

Exports

_call_url_1@4
_post_url@8

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/OCSetupHlp.dll
.dll regsvr32 windows:5 windows x86 arch:x86

93bd1585ffbc730c763e71e0c6c896b3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6f:fc:26:3a:35:11:34:19:4c:f1:6e:1e:6d:0e:08:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25-01-2011 00:00

Not After

14-03-2014 23:59

Subject

CN=OpenCandy Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=OpenCandy Inc.,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:df:9b:00:a0:2e:95:b2:8b:f9:8a:ae:08:ca:c4:3c:13:76:de:06
Signer

Actual PE Digest

62:df:9b:00:a0:2e:95:b2:8b:f9:8a:ae:08:ca:c4:3c:13:76:de:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetErrorMode
GetFileAttributesW
CreateFileW
GetFileSize
GetCurrentProcessId
GetEnvironmentVariableW
FindFirstFileW
FindNextFileW
FindClose
ReadFile
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetTickCount
GetTempPathW
DeleteFileW
WriteFile
ProcessIdToSessionId
HeapAlloc
GetProcessHeap
HeapFree
CreateDirectoryW
ExpandEnvironmentStringsW
WaitForSingleObject
OutputDebugStringW
CreateMutexW
OpenMutexW
ReleaseMutex
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
OpenFileMappingW
GetShortPathNameW
SetFilePointer
CreateEventW
GlobalFree
ResumeThread
FreeResource
SetEvent
ResetEvent
GetCurrentThread
CreateProcessW
MoveFileExW
OpenEventW
lstrlenA
WideCharToMultiByte
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetExitCodeProcess
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetFullPathNameW
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
DeleteCriticalSection
GetCurrentDirectoryA
CreateFileA
lstrcmpiW
GetProcAddress
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
FlushFileBuffers
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
LCMapStringA
ExitProcess
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
RtlUnwind
GetDriveTypeW
GetFileType
GetConsoleMode
GetConsoleCP
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
GetCommandLineA
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
FindResourceA
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
GetFileAttributesExW
CompareFileTime
GetVersion
GetTempFileNameW
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
CreateSemaphoreW
GetSystemInfo
GetVersionExW
FileTimeToSystemTime
GetSystemDefaultLCID
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
GetThreadLocale
GetLastError
SetThreadLocale
MultiByteToWideChar
GetModuleFileNameW
InitializeCriticalSection
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
GlobalUnlock
GlobalLock
GlobalAlloc
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CloseHandle
OpenProcess
GetUserDefaultUILanguage
GetLocaleInfoW
FreeLibrary
LoadLibraryW
MulDiv
lstrlenW
lstrcpynW
SetLastError
RaiseException
Sleep
CreateThread
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess

psapi

GetProcessImageFileNameW
EnumProcesses

ws2_32

select
WSACleanup
WSAStartup
closesocket
WSAGetLastError
socket
recv
send
getsockname
ntohs
bind
htons
getsockopt
getpeername
setsockopt
connect
WSASetLastError
__WSAFDIsSet
gethostname
freeaddrinfo
ioctlsocket
getaddrinfo

msimg32

AlphaBlend

shlwapi

PathMatchSpecW

user32

DestroyMenu
SetActiveWindow
DestroyCursor
SetCursor
FindWindowW
PeekMessageW
MsgWaitForMultipleObjects
GetWindow
TrackPopupMenu
ReleaseCapture
DrawFocusRect
UnregisterClassA
GetCursor
NotifyWinEvent
SetWindowLongW
GetWindowLongW
DefWindowProcW
CallWindowProcW
DestroyWindow
LoadCursorW
IsWindow
GetDesktopWindow
MonitorFromWindow
GetUpdateRect
SetRect
CreateDialogParamW
GetSystemMetrics
CallNextHookEx
UnhookWindowsHookEx
SystemParametersInfoW
SetWindowsHookExW
DrawIconEx
GetIconInfo
SetMenuItemInfoW
IsWindowVisible
SetForegroundWindow
SetDlgItemTextW
SendDlgItemMessageW
PostQuitMessage
KillTimer
SetTimer
PostMessageW
GetWindowTextLengthW
GetWindowTextW
EnumChildWindows
EnumWindows
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetSysColor
GetSysColorBrush
GetDC
SendMessageW
SetFocus
GetForegroundWindow
TrackMouseEvent
InvalidateRect
GetClientRect
BeginPaint
EnableMenuItem
GetSystemMenu
EnableWindow
LoadImageW
MessageBoxW
MapWindowPoints
GetParent
CharNextW
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetWindowThreadProcessId
SetWindowPos
SetWindowTextW
LoadIconW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
GetDlgItem
ShowWindow
ReleaseDC
DrawTextW
FillRect
GetAsyncKeyState
CopyRect
GetMonitorInfoW
MonitorFromPoint
MoveWindow
GetWindowRect
GetAncestor
DrawFrameControl
PtInRect
ScreenToClient
GetCursorPos
EndPaint
IntersectRect

gdi32

SetViewportOrgEx
CreateCompatibleDC
DeleteObject
BitBlt
SetBkMode
SetTextColor
GetDeviceCaps
DeleteDC
CreateFontIndirectW
CreateSolidBrush
GetStockObject
GetTextExtentPoint32W
GetObjectW
CreatePatternBrush
SetBkColor
DPtoLP
CreateCompatibleBitmap
ExtTextOutW
CreateDIBSection
SelectObject
GdiFlush

advapi32

RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
OpenProcessToken
GetTokenInformation
DuplicateTokenEx
LookupAccountSidW
CreateProcessAsUserW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW

shell32

Shell_NotifyIconW
SHGetFolderPathW
ShellExecuteW

ole32

CoInitializeSecurity
CreateStreamOnHGlobal
CLSIDFromProgID
CoInitialize
CoUninitialize
CoSetProxyBlanket
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoCreateGuid
CoTaskMemAlloc
StringFromGUID2
CoTaskMemRealloc

oleaut32

LoadTypeLi
UnRegisterTypeLi
VarUI4FromStr
RegisterTypeLi
SysFreeString
SysStringLen
VariantClear
SysAllocStringLen
VariantChangeType
LoadRegTypeLi
OleLoadPicture
SysAllocString
VariantInit

comctl32

InitCommonControlsEx

uxtheme

DrawThemeBackground
OpenThemeData
CloseThemeData

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromFile
GdipCloneImage
GdipDrawImagePointRectI
GdipDrawImageRectRect

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW

wininet

InternetQueryOptionW
InternetGetConnectedStateExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
OCPID974OpenCandy1
OCPID974OpenCandy10
OCPID974OpenCandy11
OCPID974OpenCandy12
OCPID974OpenCandy13
OCPID974OpenCandy14
OCPID974OpenCandy15
OCPID974OpenCandy16
OCPID974OpenCandy17
OCPID974OpenCandy18
OCPID974OpenCandy19
OCPID974OpenCandy20
OCPID974OpenCandy21
OCPID974OpenCandy22
OCPID974OpenCandy23
OCPID974OpenCandy24
OCPID974OpenCandy29
OCPID974OpenCandy30
OCPID974OpenCandy31
OCPID974OpenCandy32
OCPID974OpenCandy33
OCPID974OpenCandy34
OCPID974OpenCandy35
OCPID974OpenCandy36
OCPID974OpenCandy37
OCPID974OpenCandy38
OCPID974OpenCandy39
OCPID974OpenCandy40
OCPID974OpenCandy41
OCPID974OpenCandy42
OCPID974OpenCandy44
OCPID974OpenCandy45
OCPID974OpenCandy46
OCPID974OpenCandy47
OCPID974OpenCandy48
OCPID974OpenCandy49
OCPID974OpenCandy5
OCPID974OpenCandy50
OCPID974OpenCandy51
OCPID974OpenCandy52
OCPID974OpenCandy53
OCPID974OpenCandy54
OCPID974OpenCandy55
OCPID974OpenCandy56
OCPID974OpenCandy57
OCPID974OpenCandy58
OCPID974OpenCandy59
OCPID974OpenCandy6
OCPID974OpenCandy60
OCPID974OpenCandy61
OCPID974OpenCandy62
OCPID974OpenCandy64
OCPID974OpenCandy65
OCPID974OpenCandy7
OCPID974OpenCandy8
OCPID974OpenCandy9
_GET_IS_REQUIRED_63
_OCPID974OpenCandy2@16
_OCPID974OpenCandy3@16
_OCPID974OpenCandy43@16
_OCPID974OpenCandy4@16

Sections

.text
Size: 579KB - Virtual size: 579KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ividi_1.8.23.0.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:6a:02:da:5f:cb:a1:7d:26:7c:d5:b0:db:c1:0a:17
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

26-06-2013 00:00

Not After

26-06-2014 23:59

Subject

CN=Montiera Technologies LTD,O=Montiera Technologies LTD,POSTALCODE=40500,STREET=18\, Amammi st,L=Even Yehuda,ST=Hasharon,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8f:22:58:08:49:97:76:5f:f7:0c:18:08:b7:b6:92:57:9b:b3:fc:c1
Signer

Actual PE Digest

8f:22:58:08:49:97:76:5f:f7:0c:18:08:b7:b6:92:57:9b:b3:fc:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/Unitech LLC/sqlite3.dll
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_handle
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_held
sqlite3_mutex_leave
sqlite3_mutex_notheld
sqlite3_mutex_try
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_realloc
sqlite3_register_blob_functions
sqlite3_register_unacc_functions
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sql
sqlite3_step
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_unregister_unacc_functions
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf

Sections

UPX0
Size: - Virtual size: 364KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 422KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/IEFunctions.dll
.dll windows:5 windows x86 arch:x86

6fa52be756c91f139870df490053d24d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

urlmon

CreateUri

kernel32

IsProcessorFeaturePresent
IsDebuggerPresent
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
lstrlenW
MultiByteToWideChar
LocalAlloc
LocalFree
DisableThreadLibraryCalls
GetCurrentThreadId
WideCharToMultiByte
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess

user32

SetForegroundWindow
GetDlgItem
CallNextHookEx
UnhookWindowsHookEx
SetFocus
SendMessageA
KillTimer
SendInput
ShowWindow
SetWindowsHookExA
SetTimer
IsWindow

ole32

CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString

Exports

Exports

CloseBrowser
OpenBrowser
ReleaseBrowser
ShowBar
SurfTo
rmvDfltSrch
setDfltSrch

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 438B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InetLoad.dll
.dll windows:4 windows x86 arch:x86

24a4a671f5cc294ce3543d18a1e873cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strchr
_adjust_fdiv
malloc
_initterm
free
memset
strstr
strtol
strncmp
strtoul
time
strrchr

kernel32

GlobalFree
lstrcpynA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
lstrcmpA
lstrlenA
MulDiv
WriteFile
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx

user32

GetDlgItem
SendMessageA
SetWindowTextA
wsprintfA
GetWindowTextA
RegisterWindowMessageA
CallWindowProcA
PostMessageA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
MessageBoxA
SendDlgItemMessageA
SetDlgItemTextA
SetTimer
LoadIconA
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindow
CreateDialogParamA
FindWindowExA
RedrawWindow
SetWindowLongA

wininet

InternetErrorDlg
InternetSetFilePointer
HttpQueryInfoA
InternetQueryOptionA
HttpSendRequestA
HttpAddRequestHeadersA
InternetSetOptionA
HttpOpenRequestA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

comctl32

ord17

Exports

Exports

load

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Processes.dll
.dll windows:5 windows x86 arch:x86

eaa5f91829171a65db414b9e64ec9548

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
GlobalFree
lstrcpyA
FlushFileBuffers
CreateFileA
GetCurrentThreadId
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

user32

GetDesktopWindow
FindWindowA
UpdateWindow
wsprintfA

Exports

Exports

FindDevice
FindProcess
KillProcess

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Time.dll
.dll windows:4 windows x86 arch:x86

2e3a4d1f132aea64d421c1e936bcc407

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
lstrcmpiA
lstrcpynA
GlobalFree
lstrcpyA
GlobalAlloc
GetSystemTime
GetLocalTime
SetSystemTime
SetLocalTime
FindClose
FindFirstFileA
CloseHandle
SetFileTime
CreateFileA
lstrcatA

user32

SendMessageA
wsprintfA

Exports

Exports

_GetFileTime
_GetFileTimeUTC
_GetLocalTime
_GetLocalTimeUTC
_MathTime
_SetFileTime
_SetFileTimeUTC
_SetLocalTime
_SetLocalTimeUTC
_TimeString
_Unload

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

afa8e526425f3585465337467d0b5909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
lstrcpynA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/chrmPref.dll
.dll windows:5 windows x86 arch:x86

7d07f4820d76999cba3c074d4db51382

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
GetProcAddress
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
SetEnvironmentVariableA
GetCurrentThreadId
WaitForSingleObject
GetTickCount
ReleaseMutex
CloseHandle
CreateMutexA
Sleep
FreeLibrary
LoadLibraryA
SetEndOfFile
CreateFileW
CreateFileA
SetStdHandle
WriteConsoleW
LoadLibraryW
IsValidLocale
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
EncodePointer
DecodePointer
RtlUnwind
GetCommandLineA
LCMapStringW
MultiByteToWideChar
GetCPInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
HeapCreate
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
ExitProcess
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameW
GetLocaleInfoW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA

user32

PeekMessageA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects

Exports

Exports

clrExt
clrHmpg
enblExt
enblExtByFl
exeqSql
getStringPref
rmvBlck
setBoolPref
setEnvVar
setHmpg
setPref
setSFHmpg
setStringPref

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/mt.dll
.dll windows:5 windows x86 arch:x86

4ace53f9e1689a9a07327ded8e119e2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\svnNew\dvlp\nsis\Release\mtPlug.pdb

Imports

iphlpapi

GetAdaptersInfo

shlwapi

StrStrIA
StrDupA

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
GetVolumeInformationA
LocalFree
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

user32

wsprintfA

oleaut32

SysAllocStringLen

Exports

Exports

_Unload
_getMachineId
extractStr
setAE
strStr

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisos.dll
.dll windows:1 windows x86 arch:x86

a70233c77fd258ec47709388c2338273

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetEnvironmentStringsA
GetVersionExA
RtlUnwind
RtlZeroMemory
lstrcpyA

crtdll

_fdopen
_open_osfhandle
_ultoa
fclose
_cexit
malloc
printf
raise
setbuf
strcpy

Exports

Exports

osplatform
osversion

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 80B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 588B - Virtual size: 588B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 156B - Virtual size: 156B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 96B - Virtual size: 96B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
ividi4ffx.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:6a:02:da:5f:cb:a1:7d:26:7c:d5:b0:db:c1:0a:17
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

26-06-2013 00:00

Not After

26-06-2014 23:59

Subject

CN=Montiera Technologies LTD,O=Montiera Technologies LTD,POSTALCODE=40500,STREET=18\, Amammi st,L=Even Yehuda,ST=Hasharon,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ad:5d:f0:47:a9:da:3f:a0:a8:b9:91:a3:3e:a8:2c:28:63:ef:89:94
Signer

Actual PE Digest

ad:5d:f0:47:a9:da:3f:a0:a8:b9:91:a3:3e:a8:2c:28:63:ef:89:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Processes.dll
.dll windows:5 windows x86 arch:x86

eaa5f91829171a65db414b9e64ec9548

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
GlobalFree
lstrcpyA
FlushFileBuffers
CreateFileA
GetCurrentThreadId
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

user32

GetDesktopWindow
FindWindowA
UpdateWindow
wsprintfA

Exports

Exports

FindDevice
FindProcess
KillProcess

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Time.dll
.dll windows:4 windows x86 arch:x86

2e3a4d1f132aea64d421c1e936bcc407

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
lstrcmpiA
lstrcpynA
GlobalFree
lstrcpyA
GlobalAlloc
GetSystemTime
GetLocalTime
SetSystemTime
SetLocalTime
FindClose
FindFirstFileA
CloseHandle
SetFileTime
CreateFileA
lstrcatA

user32

SendMessageA
wsprintfA

Exports

Exports

_GetFileTime
_GetFileTimeUTC
_GetLocalTime
_GetLocalTimeUTC
_MathTime
_SetFileTime
_SetFileTimeUTC
_SetLocalTime
_SetLocalTimeUTC
_TimeString
_Unload

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/mt.dll
.dll windows:5 windows x86 arch:x86

4ace53f9e1689a9a07327ded8e119e2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\svnNew\dvlp\nsis\Release\mtPlug.pdb

Imports

iphlpapi

GetAdaptersInfo

shlwapi

StrStrIA
StrDupA

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
GetVolumeInformationA
LocalFree
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

user32

wsprintfA

oleaut32

SysAllocStringLen

Exports

Exports

_Unload
_getMachineId
extractStr
setAE
strStr

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisos.dll
.dll windows:1 windows x86 arch:x86

a70233c77fd258ec47709388c2338273

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetEnvironmentStringsA
GetVersionExA
RtlUnwind
RtlZeroMemory
lstrcpyA

crtdll

_fdopen
_open_osfhandle
_ultoa
fclose
_cexit
malloc
printf
raise
setbuf
strcpy

Exports

Exports

osplatform
osversion

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 80B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 588B - Virtual size: 588B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 156B - Virtual size: 156B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 96B - Virtual size: 96B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
$_0_/extensions/[email protected]/$_0_/extensions/[email protected]/uninstall.exe.nsis
$_0_/extensions/[email protected]/chrome.manifest
$_0_/extensions/[email protected]/components/FFDisp.dll
.dll windows:5 windows x86 arch:x86

97afa875d1e57fd74d3d70e72dd926a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\svnNew\dvlp\bin\FFDisp.pdb

Imports

kernel32

MultiByteToWideChar
GetLastError
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrlenW
GetModuleFileNameW
LoadLibraryW
FreeLibrary
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
IsDebuggerPresent
RaiseException
HeapAlloc
HeapDestroy
GetSystemTimeAsFileTime

ole32

OleRun
CoUninitialize
CLSIDFromString
CoCreateInstance
CoInitialize

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantChangeType
VariantClear
VariantInit
SysFreeString

atl100

ord30

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ

msvcr100

free
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
wcsnlen
memcpy_s
wmemcpy_s
memmove_s
calloc
_recalloc
_vscprintf
vsprintf_s
_CxxThrowException
memset
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__clean_type_info_names_internal
??3@YAXPAX@Z
wcsrchr
__CxxFrameHandler3

Exports

Exports

Cleanup
Create
Invoke
MgcExec
MgcInvokeAsync
MgcTask

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/extensions/[email protected]/components/ffdisp.dll
.dll windows:5 windows x86 arch:x86

97afa875d1e57fd74d3d70e72dd926a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\svnNew\dvlp\bin\FFDisp.pdb

Imports

kernel32

MultiByteToWideChar
GetLastError
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrlenW
GetModuleFileNameW
LoadLibraryW
FreeLibrary
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
IsDebuggerPresent
RaiseException
HeapAlloc
HeapDestroy
GetSystemTimeAsFileTime

ole32

OleRun
CoUninitialize
CLSIDFromString
CoCreateInstance
CoInitialize

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantChangeType
VariantClear
VariantInit
SysFreeString

atl100

ord30

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ

msvcr100

free
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
wcsnlen
memcpy_s
wmemcpy_s
memmove_s
calloc
_recalloc
_vscprintf
vsprintf_s
_CxxThrowException
memset
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__clean_type_info_names_internal
??3@YAXPAX@Z
wcsrchr
__CxxFrameHandler3

Exports

Exports

Cleanup
Create
Invoke
MgcExec
MgcInvokeAsync
MgcTask

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/extensions/[email protected]/content/dpk.htm
.html .js polyglot
$_0_/extensions/[email protected]/content/hlprs.js
.js
$_0_/extensions/[email protected]/content/imgs/arwDwn.gif
.gif
$_0_/extensions/[email protected]/content/imgs/closeo.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/ae.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/bg.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/ch.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/cn.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/cz.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/de.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/eg.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/en.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/es.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/fr.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/gr.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/he.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/il.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/it.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/ja.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/jp.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/nl.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/no.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/pl.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/pt.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/ro.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/ru.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/sa.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/se.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/sv.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/tr.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/ua.png
.png
$_0_/extensions/[email protected]/content/imgs/flgs/us.png
.png
$_0_/extensions/[email protected]/content/imgs/help_16.gif
.gif
$_0_/extensions/[email protected]/content/imgs/home.gif
.gif
$_0_/extensions/[email protected]/content/imgs/icon_seperator.png
.png
$_0_/extensions/[email protected]/content/imgs/logo.png
.png
$_0_/extensions/[email protected]/content/imgs/privecy_16_hot.gif
.gif
$_0_/extensions/[email protected]/content/imgs/sign.jpg
$_0_/extensions/[email protected]/content/imgs/specialoffer.gif
.gif
$_0_/extensions/[email protected]/content/imgs/tellafriend.gif
.gif
$_0_/extensions/[email protected]/content/imgs/uninstall.gif
.gif
$_0_/extensions/[email protected]/content/ividi.css
$_0_/extensions/[email protected]/content/ividi.xul
.js
$_0_/extensions/[email protected]/content/loader.xul
.js .xml polyglot
$_0_/extensions/[email protected]/content/mtstart.js
.js
$_0_/extensions/[email protected]/content/serp.js
.js
$_0_/extensions/[email protected]/content/tmplt.js
.js
$_0_/extensions/[email protected]/install.rdf
.xml
$_0_/extensions/staged/[email protected]/$_0_/extensions/staged/[email protected]/uninstall.exe.nsis
ividi.xpi
.zip
chrome.manifest
components/FFDisp.dll
.dll windows:5 windows x86 arch:x86

97afa875d1e57fd74d3d70e72dd926a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\svnNew\dvlp\bin\FFDisp.pdb

Imports

kernel32

MultiByteToWideChar
GetLastError
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrlenW
GetModuleFileNameW
LoadLibraryW
FreeLibrary
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
IsDebuggerPresent
RaiseException
HeapAlloc
HeapDestroy
GetSystemTimeAsFileTime

ole32

OleRun
CoUninitialize
CLSIDFromString
CoCreateInstance
CoInitialize

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantChangeType
VariantClear
VariantInit
SysFreeString

atl100

ord30

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ

msvcr100

free
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
wcsnlen
memcpy_s
wmemcpy_s
memmove_s
calloc
_recalloc
_vscprintf
vsprintf_s
_CxxThrowException
memset
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__clean_type_info_names_internal
??3@YAXPAX@Z
wcsrchr
__CxxFrameHandler3

Exports

Exports

Cleanup
Create
Invoke
MgcExec
MgcInvokeAsync
MgcTask

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
content/dpk.htm
.html .js polyglot
content/hlprs.js
.js
content/imgs/arwDwn.gif
.gif
content/imgs/closeo.png
.png
content/imgs/flgs/ae.png
.png
content/imgs/flgs/bg.png
.png
content/imgs/flgs/ch.png
.png
content/imgs/flgs/cn.png
.png
content/imgs/flgs/cz.png
.png
content/imgs/flgs/de.png
.png
content/imgs/flgs/eg.png
.png
content/imgs/flgs/en.png
.png
content/imgs/flgs/es.png
.png
content/imgs/flgs/fr.png
.png
content/imgs/flgs/gr.png
.png
content/imgs/flgs/he.png
.png
content/imgs/flgs/il.png
.png
content/imgs/flgs/it.png
.png
content/imgs/flgs/ja.png
.png
content/imgs/flgs/jp.png
.png
content/imgs/flgs/nl.png
.png
content/imgs/flgs/no.png
.png
content/imgs/flgs/pl.png
.png
content/imgs/flgs/pt.png
.png
content/imgs/flgs/ro.png
.png
content/imgs/flgs/ru.png
.png
content/imgs/flgs/sa.png
.png
content/imgs/flgs/se.png
.png
content/imgs/flgs/sv.png
.png
content/imgs/flgs/tr.png
.png
content/imgs/flgs/ua.png
.png
content/imgs/flgs/us.png
.png
content/imgs/help_16.gif
.gif
content/imgs/home.gif
.gif
content/imgs/icon_seperator.png
.png
content/imgs/logo.png
.png
content/imgs/privecy_16_hot.gif
.gif
content/imgs/sign.jpg
content/imgs/specialoffer.gif
.gif
content/imgs/tellafriend.gif
.gif
content/imgs/uninstall.gif
.gif
content/ividi.css
content/ividi.xul
.js
content/loader.xul
.js .xml polyglot
content/mtstart.js
.js
content/serp.js
.js
content/tmplt.js
.js
install.rdf
.xml
ividi4ie.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:6a:02:da:5f:cb:a1:7d:26:7c:d5:b0:db:c1:0a:17
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

26-06-2013 00:00

Not After

26-06-2014 23:59

Subject

CN=Montiera Technologies LTD,O=Montiera Technologies LTD,POSTALCODE=40500,STREET=18\, Amammi st,L=Even Yehuda,ST=Hasharon,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d5:41:4d:3e:5d:d1:66:a7:82:52:7e:02:8d:57:3e:d7:4d:de:3f:57
Signer

Actual PE Digest

d5:41:4d:3e:5d:d1:66:a7:82:52:7e:02:8d:57:3e:d7:4d:de:3f:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/Google/Chrome/User Data/default/extensions/kpdhgpkkloealnjnmepfhanpcleldbef/1.0_0/CTB.dll
.dll windows:5 windows x86 arch:x86

d1c22339ddec3d9420c4420579fd49e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindResourceExW
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
CloseHandle
CreateFileA
GetModuleHandleA
GetLastError
ReadFile
GetFileSize
MultiByteToWideChar
lstrlenW
OutputDebugStringA
ExpandEnvironmentStringsA
lstrlenA
DeleteCriticalSection
RaiseException
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
GetTickCount
ReleaseMutex
FindResourceW
CreateMutexA
Sleep
GetVersionExA
GetCurrentProcess
GetEnvironmentVariableA
SetEnvironmentVariableA
GetSystemInfo
VirtualAlloc
VirtualProtect
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
CompareStringW
SetEndOfFile
CreateFileW
SetStdHandle
WriteConsoleW
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetProcAddress
FreeLibrary
LoadLibraryA
GetModuleFileNameA
GetModuleHandleExA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
HeapCreate
FlushFileBuffers
SetFilePointer
IsProcessorFeaturePresent
GetConsoleMode
GetConsoleCP
WriteFile
GetLocaleInfoW
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
GetTimeZoneInformation
SetLastError
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
InitializeCriticalSection
EncodePointer
DecodePointer
LocalFree
GetTimeFormatA
GetDateFormatA
GetCPInfo
GetCommandLineA
RtlUnwind
GetSystemTimeAsFileTime
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VirtualQuery

user32

GetForegroundWindow
EnumWindows
IsWindowVisible
GetClassNameA
SendMessageA
GetWindowThreadProcessId
SetWindowsHookExA
UnhookWindowsHookEx
FindWindowExA
IsWindow
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects

advapi32

RegSetValueExA
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA
ord165

ole32

CoCreateInstance
CoTaskMemFree
CoGetClassObject
CoRegisterClassObject
CoRevokeClassObject

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

shlwapi

PathAppendA
SHRegGetValueA

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/Google/Chrome/User Data/default/extensions/kpdhgpkkloealnjnmepfhanpcleldbef/1.0_0/CrmAdpt.dll
.dll windows:5 windows x86 arch:x86

edf7e39da759ff1376e9d65250751d23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\svnNew\dvlp\bin\ividi\CrmAdpt.pdb

Imports

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
OutputDebugStringA
IsBadCodePtr
GetModuleFileNameA
lstrlenW
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
GetTickCount
ReleaseMutex
CloseHandle
CreateMutexA
Sleep
InitializeCriticalSection
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
LoadLibraryW
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
ExitProcess
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameW
GetStdHandle
WriteFile
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleW
GetProcAddress
VirtualProtect
EncodePointer
DecodePointer
LocalFree
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
SetLastError
FlushInstructionCache
GetCurrentProcess
RaiseException
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
lstrlenA
MultiByteToWideChar
GetLastError
SetFilePointer
HeapDestroy

user32

CallNextHookEx
UnregisterClassA
IsChild
UnhookWindowsHookEx
RegisterWindowMessageA
SetWindowsHookExA
SendMessageA
GetParent
GetClassNameA
GetWindow
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
GetWindowTextLengthA
SetWindowTextA
BeginPaint
EndPaint
GetFocus
SetFocus
GetDlgItem
CharNextA
RedrawWindow
CreateAcceleratorTableA
ClientToScreen
SetCapture
ReleaseCapture
InvalidateRgn
InvalidateRect
GetDesktopWindow
DestroyAcceleratorTable
PostMessageA
CallWindowProcW
GetWindowLongW
SetWindowLongW
IsWindowUnicode
GetWindowTextA
CallWindowProcA
GetWindowLongA
DefWindowProcA
CreateWindowExA
SetWindowLongA
DestroyWindow
LoadCursorA
GetClassInfoExA
RegisterClassExA
GetClientRect
IsRectEmpty
SetWindowPos
InflateRect
DefWindowProcW
MoveWindow
ShowWindow
ReleaseDC
FillRect
ValidateRect
GetSysColor
ScreenToClient
GetWindowRect
GetDC
IsWindowVisible
IsWindow

gdi32

GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
GetObjectA
GetDeviceCaps
DeleteObject
CreateSolidBrush

ole32

CoGetClassObject
OleRun
CoUninitialize
CoInitialize
OleInitialize
OleUninitialize
GetRunningObjectTable
CreateItemMoniker
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
CoRevokeClassObject
CoRegisterClassObject

oleaut32

DispCallFunc
SysAllocStringLen
VariantInit
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString
SysAllocString
VariantClear
VariantCopy
SysAllocStringByteLen
SysStringByteLen

shlwapi

SHRegGetValueA

Exports

Exports

GetProc

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/Google/Chrome/User Data/default/extensions/kpdhgpkkloealnjnmepfhanpcleldbef/1.0_0/appCntrl.js
.js
$LOCALAPPDATA/Google/Chrome/User Data/default/extensions/kpdhgpkkloealnjnmepfhanpcleldbef/1.0_0/bg.html
$LOCALAPPDATA/Google/Chrome/User Data/default/extensions/kpdhgpkkloealnjnmepfhanpcleldbef/1.0_0/bg.js
.js
$LOCALAPPDATA/Google/Chrome/User Data/default/extensions/kpdhgpkkloealnjnmepfhanpcleldbef/1.0_0/ct.js
.js
$LOCALAPPDATA/Google/Chrome/User Data/default/extensions/kpdhgpkkloealnjnmepfhanpcleldbef/1.0_0/dpk.js
.js
$LOCALAPPDATA/Google/Chrome/User Data/default/extensions/kpdhgpkkloealnjnmepfhanpcleldbef/1.0_0/hprtkMsg.htm
$LOCALAPPDATA/Google/Chrome/User Data/default/extensions/kpdhgpkkloealnjnmepfhanpcleldbef/1.0_0/hprtkMsg.js
.js
$LOCALAPPDATA/Google/Chrome/User Data/default/extensions/kpdhgpkkloealnjnmepfhanpcleldbef/1.0_0/json2.min.js
.js
$LOCALAPPDATA/Google/Chrome/User Data/default/extensions/kpdhgpkkloealnjnmepfhanpcleldbef/1.0_0/logo.png
.png
$LOCALAPPDATA/Google/Chrome/User Data/default/extensions/kpdhgpkkloealnjnmepfhanpcleldbef/1.0_0/manifest.json
$LOCALAPPDATA/Google/Chrome/User Data/default/extensions/kpdhgpkkloealnjnmepfhanpcleldbef/1.0_0/pref.json
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Time.dll
.dll windows:4 windows x86 arch:x86

2e3a4d1f132aea64d421c1e936bcc407

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
lstrcmpiA
lstrcpynA
GlobalFree
lstrcpyA
GlobalAlloc
GetSystemTime
GetLocalTime
SetSystemTime
SetLocalTime
FindClose
FindFirstFileA
CloseHandle
SetFileTime
CreateFileA
lstrcatA

user32

SendMessageA
wsprintfA

Exports

Exports

_GetFileTime
_GetFileTimeUTC
_GetLocalTime
_GetLocalTimeUTC
_MathTime
_SetFileTime
_SetFileTimeUTC
_SetLocalTime
_SetLocalTimeUTC
_TimeString
_Unload

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

afa8e526425f3585465337467d0b5909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
lstrcpynA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/mt.dll
.dll windows:5 windows x86 arch:x86

4ace53f9e1689a9a07327ded8e119e2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\svnNew\dvlp\nsis\Release\mtPlug.pdb

Imports

iphlpapi

GetAdaptersInfo

shlwapi

StrStrIA
StrDupA

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
GetVolumeInformationA
LocalFree
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

user32

wsprintfA

oleaut32

SysAllocStringLen

Exports

Exports

_Unload
_getMachineId
extractStr
setAE
strStr

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisos.dll
.dll windows:1 windows x86 arch:x86

a70233c77fd258ec47709388c2338273

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetEnvironmentStringsA
GetVersionExA
RtlUnwind
RtlZeroMemory
lstrcpyA

crtdll

_fdopen
_open_osfhandle
_ultoa
fclose
_cexit
malloc
printf
raise
setbuf
strcpy

Exports

Exports

osplatform
osversion

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 80B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 588B - Virtual size: 588B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 156B - Virtual size: 156B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 96B - Virtual size: 96B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
bh/ividi.dll
.dll regsvr32 windows:5 windows x86 arch:x86

e64de3a32cd8a3406e888c96c74b8ef5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:6a:02:da:5f:cb:a1:7d:26:7c:d5:b0:db:c1:0a:17
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

26-06-2013 00:00

Not After

26-06-2014 23:59

Subject

CN=Montiera Technologies LTD,O=Montiera Technologies LTD,POSTALCODE=40500,STREET=18\, Amammi st,L=Even Yehuda,ST=Hasharon,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:d4:70:7b:7d:10:72:86:06:66:0f:51:be:e1:da:ad:59:e8:c2:a5
Signer

Actual PE Digest

44:d4:70:7b:7d:10:72:86:06:66:0f:51:be:e1:da:ad:59:e8:c2:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\svnNew\dvlp\bin\ividi\escort.pdb

Imports

sensapi

IsNetworkAlive

kernel32

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
lstrlenA
lstrcmpiA
GetModuleFileNameA
GetModuleHandleW
IsDBCSLeadByte
InterlockedIncrement
InterlockedDecrement
FreeLibrary
FindResourceA
LoadLibraryExA
SetThreadLocale
GetThreadLocale
FlushInstructionCache
GetLastError
GetCurrentThreadId
lstrcpyW
SetLastError
GetTickCount
GetEnvironmentVariableA
SetEnvironmentVariableA
OutputDebugStringA
CloseHandle
EnterCriticalSection
GetCurrentProcess
LeaveCriticalSection
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetFileType
RaiseException
InitializeCriticalSection
CreateMutexA
ReleaseMutex
WaitForSingleObject
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetStringTypeW
SetUnhandledExceptionFilter
SetHandleCount
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
UnhandledExceptionFilter
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
EncodePointer
DecodePointer
LocalFree
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LCMapStringW
Sleep
HeapCreate
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
LoadLibraryW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
InterlockedPushEntrySList
TlsFree

user32

KillTimer
RegisterClassExA
DefWindowProcA
CharNextA
CharNextW
GetParent
GetFocus
SetWindowLongA
GetClientRect
ShowWindow
GetClassInfoExA
LoadCursorA
MoveWindow
GetWindowRect
CharLowerBuffA
SetTimer
GetWindowLongA
SetWindowPos
UnregisterClassA
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
CallWindowProcA
CreateWindowExA

advapi32

RegDeleteValueA
RegEnumValueA
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA

shell32

SHGetFileInfoA

ole32

CreateItemMoniker
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
OleRun
StringFromCLSID
CLSIDFromString
GetRunningObjectTable
CLSIDFromProgID

oleaut32

SysAllocStringLen
VarBstrCmp
DispCallFunc
VariantCopy
VariantInit
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
VariantClear
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
GetErrorInfo
VarCmp

shlwapi

SHDeleteValueA
StrStrIW
SHRegGetValueA
SHGetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ividi.crx
.zip
CTB.dll
.dll windows:5 windows x86 arch:x86

d1c22339ddec3d9420c4420579fd49e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindResourceExW
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
CloseHandle
CreateFileA
GetModuleHandleA
GetLastError
ReadFile
GetFileSize
MultiByteToWideChar
lstrlenW
OutputDebugStringA
ExpandEnvironmentStringsA
lstrlenA
DeleteCriticalSection
RaiseException
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
GetTickCount
ReleaseMutex
FindResourceW
CreateMutexA
Sleep
GetVersionExA
GetCurrentProcess
GetEnvironmentVariableA
SetEnvironmentVariableA
GetSystemInfo
VirtualAlloc
VirtualProtect
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
CompareStringW
SetEndOfFile
CreateFileW
SetStdHandle
WriteConsoleW
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetProcAddress
FreeLibrary
LoadLibraryA
GetModuleFileNameA
GetModuleHandleExA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
HeapCreate
FlushFileBuffers
SetFilePointer
IsProcessorFeaturePresent
GetConsoleMode
GetConsoleCP
WriteFile
GetLocaleInfoW
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
GetTimeZoneInformation
SetLastError
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
InitializeCriticalSection
EncodePointer
DecodePointer
LocalFree
GetTimeFormatA
GetDateFormatA
GetCPInfo
GetCommandLineA
RtlUnwind
GetSystemTimeAsFileTime
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VirtualQuery

user32

GetForegroundWindow
EnumWindows
IsWindowVisible
GetClassNameA
SendMessageA
GetWindowThreadProcessId
SetWindowsHookExA
UnhookWindowsHookEx
FindWindowExA
IsWindow
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects

advapi32

RegSetValueExA
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA
ord165

ole32

CoCreateInstance
CoTaskMemFree
CoGetClassObject
CoRegisterClassObject
CoRevokeClassObject

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

shlwapi

PathAppendA
SHRegGetValueA

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CrmAdpt.dll
.dll windows:5 windows x86 arch:x86

edf7e39da759ff1376e9d65250751d23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\svnNew\dvlp\bin\ividi\CrmAdpt.pdb

Imports

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
OutputDebugStringA
IsBadCodePtr
GetModuleFileNameA
lstrlenW
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
GetTickCount
ReleaseMutex
CloseHandle
CreateMutexA
Sleep
InitializeCriticalSection
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
LoadLibraryW
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
ExitProcess
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameW
GetStdHandle
WriteFile
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleW
GetProcAddress
VirtualProtect
EncodePointer
DecodePointer
LocalFree
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
SetLastError
FlushInstructionCache
GetCurrentProcess
RaiseException
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
lstrlenA
MultiByteToWideChar
GetLastError
SetFilePointer
HeapDestroy

user32

CallNextHookEx
UnregisterClassA
IsChild
UnhookWindowsHookEx
RegisterWindowMessageA
SetWindowsHookExA
SendMessageA
GetParent
GetClassNameA
GetWindow
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
GetWindowTextLengthA
SetWindowTextA
BeginPaint
EndPaint
GetFocus
SetFocus
GetDlgItem
CharNextA
RedrawWindow
CreateAcceleratorTableA
ClientToScreen
SetCapture
ReleaseCapture
InvalidateRgn
InvalidateRect
GetDesktopWindow
DestroyAcceleratorTable
PostMessageA
CallWindowProcW
GetWindowLongW
SetWindowLongW
IsWindowUnicode
GetWindowTextA
CallWindowProcA
GetWindowLongA
DefWindowProcA
CreateWindowExA
SetWindowLongA
DestroyWindow
LoadCursorA
GetClassInfoExA
RegisterClassExA
GetClientRect
IsRectEmpty
SetWindowPos
InflateRect
DefWindowProcW
MoveWindow
ShowWindow
ReleaseDC
FillRect
ValidateRect
GetSysColor
ScreenToClient
GetWindowRect
GetDC
IsWindowVisible
IsWindow

gdi32

GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
GetObjectA
GetDeviceCaps
DeleteObject
CreateSolidBrush

ole32

CoGetClassObject
OleRun
CoUninitialize
CoInitialize
OleInitialize
OleUninitialize
GetRunningObjectTable
CreateItemMoniker
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
CoRevokeClassObject
CoRegisterClassObject

oleaut32

DispCallFunc
SysAllocStringLen
VariantInit
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString
SysAllocString
VariantClear
VariantCopy
SysAllocStringByteLen
SysStringByteLen

shlwapi

SHRegGetValueA

Exports

Exports

GetProc

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
appCntrl.js
.js
bg.html
bg.js
.js
ct.js
.js
dpk.js
.js
hprtkMsg.htm
hprtkMsg.js
.js
json2.min.js
.js
logo.png
.png
manifest.json
pref.json
ividiApp.dll
.dll regsvr32 windows:5 windows x86 arch:x86

14d54a5c1ffdf56b7c1341d618a7349a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:6a:02:da:5f:cb:a1:7d:26:7c:d5:b0:db:c1:0a:17
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

26-06-2013 00:00

Not After

26-06-2014 23:59

Subject

CN=Montiera Technologies LTD,O=Montiera Technologies LTD,POSTALCODE=40500,STREET=18\, Amammi st,L=Even Yehuda,ST=Hasharon,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e0:b4:35:8b:0c:a5:b9:b1:c2:6a:a7:06:2f:ea:b9:75:67:a2:33:44
Signer

Actual PE Digest

e0:b4:35:8b:0c:a5:b9:b1:c2:6a:a7:06:2f:ea:b9:75:67:a2:33:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

GetAdaptersInfo

kernel32

lstrlenA
MultiByteToWideChar
lstrcmpiA
lstrlenW
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
IsDBCSLeadByte
GetModuleHandleW
FreeLibrary
FindResourceA
LoadLibraryExA
SetThreadLocale
GetThreadLocale
LoadLibraryA
InitializeCriticalSection
GetCurrentThreadId
GetVolumeInformationA
WaitForSingleObject
GetTickCount
ReleaseMutex
SetEvent
ResetEvent
CloseHandle
CreateMutexA
CreateEventA
FindResourceExW
CreateFileA
GetModuleHandleA
WriteFile
SetFilePointer
GetFileSize
GetVersionExA
GetCurrentProcess
GetEnvironmentVariableA
SetEnvironmentVariableA
OutputDebugStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
CompareStringW
FlushFileBuffers
CreateFileW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
WideCharToMultiByte
ReadFile
GetProcAddress
Sleep
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
LoadLibraryW
GetTimeZoneInformation
LCMapStringW
GetStringTypeW
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
GetModuleFileNameW
GetStdHandle
ExitProcess
GetSystemTimeAsFileTime
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
EncodePointer
DecodePointer
LocalFree
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
IsProcessorFeaturePresent
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
TlsAlloc

user32

CharNextA
GetParent
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
KillTimer
SetTimer
CharNextW

advapi32

RegCreateKeyExA
RegEnumValueA
RegQueryValueExA
RegQueryInfoKeyA
RegQueryInfoKeyW
RegDeleteValueA
RegEnumKeyExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA
ord165

ole32

CoCreateInstance
CoTaskMemFree
StringFromCLSID
CLSIDFromProgID
OleRun
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateGuid
CLSIDFromString

oleaut32

SysStringByteLen
SysAllocStringByteLen
VarBstrCat
RegisterTypeLi
UnRegisterTypeLi
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysAllocString
SysAllocStringLen
VariantCopy
VariantClear
VariantInit
SysFreeString
VarBstrCmp
SysStringLen
GetErrorInfo

shlwapi

PathIsURLW
PathAppendA
StrStrW
SHRegGetValueA
SHGetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ividiEng.dll
.dll regsvr32 windows:5 windows x86 arch:x86

5aaf4c1e1da3cf76af0ffd0d9e9f39e3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:6a:02:da:5f:cb:a1:7d:26:7c:d5:b0:db:c1:0a:17
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

26-06-2013 00:00

Not After

26-06-2014 23:59

Subject

CN=Montiera Technologies LTD,O=Montiera Technologies LTD,POSTALCODE=40500,STREET=18\, Amammi st,L=Even Yehuda,ST=Hasharon,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

af:81:97:e0:ad:35:39:ee:a6:3c:ab:47:cd:79:3e:ac:62:3d:a6:f9
Signer

Actual PE Digest

af:81:97:e0:ad:35:39:ee:a6:3c:ab:47:cd:79:3e:ac:62:3d:a6:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\svnNew\dvlp\bin\ividi\escortEng.pdb

Imports

psapi

GetModuleBaseNameA

sensapi

IsNetworkAlive

kernel32

GetThreadLocale
LockResource
FindResourceW
FindResourceExW
GetCurrentProcess
CloseHandle
WaitForSingleObject
FlushInstructionCache
GetCurrentThreadId
SetLastError
CreateFileA
CreateThread
InitializeCriticalSection
GetTickCount
InterlockedExchange
lstrcmpA
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
LoadLibraryA
GetDateFormatA
FileTimeToSystemTime
Sleep
ReleaseMutex
SetEvent
ResetEvent
CreateMutexA
CreateEventA
GetEnvironmentVariableA
SetEnvironmentVariableA
WriteFile
FileTimeToLocalFileTime
GetFileTime
OutputDebugStringA
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetFileSize
UnmapViewOfFile
ReadFile
SetFilePointer
HeapDestroy
HeapAlloc
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CompareStringW
SetThreadLocale
CreateFileW
WriteConsoleW
SetStdHandle
LoadLibraryW
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetTimeZoneInformation
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
GetLocaleInfoW
GetModuleFileNameW
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapCreate
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
GetTimeFormatA
GetCommandLineA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
LocalFree
DecodePointer
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
GetModuleHandleW
lstrcmpiA
lstrlenA
GetModuleHandleA
GetProcAddress
EnterCriticalSection
RaiseException
MultiByteToWideChar
GetModuleFileNameA
CreateProcessA
lstrlenW
WideCharToMultiByte
GetLastError
FlushFileBuffers
HeapFree
DeleteCriticalSection
CreateDirectoryA
GetProcessHeap
HeapSize
HeapReAlloc

user32

UnregisterClassA
SetWindowLongA
PostMessageA
GetClassInfoExA
LoadCursorA
CreateWindowExA
RegisterClassExA
DestroyWindow
CharNextA
DefWindowProcA
GetWindowLongA
CallWindowProcA
SetWindowTextA
GetWindowRect
GetClientRect
ScreenToClient
IsWindowVisible
SetTimer
CharNextW
IsWindow
CharUpperBuffA
KillTimer
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
FindWindowExA
EnumChildWindows
GetWindowThreadProcessId
SystemParametersInfoA
InflateRect
SetForegroundWindow
GetWindowTextLengthA
GetWindowTextA
AnimateWindow
GetCursorPos
OffsetRect
ShowWindow
RegisterWindowMessageA
SendMessageTimeoutA
GetCaretBlinkTime
CreateAcceleratorTableA
SendMessageA
GetDesktopWindow
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ClientToScreen
SetWindowPos
MoveWindow
GetSysColor
UpdateLayeredWindow
CharLowerBuffA
GetFocus
GetParent
GetWindow
IsChild

gdi32

CreateCompatibleBitmap
OffsetViewportOrgEx
GetStockObject
CreateSolidBrush
GetDeviceCaps
BitBlt
GetObjectA
CreateDIBSection
DeleteObject
SelectObject
DeleteDC
CreateCompatibleDC

advapi32

RegQueryValueExA
RegEnumValueW
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA

shell32

SHGetFileInfoA
SHGetSpecialFolderPathW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
OleRun
CoTaskMemFree
CoInitialize
CoUninitialize
StringFromGUID2
StringFromCLSID
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoGetClassObject
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
GetRunningObjectTable
CoCreateGuid
CreateItemMoniker

oleaut32

GetErrorInfo
VariantInit
VarCmp
SafeArrayCopy
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetVartype
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetLBound
VarBstrCat
DispCallFunc
OleCreateFontIndirect
VariantCopy
SysStringLen
SysFreeString
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VarBstrCmp
SysAllocStringLen
LoadRegTypeLi

shlwapi

SHRegGetValueA
StrCmpIW
SHSetValueA
SHDeleteValueA
SHGetValueA
StrToIntExA

gdiplus

GdiplusShutdown

ws2_32

WSAStartup
freeaddrinfo
getaddrinfo
WSASetLastError
WSACleanup

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ividiTlbr.dll
.dll regsvr32 windows:5 windows x86 arch:x86

6222a1a4c6fbfb4ebf90cae01fa2d06e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:6a:02:da:5f:cb:a1:7d:26:7c:d5:b0:db:c1:0a:17
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

26-06-2013 00:00

Not After

26-06-2014 23:59

Subject

CN=Montiera Technologies LTD,O=Montiera Technologies LTD,POSTALCODE=40500,STREET=18\, Amammi st,L=Even Yehuda,ST=Hasharon,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:d8:15:f3:7d:7a:46:05:e9:5d:61:d8:15:75:00:35:3b:03:bc:ab
Signer

Actual PE Digest

77:d8:15:f3:7d:7a:46:05:e9:5d:61:d8:15:75:00:35:3b:03:bc:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\svnNew\dvlp\bin\ividi\escorTlbr.pdb

Imports

kernel32

FindResourceA
LoadLibraryExA
SetThreadLocale
GetThreadLocale
lstrcmpA
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetEnvironmentVariableA
SetEnvironmentVariableA
OutputDebugStringA
Sleep
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
FreeLibrary
GetModuleHandleW
InitializeCriticalSection
CreateMutexA
ReleaseMutex
IsDBCSLeadByte
WaitForSingleObject
FlushFileBuffers
CloseHandle
CreateFileW
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
SetLastError
InterlockedDecrement
WriteFile
InterlockedIncrement
GetModuleFileNameA
lstrlenW
GetCurrentProcess
FlushInstructionCache
lstrcmpiA
MultiByteToWideChar
lstrlenA
GetModuleHandleA
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
GetCurrentThreadId
GetSystemTimeAsFileTime
DecodePointer
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EncodePointer
RtlUnwind
LocalFree
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
ExitProcess
GetStdHandle
GetModuleFileNameW
HeapCreate

user32

IsWindowVisible
KillTimer
SetTimer
UnhookWindowsHookEx
IsChild
SendMessageA
CallNextHookEx
RegisterWindowMessageA
SetWindowsHookExA
DestroyWindow
SetWindowLongA
ShowWindow
IsWindow
GetClassInfoExA
LoadCursorA
CharNextA
CreateWindowExA
RegisterClassExA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
GetDesktopWindow
SetFocus
GetFocus
DestroyAcceleratorTable
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ClientToScreen
SetWindowPos
MoveWindow
GetSysColor
CharNextW
ScreenToClient
GetCursorPos
BeginPaint
EndPaint
GetParent
GetWindow
MapWindowPoints
GetWindowRect
CallWindowProcA
GetWindowLongA
DefWindowProcA
UnregisterClassA
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
GetClientRect

gdi32

GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
OffsetWindowOrgEx
SetWindowOrgEx
SetViewportOrgEx

advapi32

RegQueryInfoKeyA
RegQueryInfoKeyW
RegDeleteValueA
RegEnumKeyExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA

shell32

SHGetFileInfoA

ole32

CreateItemMoniker
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
GetRunningObjectTable
OleRun

oleaut32

SysAllocString
VariantCopy
OleCreateFontIndirect
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysStringLen
DispCallFunc
VariantInit
GetErrorInfo
VariantClear
SysFreeString

shlwapi

SHRegGetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ividisrv.exe
.exe windows:5 windows x86 arch:x86

75c212979d4f245d52935105103be765

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:6a:02:da:5f:cb:a1:7d:26:7c:d5:b0:db:c1:0a:17
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

26-06-2013 00:00

Not After

26-06-2014 23:59

Subject

CN=Montiera Technologies LTD,O=Montiera Technologies LTD,POSTALCODE=40500,STREET=18\, Amammi st,L=Even Yehuda,ST=Hasharon,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

54:7c:31:39:20:21:ef:8a:11:59:5f:7c:31:6b:eb:ee:19:3f:25:53
Signer

Actual PE Digest

54:7c:31:39:20:21:ef:8a:11:59:5f:7c:31:6b:eb:ee:19:3f:25:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\svnNew\dvlp\bin\ividi\esrv.pdb

Imports

sensapi

IsNetworkAlive

kernel32

GetTickCount
RaiseException
EnterCriticalSection
LeaveCriticalSection
lstrcmpiA
OutputDebugStringA
IsDBCSLeadByte
Sleep
CreateThread
CreateEventA
GetModuleHandleW
SetEvent
ExitProcess
FreeLibrary
FindResourceA
LoadLibraryExA
GetCommandLineA
FlushInstructionCache
GetCurrentProcess
SetLastError
LoadLibraryA
LocalAlloc
LocalFree
GetDateFormatA
SetFilePointer
CreateDirectoryA
GetTempPathA
MoveFileExA
GetTempFileNameA
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpA
MulDiv
ReleaseMutex
ResetEvent
CreateMutexA
GetVersionExA
GetEnvironmentVariableA
SetEnvironmentVariableA
WideCharToMultiByte
CompareStringW
CreateFileW
WriteConsoleW
FlushFileBuffers
SetStdHandle
LoadLibraryW
GetConsoleMode
GetConsoleCP
LCMapStringW
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleFileNameW
GetStdHandle
GetTimeZoneInformation
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSetInformation
VirtualQuery
GetSystemInfo
VirtualProtect
GetTimeFormatA
RtlUnwind
EncodePointer
DecodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
CloseHandle
GetModuleFileNameA
GetCurrentThreadId
lstrlenA
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
GetFileTime
InterlockedDecrement
lstrlenW
MultiByteToWideChar
FileTimeToLocalFileTime
GetModuleHandleA
GetProcAddress
CreateFileA
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
GetLastError
FileTimeToSystemTime
WriteFile

user32

UnhookWindowsHookEx
CallNextHookEx
GetDlgItem
SetForegroundWindow
SetFocus
SetWindowsHookExA
SetTimer
IsWindow
SendMessageA
KillTimer
UnregisterClassA
SendInput
ShowWindow
CharNextA
PostThreadMessageA
CharUpperA
ReleaseCapture
LoadIconA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
GetWindowTextLengthA
GetWindowTextA
CreateAcceleratorTableA
DestroyAcceleratorTable
GetDesktopWindow
GetFocus
GetWindow
BeginPaint
EndPaint
FillRect
CharNextW
GetClassNameA
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
MoveWindow
GetSysColor
RegisterWindowMessageA
PostQuitMessage
CreateWindowExA
RegisterClassExA
CallWindowProcA
GetWindowLongA
DefWindowProcA
LoadCursorA
GetClassInfoExA
SetWindowLongA
SetWindowTextA
DestroyWindow
SetWindowPos
GetMessageA

gdi32

SelectObject
GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
DeleteObject

advapi32

RegQueryValueExA
RegEnumValueA
RegSetKeySecurity
ConvertSidToStringSidA
RegQueryInfoKeyA
RegQueryInfoKeyW
RegDeleteValueA
RegEnumKeyExA
RegSetValueExA
OpenProcessToken
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegGetKeySecurity
RegOpenKeyA
GetTokenInformation

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
ord165
ShellExecuteA
SHGetFileInfoA
ShellExecuteExA
Shell_NotifyIconA

ole32

CoRegisterClassObject
OleInitialize
OleUninitialize
OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoRevokeClassObject
CoGetClassObject
StringFromGUID2
CoAddRefServerProcess
CoCreateGuid
CoReleaseServerProcess
CoInitializeEx
CreateStreamOnHGlobal
OleLockRunning

oleaut32

SysAllocStringByteLen
GetErrorInfo
SafeArrayGetLBound
OleCreateFontIndirect
VarBstrCat
DispCallFunc
RegisterTypeLi
UnRegisterTypeLi
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysStringByteLen
SafeArrayGetVartype
SafeArrayCopy
SafeArrayDestroy
SysAllocStringLen
VariantCopy
SysAllocString
VariantClear
VariantInit
SysFreeString
VarBstrCmp
SysStringLen
SafeArrayUnlock
SafeArrayLock
SafeArrayGetDim
SafeArrayGetUBound

shlwapi

StrStrW
SHSetValueA
PathFindExtensionA
PathIsURLW
StrToIntW
PathFindFileNameA
PathRenameExtensionA
SHGetValueA
PathAppendA
SHRegGetValueA

Sections

.text
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe.nsis
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsJSON.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Delete
Get
Serialize
Set

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/welcome.bmp
$R9/Plugins/npffividiplg.dll
.dll windows:5 windows x86 arch:x86

4ed3111a5b0f84ef176e0021a95a8442

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Program Files (x86)\Mozilla Firefox\Plugins\npcodeproject.pdb

Imports

kernel32

CloseHandle
GetPrivateProfileStringA
CreateFileW
ReadFile
GetPrivateProfileIntA
GetSystemTimeAsFileTime
CreateFileA
GetCurrentThreadId
DecodePointer
GetCommandLineA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapValidate
IsBadReadPtr
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
RaiseException
IsProcessorFeaturePresent
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcAddress
GetModuleHandleW
SetLastError
GetLastError
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
WriteFile
HeapAlloc
HeapReAlloc
HeapSize
HeapQueryInformation
HeapFree
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeW
SetStdHandle
FlushFileBuffers
InitializeCriticalSection

user32

DefWindowProcA
SetWindowLongA

advapi32

GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

Exports

Exports

NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Shutdown

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEhelperActiveX.dll
.dll regsvr32 windows:5 windows x86 arch:x86

0927ad8d2957da1ec29577efba787c36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
SetLastError
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
lstrcatA
lstrcpyA
GetStringTypeW
LCMapStringW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
GlobalAlloc
Sleep
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GlobalLock
GlobalUnlock
MulDiv
GetCurrentProcess
FlushInstructionCache
GetSystemTimeAsFileTime
IsDBCSLeadByte
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
lstrlenA
lstrcmpiA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
RaiseException
lstrlenW
WideCharToMultiByte
SetHandleCount
GetACP
FlushFileBuffers
CloseHandle
CreateFileW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetCPInfo
GetCommandLineA
EncodePointer
DecodePointer
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualProtect
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
GetConsoleCP
SetFilePointer
LoadLibraryW
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange

user32

CreateWindowExA
RegisterClassExA
InvalidateRect
IsWindow
GetKeyState
GetParent
GetFocus
UnregisterClassA
SetFocus
CallWindowProcA
BeginPaint
GetClientRect
EndPaint
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
GetDC
ReleaseDC
LoadCursorA
GetClassInfoExA
ShowWindow
GetWindowLongA
SetWindowLongA
UnionRect
PtInRect
DefWindowProcA
DestroyWindow
CharNextW
CharNextA
IsChild

gdi32

SetMapMode
SetViewportOrgEx
DeleteDC
CreateDCA
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetDeviceCaps
LPtoDP

advapi32

RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

ole32

CreateOleAdviseHolder
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

OleCreatePropertyFrame
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantInit
VarBstrCat
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ividiplg.crx
.zip
uninst.exe.nsis

Sharing

General

Malware Config

Signatures

Files

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 458KB

.ndata Size: - Virtual size: 1.8MB

.rsrc Size: 130KB - Virtual size: 130KB

.reloc Size: 4KB - Virtual size: 3KB

43087810d965c117d20dd5225a45da5d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

advapi32

kernel32

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 15KB - Virtual size: 15KB

03f929832e821ea56617f74371196241

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 3KB - Virtual size: 2KB

13747ecad4b929762d73c9d1ad62f57f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

wininet

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 15KB - Virtual size: 15KB

93bd1585ffbc730c763e71e0c6c896b3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 458KB

.ndata
Size: - Virtual size: 1.8MB

.rsrc
Size: 130KB - Virtual size: 130KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 15KB - Virtual size: 15KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 15KB - Virtual size: 15KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6f:fc:26:3a:35:11:34:19:4c:f1:6e:1e:6d:0e:08:06
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

62:df:9b:00:a0:2e:95:b2:8b:f9:8a:ae:08:ca:c4:3c:13:76:de:06
Signer

.text
Size: 579KB - Virtual size: 579KB

.rdata
Size: 196KB - Virtual size: 195KB

.data
Size: 11KB - Virtual size: 22KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 36KB - Virtual size: 35KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

3e:6a:02:da:5f:cb:a1:7d:26:7c:d5:b0:db:c1:0a:17
Certificate

8f:22:58:08:49:97:76:5f:f7:0c:18:08:b7:b6:92:57:9b:b3:fc:c1
Signer