0435f2661fd2ebdf6202f02e1e7d13f3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0435f2661fd2ebdf6202f02e1e7d13f3_JaffaCakes118
Size

716KB
MD5

0435f2661fd2ebdf6202f02e1e7d13f3
SHA1

c0593312e1081f32315d6d7858d801f329ef7fdd
SHA256

69a0fcdfc8df96eca4227aa7bdb324bcbe61a88e3ce69a1689bdd27ca15ef9af
SHA512

b47b66b22939d33bcbd6770c6384a2659f3df9f7879201d0c570c7a9b6f5574fe9b8bd669308203fd919b61afe3e839bea8b5c48ada4b73afed3ff3bae66762f
SSDEEP

12288:ZCpOB5rbR9VUQoY+C57xZZ3L/QYaH1ruj1Tcx3ciVwx6oHQHEl0GGnwbphAZm5:ZCp2vVUQoYV5NZJL/QYaCp0TVOHQ00JS

Score

1^/10

Malware Config

Signatures

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

0435f2661fd2ebdf6202f02e1e7d13f3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c523d8653da5455667e3f82274f2f88

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2005, 00:00

Not After

23/09/2006, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:df:a5:e3:ea:67:06:95:76:56:17:c9:de:46:c9:cb:96:c4:49:6a
Signer

Actual PE Digest

2e:df:a5:e3:ea:67:06:95:76:56:17:c9:de:46:c9:cb:96:c4:49:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
lstrcmpiA
CopyFileA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCurrentProcess

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAM_FILES_COMMON/Synacast/SynaLive/EE/GAL.dll
.dll windows:4 windows x86 arch:x86

7e31d964c63031941c2e483dd72509b0

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2005, 00:00

Not After

23/09/2006, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:39:dc:8e:73:8d:71:2a:30:73:66:94:a8:41:78:18:b6:b1:73:75
Signer

Actual PE Digest

16:39:dc:8e:73:8d:71:2a:30:73:66:94:a8:41:78:18:b6:b1:73:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidToStringA

ws2_32

gethostbyname
htons
closesocket
socket
bind
ioctlsocket
WSAGetLastError
sendto
recvfrom
connect
send
inet_addr

shlwapi

PathRemoveFileSpecA
PathAppendA

ole32

CoCreateGuid

kernel32

TlsFree
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
SetEndOfFile
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
CloseHandle
DeviceIoControl
CreateFileA
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
VirtualQuery
CreateThread
CreateEventA
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
TerminateThread
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
GetLocalTime
GetVersion
Sleep
WritePrivateProfileStructA
GetPrivateProfileStructA
GetSystemDirectoryA
RtlUnwind
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetCommandLineA
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
RaiseException
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
WriteFile
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
GetCPInfo

Exports

Exports

TS_XXXX

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES_COMMON/Synacast/SynaLive/EE/KOM.dll
.dll windows:4 windows x86 arch:x86

6f28788c82f7564f3e3a292c5f997368

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2005, 00:00

Not After

23/09/2006, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9c:7c:2d:88:b3:08:d0:e9:c0:c5:a1:f1:c7:b1:66:5a:79:9e:29:9b
Signer

Actual PE Digest

9c:7c:2d:88:b3:08:d0:e9:c0:c5:a1:f1:c7:b1:66:5a:79:9e:29:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetLastError
LoadLibraryA
GetModuleFileNameA
VirtualQuery
GetVersion
GetCurrentProcessId
GetCommandLineA
GetTickCount
CreateEventA
CloseHandle
GetLocalTime
OutputDebugStringA
lstrcpyA
SetEvent
CreateThread
ResetEvent
TerminateThread
WaitForSingleObject
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetStringTypeW
GetStringTypeA
LCMapStringW
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
RtlUnwind
HeapFree
RaiseException
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
FlushFileBuffers
WriteFile
FatalAppExitA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
UnhandledExceptionFilter
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetStdHandle
CreateFileA
GetCPInfo
GetACP
GetOEMCP
SetConsoleCtrlHandler
SetEndOfFile
ReadFile
MultiByteToWideChar
LCMapStringA
SetEnvironmentVariableA

ole32

CoCreateGuid

ws2_32

gethostbyname
gethostname

rpcrt4

UuidToStringA

shlwapi

StrStrIA
PathIsRelativeA
PathAppendA
PathRemoveFileSpecA

Exports

Exports

TS_0001
TS_0002
TS_0003
TS_0004
TS_0005
TS_0006
TS_0007
TS_0008
TS_0009

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES_COMMON/Synacast/SynaLive/EE/MUL.DLL
.dll windows:4 windows x86 arch:x86

9aaeceb8f6d61aa7caf74c2a192e81c3

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2005, 00:00

Not After

23/09/2006, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:a3:cd:2b:fc:ac:90:58:bd:b6:6e:4a:a0:6d:bc:ef:37:55:c9:59
Signer

Actual PE Digest

27:a3:cd:2b:fc:ac:90:58:bd:b6:6e:4a:a0:6d:bc:ef:37:55:c9:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleFileNameA
VirtualQuery
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
Sleep
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CloseHandle
HeapSize

ws2_32

htons
inet_addr

rpcrt4

UuidToStringA

Exports

Exports

TS_XXXX

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES_COMMON/Synacast/SynaLive/EE/PPV.PTV
$PROGRAM_FILES_COMMON/Synacast/SynaLive/EE/PPd.dll
.dll windows:4 windows x86 arch:x86

f4ae3ce0a5a12fd68b74d607389a3643

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2005, 00:00

Not After

23/09/2006, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

37:df:e3:30:20:56:ab:86:77:8e:f7:fd:0e:4c:fc:3d:ad:71:29:ca
Signer

Actual PE Digest

37:df:e3:30:20:56:ab:86:77:8e:f7:fd:0e:4c:fc:3d:ad:71:29:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidFromStringA

wininet

HttpOpenRequestA
InternetOpenA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetCloseHandle
InternetConnectA

mfc42

ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3346
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord924
ord800
ord537
ord860
ord540
ord2818
ord535
ord1255
ord6467
ord1253
ord1578
ord600
ord826
ord269
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord3079
ord1570

msvcrt

__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
??2@YAPAXI@Z
_EH_prolog
strerror
fputc
_errno
_fdopen
localtime
atoi
printf
rewind
malloc
free
sprintf
__CxxFrameHandler
fseek
ftell
time
_unlink
fwrite
fread
perror
fclose
fprintf
exit
_iob
fopen

kernel32

OpenFileMappingA
Sleep
OpenEventA
GetLastError
DeleteFileA
LocalFree
LocalAlloc
MapViewOfFile
CloseHandle
UnmapViewOfFile
GlobalMemoryStatus
GetCurrentProcessId
GetTickCount
GetVersion

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

Work

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES_COMMON/Synacast/SynaLive/EE/erco.dll
.dll windows:4 windows x86 arch:x86

e43bbcb8f87ee846306b634ce05db32f

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2005, 00:00

Not After

23/09/2006, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dc:ca:28:a8:d7:3d:cf:d7:63:19:a6:42:d1:ba:45:67:f9:e3:7c:30
Signer

Actual PE Digest

dc:ca:28:a8:d7:3d:cf:d7:63:19:a6:42:d1:ba:45:67:f9:e3:7c:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetUnhandledExceptionFilter
GetCurrentThread
GetCurrentProcess
OutputDebugStringA
GetProcAddress
LoadLibraryA
FreeLibrary
CloseHandle
Module32Next
GetLongPathNameA
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetLocalTime
GetLastError
lstrcatA
lstrcpyA
VirtualQuery
GetModuleFileNameA
FindFirstFileA
AllocConsole
GetConsoleTitleA
lstrcpynA
WaitForMultipleObjects
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
GetTickCount
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventA
SetEvent
ResetEvent
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetStringTypeW
GetStringTypeA
Sleep
InterlockedExchange
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
RaiseException
ExitProcess
TerminateProcess
HeapReAlloc
HeapSize
FlushFileBuffers
WriteFile
FatalAppExitA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
SetFilePointer
InterlockedDecrement
InterlockedIncrement
CreateFileA
IsBadReadPtr
IsBadCodePtr
UnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
ReadFile
SetConsoleCtrlHandler
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetEnvironmentVariableA

user32

MessageBoxA

shlwapi

PathAppendA
PathRemoveFileSpecA
PathFindFileNameA
PathCombineA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

TS_XXXX

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES_COMMON/Synacast/SynaLive/EE/mir.dll
.dll windows:4 windows x86 arch:x86

95b81077cbe618051dfebc21ee1db745

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2005, 00:00

Not After

23/09/2006, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6b:fc:0e:74:75:27:e0:73:66:2c:67:11:39:da:d9:17:8c:80:25:7f
Signer

Actual PE Digest

6b:fc:0e:74:75:27:e0:73:66:2c:67:11:39:da:d9:17:8c:80:25:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostbyname
inet_ntoa
gethostname
ntohs
WSAGetLastError
htons
inet_addr

msvcp60

?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIID@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

rpcrt4

UuidCreate
UuidFromStringA

msvcrt

_fsopen
fgets
vfprintf
fflush
fwrite
free
__dllonexit
_onexit
_initterm
malloc
_adjust_fdiv
fclose
_ftol
memmove
sprintf
_snprintf
__CxxFrameHandler
??2@YAPAXI@Z
_purecall
_errno

shlwapi

PathFindFileNameA
PathRenameExtensionA
PathAppendA
PathRemoveFileSpecA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetTickCount
OutputDebugStringA
UnmapViewOfFile
MapViewOfFile
CloseHandle
OpenFileMappingA
CreateFileMappingA
GetPrivateProfileIntA
GetPrivateProfileStructA
WritePrivateProfileStructA
WritePrivateProfileStringA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
FreeLibrary
GetLastError
VirtualQuery

user32

wsprintfA
PostMessageA

Exports

Exports

TS_XXXX

Sections

.text
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES_COMMON/Synacast/SynaLive/EE/tne.dll
.dll windows:4 windows x86 arch:x86

69630f4e49cba917c47d520250bf1ff5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2005, 00:00

Not After

23/09/2006, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4b:e7:16:9d:5e:18:47:9a:e5:7b:97:f7:fd:e1:55:8c:da:65:16:a9
Signer

Actual PE Digest

4b:e7:16:9d:5e:18:47:9a:e5:7b:97:f7:fd:e1:55:8c:da:65:16:a9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
CloseHandle
EnterCriticalSection
GetTickCount
GetModuleFileNameA
GetLocalTime
GetLastError
CreateThread
CancelIo
TerminateThread
GetVersionExA
GetModuleHandleA
CreateEventA
WaitForSingleObject
SetEvent
WaitForMultipleObjects
CreateIoCompletionPort
GetSystemInfo
PostQueuedCompletionStatus
SetConsoleTitleA
GetQueuedCompletionStatus
GetProcAddress
LoadLibraryA
VirtualQuery
InterlockedIncrement
InterlockedDecrement
HeapFree
HeapAlloc
HeapCreate
GetCurrentProcessId
SetEndOfFile
CreateFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetFilePointer
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
ReadFile
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapDestroy
HeapSize
Sleep
InterlockedExchange
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetCommandLineA
GetVersion
RaiseException
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc

user32

PeekMessageA
PostThreadMessageA
DestroyWindow
RegisterClassExA
CreateWindowExA
GetMessageA

iphlpapi

GetIfTable
GetIpAddrTable
SetTcpEntry

ws2_32

WSAEnumNetworkEvents
WSACancelAsyncRequest
WSACleanup
WSAStartup
WSACloseEvent
getsockname
shutdown
closesocket
getpeername
listen
WSAWaitForMultipleEvents
gethostbyname
WSAEventSelect
connect
WSAGetLastError
WSASocketA
setsockopt
htons
htonl
bind
inet_addr
WSASetLastError
WSACreateEvent
WSAAsyncGetHostByName
WSARecv
WSASendTo
WSARecvFrom
WSAGetOverlappedResult
WSAAccept
WSASend

shlwapi

PathRemoveFileSpecA

Exports

Exports

TS_XXXX

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES_COMMON/Synacast/SynaLive/PP/GAL.dll
.dll windows:4 windows x86 arch:x86

7e31d964c63031941c2e483dd72509b0

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2005, 00:00

Not After

23/09/2006, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

43:89:dd:c1:28:e5:ee:e7:b7:58:30:40:44:23:9d:9a:53:cb:90:d0
Signer

Actual PE Digest

43:89:dd:c1:28:e5:ee:e7:b7:58:30:40:44:23:9d:9a:53:cb:90:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidToStringA

ws2_32

gethostbyname
htons
closesocket
socket
bind
ioctlsocket
WSAGetLastError
sendto
recvfrom
connect
send
inet_addr

shlwapi

PathRemoveFileSpecA
PathAppendA

ole32

CoCreateGuid

kernel32

TlsFree
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
SetEndOfFile
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
CloseHandle
DeviceIoControl
CreateFileA
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
VirtualQuery
CreateThread
CreateEventA
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
TerminateThread
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
GetLocalTime
GetVersion
Sleep
WritePrivateProfileStructA
GetPrivateProfileStructA
GetSystemDirectoryA
RtlUnwind
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetCommandLineA
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
RaiseException
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
WriteFile
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
GetCPInfo

Exports

Exports

TS_XXXX

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES_COMMON/Synacast/SynaLive/PP/KOM.dll
.dll windows:4 windows x86 arch:x86

6f28788c82f7564f3e3a292c5f997368

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2005, 00:00

Not After

23/09/2006, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b6:ff:49:97:44:77:10:a5:92:d0:b6:15:78:1f:ca:1c:1e:39:e8:66
Signer

Actual PE Digest

b6:ff:49:97:44:77:10:a5:92:d0:b6:15:78:1f:ca:1c:1e:39:e8:66

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetLastError
LoadLibraryA
GetModuleFileNameA
VirtualQuery
GetVersion
GetCurrentProcessId
GetCommandLineA
GetTickCount
CreateEventA
CloseHandle
GetLocalTime
OutputDebugStringA
lstrcpyA
SetEvent
CreateThread
ResetEvent
TerminateThread
WaitForSingleObject
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetStringTypeW
GetStringTypeA
LCMapStringW
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
RtlUnwind
HeapFree
RaiseException
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
FlushFileBuffers
WriteFile
FatalAppExitA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
UnhandledExceptionFilter
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetStdHandle
CreateFileA
GetCPInfo
GetACP
GetOEMCP
SetConsoleCtrlHandler
SetEndOfFile
ReadFile
MultiByteToWideChar
LCMapStringA
SetEnvironmentVariableA

ole32

CoCreateGuid

ws2_32

gethostbyname
gethostname

rpcrt4

UuidToStringA

shlwapi

StrStrIA
PathIsRelativeA
PathAppendA
PathRemoveFileSpecA

Exports

Exports

TS_0001
TS_0002
TS_0003
TS_0004
TS_0005
TS_0006
TS_0007
TS_0008
TS_0009

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES_COMMON/Synacast/SynaLive/PP/MUL.DLL
.dll windows:4 windows x86 arch:x86

9aaeceb8f6d61aa7caf74c2a192e81c3

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2005, 00:00

Not After

23/09/2006, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

36:45:c6:83:f2:29:83:54:f1:d4:e1:44:fc:97:47:37:78:d7:6b:3c
Signer

Actual PE Digest

36:45:c6:83:f2:29:83:54:f1:d4:e1:44:fc:97:47:37:78:d7:6b:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleFileNameA
VirtualQuery
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
Sleep
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CloseHandle
HeapSize

ws2_32

htons
inet_addr

rpcrt4

UuidToStringA

Exports

Exports

TS_XXXX

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES_COMMON/Synacast/SynaLive/PP/eroc.dll
.dll windows:4 windows x86 arch:x86

e43bbcb8f87ee846306b634ce05db32f

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2005, 00:00

Not After

23/09/2006, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dc:ca:28:a8:d7:3d:cf:d7:63:19:a6:42:d1:ba:45:67:f9:e3:7c:30
Signer

Actual PE Digest

dc:ca:28:a8:d7:3d:cf:d7:63:19:a6:42:d1:ba:45:67:f9:e3:7c:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetUnhandledExceptionFilter
GetCurrentThread
GetCurrentProcess
OutputDebugStringA
GetProcAddress
LoadLibraryA
FreeLibrary
CloseHandle
Module32Next
GetLongPathNameA
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetLocalTime
GetLastError
lstrcatA
lstrcpyA
VirtualQuery
GetModuleFileNameA
FindFirstFileA
AllocConsole
GetConsoleTitleA
lstrcpynA
WaitForMultipleObjects
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
GetTickCount
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventA
SetEvent
ResetEvent
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetStringTypeW
GetStringTypeA
Sleep
InterlockedExchange
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
RaiseException
ExitProcess
TerminateProcess
HeapReAlloc
HeapSize
FlushFileBuffers
WriteFile
FatalAppExitA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
SetFilePointer
InterlockedDecrement
InterlockedIncrement
CreateFileA
IsBadReadPtr
IsBadCodePtr
UnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
ReadFile
SetConsoleCtrlHandler
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetEnvironmentVariableA

user32

MessageBoxA

shlwapi

PathAppendA
PathRemoveFileSpecA
PathFindFileNameA
PathCombineA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

TS_XXXX

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES_COMMON/Synacast/SynaLive/PP/mir.dll
.dll windows:4 windows x86 arch:x86

95b81077cbe618051dfebc21ee1db745

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2005, 00:00

Not After

23/09/2006, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b2:20:29:e1:61:2c:2f:6a:2e:9c:46:72:19:2d:c7:ce:0a:c3:8f:a6
Signer

Actual PE Digest

b2:20:29:e1:61:2c:2f:6a:2e:9c:46:72:19:2d:c7:ce:0a:c3:8f:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostbyname
inet_ntoa
gethostname
ntohs
WSAGetLastError
htons
inet_addr

msvcp60

?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIID@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

rpcrt4

UuidCreate
UuidFromStringA

msvcrt

_fsopen
fgets
vfprintf
fflush
fwrite
free
__dllonexit
_onexit
_initterm
malloc
_adjust_fdiv
fclose
_ftol
memmove
sprintf
_snprintf
__CxxFrameHandler
??2@YAPAXI@Z
_purecall
_errno

shlwapi

PathFindFileNameA
PathRenameExtensionA
PathAppendA
PathRemoveFileSpecA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetTickCount
OutputDebugStringA
UnmapViewOfFile
MapViewOfFile
CloseHandle
OpenFileMappingA
CreateFileMappingA
GetPrivateProfileIntA
GetPrivateProfileStructA
WritePrivateProfileStructA
WritePrivateProfileStringA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
FreeLibrary
GetLastError
VirtualQuery

user32

wsprintfA
PostMessageA

Exports

Exports

TS_XXXX

Sections

.text
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES_COMMON/Synacast/SynaLive/PP/ten.dll
.dll windows:4 windows x86 arch:x86

69630f4e49cba917c47d520250bf1ff5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2005, 00:00

Not After

23/09/2006, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

24:fc:a6:e4:3b:13:a0:ea:9d:30:3a:37:92:16:64:43:ee:ac:b6:f5
Signer

Actual PE Digest

24:fc:a6:e4:3b:13:a0:ea:9d:30:3a:37:92:16:64:43:ee:ac:b6:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
CloseHandle
EnterCriticalSection
GetTickCount
GetModuleFileNameA
GetLocalTime
GetLastError
CreateThread
CancelIo
TerminateThread
GetVersionExA
GetModuleHandleA
CreateEventA
WaitForSingleObject
SetEvent
WaitForMultipleObjects
CreateIoCompletionPort
GetSystemInfo
PostQueuedCompletionStatus
SetConsoleTitleA
GetQueuedCompletionStatus
GetProcAddress
LoadLibraryA
VirtualQuery
InterlockedIncrement
InterlockedDecrement
HeapFree
HeapAlloc
HeapCreate
GetCurrentProcessId
SetEndOfFile
CreateFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetFilePointer
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
ReadFile
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapDestroy
HeapSize
Sleep
InterlockedExchange
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetCommandLineA
GetVersion
RaiseException
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc

user32

PeekMessageA
PostThreadMessageA
DestroyWindow
RegisterClassExA
CreateWindowExA
GetMessageA

iphlpapi

GetIfTable
GetIpAddrTable
SetTcpEntry

ws2_32

WSAEnumNetworkEvents
WSACancelAsyncRequest
WSACleanup
WSAStartup
WSACloseEvent
getsockname
shutdown
closesocket
getpeername
listen
WSAWaitForMultipleEvents
gethostbyname
WSAEventSelect
connect
WSAGetLastError
WSASocketA
setsockopt
htons
htonl
bind
inet_addr
WSASetLastError
WSACreateEvent
WSAAsyncGetHostByName
WSARecv
WSASendTo
WSARecvFrom
WSAGetOverlappedResult
WSAAccept
WSASend

shlwapi

PathRemoveFileSpecA

Exports

Exports

TS_XXXX

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES_COMMON/Synacast/SynaLive/SynacastEWA.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

c1fa00bd38d2b8ec6e3f6e618c7fcc69

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2005, 00:00

Not After

23/09/2006, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c0:2a:a2:b5:d0:28:63:49:a6:73:a1:0b:51:96:32:29:19:c0:cf:a9
Signer

Actual PE Digest

c0:2a:a2:b5:d0:28:63:49:a6:73:a1:0b:51:96:32:29:19:c0:cf:a9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord6778
ord6874
ord858
ord5710
ord5683
ord860
ord926
ord922
ord6877
ord939
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord641
ord324
ord4234
ord5495
ord4710
ord4042
ord3216
ord4278
ord6662
ord2135
ord2302
ord2764
ord5575
ord433
ord2688
ord465
ord4129
ord6241
ord6199
ord3092
ord541
ord801
ord2567
ord6379
ord924
ord2860
ord2086
ord4224
ord2065
ord6143
ord6883
ord802
ord542
ord1134
ord6569
ord6663
ord3496
ord5622
ord4204
ord6646
ord6111
ord6334
ord690
ord1988
ord5355
ord5808
ord1075
ord5204
ord3229
ord1228
ord389
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord4622
ord3670
ord561
ord3952
ord2724
ord6354
ord1216
ord6467
ord1227
ord3457
ord6042
ord1877
ord4249
ord2486
ord2687
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3353
ord3681
ord446
ord743
ord1177
ord4006
ord3258
ord2727
ord2730
ord2729
ord1226
ord1210
ord2439
ord1693
ord5618
ord994
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord2859
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord5008
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord4534
ord2954
ord2384
ord6370
ord2983
ord3148
ord535
ord4466
ord2986
ord3080
ord4081
ord4624
ord5825
ord723
ord3946
ord423
ord5314
ord5334
ord2541
ord4949
ord1601
ord6030
ord4459
ord5033
ord4502
ord2795
ord6378
ord6380
ord6270
ord4202
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord4713
ord6371
ord5286
ord4438
ord3279
ord4625
ord449
ord746
ord2278
ord1871
ord4530
ord5685
ord3274
ord3579
ord439
ord736
ord3236
ord4523
ord4083
ord1945
ord4528
ord4542
ord4544
ord4525
ord2753
ord4148
ord5148
ord816
ord6217
ord562
ord2714
ord1949
ord4034
ord3619
ord713
ord6141
ord414
ord3706
ord5781
ord5859
ord5450
ord6394
ord5440
ord6383
ord1929
ord941
ord5572
ord2915
ord665
ord1979
ord3318
ord833
ord5186
ord354
ord834
ord668
ord1980
ord936
ord3311
ord3181
ord4058
ord2781
ord2770
ord356
ord4033
ord384
ord686
ord772
ord3701
ord500
ord1862
ord4220
ord2584
ord3654
ord2438
ord6142
ord2863
ord5606
ord3573
ord3693
ord2763
ord4277
ord5788
ord2614
ord2096
ord2408
ord5860
ord1175
ord807
ord2920
ord2012
ord4163
ord2120
ord554
ord1644
ord940
ord5787
ord4133
ord4297
ord2452
ord1195
ord1132
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord2379
ord4275
ord809
ord609
ord567
ord3402
ord2574
ord556
ord3572
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord537
ord4160
ord289
ord613
ord5875
ord3874
ord5053
ord4284
ord3574
ord2575
ord6605
ord1168
ord1233
ord818
ord3742
ord540
ord2818
ord800
ord823
ord4299
ord6215
ord3797
ord6880
ord790
ord3716
ord6453
ord3089
ord2864
ord5981
ord6197
ord6021
ord6194
ord2754
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord470
ord755
ord795
ord3721
ord4407
ord2122
ord1088
ord3260
ord6358
ord5241
ord4396
ord1776
ord4078
ord6055
ord2405
ord1146
ord1641
ord2414
ord3663
ord3626
ord825
ord323
ord1640
ord5785
ord640
ord4584
ord3571
ord1131

msvcrt

memcmp
strtoul
strcmp
islower
toupper
atoi
time
strcpy
_mbsnbcpy
strlen
_ftol
abs
_EH_prolog
__CxxFrameHandler
memset
_snprintf
_mbscmp
fclose
fputs
sprintf
fopen
atol
strcat
_mbsicmp
fgets
memcpy
_mbsnbicmp
rand
srand
memmove
free
_mbstok
_splitpath
_mbsnbcmp
malloc
_purecall
fprintf
fread
ftell
fseek
fputc
isalpha
isalnum
isspace
strncmp
strchr
tolower
wcscpy
wcslen
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ

kernel32

LocalFree
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetCPInfo
lstrlenW
GetVersion
GetVersionExA
lstrcpyA
lstrcatA
GetLocalTime
CopyFileA
SystemTimeToFileTime
GetFileTime
SetFileTime
MultiByteToWideChar
WideCharToMultiByte
WritePrivateProfileStringA
GetTickCount
VirtualQuery
GetCurrentThreadId
SetEvent
lstrlenA
GetPrivateProfileIntA
OutputDebugStringA
GetWindowsDirectoryA
GetLastError
FreeLibrary
GlobalLock
GlobalUnlock
GetPrivateProfileStringA
CreateDirectoryA
GetTempPathA
GetCurrentDirectoryA
GetModuleFileNameA
SetCurrentDirectoryA
LoadLibraryA
GetProcAddress
GetCurrentProcessId
DeleteFileA
CreateEventA
Sleep
GetACP
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc

user32

GetWindowRect
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
ModifyMenuA
AppendMenuA
GetSystemMetrics
GetDesktopWindow
DrawIconEx
SubtractRect
GetKeyState
GetParent
DrawEdge
GetMenuItemInfoA
PeekMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
GetMessagePos
MessageBeep
GetDC
SetCursor
OffsetRect
GetCursorPos
LoadCursorA
InvalidateRect
SendMessageA
EnableWindow
PtInRect
ClientToScreen
DestroyMenu
DestroyCursor
PostMessageA
SetCapture
GetClientRect
ReleaseCapture
GrayStringA
DrawTextA
TabbedTextOutA
DrawFocusRect
ReleaseDC
DestroyIcon
GetWindow
RedrawWindow
GetMenuItemCount
EnableMenuItem
CheckMenuItem
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
RegisterClipboardFormatA
IsWindowVisible
SystemParametersInfoA
SetForegroundWindow
mouse_event
UpdateWindow
SetRect
SetRectEmpty
KillTimer
SetTimer
CopyIcon
IsWindow
IsChild
LoadImageA
GetSysColor
FillRect
DrawStateA
InflateRect
CopyRect
ScreenToClient
LoadBitmapA
GetWindowLongA
GetNextDlgTabItem
GetActiveWindow
WindowFromPoint
TrackPopupMenuEx
GetSubMenu

gdi32

Escape
GetPixel
CreateBitmap
GetStockObject
DeleteObject
DeleteDC
SetTextColor
SetBkColor
SelectObject
SetPixel
GetTextExtentPoint32A
CreateDIBSection
MaskBlt
ExtTextOutA
CreateRectRgnIndirect
RealizePalette
SelectPalette
SetMapMode
SetBitmapDimensionEx
CreateDCA
GetDeviceCaps
GetBkMode
CreatePen
CreateSolidBrush
GetTextExtentPoint32W
Ellipse
PatBlt
TextOutA
RectVisible
PtVisible
LPtoDP
GetMapMode
GetWindowExtEx
GetViewportExtEx
DPtoLP
GetBkColor
CreateCompatibleBitmap
BitBlt
StretchBlt
CreateFontIndirectA
CreateCompatibleDC
GetObjectA

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA

shell32

ShellExecuteA
ShellExecuteExA

comctl32

ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_Draw

ole32

CoUninitialize
CoCreateGuid
StringFromGUID2
CoInitialize
CoCreateInstance

oleaut32

LoadRegTypeLi
VariantClear

urlmon

URLDownloadToCacheFileA
URLDownloadToFileA

shlwapi

PathFileExistsA
PathRemoveExtensionA
PathAppendA
StrStrIA
PathFindExtensionA
PathRemoveFileSpecA
PathStripPathA

winmm

PlaySoundA

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPADD@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??1_Lockit@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

rpcrt4

UuidFromStringA
UuidToStringA

ws2_32

inet_ntoa
gethostbyname
gethostname
inet_addr

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

wininet

DeleteUrlCacheEntry
CommitUrlCacheEntryA
InternetTimeToSystemTimeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES_COMMON/Synacast/SynaLive/SynacastList.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

482e09f3b03974fb870529abae4f3c53

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2005, 00:00

Not After

23/09/2006, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cc:12:2c:8c:d5:18:1f:90:0c:05:ce:da:24:6e:95:f1:1a:ae:8f:4b
Signer

Actual PE Digest

cc:12:2c:8c:d5:18:1f:90:0c:05:ce:da:24:6e:95:f1:1a:ae:8f:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2452
ord5785
ord1640
ord323
ord289
ord1706
ord430
ord940
ord2575
ord4396
ord3574
ord6055
ord1776
ord3402
ord3721
ord4376
ord5280
ord567
ord2301
ord2370
ord5953
ord6199
ord6197
ord6379
ord2860
ord6042
ord3457
ord1877
ord2486
ord2687
ord4249
ord2086
ord5495
ord1088
ord2122
ord4459
ord5033
ord4502
ord4760
ord3021
ord4083
ord5888
ord4765
ord283
ord2754
ord4042
ord3216
ord2795
ord6358
ord941
ord4735
ord4743
ord4996
ord4788
ord5981
ord3199
ord4007
ord1705
ord4530
ord5685
ord3274
ord439
ord736
ord3236
ord4523
ord1945
ord4528
ord4542
ord4544
ord4525
ord3742
ord3797
ord3815
ord3920
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord3670
ord561
ord3952
ord2724
ord6354
ord1216
ord1227
ord1131
ord1132
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3681
ord446
ord743
ord1177
ord4006
ord1226
ord1210
ord2439
ord1693
ord5618
ord994
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord5008
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord2954
ord2384
ord6370
ord2983
ord3148
ord3260
ord4466
ord2986
ord3080
ord4081
ord4624
ord5825
ord809
ord723
ord3946
ord556
ord423
ord5333
ord2541
ord4949
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord4713
ord6371
ord5286
ord2124
ord3279
ord4625
ord449
ord746
ord2278
ord2393
ord4129
ord2763
ord640
ord3698
ord765
ord4275
ord3706
ord755
ord6172
ord5781
ord470
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord6194
ord818
ord1270
ord1232
ord2152
ord5788
ord2567
ord3573
ord1844
ord3619
ord2580
ord4400
ord3630
ord682
ord2639
ord4133
ord4297
ord3089
ord472
ord1899
ord2862
ord5053
ord1265
ord6909
ord6720
ord5440
ord6383
ord5572
ord2915
ord6779
ord6648
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord3748
ord1726
ord4432
ord813
ord560
ord5260
ord4723
ord4273
ord1949
ord3692
ord2093
ord2859
ord3754
ord2089
ord6458
ord816
ord6880
ord562
ord2714
ord5791
ord4123
ord3610
ord656
ord2078
ord3874
ord2411
ord2023
ord4218
ord2578
ord4398
ord616
ord6442
ord5710
ord4202
ord2841
ord2107
ord1829
ord4160
ord2080
ord2233
ord4045
ord1802
ord772
ord3701
ord500
ord1862
ord4220
ord2584
ord3654
ord2438
ord6142
ord5606
ord3693
ord5683
ord2405
ord2408
ord5860
ord3986
ord1175
ord807
ord2920
ord2012
ord3289
ord4163
ord2120
ord554
ord1644
ord5787
ord1621
ord5856
ord536
ord2753
ord1195
ord2919
ord6874
ord6877
ord6283
ord4204
ord6927
ord6282
ord3755
ord1920
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord613
ord2504
ord729
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord5265
ord1246
ord291
ord2616
ord5891
ord6109
ord537
ord3258
ord1105
ord354
ord5186
ord665
ord858
ord939
ord548
ord6673
ord2729
ord2730
ord6467
ord2727
ord3579
ord3353
ord4936
ord4931
ord4926
ord4989
ord795
ord609
ord4224
ord2044
ord6394
ord5450
ord5834
ord2448
ord3496
ord2764
ord6663
ord4277
ord3522
ord4774
ord2863
ord2546
ord6605
ord924
ord5290
ord6453
ord6402
ord6662
ord4278
ord6270
ord6374
ord2818
ord2614
ord4710
ord4287
ord3521
ord4284
ord2379
ord4299
ord6215
ord4234
ord2302
ord324
ord1168
ord926
ord922
ord860
ord641
ord686
ord3597
ord4425
ord4627
ord3262
ord5277
ord4003
ord4226
ord290
ord540

msvcrt

_mbsnbcpy
strcmp
_ftol
memmove
islower
toupper
_access
atol
strcat
strcpy
_mbscmp
_mbsstr
_ultoa
wcslen
strlen
atoi
memcmp
_strdup
wcsstr
memcpy
free
memset
__CxxFrameHandler
sscanf
_snprintf
_purecall
fprintf
fread
fclose
ftell
fseek
fopen
fputc
fputs
isalpha
isalnum
isspace
strncmp
strchr
tolower
_mbccpy
_mbspbrk
sprintf
_mbschr
_ismbcdigit
_mbsnbcmp
strtoul
malloc
wcscpy
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv

kernel32

LocalFree
GetWindowsDirectoryA
MulDiv
WinExec
LoadLibraryExA
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetCPInfo
GetVersion
GetVersionExA
GetLastError
GetModuleHandleA
lstrcatA
lstrcpyA
DeleteCriticalSection
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrlenW
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetLocalTime
LoadLibraryA
GetProcAddress
FreeLibrary
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
IsBadReadPtr
WideCharToMultiByte
GetProfileIntA
WaitForSingleObject
TerminateThread
CloseHandle
GetModuleFileNameA
CreateDirectoryA
SystemTimeToFileTime
SetFileTime
GetFileAttributesExA
FileTimeToSystemTime
GetSystemTime
GetACP
lstrlenA
MultiByteToWideChar
HeapAlloc
GetProcessHeap
HeapFree
LocalAlloc

user32

CopyRect
LoadBitmapA
InvalidateRect
PtInRect
IsRectEmpty
OffsetRect
GetFocus
EnumWindows
GetWindow
GetWindowTextA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
RedrawWindow
LoadIconA
GetTopWindow
ReleaseCapture
ScreenToClient
GetCursorPos
PostMessageA
UpdateWindow
GetKeyState
SetRect
GetClassNameA
ChildWindowFromPoint
IsWindowEnabled
DestroyCursor
CopyIcon
CreateIconIndirect
GetIconInfo
GetMenuStringA
GetSysColor
GetSysColorBrush
CreateMenu
CreatePopupMenu
InsertMenuA
AppendMenuA
RegisterClipboardFormatA
CharNextA
SetRectEmpty
GetClientRect
TabbedTextOutA
SendMessageA
SetTimer
IsWindow
KillTimer
ModifyMenuA
GetMenuState
GetParent
GetMessagePos
WindowFromDC
GetDesktopWindow
DrawIconEx
DestroyIcon
SystemParametersInfoA
GetMenuItemInfoA
WindowFromPoint
EqualRect
DragDetect
DrawEdge
ShowScrollBar
IsChild
SetFocus
IntersectRect
DrawFrameControl
DrawFocusRect
IsWindowVisible
GetDC
BringWindowToTop
SetMenuDefaultItem
GetMenuItemID
GetMenuItemCount
ReleaseDC
LoadImageA
FrameRect
MapWindowPoints
CallWindowProcA
GetWindowDC
EnableWindow
GetSubMenu
RemoveMenu
IsMenu
GetWindowLongA
SetCapture
GetCapture
GetClipCursor
ClipCursor
SetCursor
GetSystemMetrics
ClientToScreen
InvertRect
GetWindowRect
FillRect
SetWindowRgn
InflateRect
GetClassInfoA
DefWindowProcA
LoadCursorA
GrayStringA
DrawTextA
GetPropA
CreateWindowExA
SetWindowLongA
SetPropA
GetScrollInfo
EnableScrollBar
SetWindowPos
SetScrollInfo
RemovePropA
GetForegroundWindow

gdi32

CreatePalette
GetDIBColorTable
GetBkColor
RealizePalette
GetDeviceCaps
GetBkMode
CreatePen
GetTextExtentPoint32W
Ellipse
DeleteDC
CreateDIBSection
SetPixel
GetPixel
PatBlt
CreateHalftonePalette
CreateBitmap
SetTextColor
LineTo
MoveToEx
CreateDCA
SetBkColor
SetBkMode
SetTextJustification
FrameRgn
SelectClipRgn
FillRgn
OffsetRgn
CreateRoundRectRgn
GetTextMetricsA
CreateFontIndirectA
GetObjectA
GetTextExtentPoint32A
CreatePolygonRgn
CombineRgn
CreateSolidBrush
GetCurrentObject
StretchBlt
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
BitBlt
CreateRectRgn
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetStockObject
UnrealizeObject
SetBrushOrgEx
CreatePatternBrush
IntersectClipRect
PlayEnhMetaFile
SetWindowOrgEx
SelectObject

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegQueryValueA
RegCreateKeyExA

comctl32

ImageList_AddMasked
_TrackMouseEvent
ImageList_GetImageCount
ImageList_Draw
ImageList_GetIcon
ImageList_ReplaceIcon
ord17
ImageList_GetImageInfo
InitCommonControlsEx

ole32

CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
OleLoadPicturePath
SysFreeString

urlmon

URLDownloadToFileA

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPADD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

rpcrt4

RpcStringFreeA
UuidToStringA
UuidFromStringA

msimg32

GradientFill

wininet

InternetTimeToSystemTime
DeleteUrlCacheEntry
InternetTimeToSystemTimeW

shlwapi

PathAppendA
PathRemoveFileSpecA
StrStrIA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES_COMMON/Synacast/SynaLive/common.dll
.dll windows:4 windows x86 arch:x86

ecacd02b721ee20ad3b8457d351b9448

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2005, 00:00

Not After

23/09/2006, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Synacast Corp.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

40:49:8c:08:cc:24:4e:62:88:ec:a0:b5:6a:de:cc:3e:29:44:2d:86
Signer

Actual PE Digest

40:49:8c:08:cc:24:4e:62:88:ec:a0:b5:6a:de:cc:3e:29:44:2d:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord823
ord3584
ord543
ord803
ord698
ord800
ord860
ord2396
ord540
ord668
ord3181
ord2781
ord2770
ord356
ord858
ord924
ord1168
ord6467
ord798
ord911
ord398
ord913
ord4187
ord6283
ord6282
ord4278
ord2763
ord5465
ord5448
ord532
ord3437
ord4189
ord5592
ord6877
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord396
ord4274
ord600
ord826
ord269
ord1116

msvcrt

__CxxFrameHandler
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
atol
_mbscmp

kernel32

LocalFree
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalAlloc

shlwapi

PathRemoveFileSpecA

Exports

Exports

GetLanguageResA

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 786B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c523d8653da5455667e3f82274f2f88

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1Certificate

Extended Key Usages

Key Usages

2e:df:a5:e3:ea:67:06:95:76:56:17:c9:de:46:c9:cb:96:c4:49:6aSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 256KB

.ndata Size: - Virtual size: 280KB

.rsrc Size: 15KB - Virtual size: 15KB

7e31d964c63031941c2e483dd72509b0

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1Certificate

Extended Key Usages

Key Usages

16:39:dc:8e:73:8d:71:2a:30:73:66:94:a8:41:78:18:b6:b1:73:75Signer

Headers

File Characteristics

Imports

rpcrt4

ws2_32

shlwapi

ole32

kernel32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 888B

.reloc Size: 8KB - Virtual size: 4KB

6f28788c82f7564f3e3a292c5f997368

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

2e:df:a5:e3:ea:67:06:95:76:56:17:c9:de:46:c9:cb:96:c4:49:6a
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 256KB

.ndata
Size: - Virtual size: 280KB

.rsrc
Size: 15KB - Virtual size: 15KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

16:39:dc:8e:73:8d:71:2a:30:73:66:94:a8:41:78:18:b6:b1:73:75
Signer

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 8KB - Virtual size: 4KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

9c:7c:2d:88:b3:08:d0:e9:c0:c5:a1:f1:c7:b1:66:5a:79:9e:29:9b
Signer

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 16KB - Virtual size: 47KB

.rsrc
Size: 4KB - Virtual size: 864B

.reloc
Size: 8KB - Virtual size: 5KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

27:a3:cd:2b:fc:ac:90:58:bd:b6:6e:4a:a0:6d:bc:ef:37:55:c9:59
Signer

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 4KB - Virtual size: 3KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

6d:c9:83:68:62:49:9c:49:6b:a8:b5:36:8c:4f:21:d1
Certificate

37:df:e3:30:20:56:ab:86:77:8e:f7:fd:0e:4c:fc:3d:ad:71:29:ca
Signer