066b520df2105e49fcc43c30626dabba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

066b520df2105e49fcc43c30626dabba_JaffaCakes118
Size

20.0MB
MD5

066b520df2105e49fcc43c30626dabba
SHA1

e359f0fe17c2e192ca91fda13e18802ee7b51483
SHA256

0cccb227aecb4ddf48eeafa83b47cc15b749a646b5a162864c451f1d0d786873
SHA512

b854b34fe96278630532fbbd26c0fc4a42ca16ba86811f200c93c2107fbadc948e8db2b46bb08707303ae6d9d3d3f6e4150d8b0afe5de82b15f693514748cb7d
SSDEEP

393216:i2DCqSfCAqM4ec6CIyCdGEGxW99ke4TyXZvD2w3sFqfzdGscSorb3:icgCAqMnakGfw9gTyX1Dtssporj

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack008/$PLUGINSDIR/md5dll.dll	acprotect
static1/unpack002/$PLUGINSDIR/md5dll.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack008/$PLUGINSDIR/md5dll.dll	upx
static1/unpack002/$PLUGINSDIR/md5dll.dll	upx

Unsigned PE 28 IoCs

Checks for missing Authenticode signature.

resource
066b520df2105e49fcc43c30626dabba_JaffaCakes118
unpack001/$PLUGINSDIR/Dialer.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/NSISpcre.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsUnzip.dll
unpack004/$PLUGINSDIR/Amazon.3.0.NSISPlugin.dll
unpack004/$PLUGINSDIR/InstallOptions.dll
unpack004/$PLUGINSDIR/System.dll
unpack004/$PLUGINSDIR/nsExec.dll
unpack005/$PLUGINSDIR/nsExec.dll
unpack008/$PLUGINSDIR/System.dll
unpack008/$PLUGINSDIR/inetc.dll
unpack008/$PLUGINSDIR/md5dll.dll
unpack009/out.upx
unpack008/$PLUGINSDIR/nsDialogs.dll
unpack008/$PLUGINSDIR/stack.dll
unpack008/$R0/sqlite3.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/inetc.dll
unpack002/$PLUGINSDIR/md5dll.dll
unpack002/$PLUGINSDIR/nsisunz.dll
unpack002/$PLUGINSDIR/stack.dll
unpack002/$R0/sqlite3.dll
unpack001/TheTreasuresofMontezuma.exe
unpack001/bass.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/$TEMP/distro-amzn-alawar-rs.exe	nsis_installer_2
static1/unpack002/$EXEDIR/search_protect.exe	nsis_installer_2

Files

066b520df2105e49fcc43c30626dabba_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Dialer.dll
.dll windows:5 windows x86 arch:x86

08b0635362e7aeb50569ca1a61d5a13f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryW
FreeLibrary
lstrcpynW
GlobalAlloc

Exports

Exports

AttemptConnect
AutodialHangup
AutodialOnline
AutodialUnattended
GetConnectedState

Sections

.text
Size: 1024B - Virtual size: 571B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 551B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 210B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:5 windows x86 arch:x86

cbc66eb3222e3fcdbee2e18ba7195f5e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrlenA
lstrcpynA
lstrcatA
GlobalAlloc
GlobalFree
MulDiv
GetTickCount
DeleteFileA
Sleep
lstrcpyA
CreateFileA
lstrcpyW
lstrcpynW
WideCharToMultiByte
MultiByteToWideChar
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
CreateThread
WaitForSingleObject
WriteFile
CloseHandle
IsDebuggerPresent

user32

IsWindowVisible
GetFocus
GetDlgItem
ShowWindow
SetWindowTextA
SetDlgItemTextA
CharPrevA
SetWindowLongW
RegisterWindowMessageW
GetClientRect
GetWindowRect
CreateWindowExW
GetWindowLongW
wsprintfA
CallWindowProcW
DestroyWindow
EnableWindow
FindWindowExW
SendMessageW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

ws2_32

WSAGetLastError
send
closesocket
shutdown
ioctlsocket
htons
socket
WSACleanup
WSAStartup
recv
__WSAFDIsSet
connect
inet_addr
gethostbyname
select

Exports

Exports

download
download_quiet

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISpcre.dll
.dll windows:5 windows x86 arch:x86

836f4951fb4175e54bfc7d7dac9c4c85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\projects\NSISpcre\Release\NSISpcre.pdb

Imports

kernel32

GlobalAlloc
WideCharToMultiByte
lstrcpynW
MultiByteToWideChar
GlobalFree
lstrcpyW
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
GetLastError
HeapFree
HeapAlloc
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
Sleep
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetModuleFileNameW
RtlUnwind
HeapReAlloc
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
LCMapStringW
GetStringTypeW

user32

wsprintfW

Exports

Exports

RECheckPattern
REClearAllOptions
REClearOption
REFind
REFindClose
REFindNext
REGetOption
REMatches
REQuoteMeta
REReplace
RESetOption

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/amazon_toolbar_60percent.bmp
$PLUGINSDIR/inetc.dll
.dll windows:5 windows x86 arch:x86

0ca59bdeada30c9db45574a2801b70d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetOpenW
InternetCrackUrlW
InternetConnectW
HttpEndRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetErrorDlg
InternetCloseHandle
HttpAddRequestHeadersA
InternetQueryOptionW
InternetSetOptionW
InternetSetFilePointer
InternetGetLastResponseInfoW
FtpOpenFileW
FtpCreateDirectoryW
HttpQueryInfoW
HttpSendRequestExW
HttpSendRequestW
InternetWriteFile
InternetReadFile

comctl32

ord17

kernel32

MultiByteToWideChar
LCMapStringW
RtlUnwind
GetModuleFileNameW
HeapReAlloc
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapAlloc
HeapFree
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
lstrlenW
WriteFile
ReadFile
lstrcmpW
GetLastError
DeleteFileW
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatW
GetFileSize
CreateFileW
GetFileAttributesExW
lstrcmpiW
GetProcAddress
LoadLibraryW
MulDiv
GetModuleHandleW
TerminateThread
WaitForSingleObject
CreateThread
CreateFileA
WideCharToMultiByte
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetStringTypeW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
QueryPerformanceCounter
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy

user32

SetDlgItemTextW
SetWindowPos
SystemParametersInfoW
GetClientRect
GetWindowRect
SetTimer
LoadIconW
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
IsWindowVisible
EnableWindow
CreateDialogParamW
FindWindowExW
wsprintfA
wsprintfW
IsWindow
MessageBoxW
GetParent
SetWindowTextW
SetWindowLongW
GetWindowLongW
SendDlgItemMessageW
ShowWindow
GetDlgItem
PostMessageW
GetWindowTextW
SendMessageW

Exports

Exports

get
head
post
put

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/insttype_page.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsUnzip.dll
.dll windows:5 windows x86 arch:x86

66e414936a2f6934e6e40d52047d6b75

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
GetProcessHeap
GetDriveTypeA
InitializeCriticalSection
GetVolumeInformationA
LeaveCriticalSection
InterlockedExchange
GetLastError
EnterCriticalSection
CreateMutexA
ReleaseMutex
CloseHandle
GetFullPathNameA
DosDateTimeToFileTime
SetVolumeLabelA
SetFilePointer
GetLocaleInfoA
SetEndOfFile
SystemTimeToFileTime
SetFileTime
GetFileAttributesA
FileTimeToSystemTime
FindFirstFileA
SetFileAttributesA
HeapFree
GetLocalTime
FindNextFileA
GetFileTime
FileTimeToLocalFileTime
GetVersion
LocalFileTimeToFileTime
GlobalLock
GlobalUnlock
lstrcpyA
CreateDirectoryA
DeleteFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
ReadFile
LoadLibraryA
GetCurrentProcess
HeapAlloc
lstrlenA
CreateFileA
GlobalFree
lstrcmpiA
lstrlenW
MultiByteToWideChar
lstrcpynW
WideCharToMultiByte
GlobalAlloc
lstrcpynA
FindClose
lstrcmpA
HeapReAlloc
InterlockedDecrement
GetCPInfo
RtlUnwind
GetSystemTimeAsFileTime
SetStdHandle
GetFileType
InterlockedIncrement
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStartupInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetEnvironmentVariableW

user32

CharUpperA
wsprintfA
GetWindowTextLengthA
SendMessageA
GetWindowTextA
GetDlgItem
EndDialog
SetWindowTextA
EnableWindow
DialogBoxParamA
SetDlgItemTextA
OemToCharA
CharToOemA

advapi32

GetSecurityDescriptorGroup
AdjustTokenPrivileges
IsValidSecurityDescriptor
GetSecurityDescriptorSacl
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
LookupPrivilegeValueA
GetSecurityDescriptorControl
GetKernelObjectSecurity
OpenProcessToken
IsValidAcl
GetSecurityDescriptorDacl

Exports

Exports

Extract
ExtractA
GetPassword

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/shortcut_page.ini
$TEMP/DefaultPackOffer.dll
.dll windows:5 windows x86 arch:x86

41501ab7c67ed980112ad021ef0aa04f

Code Sign

61:02:92:4a:00:00:00:00:00:20
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09/01/2012, 22:25

Not After

09/04/2013, 22:25

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

40:6c:7f:d9:b4:d2:23:23:98:21:06:49:cf:49:02:55:a6:dd:95:29
Signer

Actual PE Digest

40:6c:7f:d9:b4:d2:23:23:98:21:06:49:cf:49:02:55:a6:dd:95:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\HBI\Bing\Experiences\BingShareQID\UNIWIN\UniversalInstaller_V1.7\DefaultPackOffer\Release\DefaultPackOffer.pdb

Imports

kernel32

LocalAlloc
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
CompareStringW
GetPrivateProfileIntW
IsWow64Process
GetCurrentProcess
CreateFileW
GetFileInformationByHandle
ReadFile
CloseHandle
GetCurrentDirectoryW
SetDllDirectoryW
SetErrorMode
GetModuleFileNameW
GetModuleHandleW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
GetLastError
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
RtlUnwind
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetProcAddress
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointer
FlushFileBuffers
GetLocaleInfoW
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
FreeLibrary
LoadLibraryW
WriteConsoleW
SetStdHandle
SetEndOfFile
GetProcessHeap
SetUnhandledExceptionFilter
GetVersionExW
LoadLibraryA

wininet

InternetCrackUrlW

advapi32

RegOpenKeyExW
RegQueryValueExW

shell32

SHGetFolderPathW
SHGetFolderPathAndSubDirW

shlwapi

PathRemoveBlanksW
PathIsRelativeW
PathCanonicalizeW
PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

CanOfferDefaultPack
CanOfferGCDHP
CanOfferGCDSE
CanOfferIEDHP
CanOfferIEDSE
CanOfferMFDHP
CanOfferMFDSE
CheckBasicSystemRequirements

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 355KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/distro-amzn-alawar-rs.exe
.exe windows:4 windows x86 arch:x86

28a099a911237a28521d8b7ea250f089

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:25:96:92:78:9e:76:78:9f:f8:29:87:99:54:d8:82
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/02/2013, 00:00

Not After

01/02/2015, 23:59

Subject

CN=Browser Distribution Services\, Inc.,O=Browser Distribution Services\, Inc.,POSTALCODE=19808,STREET=2711 Centerville Road\, Suite 400,L=Wilmington,ST=DE,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:f5:26:33:0f:37:08:f4:33:ff:83:fd:86:53:86:a6:af:71:da:31
Signer

Actual PE Digest

05:f5:26:33:0f:37:08:f4:33:ff:83:fd:86:53:86:a6:af:71:da:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 107KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$EXEDIR/AmazonChrome_20121017.crx
.zip
_locales/de/messages.json
_locales/en/messages.json
_locales/es/messages.json
_locales/fr/messages.json
_locales/it/messages.json
_locales/ja/messages.json
_locales/zh_CN/messages.json
background.html
.html
images/ABA.png
.png
images/a_smile.png
.png
images/amazon_logo.png
.png
images/asmile_128.png
.png
images/asmile_16.png
.png
images/asmile_19.png
.png
images/asmile_48.png
.png
images/btns.png
.png
images/button.png
.png
images/gold-button.png
.png
images/grey_gradient.gif
.gif
images/pricecompare.gif
.gif
images/wheat-button.png
.png
js/alexa/base64.js
.js
js/alexa/content/dc.js
.js
js/alexa/content/results.js
.js
js/alexa/helper.js
.js
js/alexa/md5.js
.js
js/alexa/messages.js
.js
js/alexa/overlay.js
.js
js/alexa/popup.js
.js
js/alexa/results.js
.js
js/assist_c.js
.js
js/background.js
.js
js/bootstrap.js
js/enabler.js
.js
js/options.js
.js
js/options_init.js
.js
js/sentinel.js
.js
js/tou.js
.js
js/tou_init.js
.js
js/turn_c.js
.js
js/util.js
.js
js/util_c.js
.js
js/whoami.js
.js
js/whoami_c.js
lib/jquery-1.7.1.js
.js
lib/jsuri-1.1.1.js
.js
manifest.json
options.html
.html
styles/options.css
styles/style.css
tou.html
.html
xml/default.xml
.xml
$EXEDIR/ToolbarUpdaterService.exe
.exe windows:5 windows x86 arch:x86

b6d56e0f219d87f7a142af7f6c9852f0

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

91:df:a4:07:18:d3:73:bc:38:f0:b0:b2:36:b6:6f:51
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

26/01/2012, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Browser Distribution Services\, Inc.,O=Browser Distribution Services\, Inc.,POSTALCODE=19808,STREET=2711 Centerville Road\, Suite 400,L=Wilmington,ST=DE,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

be:df:d9:16:f7:93:0e:29:6f:af:58:19:73:6b:50:82:8b:06:97:a8
Signer

Actual PE Digest

be:df:d9:16:f7:93:0e:29:6f:af:58:19:73:6b:50:82:8b:06:97:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Work\DistroUpdater\distro-updater-standalone\Release\ToolbarUpdaterService.pdb

Imports

kernel32

CloseHandle
WaitForSingleObject
OpenProcess
WTSGetActiveConsoleSessionId
WritePrivateProfileStructW
GetPrivateProfileStructW
CreateToolhelp32Snapshot
Process32FirstW
ProcessIdToSessionId
Process32NextW
HeapFree
GetProcessHeap
GetCurrentProcess
HeapAlloc
LocalFree
LocalAlloc
GetVersionExW
GetTempPathW
GetFileAttributesW
FindFirstFileW
FindNextFileW
Sleep
FindClose
CreateFileW
RemoveDirectoryW
CreateProcessW
SetLastError
GetTickCount
WideCharToMultiByte
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringW
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
InitializeCriticalSection
LoadLibraryExW
lstrcmpiW
GetModuleHandleW
SizeofResource
LockResource
FindResourceExW
GetModuleFileNameW
InterlockedIncrement
MultiByteToWideChar
LoadResource
FindResourceW
InterlockedDecrement
DeleteCriticalSection
lstrlenW
RaiseException
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetProcAddress
FreeLibrary
GetStringTypeW
GetModuleHandleA
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
DeleteFileW
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
VirtualAlloc
VirtualFree
HeapCreate
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateDirectoryW
GetStartupInfoW
GetSystemTimeAsFileTime
HeapSize
HeapDestroy
HeapReAlloc

user32

CharNextW
LoadStringW

advapi32

StartServiceW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
RegQueryValueExW
GetTokenInformation
SetTokenInformation
CreateProcessAsUserW
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ControlService
DeleteService
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoTaskMemRealloc
CoInitialize

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString
VarBstrCat
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysStringLen
VariantClear

urlmon

URLDownloadToFileW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$EXEDIR/abb-3.0-20121017.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:53:b6:8e:14:da:0c:15:b0:30:52:9d:8a:89:0f:5b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/03/2012, 00:00

Not After

21/03/2014, 23:59

Subject

CN=Amazon Services LLC,OU=Software Services+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Amazon Services LLC,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

28:79:da:f0:7e:d4:54:28:af:49:e3:d0:1f:87:ed:3c:75:c8:3b:8d
Signer

Actual PE Digest

28:79:da:f0:7e:d4:54:28:af:49:e3:d0:1f:87:ed:3c:75:c8:3b:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 820KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Amazon.3.0.NSISPlugin.dll
.dll windows:5 windows x86 arch:x86

130280a15389ca36ad9f703541cb7e72

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

wsprintfW
GetWindowThreadProcessId
FindWindowW

wininet

InternetCloseHandle
InternetOpenUrlW
InternetOpenW
InternetReadFile

kernel32

LoadResource
FindResourceW
CreateProcessW
CloseHandle
LoadLibraryA
GetLastError
OpenProcess
GetCurrentProcessId
FreeLibrary
GetProcAddress
LoadLibraryW
HeapFree
LockResource
GetProcessHeap
CopyFileW
GetModuleFileNameW
DeleteFileW
Sleep
GetCommandLineW
LocalFree
GetCurrentProcess
GetTickCount
InterlockedDecrement
SetLastError
SizeofResource
FindResourceExW
MultiByteToWideChar
lstrlenW
lstrcpyW
GlobalFree
ExpandEnvironmentStringsW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
HeapAlloc
HeapSize
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
HeapDestroy
HeapReAlloc
GetModuleHandleA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetCurrentThreadId
GetCommandLineA
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
DuplicateTokenEx
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

ole32

CoCreateInstance
CoTaskMemFree

oleaut32

SysStringLen
SysFreeString
SysStringByteLen
SysAllocStringByteLen

shlwapi

PathFileExistsW

Exports

Exports

ClearPendingFileRenames
NSISCreateTemporaryDll
NSISDeleteTemporaryDll
NSISLaunchIE
NSISPingServer
RunDLLPingServerStep1
RunDLLPingServerStep2
SetHomepage
SetSearchProvider
SetSearchProviderManual

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetModuleHandleW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrcpynW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc

user32

OpenClipboard
DestroyIcon
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
MessageBoxW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyWindow

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/notify.ini
$PLUGINSDIR/nsExec.dll
.dll windows:5 windows x86 arch:x86

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrlenW
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
GetCommandLineW
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleW
GetTickCount
GetStartupInfoW
CreatePipe
GetVersionExW
GlobalLock
DeleteFileW
lstrcatW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

CharPrevW
CharNextW
SendMessageW
FindWindowExW
wsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AlxSSBPS.dll
.dll regsvr32 windows:5 windows x86 arch:x86

6cf57cf6029b2fc49f7dc88dc49fa155

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:53:b6:8e:14:da:0c:15:b0:30:52:9d:8a:89:0f:5b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/03/2012, 00:00

Not After

21/03/2014, 23:59

Subject

CN=Amazon Services LLC,OU=Software Services+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Amazon Services LLC,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7e:a3:ad:78:99:bd:8d:15:10:aa:df:4a:36:9d:c5:c3:80:29:d7:43
Signer

Actual PE Digest

7e:a3:ad:78:99:bd:8d:15:10:aa:df:4a:36:9d:c5:c3:80:29:d7:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WriteFile
HeapReAlloc
VirtualAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo

rpcrt4

NdrDllUnregisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrDllRegisterProxy
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
CStdStubBuffer_AddRef
CStdStubBuffer_Connect

oleaut32

BSTR_UserFree
VARIANT_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserSize
BSTR_UserSize
VARIANT_UserMarshal

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 266B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AmazonBrowserBar.3.0.Uninstall.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:53:b6:8e:14:da:0c:15:b0:30:52:9d:8a:89:0f:5b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/03/2012, 00:00

Not After

21/03/2014, 23:59

Subject

CN=Amazon Services LLC,OU=Software Services+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Amazon Services LLC,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

81:77:2a:2c:fb:e3:6f:e4:fe:b2:91:7f:73:ca:a1:02:4f:4a:a0:03
Signer

Actual PE Digest

81:77:2a:2c:fb:e3:6f:e4:fe:b2:91:7f:73:ca:a1:02:4f:4a:a0:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 820KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:5 windows x86 arch:x86

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrlenW
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
GetCommandLineW
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleW
GetTickCount
GetStartupInfoW
CreatePipe
GetVersionExW
GlobalLock
DeleteFileW
lstrcatW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

CharPrevW
CharNextW
SendMessageW
FindWindowExW
wsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AmazonBrowserBar.3.0.dll
.dll regsvr32 windows:5 windows x86 arch:x86

7ff059d174435a29ac6b5a7fb0fae19d

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:53:b6:8e:14:da:0c:15:b0:30:52:9d:8a:89:0f:5b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/03/2012, 00:00

Not After

21/03/2014, 23:59

Subject

CN=Amazon Services LLC,OU=Software Services+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Amazon Services LLC,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3e:81:c4:06:b0:c0:be:5e:6f:3b:8d:20:ba:66:fc:18:b7:76:ca:be
Signer

Actual PE Digest

3e:81:c4:06:b0:c0:be:5e:6f:3b:8d:20:ba:66:fc:18:b7:76:ca:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

uxtheme

DrawThemeBackground
CloseThemeData
OpenThemeData

urlmon

URLDownloadToCacheFileW

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetGetCookieExW
InternetSetCookieW

oleacc

ObjectFromLresult

kernel32

OutputDebugStringA
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcmpW
InitializeCriticalSection
DeleteCriticalSection
FormatMessageW
LocalFree
FreeLibrary
lstrcmpiW
LoadLibraryExW
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID
GetLocaleInfoW
WideCharToMultiByte
GetCommandLineW
ExpandEnvironmentStringsW
lstrlenA
CreateEventW
WaitForMultipleObjects
GetTickCount
CreateThread
SetEvent
lstrcpynW
ResetEvent
LoadLibraryA
GetVersionExW
CreateProcessW
HeapAlloc
HeapFree
GetProcessHeap
OpenProcess
GetCurrentProcessId
FindFirstFileW
ResumeThread
WaitForSingleObject
TerminateThread
OutputDebugStringW
ReleaseMutex
CreateFileW
WriteFile
FlushFileBuffers
ReadFile
GetFileSize
GlobalFree
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
HeapCreate
LoadLibraryW
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
LCMapStringW
LCMapStringA
CompareStringW
GetCPInfo
CompareStringA
RtlUnwind
GetCommandLineA
ExitThread
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
SetEnvironmentVariableA
SetEndOfFile
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
InterlockedDecrement
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
InterlockedIncrement
CloseHandle
CreateMutexW
GetLastError
Sleep
lstrlenW
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
FlushInstructionCache
SetLastError
GetCurrentThreadId
RaiseException
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetVersion
GetFileAttributesW
GetTimeZoneInformation

user32

UnregisterClassA
SendMessageTimeoutW
SendMessageW
SetWindowTextW
ShowWindow
GetDlgItem
SetWindowPos
MapWindowPoints
GetClientRect
GetParent
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindow
SetForegroundWindow
BringWindowToTop
EndDialog
SetWindowLongW
PostMessageW
MessageBoxW
FindWindowExW
LoadBitmapW
EnumChildWindows
RegisterWindowMessageW
GetClassNameW
CharNextW
RedrawWindow
CreateAcceleratorTableW
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
GetDesktopWindow
DestroyAcceleratorTable
SetLayeredWindowAttributes
CopyRect
OpenIcon
CloseWindow
GetWindowPlacement
IsChild
IntersectRect
ReleaseDC
EnableWindow
DispatchMessageW
TranslateMessage
GetAsyncKeyState
GetDlgCtrlID
SetTimer
KillTimer
GetDC
SetFocus
InflateRect
SetMenuDefaultItem
GetMenuItemCount
GetWindowTextLengthW
GetWindowTextW
IsMenu
GetSysColor
GetSysColorBrush
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
MonitorFromRect
GetSystemMetrics
ClientToScreen
DialogBoxParamW
CreatePopupMenu
TrackPopupMenu
GetMenuInfo
SetMenuInfo
AppendMenuW
DestroyMenu
MonitorFromPoint
DefWindowProcW
CallWindowProcW
OffsetRect
InvalidateRect
BeginPaint
EndPaint
DrawTextExW
IsWindow
SetWindowRgn
EqualRect
MoveWindow
DestroyWindow
GetFocus
GetCursorPos
ScreenToClient
IsWindowVisible
GetKeyState
PtInRect
UnionRect
GetWindowThreadProcessId
FindWindowW
EnableMenuItem
ModifyMenuW
RemoveMenu
SystemParametersInfoW
DrawTextW
SetWindowsHookExW
UnhookWindowsHookEx
IsIconic
CallNextHookEx
PeekMessageW
MsgWaitForMultipleObjects
DestroyIcon
UpdateLayeredWindow

gdi32

CreateFontIndirectW
RestoreDC
SaveDC
DeleteObject
GetObjectW
DeleteDC
CreateSolidBrush
LPtoDP
SetMapMode
SelectObject
SetBkMode
SetTextColor
IntersectClipRect
ExtTextOutW
GetStockObject
RoundRect
CreatePen
SetViewportOrgEx
CreateCompatibleDC
BitBlt
GetDeviceCaps
SetTextAlign
TextOutW
CreateRectRgnIndirect
SetWindowOrgEx
SetBkColor
CreateCompatibleBitmap
CreateDCW

advapi32

AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumValueW

shell32

ExtractIconW

ole32

OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleInitialize
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoInitializeEx
CreateOleAdviseHolder
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
ReadClassStm
WriteClassStm
OleSaveToStream
CoCreateInstance
OleRun
StringFromCLSID
CoTaskMemFree

oleaut32

VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
VarBstrFromDate
SysAllocString
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantInit
VariantCopy
VariantChangeType
SysFreeString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy
OleCreateFontIndirect
DispCallFunc
SafeArrayGetUBound
SafeArrayUnaccessData
VariantCopyInd
SafeArrayGetVartype
SafeArrayCopy
SafeArrayGetLBound
SafeArrayRedim
SafeArrayCreate
SysStringByteLen
SysAllocStringLen
SafeArrayUnlock
SafeArrayLock
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
VARIANT_UserMarshal
BSTR_UserSize
VARIANT_UserSize
VARIANT_UserUnmarshal
BSTR_UserMarshal
BSTR_UserUnmarshal
VARIANT_UserFree
BSTR_UserFree
OleCreatePropertyFrame
GetErrorInfo
SysAllocStringByteLen

gdiplus

GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromFile
GdipReleaseDC
GdipDeleteMatrix
GdipCreateMatrix2
GdipCreateTexture
GdipDisposeImage
GdipImageSelectActiveFrame
GdipCreateBitmapFromScan0
GdipDrawImageRectI
GdipFillRectangleI
GdipFillRectangle
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipSetTextureTransform
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromHICON
GdipGetImageGraphicsContext
GdipCloneImage

rpcrt4

CStdStubBuffer_CountRefs
IUnknown_QueryInterface_Proxy
CStdStubBuffer_AddRef
NdrDllCanUnloadNow
NdrStubCall2
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface
NdrCStdStubBuffer2_Release
IUnknown_AddRef_Proxy
NdrDllGetClassObject
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
NdrStubForwardingFunction
NdrOleFree
NdrOleAllocate
NdrCStdStubBuffer_Release
NdrDllRegisterProxy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InstallToolBar
Localize
Ping
ShowToolBar
UninstallToolBar

Sections

.text
Size: 952KB - Virtual size: 951KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 383KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AmazonBrowserBarSSB.3.0.dll
.exe windows:5 windows x86 arch:x86

3c09ea990ef99b3ea8e651c66353d5e1

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:53:b6:8e:14:da:0c:15:b0:30:52:9d:8a:89:0f:5b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/03/2012, 00:00

Not After

21/03/2014, 23:59

Subject

CN=Amazon Services LLC,OU=Software Services+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Amazon Services LLC,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

36:dd:d2:28:43:46:a6:da:64:70:66:f9:99:1b:89:94:22:a4:24:50
Signer

Actual PE Digest

36:dd:d2:28:43:46:a6:da:64:70:66:f9:99:1b:89:94:22:a4:24:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

lstrcmpiW
RaiseException
GetLastError
LoadLibraryExW
GetModuleFileNameW
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
DeleteCriticalSection
ExpandEnvironmentStringsW
CreateProcessW
MoveFileExW
GetCurrentProcess
FlushInstructionCache
SetLastError
InitializeCriticalSection
SetEvent
GetCommandLineW
Sleep
CreateEventW
CreateThread
CloseHandle
WaitForSingleObject
lstrlenA
WideCharToMultiByte
HeapFree
GetProcessHeap
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
FreeLibrary
LockResource
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapCreate
RtlUnwind
GetStartupInfoW
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapSize
MultiByteToWideChar
FindResourceExW
FindResourceW
GetModuleHandleA
LoadResource
SizeofResource
GetModuleHandleW
GetStringTypeW
GetProcAddress
lstrlenW
InterlockedIncrement
InterlockedDecrement
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentProcessId
HeapReAlloc
HeapAlloc
HeapDestroy
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA

user32

EndDialog
BringWindowToTop
GetWindow
UnregisterClassA
GetMonitorInfoW
GetWindowRect
GetClientRect
MapWindowPoints
SetWindowPos
MonitorFromWindow
SetDlgItemTextW
SetWindowTextW
GetParent
SendMessageW
GetDlgItem
DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
PostThreadMessageW
CallWindowProcW
CreateWindowExW
DialogBoxParamW
DefWindowProcW
LoadCursorW
GetClassInfoExW
RegisterClassExW
SetActiveWindow
GetCursorPos
TrackPopupMenu
SetForegroundWindow
SetMenuItemInfoW
GetSubMenu
LoadMenuW
SetTimer
LoadIconW
KillTimer
DestroyIcon
PostMessageW
MessageBoxW
GetWindowLongW
DestroyWindow
SetWindowLongW
CharNextW
GetDesktopWindow
IsWindow
ShowWindow

gdi32

CreateSolidBrush
DeleteObject
SetBkColor

advapi32

RegQueryValueExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

shell32

Shell_NotifyIconW
ShellExecuteW

ole32

CoRegisterClassObject
StringFromGUID2
CoUninitialize
CoRevokeClassObject
OleRun
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize

oleaut32

SysStringLen
SysAllocString
VarUI4FromStr
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
VarDateFromStr
SysAllocStringLen
VariantClear
GetErrorInfo
SysAllocStringByteLen
SysFreeString

shlwapi

PathRemoveFileSpecW
PathStripPathW

urlmon

URLDownloadToCacheFileW

Sections

.text
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$EXEDIR/abb-3.0-20121130.xpi
.zip
META-INF/manifest.mf
META-INF/zigbert.rsa
META-INF/zigbert.sf
chrome.manifest
components/herb.js
.js
components/herb.xpt
components/utility.js
.js
components/utility.xpt
content/Bestseller.xml
.xml
content/Department.xml
.xml
content/about.xul
.js .xml polyglot
content/alxtb2ff.js
.js
content/alxtb2ff.xul
.xml
content/bestsellers.xml
.xml
content/button.css
content/button.xml
.xml
content/buttons.js
.js
content/buttons.xul
.xml
content/buttons/sparkline/sparkline.xml
.xml
content/cba.js
.js
content/close.xul
.js .xml polyglot
content/cs.js
.js
content/default.xml
.xml
content/dialogWrapper.xul
.js .xml polyglot
content/ellipsis.xml
.xml
content/extension-uninstall.xul
.js .xml polyglot
content/extensions-4.0.xul
.js .xml polyglot
content/extensions.xul
.js .xml polyglot
content/feedUrls.xml
.xml
content/firstrun/Buttons/de_DE/Continue-button.png
.png
content/firstrun/Buttons/es_ES/Continue-button.png
.png
content/firstrun/Buttons/fr_FR/Continue-button.png
.png
content/firstrun/Buttons/it_IT/Continue-button.png
.png
content/firstrun/Buttons/ja_JP/Continue-button.png
.png
content/firstrun/Buttons/zh_CN/Continue-button.png
.png
content/firstrun/Cancel-button.png
.png
content/firstrun/Continue-button.png
.png
content/firstrun/Up-Arrow.png
.png
content/firstrun/firstrun.css
content/firstrun/firstrun.js
.js
content/firstrun/firstrun.xul
content/firstrun/firstupdate.js
.js
content/firstrun/firstupdate.xul
content/giurls.js
content/inject_api.js
.js
content/install.xml
.html .js polyglot
content/install.xul
.js .xml polyglot
content/myamazon.xml
.xml
content/newreleases.xml
.xml
content/oemdefault/toolbar.xml
.xml
content/option.xml
.xml
content/option1.xml
.xml
content/option2.xml
.xml
content/options.xul
.xml
content/overlay.js
.js
content/overlay.xul
.xml
content/product.xml
.xml
content/results.js
.js
content/search.xml
.xml
content/search_conf.js
content/searches.xml
.xml
content/toolbar.xml
.xml
content/toolbar1.xml
.js .xml polyglot
defaults/preferences/buttons.js
defaults/preferences/install.js
defaults/preferences/preferences.js
install.rdf
.xml
locale/en-US/branding.dtd
locale/en-US/branding.properties
locale/zh-CN/branding.dtd
locale/zh-CN/branding.properties
skin/1px-trans.png
.png
skin/a-smile-sm.png
.png
skin/a_com_border.png
.png
skin/about.png
.png
skin/add.ico
skin/ai_bg.gif
.gif
skin/alexa/0.png
.png
skin/alexa/1.png
.png
skin/alexa/2.png
.png
skin/alexa/3.png
.png
skin/alexa/4.png
.png
skin/alexa/5.png
.png
skin/alexa/6.png
.png
skin/alexa/7.png
.png
skin/alexa/8.png
.png
skin/alexa/9.png
.png
skin/alexa/a.png
.png
skin/alexa/b.png
.png
skin/alexa/c.png
.png
skin/alexa/d.png
.png
skin/alexa/e.png
.png
skin/alexa/f.png
.png
skin/alexa/g.png
.png
skin/alexa/graph0.png
.png
skin/alexa/graph1.png
.png
skin/alexa/graph10.png
.png
skin/alexa/graph2.png
.png
skin/alexa/graph3.png
.png
skin/alexa/graph4.png
.png
skin/alexa/graph5.png
.png
skin/alexa/graph6.png
.png
skin/alexa/graph7.png
.png
skin/alexa/graph8.png
.png
skin/alexa/graph9.png
.png
skin/alexa/h.png
.png
skin/alexa/x.png
.png
skin/alexa_internet.png
.png
skin/alxtb2ff.css
skin/amazon_logo_small-hover.png
.png
skin/amazon_logo_small.png
.png
skin/amazonbasket.png
.png
skin/amazongift.png
.png
skin/amazonheart.png
.png
skin/amazonlogo.png
.png
skin/amazonmusic.png
.png
skin/amazonorders.png
.png
skin/amazonsearch.png
.png
skin/amazonwishlist.png
.png
skin/amzn-tb-options-hover.png
.png
skin/amzn-tb-options.png
.png
skin/an_amazon_company.png
.png
skin/arrowdown.png
.png
skin/arrowdown_white.png
.png
skin/bl.gif
.gif
skin/bl.png
.png
skin/blank.htm
.html
skin/br.gif
.gif
skin/br.png
.png
skin/bubblebox/description.xml
.html .js polyglot
skin/bubblebox/img-bublebox-bottom.png
.png
skin/bubblebox/img-bublebox-middle.png
.png
skin/bubblebox/img-bublebox-top.png
.png
skin/catalog-hover.png
.png
skin/catalog.png
.png
skin/china_comment.png
.png
skin/china_globe.png
.png
skin/close.xul
.js .xml polyglot
skin/comment.png
.png
skin/default.png
.png
skin/gadget/btn-close-over.png
.png
skin/gadget/btn-close.png
.png
skin/gadget/img-boxB.png
.png
skin/gadget/img-boxL.png
.png
skin/gadget/img-boxLB.png
.png
skin/gadget/img-boxLT.png
.png
skin/gadget/img-boxPK.png
.png
skin/gadget/img-boxR.png
.png
skin/gadget/img-boxRB.png
.png
skin/gadget/img-boxRT.png
.png
skin/gadget/img-boxRT2.png
.png
skin/gadget/img-boxT.png
.png
skin/gadget/spinner.gif
.gif
skin/hb.ico
skin/hotsearches-hover.png
.png
skin/hotsearches.png
.png
skin/hoturls-hover.png
.png
skin/hoturls.png
.png
skin/icon.ico
skin/images/amazonlogo-small.png
.png
skin/images/star-0.0.png
.png
skin/images/star-0.5.png
.png
skin/images/star-1.0.png
.png
skin/images/star-1.5.png
.png
skin/images/star-2.0.png
.png
skin/images/star-2.5.png
.png
skin/images/star-3.0.png
.png
skin/images/star-3.5.png
.png
skin/images/star-4.0.png
.png
skin/images/star-4.5.png
.png
skin/images/star-5.0.png
.png
skin/images/stars.png
.png
skin/install.css
skin/installed.png
.png
skin/ip-blocked.png
.png
skin/logo-hover.png
.png
skin/logo.png
.png
skin/middot.png
.png
skin/myamazon.png
.png
skin/oemdefault/DefaultButton.htm
.html .js polyglot
skin/oemdefault/amazonJQ.js
.js
skin/oemdefault/amazonlogo.png
.png
skin/oemdefault/countryMap.js
.js
skin/oemdefault/toolbar-sprite-HTML.png
.png
skin/overlay.css
skin/rank/0.png
.png
skin/rank/1.png
.png
skin/rank/2.png
.png
skin/rank/3.png
.png
skin/rank/4.png
.png
skin/rank/5.png
.png
skin/rank/6.png
.png
skin/rank/7.png
.png
skin/rank/8.png
.png
skin/rank/9.png
.png
skin/rank/a.png
.png
skin/rank/b.png
.png
skin/rank/c.png
.png
skin/rank/d.png
.png
skin/rank/e.png
.png
skin/rank/f.png
.png
skin/rank/x.png
.png
skin/related-hover.png
.png
skin/related.png
.png
skin/reviews/stars.0.0.png
.png
skin/reviews/stars.0.5.png
.png
skin/reviews/stars.1.0.png
.png
skin/reviews/stars.1.5.png
.png
skin/reviews/stars.2.0.png
.png
skin/reviews/stars.2.5.png
.png
skin/reviews/stars.3.0.png
.png
skin/reviews/stars.3.5.png
.png
skin/reviews/stars.4.0.png
.png
skin/reviews/stars.4.5.png
.png
skin/reviews/stars.5.0.png
.png
skin/reviews/stars.unrated.png
.png
skin/reviews/write-disabled.png
.png
skin/reviews/write-hover.png
.png
skin/reviews/write.png
.png
skin/rss.png
.png
skin/search-hover.png
.png
skin/search-icon.png
.png
skin/search.png
.png
skin/separator.png
.png
skin/shim.png
.png
skin/shim_new.png
.png
skin/siteinfo-down-hover.png
.png
skin/siteinfo-down.png
.png
skin/siteinfo-hover.png
.png
skin/siteinfo-up-hover.png
.png
skin/siteinfo-up.png
.png
skin/siteinfo.png
.png
skin/star.png
.png
skin/tl.gif
.gif
skin/tl.png
.png
skin/tl_arrow.gif
.gif
skin/tr.gif
.gif
skin/tr.png
.png
skin/twitter-hover.png
.png
skin/twitter-new.png
.png
skin/twitter.png
.png
skin/twitterimdb-new.png
.png
skin/twitterimdb.png
.png
skin/update-arrow-down.png
.png
skin/url.png
.png
skin/wayback-hover.png
.png
skin/wayback.png
.png
skin/wishlist.png
.png
$EXEDIR/amazon-app-icon.crx
.zip
128.png
.png
16.png
.png
48.png
.png
main.html
.html
main.js
.js
manifest.json
$EXEDIR/search_protect.exe
.exe windows:4 windows x86 arch:x86

28a099a911237a28521d8b7ea250f089

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:25:96:92:78:9e:76:78:9f:f8:29:87:99:54:d8:82
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/02/2013, 00:00

Not After

01/02/2015, 23:59

Subject

CN=Browser Distribution Services\, Inc.,O=Browser Distribution Services\, Inc.,POSTALCODE=19808,STREET=2711 Centerville Road\, Suite 400,L=Wilmington,ST=DE,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:4c:7b:0e:3b:b5:51:b0:3e:c7:a1:a1:c9:ee:0e:9c:e5:46:71:be
Signer

Actual PE Digest

01:4c:7b:0e:3b:b5:51:b0:3e:c7:a1:a1:c9:ee:0e:9c:e5:46:71:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 107KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$EXEDIR/alert_icon.bmp
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

7256a6e740514b0a503be50e5dc99a35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
GlobalSize
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
TlsGetValue
VirtualAlloc
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcatA
lstrcpyA
lstrcpynA
lstrlenA

msvcrt

__dllonexit
_errno
_iob
_winmajor
abort
calloc
fflush
free
fwrite
malloc
memcpy
vfprintf

ole32

CLSIDFromString
StringFromGUID2

user32

wsprintfA

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 352B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

425a6c83e01941ba8baf52bf4b03191c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbsstr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
_mbsrchr
strtoul
_mbschr
memset
strtol

kernel32

GlobalFree
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
GetFileSize
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx
SetFilePointer
GetTickCount

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
IsWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
GetWindowLongA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

63a79b1520ccbba15e84c6a111d03f57

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
LocalFree
FormatMessageA
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
IsProcessorFeaturePresent
InterlockedCompareExchange
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
GetModuleFileNameA
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
ExitProcess
Sleep
VirtualFree
HeapDestroy
HeapCreate
GetCommandLineA
RtlUnwind
VirtualQuery
GetSystemInfo
GetModuleHandleW
SetLastError
IsDBCSLeadByte
GetCurrentThreadId
GetModuleHandleA
GetProcAddress
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrlenA
lstrlenW
GetCurrentProcess
SetCurrentDirectoryA
FlushInstructionCache
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
RaiseException
lstrcmpiA
GetFileAttributesA
lstrcpyA
GetCurrentDirectoryA
LCMapStringA
VirtualAlloc
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess

user32

GetClassInfoExA
IsWindow
GetParent
GetWindowLongA
LoadCursorA
CharNextA
SendMessageA
DefWindowProcA
RegisterClassExA
CreateWindowExA
DestroyWindow
SetWindowLongA
UnregisterClassA
UpdateWindow
PostMessageA
wsprintfA
ShowWindow
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
KillTimer
SetTimer
GetWindowRect
MapWindowPoints
CreateDialogParamA
DrawTextA
DrawFocusRect
SetPropA
SetCursor
RemovePropA
GetPropA
CharPrevA
MapDialogRect
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
GetDesktopWindow
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
CallWindowProcA
GetSysColor

gdi32

SetTextColor
GetStockObject
GetObjectA
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
GetDeviceCaps

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
OleRun
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VariantChangeType
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
DispCallFunc
VarUI4FromStr
SysAllocStringLen
SysAllocString
VariantCopy
SysStringLen
SysFreeString
VariantInit
VariantClear

Exports

Exports

Continue
ConvertToDialogUnits
ConvertToPixels
Create
CreateControl
CreateItem
CreateTimer
Destroy
GetUserData
HtmlExecJavascript
HtmlQueryState
HtmlReturnValue
HtmlSetSilent
HtmlSetState
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetNsisResponse
SetRTL
SetUserData
Show
nsdKillTimer

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/stack.dll
.dll windows:4 windows x86 arch:x86

454e327924e76e3c69e4915b2b6f1a25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcmpiA
lstrcpyA
lstrcpynA
GlobalUnlock
lstrlenA
lstrcatA
GlobalLock

user32

EndDialog
wsprintfA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
SendMessageA
GetDlgItem
DialogBoxParamA

Exports

Exports

_Debug
_Unload
_dll_clear
_dll_create
_dll_delete
_dll_delete_range
_dll_destroy
_dll_exchange
_dll_insert
_dll_move
_dll_move_range
_dll_push_sort
_dll_push_sort_int
_dll_read
_dll_reverse_range
_dll_size
_dll_sort_all
_dll_sort_all_int
_dll_write
_ns_clear
_ns_pop_front
_ns_push_back
_ns_push_front
_ns_read
_ns_size
_ns_write

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 642B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/zplugins.dll
.dll windows:5 windows x86 arch:x86

2742a3ad34529be26990dfc6704f2bee

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:25:96:92:78:9e:76:78:9f:f8:29:87:99:54:d8:82
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/02/2013, 00:00

Not After

01/02/2015, 23:59

Subject

CN=Browser Distribution Services\, Inc.,O=Browser Distribution Services\, Inc.,POSTALCODE=19808,STREET=2711 Centerville Road\, Suite 400,L=Wilmington,ST=DE,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e4:8b:75:40:ca:f1:21:a1:59:46:35:e6:db:7d:0a:b8:ee:c2:82:fb
Signer

Actual PE Digest

e4:8b:75:40:ca:f1:21:a1:59:46:35:e6:db:7d:0a:b8:ee:c2:82:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCrackUrlA
HttpSendRequestA
InternetConnectA
HttpOpenRequestA
HttpQueryInfoA
InternetSetOptionA
InternetCloseHandle
InternetReadFile
HttpAddRequestHeadersA
InternetQueryOptionA
InternetOpenA
InternetGetCookieA
InternetSetCookieA

kernel32

GetModuleHandleA
InitializeCriticalSection
lstrcmpiA
SystemTimeToFileTime
GetLocalTime
GetProcAddress
FileTimeToSystemTime
WideCharToMultiByte
lstrlenW
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
FreeLibrary
FindResourceA
LoadLibraryExA
GetModuleFileNameA
SetFilePointer
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
MultiByteToWideChar
lstrcatA
lstrlenA
WriteFile
DeleteFileA
lstrcpyA
CreateFileA
GetLastError
GetFileSize
CloseHandle
GlobalAlloc
ReadFile
GlobalFree
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
LoadLibraryA
lstrcpynA
VirtualFree
InterlockedPopEntrySList
GetSystemTime
Sleep
CreateToolhelp32Snapshot
Process32Next
Process32First
GetTickCount
GetCurrentThreadId
TerminateProcess
OpenProcess
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFileAttributesA
GetCurrentProcess
GetCurrentProcessId
LocalFree
FormatMessageA
GetExitCodeProcess
WaitForSingleObject
LocalAlloc
SetLastError
FlushInstructionCache
SetEvent
CreateEventA
HeapFree
RtlUnwind
HeapAlloc
VirtualProtect
VirtualAlloc
GetModuleHandleW
GetSystemInfo
VirtualQuery
EncodePointer
DecodePointer
GetCommandLineA
ExitThread
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
SetEndOfFile
TlsGetValue
TlsSetValue
TlsFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
HeapDestroy
ExitProcess
GetStdHandle
GetModuleFileNameW
LCMapStringW
HeapReAlloc
HeapSize
SetHandleCount
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetLocaleInfoW
GetStringTypeW
InterlockedExchange
LoadLibraryW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetStdHandle
CreateFileW
TlsAlloc

user32

SetWindowLongA
SendMessageA
GetClassInfoExA
LoadCursorA
DestroyWindow
PostQuitMessage
DefWindowProcA
RegisterClassExA
CreateWindowExA
DispatchMessageA
TranslateMessage
GetMessageA
GetWindowLongA
CallWindowProcA
AttachThreadInput
GetDesktopWindow
UnregisterClassA
PostMessageA
GetForegroundWindow
GetWindowTextLengthA
GetDialogBaseUnits
GetWindowRect
GetTitleBarInfo
GetTopWindow
IsWindowVisible
GetWindow
GetWindowThreadProcessId
GetWindowTextA
IsWindow
SetFocus
MessageBoxA
wvsprintfA
wsprintfA
CharNextA
ShowWindow

advapi32

CloseServiceHandle
ChangeServiceConfigA
OpenServiceA
OpenSCManagerA
QueryServiceStatus
FreeSid
EqualSid
GetTokenInformation
OpenProcessToken
IsValidSid
LookupAccountNameA
LookupAccountSidA
DuplicateTokenEx
CreateWellKnownSid
BuildTrusteeWithSidA
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
AllocateAndInitializeSid
GetNamedSecurityInfoA
SetNamedSecurityInfoA
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
GetUserNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
ConvertSidToStringSidA
SetEntriesInAclA
CreateProcessAsUserA

ole32

OleRun
CoInitialize
CoUninitialize
CLSIDFromString
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID

oleaut32

VarUI4FromStr
SysFreeString
VariantInit
VariantClear
VariantChangeType
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocString
VariantCopy
SysStringLen
DispCallFunc
VarBstrCmp

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQueryUserToken

shell32

ShellExecuteExA
SHGetPathFromIDListA

Exports

Exports

browser_ActivateIE
browser_GetCookieIE
browser_SetCookieIE
browser_setdscr
browser_setdsie
browser_setspcr
closepro_GetExeFromPid
closepro_GetHwndFromPid
closepro_GetPidFromHwnd
closepro_GetWindowTitle
closepro_IsForegroundWindow
closepro_PollProcesses
closepro_PollWindows
closepro_SendEnterToPopups
closepro_close
closepro_findprocess
closepro_findwindow
closepro_terminate
context_NameFromSid
context_SidFromName
context_createProcessAsActiveUser
context_logonFolder
context_logonName
context_logonSid
context_ownerFolder
context_ownerIsAdminMember
context_ownerName
context_ownerSid
context_procGrantedAdmin
context_runAsAdmin
context_systemSid
ffprefs_del
ffprefs_full_get
ffprefs_full_set
ffprefs_get
ffprefs_loadfile
ffprefs_savefile
ffprefs_set
init
json_arrayIndex
json_arrayToCSV
json_arrayUbound
json_copy
json_del
json_escape
json_get
json_get_value_type_key
json_handleCount
json_loadReadtime
json_loadfile
json_loadstring
json_merge
json_null
json_savefile
json_set
json_setStringifyParameters
json_stringify
json_unescape
json_unload
mkisdl_get
mkisdl_post
mkisdl_post_file
nsj_create
nsj_escape
nsj_execute
nsj_extract_json
nsj_handleCount
nsj_invoke
nsj_loadfile
nsj_unload
pcre_regex
service_changestarttype
service_currentstate
sqlwrap_close
sqlwrap_create
sqlwrap_create16
sqlwrap_execsqlite
sqlwrap_handleCount
sqlwrap_open
sqlwrap_open16
timepro_getlocaltime
timepro_getlocaltime64
timepro_getsystemtime
timepro_getsystemtime64
unload
xmlparser_childnodecount
xmlparser_del
xmlparser_delattribute
xmlparser_get
xmlparser_getattribute
xmlparser_handleCount
xmlparser_load
xmlparser_save
xmlparser_set
xmlparser_setattribute
xmlparser_startnew
xmlparser_unload

Sections

.text
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0/$_119_/uninstall.exe.nsis
$R0/sqlite3.dll
.dll windows:4 windows x86 arch:x86

90f0646a1d53143c8e05a27e348e88f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileMappingA
CreateFileW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcessId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetProcAddress
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
UnlockFile
UnlockFileEx
UnmapViewOfFile
WideCharToMultiByte
WriteFile

msvcrt

free
localtime
malloc
memcpy
memmove
memset
qsort
realloc
strcmp
strncmp

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8
winCurrentTime
winDlClose
winDlSym

Sections

.text
Size: 431KB - Virtual size: 431KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 800B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

7256a6e740514b0a503be50e5dc99a35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
GlobalSize
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
TlsGetValue
VirtualAlloc
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcatA
lstrcpyA
lstrcpynA
lstrlenA

msvcrt

__dllonexit
_errno
_iob
_winmajor
abort
calloc
fflush
free
fwrite
malloc
memcpy
vfprintf

ole32

CLSIDFromString
StringFromGUID2

user32

wsprintfA

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 352B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

425a6c83e01941ba8baf52bf4b03191c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbsstr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
_mbsrchr
strtoul
_mbschr
memset
strtol

kernel32

GlobalFree
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
GetFileSize
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx
SetFilePointer
GetTickCount

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
IsWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
GetWindowLongA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/nsisunz.dll
.dll windows:4 windows x86 arch:x86

0f92772da9c737d2bac38919e9863980

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryA
lstrcpyA
lstrcmpA
lstrcmpiA
GlobalFree
lstrcpynA
GlobalAlloc
lstrcatA
lstrlenA
GetVersion
LeaveCriticalSection
EnterCriticalSection
GetStdHandle
HeapAlloc
GetProcessHeap
HeapFree
GetLastError
CreateFileA
WriteFile
ReadFile
CloseHandle
SetFilePointer

user32

MessageBoxA
DispatchMessageA
TranslateMessage
PeekMessageA
CharPrevA
wsprintfA
SendMessageA
GetDlgItem
FindWindowExA

Exports

Exports

Unzip
UnzipToLog
UnzipToStack
extract_RunDLL

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/stack.dll
.dll windows:4 windows x86 arch:x86

454e327924e76e3c69e4915b2b6f1a25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcmpiA
lstrcpyA
lstrcpynA
GlobalUnlock
lstrlenA
lstrcatA
GlobalLock

user32

EndDialog
wsprintfA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
SendMessageA
GetDlgItem
DialogBoxParamA

Exports

Exports

_Debug
_Unload
_dll_clear
_dll_create
_dll_delete
_dll_delete_range
_dll_destroy
_dll_exchange
_dll_insert
_dll_move
_dll_move_range
_dll_push_sort
_dll_push_sort_int
_dll_read
_dll_reverse_range
_dll_size
_dll_sort_all
_dll_sort_all_int
_dll_write
_ns_clear
_ns_pop_front
_ns_push_back
_ns_push_front
_ns_read
_ns_size
_ns_write

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 642B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/zplugins.dll
.dll windows:5 windows x86 arch:x86

2742a3ad34529be26990dfc6704f2bee

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:25:96:92:78:9e:76:78:9f:f8:29:87:99:54:d8:82
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/02/2013, 00:00

Not After

01/02/2015, 23:59

Subject

CN=Browser Distribution Services\, Inc.,O=Browser Distribution Services\, Inc.,POSTALCODE=19808,STREET=2711 Centerville Road\, Suite 400,L=Wilmington,ST=DE,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e4:8b:75:40:ca:f1:21:a1:59:46:35:e6:db:7d:0a:b8:ee:c2:82:fb
Signer

Actual PE Digest

e4:8b:75:40:ca:f1:21:a1:59:46:35:e6:db:7d:0a:b8:ee:c2:82:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCrackUrlA
HttpSendRequestA
InternetConnectA
HttpOpenRequestA
HttpQueryInfoA
InternetSetOptionA
InternetCloseHandle
InternetReadFile
HttpAddRequestHeadersA
InternetQueryOptionA
InternetOpenA
InternetGetCookieA
InternetSetCookieA

kernel32

GetModuleHandleA
InitializeCriticalSection
lstrcmpiA
SystemTimeToFileTime
GetLocalTime
GetProcAddress
FileTimeToSystemTime
WideCharToMultiByte
lstrlenW
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
FreeLibrary
FindResourceA
LoadLibraryExA
GetModuleFileNameA
SetFilePointer
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
MultiByteToWideChar
lstrcatA
lstrlenA
WriteFile
DeleteFileA
lstrcpyA
CreateFileA
GetLastError
GetFileSize
CloseHandle
GlobalAlloc
ReadFile
GlobalFree
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
LoadLibraryA
lstrcpynA
VirtualFree
InterlockedPopEntrySList
GetSystemTime
Sleep
CreateToolhelp32Snapshot
Process32Next
Process32First
GetTickCount
GetCurrentThreadId
TerminateProcess
OpenProcess
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFileAttributesA
GetCurrentProcess
GetCurrentProcessId
LocalFree
FormatMessageA
GetExitCodeProcess
WaitForSingleObject
LocalAlloc
SetLastError
FlushInstructionCache
SetEvent
CreateEventA
HeapFree
RtlUnwind
HeapAlloc
VirtualProtect
VirtualAlloc
GetModuleHandleW
GetSystemInfo
VirtualQuery
EncodePointer
DecodePointer
GetCommandLineA
ExitThread
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
SetEndOfFile
TlsGetValue
TlsSetValue
TlsFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
HeapDestroy
ExitProcess
GetStdHandle
GetModuleFileNameW
LCMapStringW
HeapReAlloc
HeapSize
SetHandleCount
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetLocaleInfoW
GetStringTypeW
InterlockedExchange
LoadLibraryW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetStdHandle
CreateFileW
TlsAlloc

user32

SetWindowLongA
SendMessageA
GetClassInfoExA
LoadCursorA
DestroyWindow
PostQuitMessage
DefWindowProcA
RegisterClassExA
CreateWindowExA
DispatchMessageA
TranslateMessage
GetMessageA
GetWindowLongA
CallWindowProcA
AttachThreadInput
GetDesktopWindow
UnregisterClassA
PostMessageA
GetForegroundWindow
GetWindowTextLengthA
GetDialogBaseUnits
GetWindowRect
GetTitleBarInfo
GetTopWindow
IsWindowVisible
GetWindow
GetWindowThreadProcessId
GetWindowTextA
IsWindow
SetFocus
MessageBoxA
wvsprintfA
wsprintfA
CharNextA
ShowWindow

advapi32

CloseServiceHandle
ChangeServiceConfigA
OpenServiceA
OpenSCManagerA
QueryServiceStatus
FreeSid
EqualSid
GetTokenInformation
OpenProcessToken
IsValidSid
LookupAccountNameA
LookupAccountSidA
DuplicateTokenEx
CreateWellKnownSid
BuildTrusteeWithSidA
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
AllocateAndInitializeSid
GetNamedSecurityInfoA
SetNamedSecurityInfoA
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
GetUserNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
ConvertSidToStringSidA
SetEntriesInAclA
CreateProcessAsUserA

ole32

OleRun
CoInitialize
CoUninitialize
CLSIDFromString
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID

oleaut32

VarUI4FromStr
SysFreeString
VariantInit
VariantClear
VariantChangeType
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocString
VariantCopy
SysStringLen
DispCallFunc
VarBstrCmp

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQueryUserToken

shell32

ShellExecuteExA
SHGetPathFromIDListA

Exports

Exports

browser_ActivateIE
browser_GetCookieIE
browser_SetCookieIE
browser_setdscr
browser_setdsie
browser_setspcr
closepro_GetExeFromPid
closepro_GetHwndFromPid
closepro_GetPidFromHwnd
closepro_GetWindowTitle
closepro_IsForegroundWindow
closepro_PollProcesses
closepro_PollWindows
closepro_SendEnterToPopups
closepro_close
closepro_findprocess
closepro_findwindow
closepro_terminate
context_NameFromSid
context_SidFromName
context_createProcessAsActiveUser
context_logonFolder
context_logonName
context_logonSid
context_ownerFolder
context_ownerIsAdminMember
context_ownerName
context_ownerSid
context_procGrantedAdmin
context_runAsAdmin
context_systemSid
ffprefs_del
ffprefs_full_get
ffprefs_full_set
ffprefs_get
ffprefs_loadfile
ffprefs_savefile
ffprefs_set
init
json_arrayIndex
json_arrayToCSV
json_arrayUbound
json_copy
json_del
json_escape
json_get
json_get_value_type_key
json_handleCount
json_loadReadtime
json_loadfile
json_loadstring
json_merge
json_null
json_savefile
json_set
json_setStringifyParameters
json_stringify
json_unescape
json_unload
mkisdl_get
mkisdl_post
mkisdl_post_file
nsj_create
nsj_escape
nsj_execute
nsj_extract_json
nsj_handleCount
nsj_invoke
nsj_loadfile
nsj_unload
pcre_regex
service_changestarttype
service_currentstate
sqlwrap_close
sqlwrap_create
sqlwrap_create16
sqlwrap_execsqlite
sqlwrap_handleCount
sqlwrap_open
sqlwrap_open16
timepro_getlocaltime
timepro_getlocaltime64
timepro_getsystemtime
timepro_getsystemtime64
unload
xmlparser_childnodecount
xmlparser_del
xmlparser_delattribute
xmlparser_get
xmlparser_getattribute
xmlparser_handleCount
xmlparser_load
xmlparser_save
xmlparser_set
xmlparser_setattribute
xmlparser_startnew
xmlparser_unload

Sections

.text
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0/$_118_/uninstall.exe.nsis
$R0/sqlite3.dll
.dll windows:4 windows x86 arch:x86

90f0646a1d53143c8e05a27e348e88f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileMappingA
CreateFileW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcessId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetProcAddress
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
UnlockFile
UnlockFileEx
UnmapViewOfFile
WideCharToMultiByte
WriteFile

msvcrt

free
localtime
malloc
memcpy
memmove
memset
qsort
realloc
strcmp
strncmp

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8
winCurrentTime
winDlClose
winDlSym

Sections

.text
Size: 431KB - Virtual size: 431KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 800B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.ico
$TEMP/installdatapl_$HWNDPARENT/11487/installdata.zip
.zip
$TEMP/installdatapl_$HWNDPARENT/13234/installdata.zip
.zip
$_21_/Alawar.ico
$_21_/Alawar.url
Alawar.url
Data/CapsAnimation.dat
Data/Config/Background.cfg
Data/Config/Bonus.cfg
Data/Config/Gems.cfg
Data/Config/Options.ini
Data/Config/Score.cfg
Data/Config/Skin.cfg
Data/Config/Totems.cfg
Data/Fonts/AdditionalFonts.lst
Data/Fonts/Big.tga
Data/Fonts/Big.vfd
Data/Fonts/Font.tga
Data/Fonts/Font.vfd
Data/Fonts/GemsDigitsFont.tga
Data/Fonts/GemsDigitsFont.vfd
Data/Fonts/Newspaper.tga
Data/Fonts/Newspaper.vfd
Data/Forms/Arcade.vsf
Data/Forms/Background.vsf
Data/Forms/Blinker.vsf
Data/Forms/GameMenu.vsf
Data/Forms/Help.vsf
Data/Forms/HighScores.vsf
Data/Forms/Intro.vsf
Data/Forms/MainMenu.vsf
Data/Forms/Map.vsf
Data/Forms/Memory.vsf
Data/Forms/MsgBox.vsf
Data/Forms/NewLevel.vsf
Data/Forms/NewProfile.vsf
Data/Forms/Newspaper.vsf
Data/Forms/Options.vsf
Data/Forms/Profiles.vsf
Data/Forms/Quest.vsf
Data/Forms/Shop.vsf
Data/Forms/Splash.vsf
Data/Forms/StartQuest.vsf
Data/Forms/Statistics.vsf
Data/Forms/Textures.lst
Data/Forms/Thimbles.vsf
Data/Forms/Trophies.vsf
Data/Forms/Tutorial.vsf
Data/Forms/Win.vsf
Data/Forms/WinBox.vsf
Data/Gfx/AlawarLogo.tga
Data/Gfx/AllGemLights.jpg
.jpg
Data/Gfx/AllGemLights_alpha.jpg
.jpg
Data/Gfx/AllGems.png
.png
Data/Gfx/Back64.png
.png
Data/Gfx/BarGems.bmp
Data/Gfx/BigStar.png
.png
Data/Gfx/BlueTotem.png
.png
Data/Gfx/BlueTotemShop.png
.png
Data/Gfx/Bonus1.png
.png
Data/Gfx/Bonus2.tga
Data/Gfx/Bonus3.tga
Data/Gfx/Bonus4.tga
Data/Gfx/Bonus5.tga
Data/Gfx/ButInstructionsHigh.png
.png
Data/Gfx/ButProfiles.png
.png
Data/Gfx/ButQuit.png
.png
Data/Gfx/ButSaveResume.png
.png
Data/Gfx/ButStartContinue.png
.png
Data/Gfx/ButStartOptions.png
.png
Data/Gfx/ButtonsRedLongBase.png
.png
Data/Gfx/Caps.png
.png
Data/Gfx/Caps_d.png
.png
Data/Gfx/Caps_l.tga
Data/Gfx/Chain.png
.png
Data/Gfx/ClockFilling.png
.png
Data/Gfx/Cloud.jpg
.jpg
Data/Gfx/Cloud_alpha.jpg
.jpg
Data/Gfx/Cursor.tga
Data/Gfx/CursorAdd.bmp
Data/Gfx/Daw.tga
Data/Gfx/Door.jpg
.jpg
Data/Gfx/DoorFoliage.jpg
.jpg
Data/Gfx/DoorFoliage_alpha.jpg
.jpg
Data/Gfx/DoorMask.tga
Data/Gfx/DoorShadow.jpg
.jpg
Data/Gfx/FireCloud.jpg
.jpg
Data/Gfx/FireCloud_alpha.jpg
.jpg
Data/Gfx/Flare.jpg
.jpg
Data/Gfx/Flare_alpha.jpg
.jpg
Data/Gfx/Frame.png
.png
Data/Gfx/FrameBack.tga
Data/Gfx/GemFlares.tga
Data/Gfx/GemProgress.tga
Data/Gfx/GreenTotem.png
.png
Data/Gfx/GreenTotemShop.png
.png
Data/Gfx/Halo1.tga
Data/Gfx/Headers.png
.png
Data/Gfx/HelpButtons.png
.png
Data/Gfx/HelpPage1.jpg
.jpg
Data/Gfx/HelpPage1a.jpg
.jpg
Data/Gfx/HelpPage2.jpg
.jpg
Data/Gfx/HintMenu.png
.png
Data/Gfx/Intro.jpg
.jpg
Data/Gfx/Intro_alpha.jpg
.jpg
Data/Gfx/Jungle.jpg
.jpg
Data/Gfx/JungleFlareRays.jpg
.jpg
Data/Gfx/JungleFlareRays_alpha.jpg
.jpg
Data/Gfx/JungleFlash.tga
Data/Gfx/JungleFlashMask.bmp
Data/Gfx/JungleFog.jpg
.jpg
Data/Gfx/JungleMask.tga
Data/Gfx/Lightning.jpg
.jpg
Data/Gfx/Loading.jpg
.jpg
Data/Gfx/MainBack.jpg
.jpg
Data/Gfx/MainElements.jpg
.jpg
Data/Gfx/MainElements_alpha.jpg
.jpg
Data/Gfx/MainFoliage.jpg
.jpg
Data/Gfx/MainFoliage_alpha.jpg
.jpg
Data/Gfx/MainLeafMask.tga
Data/Gfx/MainSkyMask.tga
Data/Gfx/Map.jpg
.jpg
Data/Gfx/MapDiff3.jpg
.jpg
Data/Gfx/MapDiff4_1.jpg
.jpg
Data/Gfx/MapDiff4_2.jpg
.jpg
Data/Gfx/MapDiff5_1.jpg
.jpg
Data/Gfx/MapDiff5_2.tga
Data/Gfx/MapNewspapers.jpg
.jpg
Data/Gfx/MapSelectors.tga
Data/Gfx/MemCaps1.tga
Data/Gfx/MemCaps1_l.tga
Data/Gfx/MemCaps2.tga
Data/Gfx/MemCaps2_l.tga
Data/Gfx/MemCaps3.tga
Data/Gfx/MemCaps3_l.tga
Data/Gfx/MsgButtons.png
.png
Data/Gfx/Museum.jpg
.jpg
Data/Gfx/MuseumDust.jpg
.jpg
Data/Gfx/MuseumDustMask.tga
Data/Gfx/MuseumDust_alpha.jpg
.jpg
Data/Gfx/Newspaper1.jpg
.jpg
Data/Gfx/Newspaper2.jpg
.jpg
Data/Gfx/Newspaper3.jpg
.jpg
Data/Gfx/Newspaper4.jpg
.jpg
Data/Gfx/Newspaper5.jpg
.jpg
Data/Gfx/NewspaperLines.bmp
Data/Gfx/OrangeTotem.png
.png
Data/Gfx/OrangeTotemShop.png
.png
Data/Gfx/PaintDrop.png
.png
Data/Gfx/PaintStream.png
.png
Data/Gfx/PanelGlass.tga
Data/Gfx/PanelNormal.png
.png
Data/Gfx/PanelQuest.jpg
.jpg
Data/Gfx/Paper.jpg
.jpg
Data/Gfx/RedTotem.png
.png
Data/Gfx/RedTotemShop.png
.png
Data/Gfx/Ring.jpg
.jpg
Data/Gfx/RollerBase.png
.png
Data/Gfx/Sand.jpg
.jpg
Data/Gfx/Sand_alpha.jpg
.jpg
Data/Gfx/Sandbox.jpg
.jpg
Data/Gfx/SandboxFront.png
.png
Data/Gfx/SandboxGlass.tga
Data/Gfx/ScoreFrenzyStar.png
.png
Data/Gfx/Selector.png
.png
Data/Gfx/ShopBW.png
.png
Data/Gfx/ShopBack.jpg
.jpg
Data/Gfx/ShopColor.png
.png
Data/Gfx/ShopCtrls1.png
.png
Data/Gfx/ShopCtrls2.png
.png
Data/Gfx/ShopFrame.jpg
.jpg
Data/Gfx/ShopFrame_alpha.jpg
.jpg
Data/Gfx/ShopMul.tga
Data/Gfx/ShopPointer.tga
Data/Gfx/ShopPr.png
.png
Data/Gfx/ShopSandboxRays.tga
Data/Gfx/SmallButtons.png
.png
Data/Gfx/SmallSand.tga
Data/Gfx/SmallTotem1.png
.png
Data/Gfx/Spark.bmp
Data/Gfx/SpellFuzzy.bmp
Data/Gfx/StarParticle.bmp
Data/Gfx/StarSand.tga
Data/Gfx/SteelCapsT.png
.png
Data/Gfx/ThinBorder.png
.png
Data/Gfx/TimeDigits.png
.png
Data/Gfx/TotemBase.tga
Data/Gfx/TotemContour.png
.png
Data/Gfx/TotemDark2.tga
Data/Gfx/TotemLights.png
.png
Data/Gfx/TotemShadows.jpg
.jpg
Data/Gfx/TotemShadows_alpha.jpg
.jpg
Data/Gfx/Treasury.jpg
.jpg
Data/Gfx/TreasuryElements.jpg
.jpg
Data/Gfx/TreasuryElements_alpha.jpg
.jpg
Data/Gfx/TreasuryMask.tga
Data/Gfx/TreasuryRays.jpg
.jpg
Data/Gfx/Trophies.jpg
.jpg
Data/Gfx/Trophies_alpha.jpg
.jpg
Data/Gfx/Twirl.tga
Data/Gfx/Unigem.tga
Data/Gfx/VSLogo.tga
Data/Gfx/Valley.jpg
.jpg .ps1 polyglot
Data/Gfx/ValleyCloud.jpg
.jpg
Data/Gfx/ValleyFlareRays.jpg
.jpg
Data/Gfx/ValleyFlareRays_alpha.jpg
.jpg
Data/Gfx/ValleyMask.jpg
.jpg
Data/Gfx/VioletGlowRays.tga
Data/Gfx/VioletTotem.png
.png
Data/Gfx/VioletTotemShop.png
.png
Data/Gfx/White.bmp
Data/Gfx/WhiteTotem.png
.png
Data/Gfx/WhiteTotemShop.png
.png
Data/Gfx/WinBack.png
.png
Data/Gfx/WinCorners.png
.png
Data/Gfx/WinSides.png
.png
Data/Gfx/YellowTotem.png
.png
Data/Gfx/YellowTotemShop.png
.png
Data/Lvl/Totem.lvl
Data/Lvl/l1.lvl
Data/Lvl/l10.lvl
Data/Lvl/l11.lvl
Data/Lvl/l2.lvl
Data/Lvl/l22.lvl
Data/Lvl/l30.lvl
Data/Lvl/l7.lvl
Data/Lvl/l9.lvl
Data/Sfx/AddLife.ogg
Data/Sfx/AdviserAct.ogg
Data/Sfx/AdviserGet.ogg
Data/Sfx/Background.ogg
Data/Sfx/Bad.ogg
Data/Sfx/BonusClick.ogg
Data/Sfx/BonusDrop.ogg
Data/Sfx/BonusStar.ogg
Data/Sfx/ChainOut.ogg
Data/Sfx/ChainOut_s.ogg
Data/Sfx/Click.ogg
Data/Sfx/Clock.ogg
Data/Sfx/Combo2.ogg
Data/Sfx/Combo3.ogg
Data/Sfx/Combo4.ogg
Data/Sfx/Combo5.ogg
Data/Sfx/Combo6.ogg
Data/Sfx/Combo7.ogg
Data/Sfx/Door.ogg
Data/Sfx/Drop.ogg
Data/Sfx/EndLevel.ogg
Data/Sfx/Explode.ogg
Data/Sfx/Explode2.ogg
Data/Sfx/Flare.ogg
Data/Sfx/Flash.ogg
Data/Sfx/GemBar.ogg
Data/Sfx/GemIn.ogg
Data/Sfx/GemOut.ogg
Data/Sfx/GoodClick.ogg
Data/Sfx/Hint.ogg
Data/Sfx/LifeLost.ogg
Data/Sfx/LifeLostBack.ogg
Data/Sfx/MouseOver.ogg
Data/Sfx/Multiplier.ogg
Data/Sfx/Museum.ogg
Data/Sfx/NewLevel.ogg
Data/Sfx/Ogg.lst
Data/Sfx/ScoreFrenzy.ogg
Data/Sfx/Select.ogg
Data/Sfx/SelectSteel.ogg
Data/Sfx/Solidarity.ogg
Data/Sfx/SolidarityRedir.ogg
Data/Sfx/TNT.ogg
Data/Sfx/Terminator0.ogg
Data/Sfx/Terminator0_s.ogg
Data/Sfx/Terminator1.ogg
Data/Sfx/Terminator2.ogg
Data/Sfx/TerminatorSteel.ogg
Data/Sfx/Tick.ogg
Data/Sfx/TickLoop.ogg
Data/Sfx/TimeAdd.ogg
Data/Sfx/TotemBlue1.ogg
Data/Sfx/TotemBlue2.ogg
Data/Sfx/TotemBlue3.ogg
Data/Sfx/TotemEye.ogg
Data/Sfx/TotemGreen1.ogg
Data/Sfx/TotemGreen2.ogg
Data/Sfx/TotemOrange.ogg
Data/Sfx/TotemRed1.ogg
Data/Sfx/TotemRed2.ogg
Data/Sfx/TotemViolet.ogg
Data/Sfx/TotemWhite1.ogg
Data/Sfx/TotemWhite2.ogg
Data/Sfx/TotemYellow1.ogg
Data/Sfx/TotemYellow2.ogg
Data/Sfx/Treasure.ogg
Data/Sfx/Trophy.ogg
Data/Sfx/Upgrade.ogg
Data/Sfx/Vol.cfg
Data/Sfx/Warning.ogg
Data/Sfx/Win.ogg
Data/Sfx/Wrong.ogg
Data/Txt/Shop.txt
Data/Txt/Story.txt
Data/Txt/Strings.txt
Data/Txt/Trophies.txt
Music/bonuslevel.ogg
Music/gameplay1.ogg
Music/gameplay2.ogg
Music/gameplay3.ogg
Music/mainmenu.ogg
Music/storyline.ogg
Register.ico
Registrator.ini
TheTreasuresofMontezuma.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 76KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 26KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 150KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
appname.txt
bass.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_Apply3D
BASS_ChannelBytes2Seconds
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttributes
BASS_ChannelGetData
BASS_ChannelGetDevice
BASS_ChannelGetEAXMix
BASS_ChannelGetInfo
BASS_ChannelGetLevel
BASS_ChannelGetPosition
BASS_ChannelIsActive
BASS_ChannelIsSliding
BASS_ChannelPause
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelResume
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttributes
BASS_ChannelSetDSP
BASS_ChannelSetEAXMix
BASS_ChannelSetFX
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelSlideAttributes
BASS_ChannelStop
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXSetParameters
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetConfig
BASS_GetDSoundObject
BASS_GetDevice
BASS_GetDeviceDescription
BASS_GetEAXParameters
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_MusicFree
BASS_MusicGetLength
BASS_MusicGetName
BASS_MusicGetVolume
BASS_MusicLoad
BASS_MusicPlay
BASS_MusicPlayEx
BASS_MusicPreBuf
BASS_MusicSetAmplify
BASS_MusicSetPanSep
BASS_MusicSetPositionScaler
BASS_MusicSetVolume
BASS_Pause
BASS_RecordFree
BASS_RecordGetDevice
BASS_RecordGetDeviceDescription
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetDevice
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleCreateDone
BASS_SampleFree
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SamplePlay
BASS_SamplePlay3D
BASS_SamplePlay3DEx
BASS_SamplePlayEx
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetConfig
BASS_SetDevice
BASS_SetEAXParameters
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateFileUser
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamGetLength
BASS_StreamGetTags
BASS_StreamPlay
BASS_StreamPreBuf
BASS_Update
_

Sections

Size: 90KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 568B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
partner.ini
wdata/content/settings.xml
.xml

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 2.4MB

.rsrc Size: 293KB - Virtual size: 293KB

08b0635362e7aeb50569ca1a61d5a13f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 571B

.rdata Size: 1024B - Virtual size: 551B

.data Size: - Virtual size: 16B

.reloc Size: 512B - Virtual size: 210B

cbc66eb3222e3fcdbee2e18ba7195f5e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 24KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 1KB - Virtual size: 1KB

836f4951fb4175e54bfc7d7dac9c4c85

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 7KB - Virtual size: 6KB

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 2.4MB

.rsrc
Size: 293KB - Virtual size: 293KB

.text
Size: 1024B - Virtual size: 571B

.rdata
Size: 1024B - Virtual size: 551B

.data
Size: - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 210B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 24KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 9KB - Virtual size: 15KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

.text
Size: 137KB - Virtual size: 136KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 6KB

61:02:92:4a:00:00:00:00:00:20
Certificate

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

40:6c:7f:d9:b4:d2:23:23:98:21:06:49:cf:49:02:55:a6:dd:95:29
Signer