0e689a414f0b476b20f3d981768864f0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0e689a414f0b476b20f3d981768864f0_JaffaCakes118
Size

2.2MB
MD5

0e689a414f0b476b20f3d981768864f0
SHA1

1457addfbaf63febc71c81e5e508cc11d7aeabd5
SHA256

3b96f2aeddc3304f2abc1a03a307123a07ea58d1e467701fb07ea1f46fe69e8b
SHA512

14fcf458c57f5892c6fb43159b9fe6b569f356cf427e1a5c4ce5c3b349913bbe1105ba7bc5d16dc43f19a59411667b962f18eb807003e18eeb2a64cdac28bede
SSDEEP

49152:X6jIR8OmweSRHCLdBrqAHn0qTGW8G7FvzR+0id9HJxUYzbEq:q0DRHQBuVG7FPi/JxUGEq

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallerLibrary.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/ValidationScriptLibrary.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/nsDialogs.dll
unpack001/CaliforniaFontLibrary.dll
unpack001/CaliforniaFonts.exe
unpack001/Ionic.Zip.Reduced.dll
unpack001/freetype6.dll
unpack001/zlib1.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/CAFontInstaller.exe	nsis_installer_1
static1/unpack001/CAFontInstaller.exe	nsis_installer_2

Files

0e689a414f0b476b20f3d981768864f0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b6:96:a8:82:9d:c1:e0:48:62:36:af:86:c6:dc:0b:70
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

20/02/2012, 00:00

Not After

19/02/2015, 23:59

Subject

CN=SqueakyChocolate,O=SqueakyChocolate,POSTALCODE=92064,STREET=12902 Dorathea Terrace,L=Poway,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:f7:98:81:ef:c3:aa:14:9b:f8:12:b2:f4:c5:ac:0e:49:c1:c5:0b
Signer

Actual PE Digest

44:f7:98:81:ef:c3:aa:14:9b:f8:12:b2:f4:c5:ac:0e:49:c1:c5:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$DOCUMENTS/California Fonts/Fonts/Cybertron_Metals/Cybertron Metals.TTF
$DOCUMENTS/California Fonts/Fonts/chromeye/CHROY___.TTF
$DOCUMENTS/California Fonts/Fonts/collegiate10/Readme.txt
$DOCUMENTS/California Fonts/Fonts/collegiate10/SF Collegiate Italic.ttf
$DOCUMENTS/California Fonts/Fonts/collegiate10/SF Collegiate Sample.jpg
.jpg
$DOCUMENTS/California Fonts/Fonts/collegiate10/SF Collegiate Solid Bold Italic.ttf
$DOCUMENTS/California Fonts/Fonts/collegiate10/SF Collegiate Solid Bold.ttf
$DOCUMENTS/California Fonts/Fonts/collegiate10/SF Collegiate Solid Italic.ttf
$DOCUMENTS/California Fonts/Fonts/collegiate10/SF Collegiate Solid.ttf
$DOCUMENTS/California Fonts/Fonts/collegiate10/SF Collegiate.ttf
$DOCUMENTS/California Fonts/Fonts/comic/COMIC6.TTF
$DOCUMENTS/California Fonts/Fonts/comic/comic.txt
$DOCUMENTS/California Fonts/Fonts/daisy/daisy.ttf
$DOCUMENTS/California Fonts/Fonts/force/FORCE3.TTF
$DOCUMENTS/California Fonts/Fonts/force/force.txt
$DOCUMENTS/California Fonts/Fonts/fragilebombers/FRAGILEB.TTF
$DOCUMENTS/California Fonts/Fonts/fragilebombers/Read_Me.txt
$DOCUMENTS/California Fonts/Fonts/freebooterscript/FREEBSCA.ttf
$DOCUMENTS/California Fonts/Fonts/freebooterscript/FREEBSC_.ttf
$DOCUMENTS/California Fonts/Fonts/humanoid/!pizzadude.txt
$DOCUMENTS/California Fonts/Fonts/humanoid/HUMANOI0.TTF
$DOCUMENTS/California Fonts/Fonts/humanoid/HUMANOID.TTF
$DOCUMENTS/California Fonts/Fonts/hurryup/HURRYUP.TTF
$DOCUMENTS/California Fonts/Fonts/hurryup/Read_Me.txt
$DOCUMENTS/California Fonts/Fonts/hypersonic/!pizzadude.txt
$DOCUMENTS/California Fonts/Fonts/hypersonic/Hypersonic.ttf
$DOCUMENTS/California Fonts/Fonts/knuckled/KNUCKLED.TTF
$DOCUMENTS/California Fonts/Fonts/knuckled/READ_ME.TXT
$DOCUMENTS/California Fonts/Fonts/oakwood/OAKWOOD_.TTF
$DOCUMENTS/California Fonts/Fonts/oakwood/README.TXT
$DOCUMENTS/California Fonts/Fonts/stoneybilly/STONB___.TTF
$DOCUMENTS/California Fonts/Fonts/stoneybilly/readme.txt
$DOCUMENTS/California Fonts/Fonts/twinkle/Twinkle.ttf
$DOCUMENTS/California Fonts/Fonts/walter/WALTER__.TTF
$PLUGINSDIR/GaStatsPope.dll
.dll regsvr32 windows:5 windows x86 arch:x86

549dcd11cff61afba238da487c91ea2b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b6:96:a8:82:9d:c1:e0:48:62:36:af:86:c6:dc:0b:70
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

20/02/2012, 00:00

Not After

19/02/2015, 23:59

Subject

CN=SqueakyChocolate,O=SqueakyChocolate,POSTALCODE=92064,STREET=12902 Dorathea Terrace,L=Poway,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:f3:e8:80:44:5f:ef:94:b4:84:d3:47:2a:52:42:d5:a3:cd:f6:14
Signer

Actual PE Digest

5a:f3:e8:80:44:5f:ef:94:b4:84:d3:47:2a:52:42:d5:a3:cd:f6:14

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Anders\Documents\OC-Trunk\pins\GAStats\GaStats\Release\GaStatsPope.pdb

Imports

kernel32

RaiseException
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetProcAddress
GetModuleHandleW
OutputDebugStringW
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
SetThreadLocale
GetThreadLocale
WideCharToMultiByte
FlushFileBuffers
CloseHandle
GetTempFileNameW
GetTempPathW
DeleteFileW
GetUserDefaultUILanguage
GetLocaleInfoW
FindResourceExW
FindResourceW
LoadResource
LockResource
lstrcmpiW
SizeofResource
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetSystemTimeAsFileTime
RtlUnwind
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
ExitProcess
VirtualFree
VirtualAlloc
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetFilePointer
GetConsoleCP
GetConsoleMode

user32

GetWindowDC
CharNextW
GetDesktopWindow

gdi32

GetDeviceCaps

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

ole32

CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

SysFreeString
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen

urlmon

URLDownloadToFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
GaRequestA
GaRequestRawA
GaRequestRawW
GaRequestW

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallerLibrary.dll
.dll windows:5 windows x86 arch:x86

2cabd33e81fde7d850f84108b5a35cdf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW

kernel32

WriteConsoleW
SetStdHandle
HeapReAlloc
IsValidLocale
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
LoadLibraryW
lstrlenW
FindFirstFileW
SystemTimeToFileTime
GetTickCount
GetFileAttributesW
MultiByteToWideChar
FindNextFileW
GetSystemTime
CreateThread
GetModuleFileNameW
GetProcAddress
InterlockedCompareExchange
WriteFile
Sleep
CreateFileA
GetLocalTime
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
GetLastError
lstrlenA
LocalFree
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
ReadFile
GetStartupInfoW
GetFileType
SetEndOfFile
CreateFileW
GetProcessHeap
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetStdHandle
SetLastError
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
HeapDestroy
HeapCreate
ExitProcess
GetModuleHandleW
HeapSize
TlsFree
TlsSetValue
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
GetCommandLineA
RtlUnwind
RaiseException
GetCPInfo
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
TlsGetValue

user32

DefWindowProcW
CreateWindowExW
SetWindowLongW
GetWindowLongW
RegisterClassExW
MessageBoxA
SetFocus
BringWindowToTop
ShowWindow
SendMessageW
UpdateWindow
CallWindowProcW
DestroyWindow
GetWindowRect
wsprintfW
GetClientRect

advapi32

RegOpenKeyExW
RegCloseKey

ole32

OleCreate
OleUninitialize
OleInitialize
OleSetContainedObject

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

shlwapi

PathRemoveFileSpecW

Exports

Exports

AreOffersLoaded
Back
GetAcceptedOfferCount
GetErrorMessages
GetInstallerDetails
GetInstallerFiles
GetRecentlyInstalledPrograms
GetRejectedOfferCount
GetRejectedOfferDetails
Initialize
IsNetworkIncluded
IsOfferPartOfGroup
IsOfferReady
LoadOffers
Next
NextState
OfferInfo
ShowLoading
ShowOffer
Skip
SkipAll

Sections

.text
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:5 windows x86 arch:x86

e981c0ab92cb1f191bb5e23392e14796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrlenW
GlobalAlloc
lstrcmpW
GetModuleHandleW
MulDiv
lstrcpyW
lstrcpynW

user32

SetWindowTextW
SetDlgItemTextW
EndDialog
SendDlgItemMessageW
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/OCSetupHlp.dll
.dll regsvr32 windows:5 windows x86 arch:x86

93bd1585ffbc730c763e71e0c6c896b3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6f:fc:26:3a:35:11:34:19:4c:f1:6e:1e:6d:0e:08:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/01/2011, 00:00

Not After

14/03/2014, 23:59

Subject

CN=OpenCandy Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=OpenCandy Inc.,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:02:08:f4:30:de:4c:b0:15:1a:3f:0d:db:fe:0e:45:75:58:a6:a8
Signer

Actual PE Digest

59:02:08:f4:30:de:4c:b0:15:1a:3f:0d:db:fe:0e:45:75:58:a6:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetErrorMode
GetFileAttributesW
CreateFileW
GetFileSize
GetCurrentProcessId
GetEnvironmentVariableW
FindFirstFileW
FindNextFileW
FindClose
ReadFile
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetTickCount
GetTempPathW
DeleteFileW
WriteFile
ProcessIdToSessionId
HeapAlloc
GetProcessHeap
HeapFree
CreateDirectoryW
ExpandEnvironmentStringsW
WaitForSingleObject
OutputDebugStringW
CreateMutexW
OpenMutexW
ReleaseMutex
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
OpenFileMappingW
GetShortPathNameW
SetFilePointer
CreateEventW
GlobalFree
ResumeThread
FreeResource
SetEvent
ResetEvent
GetCurrentThread
CreateProcessW
MoveFileExW
OpenEventW
lstrlenA
WideCharToMultiByte
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetExitCodeProcess
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetFullPathNameW
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
DeleteCriticalSection
GetCurrentDirectoryA
CreateFileA
lstrcmpiW
GetProcAddress
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
FlushFileBuffers
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
LCMapStringA
ExitProcess
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
RtlUnwind
GetDriveTypeW
GetFileType
GetConsoleMode
GetConsoleCP
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
GetCommandLineA
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
FindResourceA
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
GetFileAttributesExW
CompareFileTime
GetVersion
GetTempFileNameW
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
CreateSemaphoreW
GetSystemInfo
GetVersionExW
FileTimeToSystemTime
GetSystemDefaultLCID
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
GetThreadLocale
GetLastError
SetThreadLocale
MultiByteToWideChar
GetModuleFileNameW
InitializeCriticalSection
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
GlobalUnlock
GlobalLock
GlobalAlloc
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CloseHandle
OpenProcess
GetUserDefaultUILanguage
GetLocaleInfoW
FreeLibrary
LoadLibraryW
MulDiv
lstrlenW
lstrcpynW
SetLastError
RaiseException
Sleep
CreateThread
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess

psapi

GetProcessImageFileNameW
EnumProcesses

ws2_32

select
WSACleanup
WSAStartup
closesocket
WSAGetLastError
socket
recv
send
getsockname
ntohs
bind
htons
getsockopt
getpeername
setsockopt
connect
WSASetLastError
__WSAFDIsSet
gethostname
freeaddrinfo
ioctlsocket
getaddrinfo

msimg32

AlphaBlend

shlwapi

PathMatchSpecW

user32

DestroyMenu
SetActiveWindow
DestroyCursor
SetCursor
FindWindowW
PeekMessageW
MsgWaitForMultipleObjects
GetWindow
TrackPopupMenu
ReleaseCapture
DrawFocusRect
UnregisterClassA
GetCursor
NotifyWinEvent
SetWindowLongW
GetWindowLongW
DefWindowProcW
CallWindowProcW
DestroyWindow
LoadCursorW
IsWindow
GetDesktopWindow
MonitorFromWindow
GetUpdateRect
SetRect
CreateDialogParamW
GetSystemMetrics
CallNextHookEx
UnhookWindowsHookEx
SystemParametersInfoW
SetWindowsHookExW
DrawIconEx
GetIconInfo
SetMenuItemInfoW
IsWindowVisible
SetForegroundWindow
SetDlgItemTextW
SendDlgItemMessageW
PostQuitMessage
KillTimer
SetTimer
PostMessageW
GetWindowTextLengthW
GetWindowTextW
EnumChildWindows
EnumWindows
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetSysColor
GetSysColorBrush
GetDC
SendMessageW
SetFocus
GetForegroundWindow
TrackMouseEvent
InvalidateRect
GetClientRect
BeginPaint
EnableMenuItem
GetSystemMenu
EnableWindow
LoadImageW
MessageBoxW
MapWindowPoints
GetParent
CharNextW
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetWindowThreadProcessId
SetWindowPos
SetWindowTextW
LoadIconW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
GetDlgItem
ShowWindow
ReleaseDC
DrawTextW
FillRect
GetAsyncKeyState
CopyRect
GetMonitorInfoW
MonitorFromPoint
MoveWindow
GetWindowRect
GetAncestor
DrawFrameControl
PtInRect
ScreenToClient
GetCursorPos
EndPaint
IntersectRect

gdi32

SetViewportOrgEx
CreateCompatibleDC
DeleteObject
BitBlt
SetBkMode
SetTextColor
GetDeviceCaps
DeleteDC
CreateFontIndirectW
CreateSolidBrush
GetStockObject
GetTextExtentPoint32W
GetObjectW
CreatePatternBrush
SetBkColor
DPtoLP
CreateCompatibleBitmap
ExtTextOutW
CreateDIBSection
SelectObject
GdiFlush

advapi32

RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
OpenProcessToken
GetTokenInformation
DuplicateTokenEx
LookupAccountSidW
CreateProcessAsUserW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW

shell32

Shell_NotifyIconW
SHGetFolderPathW
ShellExecuteW

ole32

CoInitializeSecurity
CreateStreamOnHGlobal
CLSIDFromProgID
CoInitialize
CoUninitialize
CoSetProxyBlanket
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoCreateGuid
CoTaskMemAlloc
StringFromGUID2
CoTaskMemRealloc

oleaut32

LoadTypeLi
UnRegisterTypeLi
VarUI4FromStr
RegisterTypeLi
SysFreeString
SysStringLen
VariantClear
SysAllocStringLen
VariantChangeType
LoadRegTypeLi
OleLoadPicture
SysAllocString
VariantInit

comctl32

InitCommonControlsEx

uxtheme

DrawThemeBackground
OpenThemeData
CloseThemeData

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromFile
GdipCloneImage
GdipDrawImagePointRectI
GdipDrawImageRectRect

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW

wininet

InternetQueryOptionW
InternetGetConnectedStateExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
OCPID742OpenCandy1
OCPID742OpenCandy10
OCPID742OpenCandy11
OCPID742OpenCandy12
OCPID742OpenCandy13
OCPID742OpenCandy14
OCPID742OpenCandy15
OCPID742OpenCandy16
OCPID742OpenCandy17
OCPID742OpenCandy18
OCPID742OpenCandy19
OCPID742OpenCandy20
OCPID742OpenCandy21
OCPID742OpenCandy22
OCPID742OpenCandy23
OCPID742OpenCandy24
OCPID742OpenCandy29
OCPID742OpenCandy30
OCPID742OpenCandy31
OCPID742OpenCandy32
OCPID742OpenCandy33
OCPID742OpenCandy34
OCPID742OpenCandy35
OCPID742OpenCandy36
OCPID742OpenCandy37
OCPID742OpenCandy38
OCPID742OpenCandy39
OCPID742OpenCandy40
OCPID742OpenCandy41
OCPID742OpenCandy42
OCPID742OpenCandy44
OCPID742OpenCandy45
OCPID742OpenCandy46
OCPID742OpenCandy47
OCPID742OpenCandy48
OCPID742OpenCandy49
OCPID742OpenCandy5
OCPID742OpenCandy50
OCPID742OpenCandy51
OCPID742OpenCandy52
OCPID742OpenCandy53
OCPID742OpenCandy54
OCPID742OpenCandy55
OCPID742OpenCandy56
OCPID742OpenCandy57
OCPID742OpenCandy58
OCPID742OpenCandy59
OCPID742OpenCandy6
OCPID742OpenCandy60
OCPID742OpenCandy61
OCPID742OpenCandy62
OCPID742OpenCandy64
OCPID742OpenCandy65
OCPID742OpenCandy7
OCPID742OpenCandy8
OCPID742OpenCandy9
_GET_IS_REQUIRED_63
_OCPID742OpenCandy2@16
_OCPID742OpenCandy3@16
_OCPID742OpenCandy43@16
_OCPID742OpenCandy4@16

Sections

.text
Size: 579KB - Virtual size: 579KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ValidationScriptLibrary.dll
.dll windows:5 windows x86 arch:x86

541c8f7ed69d2fba6eb89fd392842c4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\PopaJar\Installers\ValidationScriptLibrary.pdb

Imports

shlwapi

PathFindFileNameW

kernel32

FindNextFileW
GetTempPathA
ExpandEnvironmentStringsA
WideCharToMultiByte
MultiByteToWideChar
WriteFile
GetTempFileNameA
CreateFileW
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
WriteConsoleW
SetStdHandle
GetFileAttributesA
FindFirstFileW
CreateFileA
SetEndOfFile
Sleep
UnhandledExceptionFilter
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
CompareStringW
TerminateProcess
GetCurrentProcess
GetProcessHeap
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
ExitProcess
ReadFile
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetModuleFileNameW
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetLocaleInfoW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW

user32

wsprintfW

advapi32

RegEnumValueA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey

shell32

FindExecutableA

Exports

Exports

Validate
ValidateFile

Sections

.text
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

917ae9b9adb269abd5543f5bf5676bac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
wcsrchr
wcstoul
memset
wcsstr
wcstol

kernel32

DeleteFileW
WideCharToMultiByte
CreateFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleW
MulDiv
lstrcpyW
GlobalAlloc
LoadLibraryW
GetProcAddress
lstrcmpiW
lstrlenW
WriteFile
ReadFile
lstrcmpW
lstrcpynW
GetLastError
CreateFileW
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatW
GetFileSize

user32

MessageBoxW
GetParent
ShowWindow
SetWindowLongW
IsWindow
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
PostMessageW
GetWindowTextW
SendMessageW
SetDlgItemTextW
SetWindowPos
SystemParametersInfoW
GetClientRect
GetWindowRect
SetTimer
LoadIconW
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
IsWindowVisible
EnableWindow
CreateDialogParamW
FindWindowExW
wsprintfA
wsprintfW
GetWindowLongW

wininet

HttpSendRequestW
HttpSendRequestExW
HttpQueryInfoW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestW
HttpAddRequestHeadersW
HttpEndRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CFLicense.txt
$TEMP/iman.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b6:96:a8:82:9d:c1:e0:48:62:36:af:86:c6:dc:0b:70
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

20/02/2012, 00:00

Not After

19/02/2015, 23:59

Subject

CN=SqueakyChocolate,O=SqueakyChocolate,POSTALCODE=92064,STREET=12902 Dorathea Terrace,L=Poway,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

74:61:e5:52:fb:34:83:a3:d1:58:56:27:ec:b6:fa:bb:5a:1c:6f:92
Signer

Actual PE Digest

74:61:e5:52:fb:34:83:a3:d1:58:56:27:ec:b6:fa:bb:5a:1c:6f:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.data
.rdata
.reloc
.rsrc/DIALOG/105
.rsrc/DIALOG/106
.rsrc/DIALOG/111
.rsrc/GROUP_ICON/103
.rsrc/ICON/1.ico
.rsrc/MANIFEST/1
.xml
.text
CERTIFICATE
[0]
[1]
$TEMP/oc_license.txt
CAFontInstaller.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:81:cf:f7:9b:d7:45:3d:57:d7:5e:66:55:54:ac:94
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

22/03/2011, 00:00

Not After

21/03/2012, 23:59

Subject

CN=The Scone Company\, LLC,O=The Scone Company\, LLC,POSTALCODE=92064,STREET=12902 Dorathea Terrace,L=Poway,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f1:9f:e7:0b:65:ab:fd:76:88:43:4f:5b:6f:b8:ff:9c:d0:cd:ee:7e
Signer

Actual PE Digest

f1:9f:e7:0b:65:ab:fd:76:88:43:4f:5b:6f:b8:ff:9c:d0:cd:ee:7e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/OCSetupHlp.dll
.dll regsvr32 windows:5 windows x86 arch:x86

0615854a8bf9998cbbbcc756d6e6d4bf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:fc:26:3a:35:11:34:19:4c:f1:6e:1e:6d:0e:08:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/01/2011, 00:00

Not After

14/03/2014, 23:59

Subject

CN=OpenCandy Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=OpenCandy Inc.,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fa:67:b8:0f:ab:c9:e6:3f:4b:9a:fd:66:3b:cc:77:50:ec:41:51:61
Signer

Actual PE Digest

fa:67:b8:0f:ab:c9:e6:3f:4b:9a:fd:66:3b:cc:77:50:ec:41:51:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
CreateFileW
GetFileSize
GetCurrentProcessId
GetEnvironmentVariableW
FindFirstFileW
FindNextFileW
FindClose
ReadFile
GetTimeZoneInformation
WaitForSingleObject
OutputDebugStringW
WriteFile
DeleteFileW
GetCurrentThreadId
SetLastError
GetCurrentProcess
FlushInstructionCache
ExpandEnvironmentStringsW
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
OpenFileMappingW
CreateMutexW
OpenMutexW
ReleaseMutex
CreateDirectoryW
GetShortPathNameW
GetTempPathW
SetFilePointer
GetTickCount
CreateEventW
SetEvent
CreateProcessW
MoveFileExW
GlobalUnlock
GlobalLock
GlobalAlloc
Process32NextW
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetFileAttributesA
CreateProcessA
GetExitCodeProcess
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetFullPathNameW
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
Process32FirstW
CreateToolhelp32Snapshot
WriteConsoleA
GetCurrentDirectoryA
CreateFileA
CloseHandle
GetFileInformationByHandle
GetFullPathNameA
FlushFileBuffers
GetModuleHandleA
SetErrorMode
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
LCMapStringA
ExitProcess
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
RtlUnwind
GetDriveTypeW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
GetConsoleMode
GetConsoleCP
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
GetCommandLineA
ExitThread
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
HeapFree
HeapAlloc
GetProcessHeap
FindResourceA
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
GetFileAttributesExW
CompareFileTime
FileTimeToSystemTime
GetVersion
GetSystemInfo
GetVersionExW
GetTempFileNameW
GlobalFree
ReleaseSemaphore
ResumeThread
InitializeCriticalSectionAndSpinCount
CreateSemaphoreW
GetSystemDefaultLCID
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
lstrlenA
WideCharToMultiByte
OpenProcess
GetUserDefaultUILanguage
GetLocaleInfoW
FreeLibrary
LoadLibraryW
DeleteCriticalSection
lstrcmpiW
EnterCriticalSection
GetProcAddress
GetThreadLocale
GetLastError
SetThreadLocale
RaiseException
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
QueryPerformanceCounter
LoadLibraryExW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
Sleep
PeekNamedPipe
CreateThread

psapi

EnumProcesses
GetProcessImageFileNameW

ws2_32

WSACleanup
WSAStartup
closesocket
WSAGetLastError
gethostname
ioctlsocket
getaddrinfo
freeaddrinfo
select
__WSAFDIsSet
WSASetLastError
connect
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv
socket

msimg32

AlphaBlend

shlwapi

PathMatchSpecW

user32

IsWindow
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
GetCursor
ReleaseCapture
TrackPopupMenu
GetCursorPos
DestroyWindow
PostMessageW
PostQuitMessage
KillTimer
UnregisterClassA
GetForegroundWindow
DestroyMenu
NotifyWinEvent
FindWindowW
GetParent
GetAncestor
SetFocus
CreateDialogParamW
LoadImageW
GetSystemMetrics
CallNextHookEx
UnhookWindowsHookEx
SystemParametersInfoW
SetWindowsHookExW
DrawTextW
ScreenToClient
SetMenuItemInfoW
IsWindowVisible
SetForegroundWindow
SetCursor
ClientToScreen
GetWindowRect
SendDlgItemMessageW
EnableMenuItem
GetSystemMenu
EnableWindow
SetDlgItemTextW
MessageBoxW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
GetDesktopWindow
CharNextW
FillRect
InvalidateRect
GetAsyncKeyState
EndPaint
BeginPaint
DrawFocusRect
ReleaseDC
GetDC
GetSysColorBrush
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetWindowThreadProcessId
SetWindowPos
MoveWindow
GetClientRect
SetWindowTextW
SendMessageW
LoadIconW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
GetDlgItem
ShowWindow
EnumWindows
EnumChildWindows
GetWindowTextW
GetWindowTextLengthW
SetTimer

gdi32

CreateSolidBrush
SetViewportOrgEx
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32W
SelectObject
CreateDIBSection
SetBkMode
SetTextColor
CreateFontIndirectW
GetObjectW
DeleteObject
DeleteDC
GetDeviceCaps
GetStockObject
GdiFlush

advapi32

RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegSetValueExW
RegDeleteValueA
LookupPrivilegeValueW
RegDeleteValueW
AdjustTokenPrivileges
OpenProcessToken
DuplicateTokenEx
GetUserNameW
RegEnumKeyW

shell32

SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteW

ole32

CoUninitialize
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemAlloc
CoCreateGuid
StringFromGUID2
CoTaskMemRealloc
CoInitialize
CoCreateInstance
CLSIDFromProgID
CoTaskMemFree

oleaut32

VariantClear
LoadRegTypeLi
SysAllocStringLen
SysFreeString
RegisterTypeLi
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysAllocString

comctl32

InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW

wininet

InternetQueryOptionW
InternetGetConnectedStateExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
OCPRD323CanLeaveOfferPage
OCPRD323CleanupProduct
OCPRD323Detach
OCPRD323FindGuidAndRunDialog
OCPRD323FindGuidAndRunDialogA
OCPRD323GetAsyncOfferStatus
OCPRD323GetBannerInfo
OCPRD323GetBannerInfoW
OCPRD323GetMsg
OCPRD323GetNoCandy
OCPRD323GetOfferState
OCPRD323GetOfferType
OCPRD323Init2A
OCPRD323Init2W
OCPRD323InnoAdjust
OCPRD323InnoRestore
OCPRD323InstallShieldAdjust
OCPRD323LoadOpenCandyDLL
OCPRD323LogDevModeMessage
OCPRD323LogDevModeMessageW
OCPRD323NSISAdjust
OCPRD323PreInit
OCPRD323PrepareDownload
OCPRD323RunDialog
OCPRD323SetCmdLineValues
OCPRD323SetCmdLineValuesW
OCPRD323SetCustomBrushColor
OCPRD323SetCustomBrushColorW
OCPRD323SetNoCandy
OCPRD323SetOCOfferEnabled
OCPRD323SetOfferData
OCPRD323SetOfferLocation
OCPRD323SetUseDefaultColorBkGrnd
OCPRD323Shutdown
OCPRD323SignalProductFailed
OCPRD323SignalProductInstalled
OCPRD323StartDLMgr2Download
OCPRD323StartDLMgr2DownloadRunasAdmin
_OCPRD323DLMgr2Check@16
_OCPRD323Display@16
_OCPRD323DownloadMgr2RecycleOffer@12
_OCPRD323MgrCheck@16
_OCPRD323MgrExec@16
_OCPRD323RestartDll@16
_OCPRD323RestartDllAsAdmin@16
_OCPRD323RunOpenCandyDLL@16

Sections

.text
Size: 507KB - Virtual size: 506KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CaliforniaFontLibrary.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Anders\Documents\Visual Studio 2008\Projects\CaliforniaFontsLibrary\CaliforniaFontLibrary\obj\Release\CaliforniaFontLibrary.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CaliforniaFonts.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Anders\Documents\Visual Studio 2008\Projects\CaliforniaFonts\CaliforniaFonts\obj\Release\CaliforniaFonts.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 420KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CaliforniaFonts.exe.config
FontRenderer2.dll
.dll windows:5 windows x86 arch:x86

20208f29f271156d3a25013a27c72162

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:81:cf:f7:9b:d7:45:3d:57:d7:5e:66:55:54:ac:94
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

22/03/2011, 00:00

Not After

21/03/2012, 23:59

Subject

CN=The Scone Company\, LLC,O=The Scone Company\, LLC,POSTALCODE=92064,STREET=12902 Dorathea Terrace,L=Poway,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

59:43:ac:01:1e:1b:dc:d5:57:aa:f6:d4:7f:9e:43:e4:77:9b:87:60
Signer

Actual PE Digest

59:43:ac:01:1e:1b:dc:d5:57:aa:f6:d4:7f:9e:43:e4:77:9b:87:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Anders\Documents\Visual Studio 2008\Projects\FontRenderer2\FontRenderer2\Release\FontRenderer2.pdb

Imports

freetype6

FT_Done_FreeType
FT_Done_Face
FT_Get_Postscript_Name
FT_New_Face
FT_Init_FreeType

user32

DrawTextW
MessageBoxW

gdi32

SetBkMode
SelectObject
CreateFontIndirectW
SelectClipRgn

msvcr90

free
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_malloc_crt
_encode_pointer
mbstowcs_s
wcstombs_s
_encoded_null

kernel32

GetTickCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
IsDebuggerPresent
QueryPerformanceCounter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentProcess

Exports

Exports

GetFontInfo
RenderText
TestMe

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 406B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ionic.Zip.Reduced.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\v1.9.1.5\DotNetZip\Zip Reduced\obj\Release\Ionic.Zip.Reduced.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
freetype6.dll
.dll windows:4 windows x86 arch:x86

9d7a601444e23b205a1b396d770ef699

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

zlib1

inflate
inflateEnd
inflateInit2_
inflateReset

kernel32

AddAtomA
FindAtomA
GetAtomNameA

msvcrt

__dllonexit
_assert
_errno
_setjmp
abort
atol
fclose
fflush
fopen
fread
free
fseek
ftell
longjmp
malloc
memchr
memcpy
memmove
memset
qsort
realloc
sprintf
strcat
strcmp
strncmp
strncpy
strrchr
strstr

Exports

Exports

DllGetVersion
FTC_CMapCache_Lookup
FTC_CMapCache_New
FTC_ImageCache_Lookup
FTC_ImageCache_LookupScaler
FTC_ImageCache_New
FTC_Manager_Done
FTC_Manager_LookupFace
FTC_Manager_LookupSize
FTC_Manager_New
FTC_Manager_RemoveFaceID
FTC_Manager_Reset
FTC_Node_Unref
FTC_SBitCache_Lookup
FTC_SBitCache_LookupScaler
FTC_SBitCache_New
FT_Activate_Size
FT_Add_Default_Modules
FT_Add_Module
FT_Angle_Diff
FT_Atan2
FT_Attach_File
FT_Attach_Stream
FT_Bitmap_Convert
FT_Bitmap_Copy
FT_Bitmap_Done
FT_Bitmap_Embolden
FT_Bitmap_New
FT_CMap_Done
FT_CMap_New
FT_CeilFix
FT_ClassicKern_Free
FT_ClassicKern_Validate
FT_Cos
FT_DivFix
FT_Done_Face
FT_Done_FreeType
FT_Done_Glyph
FT_Done_GlyphSlot
FT_Done_Library
FT_Done_Memory
FT_Done_Size
FT_Face_CheckTrueTypePatents
FT_Face_SetUnpatentedHinting
FT_FloorFix
FT_Get_BDF_Charset_ID
FT_Get_BDF_Property
FT_Get_CMap_Format
FT_Get_CMap_Language_ID
FT_Get_Char_Index
FT_Get_Charmap_Index
FT_Get_First_Char
FT_Get_Gasp
FT_Get_Glyph
FT_Get_Glyph_Name
FT_Get_Kerning
FT_Get_MM_Var
FT_Get_Module
FT_Get_Module_Interface
FT_Get_Multi_Master
FT_Get_Name_Index
FT_Get_Next_Char
FT_Get_PFR_Advance
FT_Get_PFR_Kerning
FT_Get_PFR_Metrics
FT_Get_PS_Font_Info
FT_Get_PS_Font_Private
FT_Get_Postscript_Name
FT_Get_Renderer
FT_Get_Sfnt_Name
FT_Get_Sfnt_Name_Count
FT_Get_Sfnt_Table
FT_Get_SubGlyph_Info
FT_Get_Track_Kerning
FT_Get_TrueType_Engine_Type
FT_Get_WinFNT_Header
FT_Get_X11_Font_Format
FT_GlyphLoader_Add
FT_GlyphLoader_CheckPoints
FT_GlyphLoader_CheckSubGlyphs
FT_GlyphLoader_CopyPoints
FT_GlyphLoader_CreateExtra
FT_GlyphLoader_Done
FT_GlyphLoader_New
FT_GlyphLoader_Prepare
FT_GlyphLoader_Reset
FT_GlyphLoader_Rewind
FT_GlyphSlot_Embolden
FT_GlyphSlot_Oblique
FT_GlyphSlot_Own_Bitmap
FT_Glyph_Copy
FT_Glyph_Get_CBox
FT_Glyph_Stroke
FT_Glyph_StrokeBorder
FT_Glyph_To_Bitmap
FT_Glyph_Transform
FT_Has_PS_Glyph_Names
FT_Init_FreeType
FT_Library_SetLcdFilter
FT_Library_Version
FT_List_Add
FT_List_Finalize
FT_List_Find
FT_List_Insert
FT_List_Iterate
FT_List_Remove
FT_List_Up
FT_Load_Char
FT_Load_Glyph
FT_Load_Sfnt_Table
FT_Lookup_Renderer
FT_Match_Size
FT_Matrix_Invert
FT_Matrix_Multiply
FT_MulDiv
FT_MulDiv_No_Round
FT_MulFix
FT_New_Face
FT_New_GlyphSlot
FT_New_Library
FT_New_Memory
FT_New_Memory_Face
FT_New_Size
FT_OpenType_Free
FT_OpenType_Validate
FT_Open_Face
FT_Outline_Check
FT_Outline_Copy
FT_Outline_Decompose
FT_Outline_Done
FT_Outline_Done_Internal
FT_Outline_Embolden
FT_Outline_GetInsideBorder
FT_Outline_GetOutsideBorder
FT_Outline_Get_BBox
FT_Outline_Get_Bitmap
FT_Outline_Get_CBox
FT_Outline_Get_Orientation
FT_Outline_New
FT_Outline_New_Internal
FT_Outline_Render
FT_Outline_Reverse
FT_Outline_Transform
FT_Outline_Translate
FT_Raccess_Get_DataOffsets
FT_Raccess_Get_HeaderInfo
FT_Raccess_Guess
FT_Remove_Module
FT_Render_Glyph
FT_Render_Glyph_Internal
FT_Request_Metrics
FT_Request_Size
FT_RoundFix
FT_Select_Charmap
FT_Select_Metrics
FT_Select_Size
FT_Set_Char_Size
FT_Set_Charmap
FT_Set_Debug_Hook
FT_Set_MM_Blend_Coordinates
FT_Set_MM_Design_Coordinates
FT_Set_Pixel_Sizes
FT_Set_Renderer
FT_Set_Transform
FT_Set_Var_Blend_Coordinates
FT_Set_Var_Design_Coordinates
FT_Sfnt_Table_Info
FT_Sin
FT_SqrtFixed
FT_Stream_Close
FT_Stream_EnterFrame
FT_Stream_ExitFrame
FT_Stream_ExtractFrame
FT_Stream_Free
FT_Stream_GetChar
FT_Stream_GetLong
FT_Stream_GetLongLE
FT_Stream_GetOffset
FT_Stream_GetShort
FT_Stream_GetShortLE
FT_Stream_New
FT_Stream_Open
FT_Stream_OpenGzip
FT_Stream_OpenLZW
FT_Stream_OpenMemory
FT_Stream_Pos
FT_Stream_Read
FT_Stream_ReadAt
FT_Stream_ReadChar
FT_Stream_ReadFields
FT_Stream_ReadLong
FT_Stream_ReadLongLE
FT_Stream_ReadOffset
FT_Stream_ReadShort
FT_Stream_ReadShortLE
FT_Stream_ReleaseFrame
FT_Stream_Seek
FT_Stream_Skip
FT_Stream_TryRead
FT_Stroker_BeginSubPath
FT_Stroker_ConicTo
FT_Stroker_CubicTo
FT_Stroker_Done
FT_Stroker_EndSubPath
FT_Stroker_Export
FT_Stroker_ExportBorder
FT_Stroker_GetBorderCounts
FT_Stroker_GetCounts
FT_Stroker_LineTo
FT_Stroker_New
FT_Stroker_ParseOutline
FT_Stroker_Rewind
FT_Stroker_Set
FT_Tan
FT_Trace_Get_Count
FT_Trace_Get_Name
FT_TrueTypeGX_Free
FT_TrueTypeGX_Validate
FT_Vector_From_Polar
FT_Vector_Length
FT_Vector_Polarize
FT_Vector_Rotate
FT_Vector_Transform
FT_Vector_Unit
TT_New_Context
TT_RunIns
ft_corner_is_flat
ft_corner_orientation
ft_debug_init
ft_glyphslot_alloc_bitmap
ft_glyphslot_free_bitmap
ft_glyphslot_set_bitmap
ft_highpow2
ft_mem_alloc
ft_mem_dup
ft_mem_free
ft_mem_qalloc
ft_mem_qrealloc
ft_mem_realloc
ft_mem_strcpyn
ft_mem_strdup
ft_module_get_service
ft_service_list_lookup
ft_synthesize_vertical_metrics
ft_validator_error
ft_validator_init
ft_validator_run

Sections

.text
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 208B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe.nsis
zlib1.dll
.dll windows:4 windows x86 arch:x86

6d4d29bd73030d9ea2c10c17cb1710df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
FindAtomA
GetAtomNameA

msvcrt

_fdopen
__dllonexit
_assert
_errno
_filelengthi64
_vsnprintf
abort
clearerr
fclose
fflush
fgetpos
fopen
fprintf
fputc
fread
free
fsetpos
fwrite
malloc
memcpy
memset
sprintf
strcat
strcpy
strerror

Exports

Exports

DllGetVersion
adler32
adler32_combine
compress
compress2
compressBound
crc32
crc32_combine
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzclearerr
gzclose
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetHeader
inflateInit2_
inflateInit_
inflatePrime
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
inflate_fast
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 208B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

b6:96:a8:82:9d:c1:e0:48:62:36:af:86:c6:dc:0b:70Certificate

Extended Key Usages

Key Usages

44:f7:98:81:ef:c3:aa:14:9b:f8:12:b2:f4:c5:ac:0e:49:c1:c5:0bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 2.9MB

.rsrc Size: 194KB - Virtual size: 193KB

.reloc Size: 4KB - Virtual size: 3KB

549dcd11cff61afba238da487c91ea2b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

b6:96:a8:82:9d:c1:e0:48:62:36:af:86:c6:dc:0b:70Certificate

Extended Key Usages

Key Usages

5a:f3:e8:80:44:5f:ef:94:b4:84:d3:47:2a:52:42:d5:a3:cd:f6:14Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

urlmon

Exports

Exports

Sections

.text Size: 81KB - Virtual size: 80KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 7KB

2cabd33e81fde7d850f84108b5a35cdf

Headers

DLL Characteristics

File Characteristics

Imports

wininet

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

b6:96:a8:82:9d:c1:e0:48:62:36:af:86:c6:dc:0b:70
Certificate

44:f7:98:81:ef:c3:aa:14:9b:f8:12:b2:f4:c5:ac:0e:49:c1:c5:0b
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 2.9MB

.rsrc
Size: 194KB - Virtual size: 193KB

.reloc
Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

b6:96:a8:82:9d:c1:e0:48:62:36:af:86:c6:dc:0b:70
Certificate

5a:f3:e8:80:44:5f:ef:94:b4:84:d3:47:2a:52:42:d5:a3:cd:f6:14
Signer

.text
Size: 81KB - Virtual size: 80KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 179KB - Virtual size: 178KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 1024B - Virtual size: 708B

.reloc
Size: 13KB - Virtual size: 13KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 729B

.data
Size: - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 350B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6f:fc:26:3a:35:11:34:19:4c:f1:6e:1e:6d:0e:08:06
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

59:02:08:f4:30:de:4c:b0:15:1a:3f:0d:db:fe:0e:45:75:58:a6:a8
Signer

.text
Size: 579KB - Virtual size: 579KB