0e8051d641b5ce602fa31deced0c48ea_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0e8051d641b5ce602fa31deced0c48ea_JaffaCakes118
Size

3.0MB
MD5

0e8051d641b5ce602fa31deced0c48ea
SHA1

7ceb536ed6a371d586ca2644d3c2b1bc95128f92
SHA256

c2f3917ea5c7d5191024de09675f7394008ed95a507ed001c995c6681c422f58
SHA512

1b8d22141e9e74398724a7c0beb2ba44bee8ce097d41f55d84337559f0277d94a90139c759c742c1b6cafcb4209b90fb356bea04e39a105cc947a1420e63e3e6
SSDEEP

98304:5+NyRdNGoUILOwnMlFzwWpMpjuy2ZKLttfk9afCw:5+iNTUICwGuWpMpEQplqw

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsJSON_2_0_1_1.dll
unpack002/$PLUGINSDIR/System.dll

Files

0e8051d641b5ce602fa31deced0c48ea_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:76:6c:d2:bb:8b:db:1d:74:98:1c:7e:92:86:74:67:48:f0:10:87
Signer

Actual PE Digest

08:76:6c:d2:bb:8b:db:1d:74:98:1c:7e:92:86:74:67:48:f0:10:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/PublisherLogoDefault.bmp
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/alerts_icon.bmp
$PLUGINSDIR/home_icon.bmp
$PLUGINSDIR/license.txt
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsJSON_2_0_1_1.dll
.dll windows:5 windows x86 arch:x86

6a53511d70a353598fbaca220bfb6a3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SmartBar\DevelopmentTools\Builders\Plugins\nsJSON\Release Unicode\nsJSON.pdb

Imports

kernel32

MultiByteToWideChar
LocalFree
lstrcpyW
lstrlenW
LocalAlloc
lstrcmpW
CloseHandle
CreateFileW
lstrcatW
WideCharToMultiByte
WriteFile
lstrcmpiW
GlobalFree
lstrcpynW
GlobalAlloc
GetProcessHeap
RtlUnwind
RaiseException
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
IsProcessorFeaturePresent
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
ReadFile
SetFilePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
HeapAlloc
Sleep
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetModuleFileNameW
HeapReAlloc
LoadLibraryW
LCMapStringW
GetStringTypeW
WriteConsoleW
SetEndOfFile

user32

wsprintfW

shlwapi

PathFileExistsW

Exports

Exports

Delete
Get
Serialize
Set

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsUtils.dll
.dll windows:5 windows x86 arch:x86

f136091377b8cf6164acf7826a757acd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:18:9a:d4:3c:ab:58:d4:78:82:b4:07:f8:bf:93:46:76:19:04:27
Signer

Actual PE Digest

18:18:9a:d4:3c:ab:58:d4:78:82:b4:07:f8:bf:93:46:76:19:04:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SmartBar\DevelopmentTools\Builders\BuildPlugins\nsUtils\2.1.17\Release Unicode\nsUtils.pdb

Imports

kernel32

FindFirstFileW
FindNextFileW
GetCurrentProcess
TerminateProcess
WaitForSingleObject
GetTickCount
CreateProcessW
GetVersionExW
OpenJobObjectW
QueryInformationJobObject
SetInformationJobObject
FindClose
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GlobalFree
lstrcpynW
GlobalAlloc
GetModuleFileNameA
GetFileType
GetOEMCP
SetLastError
InterlockedDecrement
LoadLibraryW
GetCurrentProcessId
OpenProcess
LocalFree
GetProcAddress
FreeLibrary
CopyFileW
DeleteFileW
Sleep
GetLastError
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
CloseHandle
ReadFile
WriteFile
GetFileSize
IsProcessInJob
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetACP
IsValidCodePage
IsDebuggerPresent
GetProcessHeap
HeapSize
GetConsoleMode
GetConsoleCP
LoadLibraryExW
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
lstrlenA
InterlockedIncrement
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
HeapFree
HeapAlloc
HeapReAlloc
RaiseException
RtlUnwind
GetCommandLineA
GetCurrentThreadId
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
IsProcessorFeaturePresent
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
QueryPerformanceCounter

user32

CharUpperW
GetWindowLongW
FindWindowW
wsprintfW

advapi32

CryptDestroyHash
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ConvertStringSidToSidW
DuplicateTokenEx
CreateProcessAsUserW
LookupPrivilegeValueW
LookupAccountSidW
GetLengthSid
AdjustTokenPrivileges
SetTokenInformation
GetTokenInformation
OpenProcessToken
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptReleaseContext

shell32

SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

VariantCopy
VariantClear
VariantInit
SysFreeString
SysAllocString
VariantChangeType

shlwapi

PathFileExistsW
PathRemoveBackslashW
PathAppendW
PathCombineW

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses
GetModuleFileNameExW

Exports

Exports

CheckProfilePathValid
CloseChrome
CreateDir
GetAppDataLocal
GetAppDataLocal2
GetAppDataLocalLow
GetChromeProcessPath
GetMachineID
GetWindowsVersion
HTTPGet
HTTPPost
IsFirefoxRunningForCurrentUser
IsWindowsRTL
RestoreFF
RunProcess
TerminateFF

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/revert_icon.bmp
$PLUGINSDIR/search_icon.bmp
$PLUGINSDIR/setup_top.bmp
$PLUGINSDIR/truste_setup.bmp
$TEMP/SPStub.exe
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b7:bf:05:61:32:c1:22:f2:b3:29:a4:ee:19:08:a6:67:df:9b:00:9f
Signer

Actual PE Digest

b7:bf:05:61:32:c1:22:f2:b3:29:a4:ee:19:08:a6:67:df:9b:00:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

917ae9b9adb269abd5543f5bf5676bac

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:cc:a5:24:8b:f6:3f:d7:e8:f0:66:8a:50:51:b3:bc:7c:15:da:0f
Signer

Actual PE Digest

25:cc:a5:24:8b:f6:3f:d7:e8:f0:66:8a:50:51:b3:bc:7c:15:da:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
wcsrchr
wcstoul
memset
wcsstr
wcstol

kernel32

DeleteFileW
WideCharToMultiByte
CreateFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleW
MulDiv
lstrcpyW
GlobalAlloc
LoadLibraryW
GetProcAddress
lstrcmpiW
lstrlenW
WriteFile
ReadFile
lstrcmpW
lstrcpynW
GetLastError
CreateFileW
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatW
GetFileSize

user32

MessageBoxW
GetParent
ShowWindow
SetWindowLongW
IsWindow
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
PostMessageW
GetWindowTextW
SendMessageW
SetDlgItemTextW
SetWindowPos
SystemParametersInfoW
GetClientRect
GetWindowRect
SetTimer
LoadIconW
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
IsWindowVisible
EnableWindow
CreateDialogParamW
FindWindowExW
wsprintfA
wsprintfW
GetWindowLongW

wininet

HttpSendRequestW
HttpSendRequestExW
HttpQueryInfoW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestW
HttpAddRequestHeadersW
HttpEndRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/toolbar.cfg
$_114_/Conduit/$_108_/$_14_/SetupIcon.ico
$_114_/Conduit/$_108_/$_14_/UninstallerUI.exe
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a5:af:09:f4:34:3f:26:1e:46:34:0e:26:be:4e:e0:eb:4e:dc:8f:ae
Signer

Actual PE Digest

a5:af:09:f4:34:3f:26:1e:46:34:0e:26:be:4e:e0:eb:4e:dc:8f:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.data
.rdata
.reloc
.rsrc/0/version.txt
.rsrc/1033/DIALOG/105
.rsrc/1033/DIALOG/106
.rsrc/1033/DIALOG/111
.rsrc/1033/GROUP_ICON/103
.rsrc/1033/ICON/1.ico
.rsrc/1033/MANIFEST/1
.rsrc_1
.text
CERTIFICATE
[0]
$_232_/$_232_/$_237_
.dll regsvr32 windows:5 windows x86 arch:x86

90e03e8777b94714012c80a85d64013c

Code Sign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Conduit\RnD\Client\IE\Dev\5.4\SingleComponent\Alert\Release\Alert.pdb

Imports

winmm

timeGetTime

user32

GetCapture
ReleaseCapture
GetIconInfo
CopyRect
CharLowerBuffA
SetWindowTextW
SetWindowRgn
CreateDialogParamW
DialogBoxParamW
EnableWindow
EndDialog
SetLayeredWindowAttributes
GetSysColor
SystemParametersInfoW
EnumChildWindows
GetClassNameW
SetCapture
GetMonitorInfoA
RegisterWindowMessageW
DrawFocusRect
GetDC
ReleaseDC
SetDlgItemTextW
IsWindow
GetDlgItem
PostMessageA
SetTimer
KillTimer
PostThreadMessageA
DestroyWindow
DefWindowProcA
GetWindowLongA
SendMessageA
FindWindowW
MonitorFromRect
GetWindowTextW
InflateRect
GetAsyncKeyState
IsWindowUnicode
GetSystemMetrics
IsChild
SetWindowLongW
CreateWindowExA
DrawIconEx
DispatchMessageW
GetMessageA
MsgWaitForMultipleObjects
DispatchMessageA
TranslateMessage
GetLastInputInfo
SendMessageW
PeekMessageA
GetDesktopWindow
ShowWindow
FindWindowExW
PostMessageW
GetWindowRect
GetClientRect
SetForegroundWindow
SetFocus
TrackPopupMenu
GetMenuItemCount
InsertMenuItemW
CreatePopupMenu
DestroyMenu
FindWindowExA
LoadImageW
DestroyIcon
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
GetClassInfoW
RegisterClassW
GetWindowRgn
SetWindowLongA
CallWindowProcA
GetParent
BeginPaint
EndPaint
SetParent
MoveWindow
IsWindowVisible
CreateWindowExW
GetWindowLongW
DefWindowProcW
CallWindowProcW
FillRect
LoadCursorA
SetCursor
GetCursorPos
ClientToScreen
ScreenToClient
OffsetRect
PtInRect
DrawTextW
InvalidateRect
SetWindowPos
wsprintfW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

urlmon

URLDownloadToFileW
ObtainUserAgentString

kernel32

GetExitCodeThread
CreateThread
GetModuleFileNameW
GetModuleHandleW
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentThreadId
TerminateThread
CreateMutexW
GetLastError
ReleaseMutex
CloseHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
CreateFileA
ReadFile
FindClose
InterlockedExchange
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringA
CreateFileW
GetFileSize
VirtualAlloc
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FindFirstFileW
CopyFileW
RemoveDirectoryW
MoveFileExW
FindNextFileW
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
SetLastError
InterlockedIncrement
TlsFree
GetFileType
GetConsoleMode
GetConsoleCP
MoveFileW
HeapReAlloc
HeapAlloc
GetCommandLineA
ResumeThread
ExitThread
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetProcessHeap
HeapFree
GetLocalTime
WriteFile
CreateDirectoryW
SystemTimeToFileTime
SetFilePointer
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
GlobalAlloc
GlobalLock
LoadLibraryA
GlobalUnlock
GetSystemTimeAsFileTime
SizeofResource
SetThreadPriority
GetCurrentThread
GetLongPathNameW
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringW
LockResource
LoadResource
FindResourceW
LocalFree
LocalAlloc
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetVersionExA
DeleteFileW
SetFileAttributesW
GetFileAttributesW
TerminateProcess
MulDiv
lstrcpyW
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetComputerNameW
GlobalFree

gdi32

CreateRectRgn
GetBkMode
GetBkColor
GetPixel
SetPixel
PlgBlt
SelectPalette
RealizePalette
GdiFlush
OffsetRgn
GetObjectA
CombineRgn
SetLayout
GetDeviceCaps
CreateFontIndirectW
GetWindowOrgEx
SetWindowOrgEx
MoveToEx
LineTo
FrameRgn
GetTextColor
GetLayout
SetTextColor
SetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
ExcludeClipRect
Rectangle
BitBlt
DeleteDC
CreateSolidBrush
CreatePen
SelectObject
RoundRect
DeleteObject
SetBkMode
GetStockObject

shell32

SHGetFolderPathW
ShellExecuteW
SHCreateDirectoryExW
Shell_NotifyIconW

ole32

IIDFromString
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoCreateGuid
StringFromGUID2
CoInitialize
CoUninitialize
CLSIDFromString

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString
SysStringLen
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
OleLoadPicture

psapi

GetProcessMemoryInfo

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent
ord17

wininet

InternetCrackUrlW
InternetOpenW
InternetSetOptionW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetCanonicalizeUrlA

crypt32

CryptQueryObject
CertCloseStore
CryptMsgClose
CertFreeCertificateContext
CertGetNameStringW
CertGetNameStringA
CertFindCertificateInStore
CryptMsgGetParam

advapi32

RegDeleteValueW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyW
RegEnumValueW
RegEnumKeyExW
SetSecurityDescriptorSacl
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllOnUpdateFinish
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_48_
.dll regsvr32 windows:5 windows x86 arch:x86

d86cd1bed90c50a1bdb2b711bcae4ce1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:45:b3:7a:64:de:e1:40:45:f8:32:05:0a:e5:79:58:cb:3c:4c:0d
Signer

Actual PE Digest

2c:45:b3:7a:64:de:e1:40:45:f8:32:05:0a:e5:79:58:cb:3c:4c:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Builds\43\Conduit\IE Build 6.17.1\Sources\Release\tbedrs.pdb

Imports

comctl32

ImageList_Create
CreateToolbarEx
InitCommonControlsEx
CreatePropertySheetPageW
PropertySheetW
_TrackMouseEvent
ImageList_ReplaceIcon
ord17

wininet

InternetSetCookieW
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetGetCookieW
InternetSetOptionA
InternetCloseHandle
InternetConnectA
InternetGetLastResponseInfoA
HttpQueryInfoA
HttpSendRequestA
InternetSetOptionExA
HttpOpenRequestA
InternetOpenA
InternetCrackUrlA
InternetReadFile
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
InternetGetConnectedState
InternetCanonicalizeUrlA
InternetQueryOptionA
GetUrlCacheEntryInfoW

wsock32

setsockopt
closesocket
select
WSAGetLastError
gethostbyname
recv
send
WSACleanup
socket
WSAStartup
WSASetLastError
ioctlsocket
htons
connect

urlmon

ObtainUserAgentString
URLDownloadToFileW

crypt32

CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertGetNameStringW
CertGetNameStringA
CryptProtectData
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CryptUnprotectData

msimg32

GradientFill

winmm

timeGetTime
sndPlaySoundW
PlaySoundA
PlaySoundW

kernel32

GetLastError
ReleaseMutex
GetCurrentThreadId
CloseHandle
Sleep
TerminateProcess
TerminateThread
lstrlenW
lstrlenA
GetVersionExW
GetShortPathNameW
GetUserDefaultLCID
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetOEMCP
GetACP
IsValidCodePage
HeapSize
ExitProcess
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
WriteConsoleW
GetModuleHandleExW
GetStdHandle
GetFileType
GetConsoleCP
ReadConsoleW
GetConsoleMode
RtlUnwind
RaiseException
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
LoadLibraryExW
ExitThread
HeapReAlloc
DecodePointer
EncodePointer
InterlockedExchange
OpenEventW
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
CreateMutexW
TlsSetValue
TlsFree
TlsGetValue
TlsAlloc
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
GetOverlappedResult
WriteFile
SetNamedPipeHandleState
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
MoveFileExW
FindClose
FindNextFileW
RemoveDirectoryW
FindFirstFileW
GetFileTime
GetSystemTimeAsFileTime
ReadFile
GlobalLock
GlobalAlloc
GetFileSize
CreateFileW
GlobalFree
GlobalUnlock
GetEnvironmentVariableW
HeapFree
GetProcessHeap
HeapAlloc
MulDiv
SetFileAttributesW
DeleteFileW
OpenMutexW
LoadLibraryA
LocalAlloc
SizeofResource
GetComputerNameW
IsWow64Process
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringW
MultiByteToWideChar
WideCharToMultiByte
SetLastError
GetSystemDirectoryW
CreateRemoteThread
GetLongPathNameW
CreateDirectoryW
WaitForMultipleObjects
CreateEventA
SetEvent
Thread32Next
Thread32First
SetThreadPriority
GetCurrentThread
GetThreadPriority
ResumeThread
GetThreadContext
SuspendThread
OpenThread
VirtualFree
VirtualAlloc
VirtualQuery
GetSystemInfo
FlushInstructionCache
VirtualProtectEx
GetCurrentProcess
CreateProcessW
ExpandEnvironmentStringsW
GetLocaleInfoW
Beep
GetTimeFormatW
GetDateFormatW
GetLocalTime
SystemTimeToFileTime
InitializeCriticalSectionAndSpinCount
GetTempPathW
FreeResource
LockResource
LoadResource
FindResourceW
GetFileAttributesW
GetStringTypeW
GetModuleHandleA
GetProcAddress
VirtualFreeEx
LocalFree
lstrcpyA
lstrcpyW
InterlockedIncrement
LoadLibraryW
GetModuleHandleW
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
WaitForSingleObject
CreateThread
OpenProcess
GetModuleFileNameW
FreeLibrary
InterlockedDecrement
WriteProcessMemory
VirtualAllocEx
CopyFileW
GetTickCount
DosDateTimeToFileTime
CreateEventW
LoadLibraryExA

user32

SendMessageA
ShowWindow
MoveWindow
SetWindowTextW
SetWindowTextA
wsprintfW
SetDlgItemTextW
GetClientRect
GetWindowRect
GetDlgCtrlID
GetWindowLongW
GetParent
ClientToScreen
SetWindowLongW
CallWindowProcA
PostMessageA
LoadCursorW
GetMessageW
PeekMessageW
MessageBoxW
IsRectEmpty
RegisterClassExW
GetClassInfoExW
SetClassLongA
CopyRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CharUpperW
IsWindow
GetDlgItem
InvalidateRect
InflateRect
SetLayeredWindowAttributes
LoadImageW
GetWindowRgn
MessageBeep
GetActiveWindow
IsDialogMessageW
IsDialogMessageA
SetDlgItemInt
GetKeyState
SetForegroundWindow
GetDlgItemTextA
SetClassLongW
RemovePropW
FrameRect
DrawFrameControl
AllowSetForegroundWindow
DeferWindowPos
DrawEdge
MsgWaitForMultipleObjects
PeekMessageA
PostThreadMessageA
SetParent
GetDlgItemTextW
GetScrollInfo
GetMenuState
SetMenuItemInfoW
EnableMenuItem
DeleteMenu
TrackPopupMenu
InsertMenuItemA
CreatePopupMenu
DestroyMenu
GetMenuItemID
SetMenuInfo
GetMenuInfo
IsMenu
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
CharLowerBuffA
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetUpdateRect
GetCapture
DispatchMessageA
DispatchMessageW
TranslateMessage
ReleaseCapture
GetMessageA
SetCapture
SetActiveWindow
EndPaint
BeginPaint
SetRect
OffsetRect
DrawIconEx
GetIconInfo
DestroyIcon
GetMenuItemRect
FillRect
UnregisterClassA
CheckMenuItem
GetMenuItemInfoW
GetMenuItemCount
FindWindowExW
GetWindowThreadProcessId
GetForegroundWindow
GetWindowTextLengthW
SendMessageW
EndDialog
FindWindowW
GetWindowTextW
GetAsyncKeyState
GetMenuItemInfoA
GetSystemMetrics
SetWindowRgn
RegisterWindowMessageA
GetClassNameW
DestroyWindow
CreateWindowExW
SetWindowLongA
GetWindowLongA
GetDesktopWindow
IsChild
GetFocus
KillTimer
GetSysColor
IsWindowUnicode
PostMessageW
SetWindowPos
RegisterClassW
GetClassInfoW
SetTimer
SetFocus
PtInRect
ScreenToClient
GetCursorPos
IsWindowVisible
SetRectEmpty
CallWindowProcW
GetPropW
SetPropW
DefWindowProcW
LoadCursorA
SetCursor
ReleaseDC
DrawTextW
GetDC
SendInput
IsIconic
GetLastInputInfo
RegisterWindowMessageW
MonitorFromRect
GetMonitorInfoA
EnumChildWindows
SystemParametersInfoW
EnumWindows
GetClassNameA
DrawFocusRect
DialogBoxParamW
CreateDialogParamW
SendMessageTimeoutA
DefWindowProcA

gdi32

StretchBlt
SetStretchBltMode
GetStretchBltMode
GetObjectW
FrameRgn
OffsetRgn
SetRectRgn
ExcludeClipRect
TextOutW
SetTextAlign
GetPixel
CombineRgn
BitBlt
CreateCompatibleBitmap
Polygon
GdiFlush
SetPixel
GetObjectA
GetTextAlign
GetLayout
GetTextExtentPoint32W
Rectangle
DeleteDC
CreateCompatibleDC
SetBkColor
CreateSolidBrush
CreateFontIndirectW
CreateRectRgn
DeleteObject
LineTo
MoveToEx
SelectObject
CreatePen
SetWindowOrgEx
GetWindowOrgEx
SetTextColor
SetBkMode
GetStockObject
RoundRect
SetLayout
GetDeviceCaps
PtInRegion
GetTextColor
SelectPalette
RealizePalette
PlgBlt
GetBkMode
GetBkColor
CreateDCW
GetDIBits

comdlg32

GetOpenFileNameW

advapi32

RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExA
RegDeleteKeyA
OpenProcessToken
DeleteAce
LookupAccountSidW
GetAce
GetNamedSecurityInfoW
SetEntriesInAclA
SetNamedSecurityInfoW
CryptAcquireContextA
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
ConvertSidToStringSidA
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
DuplicateTokenEx
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetUserNameW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
RegCreateKeyExW

shell32

SHCreateDirectoryExW
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW

ole32

CLSIDFromString
CoGetMalloc
StringFromIID
IIDFromString
CoInitialize
CoCreateInstance
StringFromGUID2
CoInitializeEx
CoTaskMemFree
CreateStreamOnHGlobal
CoSetProxyBlanket
CoInitializeSecurity
CoCreateGuid
OleUninitialize
OleInitialize
CoUninitialize

oleaut32

SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayCreateVector
SysStringByteLen
SysAllocString
SysFreeString
CreateDispTypeInfo
OleLoadPicture
VariantInit
VariantClear
VariantChangeType
SysAllocStringByteLen
SysStringLen
VarBstrCmp
SysAllocStringLen
VariantCopy

psapi

GetProcessImageFileNameW
EnumProcessModules
GetProcessMemoryInfo
EnumProcesses
GetModuleBaseNameW
GetModuleFileNameExW

shlwapi

PathFindFileNameW
SHDeleteKeyA
UrlEscapeW
PathFileExistsW
StrCpyW

dnsapi

DnsQuery_A

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

DLLOnUninstallEraseAll
DLLSetToolbarSearchScopeSuggestionState
DllAddInstalltionGlobalKey
DllBrowserSearchProtectorRevert
DllCallInstallerService
DllCanUnloadNow
DllCheckIfUninstallRevertSettingsNeeded
DllCleanEnableExtensionDoing
DllConnectToIE
DllDeleteOldName
DllEnableExtension
DllExpireSocialCookies
DllGetClassObject
DllGetInstallFileNameExt
DllGetInstallFileNameExtW
DllGetInstallationId
DllGetMachineID
DllHandleUserID
DllHomePageProtectorRevert
DllIsToolbarActuallyVisible
DllModifySearchEngine
DllModifySearchEngineNonSilent
DllModifySearchEngineSilent
DllOnUninstall
DllOnUninstallFromHtmlDialog
DllOnUpdateFinish
DllProxyRegisterEngineEmbeddedUpdate
DllProxyRegisterServer
DllProxyUnregisterServer
DllRegisterEngineEmbeddedUpdate
DllRegisterServer
DllRevertIENewTabBehaviour
DllRunBackgroundContainerOnMediumIntegrity
DllRunIEMediumIntegrity
DllRunNonSilentInstall
DllSendAutoUpdateRevertLog
DllSendHomepageSetUsage
DllSendInstallationUsage
DllShowUninstallDialog
DllSingleComponentInstall
DllStopBackgroundContainer
DllUnblockToolbarIfNeeded
DllUpdate
DllVerifyEnableExtension
DllWriteSocialCookies

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 830KB - Virtual size: 829KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 186KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 474KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_65_
.dll regsvr32 windows:5 windows x86 arch:x86

4df94b43313f29b7e234b0220c34e0d1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:f2:85:a7:ab:3c:07:6c:b1:0b:98:d5:19:14:95:ed:d1:5e:6f:37
Signer

Actual PE Digest

4c:f2:85:a7:ab:3c:07:6c:b1:0b:98:d5:19:14:95:ed:d1:5e:6f:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Builds\43\Conduit\IE Build 6.17.1\Sources\ConduitProxy\Release\prxtbedrs.pdb

Imports

kernel32

GetSystemTimeAsFileTime
GetFileSize
CreateFileW
ReadFile
CopyFileW
GetCurrentThreadId
GetComputerNameW
InterlockedDecrement
TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
SetFilePointer
WriteFile
SetLastError
InterlockedIncrement
GetLocalTime
EncodePointer
DecodePointer
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
ReadConsoleW
GetConsoleCP
GetFileType
LoadLibraryExW
RaiseException
RtlUnwind
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeW
LCMapStringW
FlushFileBuffers
SetFilePointerEx
SetStdHandle
WriteConsoleW
SetEndOfFile
InterlockedExchange
GetLongPathNameW
WaitForSingleObject
LoadLibraryExA
HeapFree
GetProcessHeap
HeapAlloc
Sleep
GetModuleHandleW
OutputDebugStringW
DeleteFileW
GetVersionExA
CreateMutexW
GetTickCount
GetCurrentProcess
FreeLibrary
LoadLibraryW
TerminateProcess
GetLastError
OpenProcess
GetCurrentProcessId
LocalFree
LocalAlloc
CloseHandle
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
GetModuleFileNameW
GetConsoleMode
InitializeCriticalSectionAndSpinCount

shlwapi

PathFileExistsW
PathFindFileNameW

user32

PostMessageA
IsWindowVisible
SendMessageA
RegisterWindowMessageW
IsWindow

advapi32

RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
RegCloseKey
RegCreateKeyExW
GetUserNameW

shell32

SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllDeleteOldName
DllGetClassObject
DllGetInstallFileNameExt
DllIsDowngradeVersion
DllIsDowngradeVersionW
DllOnUninstall
DllOnUninstallEraseAll
DllOnUpdateFinish
DllRegisterEngineEmbeddedUpdate
DllRegisterServer
DllShowToolbarUninstallDialog
DllShowUninstallDialog
DllSingleComponentInstall
DllUnregisterServer

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_69_
.exe windows:5 windows x86 arch:x86

7b25d62fac6a93a74552bdc3dd699b98

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:f2:3d:cc:93:55:ab:6d:73:01:69:23:5b:cc:8c:e8:25:b7:8e:77
Signer

Actual PE Digest

77:f2:3d:cc:93:55:ab:6d:73:01:69:23:5b:cc:8c:e8:25:b7:8e:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.12\6.12.0\ToolbarHelper\Release\ToolbarHelper.pdb

Imports

kernel32

GetCommandLineW
LocalFree
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
WriteConsoleW
SetStdHandle
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetLastError
SetLastError
GetCurrentThreadId
MultiByteToWideChar
HeapFree
HeapAlloc
RaiseException
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
Sleep
RtlUnwind
GetStringTypeW
LCMapStringW
LoadLibraryExW
OutputDebugStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapReAlloc
SetFilePointerEx
HeapSize
CloseHandle
CreateFileW

shell32

CommandLineToArgvW

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_73_
.dll windows:5 windows x86 arch:x86

7ed7345bb85e82457a9227d9d07acce0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:ec:5c:88:29:d5:f8:ff:e0:8e:71:74:2d:91:57:c6:37:b8:94:2a
Signer

Actual PE Digest

38:ec:5c:88:29:d5:f8:ff:e0:8e:71:74:2d:91:57:c6:37:b8:94:2a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Builds\43\Conduit\IE Build 6.17.1\Sources\ConduitLoader\Release\ldrtbedrs.pdb

Imports

kernel32

LocalAlloc
LocalFree
GetLastError
TerminateProcess
LoadLibraryA
CreateMutexW
CreateEventW
DeleteFileW
Sleep
HeapAlloc
GetProcessHeap
HeapFree
WaitForSingleObject
GetSystemTimeAsFileTime
CreateFileW
ReadFile
CopyFileW
TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
SetFilePointer
WriteFile
SetLastError
WaitForMultipleObjects
TerminateThread
GetCurrentThread
SetThreadPriority
SetEvent
InterlockedIncrement
GetLocalTime
EncodePointer
DecodePointer
CreateThread
ExitThread
LoadLibraryExW
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetFileType
RaiseException
RtlUnwind
ExitProcess
GetModuleHandleExW
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStdHandle
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
SetFilePointerEx
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleW
SetEndOfFile
InterlockedExchange
GetComputerNameW
GetCurrentProcess
OpenProcess
GetVersionExA
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringW
GetCurrentProcessId
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
GetLongPathNameW
LoadLibraryW
GetModuleHandleW
FreeLibrary
GetTickCount
lstrcpyW
GetCurrentThreadId
GetModuleFileNameW
GetProcAddress
InterlockedDecrement
CloseHandle
LoadLibraryExA

user32

SetWindowLongW
ScreenToClient
SendMessageA
GetSysColor
GetParent
RegisterWindowMessageW
ReleaseDC
DrawTextW
GetDC
GetClassNameW
MoveWindow
KillTimer
DefWindowProcW
SendMessageW
GetClientRect
RegisterClassW
LoadCursorW
GetClassInfoW
InsertMenuW
ShowWindow
SetWindowPos
GetWindowRect
DestroyWindow
IsWindow
CreateWindowExW
IsChild
GetFocus
SetFocus
SetTimer
IsWindowVisible
PostMessageA
LoadCursorA
CallWindowProcW
CallWindowProcA
SetCursor
GetAsyncKeyState
DefWindowProcA
IsWindowUnicode

gdi32

SetTextColor
SetBkMode
SetWindowOrgEx
GetWindowOrgEx
GetStockObject
DeleteDC
BitBlt
SetLayout
CreateCompatibleBitmap
CreateCompatibleDC
GetLayout
Rectangle
CreateSolidBrush
DeleteObject
SelectObject
CreatePen

ole32

StringFromGUID2
CLSIDFromString
CoTaskMemFree

shlwapi

PathFindFileNameW
PathFileExistsW

advapi32

RegCreateKeyW
GetTokenInformation
OpenProcessToken
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
GetSidSubAuthority
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
GetSidSubAuthorityCount
GetUserNameW
RegCreateKeyExW
RegCloseKey

shell32

SHCreateDirectoryExW
SHGetFolderPathW

Exports

Exports

DllCanUnloadNow
DllDeleteOldName
DllGetClassObject
DllGetInstallFileNameExt
DllOnUninstall
DllOnUninstallEraseAll
DllOnUpdateFinish
DllProxyRegisterEngineEmbeddedUpdate
DllProxyRegisterServer
DllProxyUnregisterServer
DllShowToolbarUninstallDialog
DllShowUninstallDialog
DllSingleComponentInstall

Sections

.text
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_74_
.dll windows:5 windows x86 arch:x86

14bb6b8303c09c5f300e683670ab810f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:e5:d1:67:6d:71:e5:c6:45:1b:51:39:ac:c2:93:cc:50:ac:4e:ff
Signer

Actual PE Digest

2d:e5:d1:67:6d:71:e5:c6:45:1b:51:39:ac:c2:93:cc:50:ac:4e:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Builds\43\Conduit\IE Build 6.17.1\Sources\Release\hktbedrs.pdb

Imports

wininet

InternetCanonicalizeUrlA
InternetSetCookieW
InternetGetCookieW

kernel32

HeapReAlloc
GetConsoleMode
ReadConsoleW
GetConsoleCP
RaiseException
RtlUnwind
ExitProcess
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsValidCodePage
GetACP
GetOEMCP
SetLastError
Thread32Next
Thread32First
CreateToolhelp32Snapshot
SetThreadPriority
GetCurrentThread
GetThreadPriority
Sleep
ResumeThread
GetThreadContext
SuspendThread
OpenThread
VirtualFree
VirtualAlloc
VirtualQuery
GetSystemInfo
FlushInstructionCache
VirtualProtectEx
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
GetTickCount
GetShortPathNameW
GetLongPathNameW
GetModuleFileNameW
ReleaseMutex
GetSystemDirectoryW
WaitForSingleObject
GetLastError
CreateRemoteThread
FindNextFileW
GetModuleHandleW
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetCurrentProcessId
CloseHandle
GetProcAddress
FreeLibrary
LoadLibraryW
GetCurrentThreadId
GetCPInfo
IsProcessorFeaturePresent
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
LCMapStringW
CompareStringW
GetTimeZoneInformation
SetFilePointerEx
GetStringTypeW
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
OutputDebugStringW
GetVersionExA
IsWow64Process
Process32First
Process32Next
GetComputerNameW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
LocalAlloc
LocalFree
TerminateProcess
Module32First
Module32Next
LoadLibraryA
CreateMutexW
CreateEventW
OpenEventW
DeleteFileW
SetFileAttributesW
MulDiv
HeapAlloc
GetProcessHeap
HeapFree
GetEnvironmentVariableW
WaitForMultipleObjects
TerminateThread
GetLocalTime
GetDateFormatW
GetTimeFormatW
InterlockedDecrement
GetSystemTimeAsFileTime
GetFileSize
CreateFileW
ReadFile
CopyFileW
FindFirstFileW
RemoveDirectoryW
IsDebuggerPresent
FindClose
MoveFileExW
InterlockedIncrement
lstrcpyW
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
SetEvent
TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
SetFilePointer
WriteFile
EncodePointer
DecodePointer
CreateThread
ExitThread
LoadLibraryExW
GetCommandLineA
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
GetModuleFileNameA

user32

GetWindowRect
GetDC
DrawTextW
ReleaseDC
RegisterWindowMessageW
FillRect
OffsetRect
GetParent
GetSysColor
ScreenToClient
GetWindowLongW
SetWindowLongW
SystemParametersInfoW
GetWindowLongA
EnumWindows
IsWindowVisible
SetForegroundWindow
IsWindowUnicode
DispatchMessageA
KillTimer
SetTimer
DestroyWindow
ShowWindow
MoveWindow
SetLayeredWindowAttributes
DialogBoxParamW
GetClientRect
SetWindowLongA
InflateRect
DrawFocusRect
InvalidateRect
GetAsyncKeyState
PtInRect
CallWindowProcW
CallWindowProcA
SetCursor
LoadCursorA
CharUpperW
DefWindowProcA
DestroyIcon
LoadImageW
GetIconInfo
DrawIconEx
SendMessageW
SetWindowPos
SetWindowTextW
GetMenuItemCount
GetMenuItemInfoW
CheckMenuItem
GetClassNameW
PostMessageW
SendMessageA
EnableWindow
GetWindowTextLengthW
SetRect
DefWindowProcW
EndDialog
GetPropW
SetPropW
PostMessageA
GetWindowTextW
GetDlgItem
GetClassInfoW
RegisterClassW
CreateWindowExW
IsWindow
GetMessageA
TranslateMessage
DispatchMessageW
GetWindowThreadProcessId

gdi32

PlgBlt
RealizePalette
SelectPalette
SetPixel
GetPixel
GetObjectA
SetBkColor
GdiFlush
SetTextColor
SetBkMode
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
DeleteObject
CreateFontIndirectW
GetDeviceCaps
SetWindowOrgEx
GetWindowOrgEx
SetLayout
GetStockObject
GetLayout
Rectangle
CreateSolidBrush
LineTo
MoveToEx
GetTextColor
CreatePen

shell32

ShellExecuteW
SHCreateDirectoryExW
ShellExecuteExW
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysStringLen
VariantCopy
OleLoadPicture

psapi

EnumProcessModules
GetModuleFileNameExW
GetProcessMemoryInfo
GetModuleBaseNameW
GetProcessImageFileNameW
EnumProcesses

shlwapi

PathFindFileNameW
PathFileExistsW
StrCpyW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringA
CryptMsgClose
CertCloseStore
CertGetNameStringW

comctl32

ord17
_TrackMouseEvent

urlmon

ObtainUserAgentString

gdiplus

GdipFree
GdipAlloc
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDisposeImage
GdipDrawImageRectRect
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromFile
GdiplusStartup
GdipCreateBitmapFromStream

advapi32

RegOpenKeyExW
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyW
RegDeleteKeyW
RegOpenKeyW
RegEnumKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
GetUserNameW
ConvertStringSecurityDescriptorToSecurityDescriptorA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl

Exports

Exports

DllConnectToIE

Sections

.text
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 161KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_75_
.dll windows:5 windows x64 arch:x64

75c49f71a7c41606d0404e1fd0712e81

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a1:1c:b3:a2:9e:b8:3c:bc:49:e1:ca:33:f2:14:c2:96:de:1c:35:7d
Signer

Actual PE Digest

a1:1c:b3:a2:9e:b8:3c:bc:49:e1:ca:33:f2:14:c2:96:de:1c:35:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Builds\43\Conduit\IE Build 6.17.1\Sources\Release\hk64tbedrs.pdb

Imports

wininet

InternetCanonicalizeUrlA
InternetSetCookieW
InternetGetCookieW

kernel32

GetConsoleCP
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
HeapSize
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsValidCodePage
GetACP
SetLastError
Thread32Next
Thread32First
CreateToolhelp32Snapshot
SetThreadPriority
GetCurrentThread
GetThreadPriority
Sleep
ResumeThread
GetThreadContext
SuspendThread
OpenThread
VirtualFree
VirtualAlloc
VirtualQuery
GetSystemInfo
FlushInstructionCache
VirtualProtectEx
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
GetTickCount
GetShortPathNameW
GetLongPathNameW
GetModuleFileNameW
ReleaseMutex
GetSystemDirectoryW
WaitForSingleObject
GetLastError
CreateRemoteThread
GetModuleHandleW
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetCurrentProcessId
CloseHandle
GetProcAddress
FreeLibrary
LoadLibraryW
GetCurrentThreadId
GetOEMCP
ReadConsoleW
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
LCMapStringW
CompareStringW
GetTimeZoneInformation
SetFilePointerEx
GetStringTypeW
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
OutputDebugStringW
GetVersionExA
IsWow64Process
Process32First
Process32Next
GetComputerNameW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
LocalAlloc
LocalFree
TerminateProcess
Module32First
Module32Next
LoadLibraryA
CreateMutexW
CreateEventW
OpenEventW
DeleteFileW
SetFileAttributesW
MulDiv
HeapAlloc
GetProcessHeap
HeapFree
GetEnvironmentVariableW
WaitForMultipleObjects
TerminateThread
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
GetFileSize
CreateFileW
ReadFile
CopyFileW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
FindClose
GetConsoleMode
MoveFileExW
lstrcpyW
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
SetEvent
TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
SetFilePointer
WriteFile
EncodePointer
DecodePointer
CreateThread
ExitThread
LoadLibraryExW
GetCommandLineA
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
GetCPInfo

user32

GetWindowRect
GetDC
DrawTextW
ReleaseDC
RegisterWindowMessageW
FillRect
OffsetRect
GetParent
GetSysColor
ScreenToClient
GetWindowLongW
SetWindowLongW
SystemParametersInfoW
GetWindowLongA
EnumWindows
IsWindowVisible
SetForegroundWindow
IsWindowUnicode
DispatchMessageA
KillTimer
SetTimer
DestroyWindow
ShowWindow
MoveWindow
SetLayeredWindowAttributes
DialogBoxParamW
GetClientRect
SetWindowLongA
SetWindowLongPtrW
InflateRect
DrawFocusRect
InvalidateRect
GetAsyncKeyState
PtInRect
CallWindowProcW
CallWindowProcA
SetCursor
LoadCursorA
CharUpperW
DefWindowProcA
DestroyIcon
LoadImageW
GetIconInfo
DrawIconEx
SendMessageW
SetWindowPos
SetWindowTextW
GetMenuItemCount
GetMenuItemInfoW
CheckMenuItem
GetClassNameW
PostMessageW
SendMessageA
EnableWindow
GetWindowTextLengthW
SetRect
DefWindowProcW
EndDialog
GetPropW
SetPropW
PostMessageA
GetWindowTextW
GetDlgItem
GetClassInfoW
RegisterClassW
CreateWindowExW
IsWindow
GetMessageA
TranslateMessage
DispatchMessageW
GetWindowThreadProcessId

gdi32

PlgBlt
RealizePalette
SelectPalette
SetPixel
GetPixel
GetObjectA
SetBkColor
GdiFlush
SetTextColor
SetBkMode
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
DeleteObject
CreateFontIndirectW
GetDeviceCaps
SetWindowOrgEx
GetWindowOrgEx
SetLayout
GetStockObject
GetLayout
Rectangle
CreateSolidBrush
LineTo
MoveToEx
GetTextColor
CreatePen

shell32

ShellExecuteW
SHCreateDirectoryExW
ShellExecuteExW
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysStringLen
VariantCopy
OleLoadPicture

psapi

EnumProcessModules
GetModuleFileNameExW
GetProcessMemoryInfo
GetModuleBaseNameW
GetProcessImageFileNameW
EnumProcesses

shlwapi

PathFindFileNameW
PathFileExistsW
StrCpyW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringA
CryptMsgClose
CertCloseStore
CertGetNameStringW

comctl32

ord17
_TrackMouseEvent

urlmon

ObtainUserAgentString

gdiplus

GdipFree
GdipAlloc
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDisposeImage
GdipDrawImageRectRect
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromFile
GdiplusStartup
GdipCreateBitmapFromStream

advapi32

RegOpenKeyExW
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyW
RegDeleteKeyW
RegOpenKeyW
RegEnumKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
GetUserNameW
ConvertStringSecurityDescriptorToSecurityDescriptorA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl

Exports

Exports

DllConnectToIE

Sections

.text
Size: 617KB - Virtual size: 617KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 330KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 186KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

SHARED
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_88_
.dll regsvr32 windows:5 windows x86 arch:x86

d86cd1bed90c50a1bdb2b711bcae4ce1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:45:b3:7a:64:de:e1:40:45:f8:32:05:0a:e5:79:58:cb:3c:4c:0d
Signer

Actual PE Digest

2c:45:b3:7a:64:de:e1:40:45:f8:32:05:0a:e5:79:58:cb:3c:4c:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Builds\43\Conduit\IE Build 6.17.1\Sources\Release\tbedrs.pdb

Imports

comctl32

ImageList_Create
CreateToolbarEx
InitCommonControlsEx
CreatePropertySheetPageW
PropertySheetW
_TrackMouseEvent
ImageList_ReplaceIcon
ord17

wininet

InternetSetCookieW
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetGetCookieW
InternetSetOptionA
InternetCloseHandle
InternetConnectA
InternetGetLastResponseInfoA
HttpQueryInfoA
HttpSendRequestA
InternetSetOptionExA
HttpOpenRequestA
InternetOpenA
InternetCrackUrlA
InternetReadFile
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
InternetGetConnectedState
InternetCanonicalizeUrlA
InternetQueryOptionA
GetUrlCacheEntryInfoW

wsock32

setsockopt
closesocket
select
WSAGetLastError
gethostbyname
recv
send
WSACleanup
socket
WSAStartup
WSASetLastError
ioctlsocket
htons
connect

urlmon

ObtainUserAgentString
URLDownloadToFileW

crypt32

CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertGetNameStringW
CertGetNameStringA
CryptProtectData
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CryptUnprotectData

msimg32

GradientFill

winmm

timeGetTime
sndPlaySoundW
PlaySoundA
PlaySoundW

kernel32

GetLastError
ReleaseMutex
GetCurrentThreadId
CloseHandle
Sleep
TerminateProcess
TerminateThread
lstrlenW
lstrlenA
GetVersionExW
GetShortPathNameW
GetUserDefaultLCID
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetOEMCP
GetACP
IsValidCodePage
HeapSize
ExitProcess
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
WriteConsoleW
GetModuleHandleExW
GetStdHandle
GetFileType
GetConsoleCP
ReadConsoleW
GetConsoleMode
RtlUnwind
RaiseException
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
LoadLibraryExW
ExitThread
HeapReAlloc
DecodePointer
EncodePointer
InterlockedExchange
OpenEventW
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
CreateMutexW
TlsSetValue
TlsFree
TlsGetValue
TlsAlloc
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
GetOverlappedResult
WriteFile
SetNamedPipeHandleState
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
MoveFileExW
FindClose
FindNextFileW
RemoveDirectoryW
FindFirstFileW
GetFileTime
GetSystemTimeAsFileTime
ReadFile
GlobalLock
GlobalAlloc
GetFileSize
CreateFileW
GlobalFree
GlobalUnlock
GetEnvironmentVariableW
HeapFree
GetProcessHeap
HeapAlloc
MulDiv
SetFileAttributesW
DeleteFileW
OpenMutexW
LoadLibraryA
LocalAlloc
SizeofResource
GetComputerNameW
IsWow64Process
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringW
MultiByteToWideChar
WideCharToMultiByte
SetLastError
GetSystemDirectoryW
CreateRemoteThread
GetLongPathNameW
CreateDirectoryW
WaitForMultipleObjects
CreateEventA
SetEvent
Thread32Next
Thread32First
SetThreadPriority
GetCurrentThread
GetThreadPriority
ResumeThread
GetThreadContext
SuspendThread
OpenThread
VirtualFree
VirtualAlloc
VirtualQuery
GetSystemInfo
FlushInstructionCache
VirtualProtectEx
GetCurrentProcess
CreateProcessW
ExpandEnvironmentStringsW
GetLocaleInfoW
Beep
GetTimeFormatW
GetDateFormatW
GetLocalTime
SystemTimeToFileTime
InitializeCriticalSectionAndSpinCount
GetTempPathW
FreeResource
LockResource
LoadResource
FindResourceW
GetFileAttributesW
GetStringTypeW
GetModuleHandleA
GetProcAddress
VirtualFreeEx
LocalFree
lstrcpyA
lstrcpyW
InterlockedIncrement
LoadLibraryW
GetModuleHandleW
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
WaitForSingleObject
CreateThread
OpenProcess
GetModuleFileNameW
FreeLibrary
InterlockedDecrement
WriteProcessMemory
VirtualAllocEx
CopyFileW
GetTickCount
DosDateTimeToFileTime
CreateEventW
LoadLibraryExA

user32

SendMessageA
ShowWindow
MoveWindow
SetWindowTextW
SetWindowTextA
wsprintfW
SetDlgItemTextW
GetClientRect
GetWindowRect
GetDlgCtrlID
GetWindowLongW
GetParent
ClientToScreen
SetWindowLongW
CallWindowProcA
PostMessageA
LoadCursorW
GetMessageW
PeekMessageW
MessageBoxW
IsRectEmpty
RegisterClassExW
GetClassInfoExW
SetClassLongA
CopyRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CharUpperW
IsWindow
GetDlgItem
InvalidateRect
InflateRect
SetLayeredWindowAttributes
LoadImageW
GetWindowRgn
MessageBeep
GetActiveWindow
IsDialogMessageW
IsDialogMessageA
SetDlgItemInt
GetKeyState
SetForegroundWindow
GetDlgItemTextA
SetClassLongW
RemovePropW
FrameRect
DrawFrameControl
AllowSetForegroundWindow
DeferWindowPos
DrawEdge
MsgWaitForMultipleObjects
PeekMessageA
PostThreadMessageA
SetParent
GetDlgItemTextW
GetScrollInfo
GetMenuState
SetMenuItemInfoW
EnableMenuItem
DeleteMenu
TrackPopupMenu
InsertMenuItemA
CreatePopupMenu
DestroyMenu
GetMenuItemID
SetMenuInfo
GetMenuInfo
IsMenu
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
CharLowerBuffA
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetUpdateRect
GetCapture
DispatchMessageA
DispatchMessageW
TranslateMessage
ReleaseCapture
GetMessageA
SetCapture
SetActiveWindow
EndPaint
BeginPaint
SetRect
OffsetRect
DrawIconEx
GetIconInfo
DestroyIcon
GetMenuItemRect
FillRect
UnregisterClassA
CheckMenuItem
GetMenuItemInfoW
GetMenuItemCount
FindWindowExW
GetWindowThreadProcessId
GetForegroundWindow
GetWindowTextLengthW
SendMessageW
EndDialog
FindWindowW
GetWindowTextW
GetAsyncKeyState
GetMenuItemInfoA
GetSystemMetrics
SetWindowRgn
RegisterWindowMessageA
GetClassNameW
DestroyWindow
CreateWindowExW
SetWindowLongA
GetWindowLongA
GetDesktopWindow
IsChild
GetFocus
KillTimer
GetSysColor
IsWindowUnicode
PostMessageW
SetWindowPos
RegisterClassW
GetClassInfoW
SetTimer
SetFocus
PtInRect
ScreenToClient
GetCursorPos
IsWindowVisible
SetRectEmpty
CallWindowProcW
GetPropW
SetPropW
DefWindowProcW
LoadCursorA
SetCursor
ReleaseDC
DrawTextW
GetDC
SendInput
IsIconic
GetLastInputInfo
RegisterWindowMessageW
MonitorFromRect
GetMonitorInfoA
EnumChildWindows
SystemParametersInfoW
EnumWindows
GetClassNameA
DrawFocusRect
DialogBoxParamW
CreateDialogParamW
SendMessageTimeoutA
DefWindowProcA

gdi32

StretchBlt
SetStretchBltMode
GetStretchBltMode
GetObjectW
FrameRgn
OffsetRgn
SetRectRgn
ExcludeClipRect
TextOutW
SetTextAlign
GetPixel
CombineRgn
BitBlt
CreateCompatibleBitmap
Polygon
GdiFlush
SetPixel
GetObjectA
GetTextAlign
GetLayout
GetTextExtentPoint32W
Rectangle
DeleteDC
CreateCompatibleDC
SetBkColor
CreateSolidBrush
CreateFontIndirectW
CreateRectRgn
DeleteObject
LineTo
MoveToEx
SelectObject
CreatePen
SetWindowOrgEx
GetWindowOrgEx
SetTextColor
SetBkMode
GetStockObject
RoundRect
SetLayout
GetDeviceCaps
PtInRegion
GetTextColor
SelectPalette
RealizePalette
PlgBlt
GetBkMode
GetBkColor
CreateDCW
GetDIBits

comdlg32

GetOpenFileNameW

advapi32

RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExA
RegDeleteKeyA
OpenProcessToken
DeleteAce
LookupAccountSidW
GetAce
GetNamedSecurityInfoW
SetEntriesInAclA
SetNamedSecurityInfoW
CryptAcquireContextA
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
ConvertSidToStringSidA
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
DuplicateTokenEx
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetUserNameW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
RegCreateKeyExW

shell32

SHCreateDirectoryExW
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW

ole32

CLSIDFromString
CoGetMalloc
StringFromIID
IIDFromString
CoInitialize
CoCreateInstance
StringFromGUID2
CoInitializeEx
CoTaskMemFree
CreateStreamOnHGlobal
CoSetProxyBlanket
CoInitializeSecurity
CoCreateGuid
OleUninitialize
OleInitialize
CoUninitialize

oleaut32

SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayCreateVector
SysStringByteLen
SysAllocString
SysFreeString
CreateDispTypeInfo
OleLoadPicture
VariantInit
VariantClear
VariantChangeType
SysAllocStringByteLen
SysStringLen
VarBstrCmp
SysAllocStringLen
VariantCopy

psapi

GetProcessImageFileNameW
EnumProcessModules
GetProcessMemoryInfo
EnumProcesses
GetModuleBaseNameW
GetModuleFileNameExW

shlwapi

PathFindFileNameW
SHDeleteKeyA
UrlEscapeW
PathFileExistsW
StrCpyW

dnsapi

DnsQuery_A

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

DLLOnUninstallEraseAll
DLLSetToolbarSearchScopeSuggestionState
DllAddInstalltionGlobalKey
DllBrowserSearchProtectorRevert
DllCallInstallerService
DllCanUnloadNow
DllCheckIfUninstallRevertSettingsNeeded
DllCleanEnableExtensionDoing
DllConnectToIE
DllDeleteOldName
DllEnableExtension
DllExpireSocialCookies
DllGetClassObject
DllGetInstallFileNameExt
DllGetInstallFileNameExtW
DllGetInstallationId
DllGetMachineID
DllHandleUserID
DllHomePageProtectorRevert
DllIsToolbarActuallyVisible
DllModifySearchEngine
DllModifySearchEngineNonSilent
DllModifySearchEngineSilent
DllOnUninstall
DllOnUninstallFromHtmlDialog
DllOnUpdateFinish
DllProxyRegisterEngineEmbeddedUpdate
DllProxyRegisterServer
DllProxyUnregisterServer
DllRegisterEngineEmbeddedUpdate
DllRegisterServer
DllRevertIENewTabBehaviour
DllRunBackgroundContainerOnMediumIntegrity
DllRunIEMediumIntegrity
DllRunNonSilentInstall
DllSendAutoUpdateRevertLog
DllSendHomepageSetUsage
DllSendInstallationUsage
DllShowUninstallDialog
DllSingleComponentInstall
DllStopBackgroundContainer
DllUnblockToolbarIfNeeded
DllUpdate
DllVerifyEnableExtension
DllWriteSocialCookies

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 830KB - Virtual size: 829KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 186KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 474KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_89_
.exe windows:5 windows x86 arch:x86

7b25d62fac6a93a74552bdc3dd699b98

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:f2:3d:cc:93:55:ab:6d:73:01:69:23:5b:cc:8c:e8:25:b7:8e:77
Signer

Actual PE Digest

77:f2:3d:cc:93:55:ab:6d:73:01:69:23:5b:cc:8c:e8:25:b7:8e:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.12\6.12.0\ToolbarHelper\Release\ToolbarHelper.pdb

Imports

kernel32

GetCommandLineW
LocalFree
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
WriteConsoleW
SetStdHandle
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetLastError
SetLastError
GetCurrentThreadId
MultiByteToWideChar
HeapFree
HeapAlloc
RaiseException
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
Sleep
RtlUnwind
GetStringTypeW
LCMapStringW
LoadLibraryExW
OutputDebugStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapReAlloc
SetFilePointerEx
HeapSize
CloseHandle
CreateFileW

shell32

CommandLineToArgvW

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C:/Produtools_Maps_B2/$_122_/BackgroundContainer.dll
.dll windows:5 windows x86 arch:x86

54503cbc01fbf1721dff1ee26a136960

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/01/2013, 00:00

Not After

03/04/2016, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,L=Ness Ziona,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:5b:2c:d8:cd:32:10:4d:5e:58:e3:68:a7:07:63:2c:e2:59:df:3e
Signer

Actual PE Digest

41:5b:2c:d8:cd:32:10:4d:5e:58:e3:68:a7:07:63:2c:e2:59:df:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.17\6.17.1\BackgroundContainer\Release\BackgroundContainer.pdb

Imports

urlmon

URLDownloadToFileW

kernel32

CreateThread
InterlockedDecrement
GetProcAddress
FreeLibrary
LoadLibraryW
TerminateThread
WaitForSingleObject
SetEvent
CreateMutexW
GetLastError
ReleaseMutex
CreateEventW
WaitForMultipleObjects
MultiByteToWideChar
WideCharToMultiByte
FormatMessageW
LocalFree
OpenEventW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
InterlockedIncrement
lstrlenW
LocalAlloc
GetModuleFileNameW
CreateDirectoryW
GetVersionExW
GetEnvironmentVariableW
GetModuleHandleExW
SetLastError
lstrlenA
HeapDestroy
HeapAlloc
InitializeCriticalSectionAndSpinCount
HeapFree
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
EncodePointer
DecodePointer
Sleep
GetSystemTimeAsFileTime
GetCommandLineA
CloseHandle
IsDebuggerPresent
IsProcessorFeaturePresent
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
WriteFile
ExitProcess
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
OutputDebugStringW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
HeapReAlloc
GetCurrentThreadId

advapi32

InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegCloseKey
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
CryptHashData
RegDeleteValueW
GetUserNameW
RegEnumKeyExW
CryptGetHashParam
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW

ole32

CoInitializeEx
CoInitialize
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitializeSecurity

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString
VariantChangeType

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

crypt32

CertFindCertificateInStore
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam
CertGetNameStringW

shlwapi

PathFileExistsW
PathStripPathW
PathRemoveFileSpecW

shell32

SHGetFolderPathW

Exports

Exports

DllRun

Sections

.text
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GottenAppsContextMenu.xml
OtherAppsContextMenu.xml
SharedAppsContextMenu.xml
ToolbarContextMenu.xml
toolbar.cfg

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

08:76:6c:d2:bb:8b:db:1d:74:98:1c:7e:92:86:74:67:48:f0:10:87Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 4.3MB

.rsrc Size: 4KB - Virtual size: 3KB

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 48B

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 590B

6a53511d70a353598fbaca220bfb6a3b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shlwapi

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

08:76:6c:d2:bb:8b:db:1d:74:98:1c:7e:92:86:74:67:48:f0:10:87
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 4.3MB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 6KB - Virtual size: 5KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3a:82:65:47:19:d8:f7:5b:59:13:4f:7b:66:46:52:10
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

18:18:9a:d4:3c:ab:58:d4:78:82:b4:07:f8:bf:93:46:76:19:04:27
Signer

.text
Size: 188KB - Virtual size: 188KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 46KB - Virtual size: 45KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

b7:bf:05:61:32:c1:22:f2:b3:29:a4:ee:19:08:a6:67:df:9b:00:9f
Signer