0ec23f16c75a3a6d76be54dbc0ee7d48_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0ec23f16c75a3a6d76be54dbc0ee7d48_JaffaCakes118
Size

3.2MB
MD5

0ec23f16c75a3a6d76be54dbc0ee7d48
SHA1

06d9be6d6c96ab1a7b9b742fd08b1547b3d3be64
SHA256

227b6190a87c0349b1a2cc0eb879bdd9b12a5a8e7363363fc64468c0e9a05f0c
SHA512

bc92ad2ad26acbafca5a399cd1d527e18c290784f5a476dd1ceb11f615c27b9c4a402219466bdd43534e80c742ac90b244da0d3b0e8d934cc790e727a8c74fb5
SSDEEP

98304:/G950gNq/8QvNpnTat7zj/GlFxpjnC1hs9eCeOeFGYK:/+Z7QFpWNf0ftIhKeCFXYK

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/nsRandom.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/nsRandom.dll	upx

Unsigned PE 25 IoCs

Checks for missing Authenticode signature.

resource
0ec23f16c75a3a6d76be54dbc0ee7d48_JaffaCakes118
unpack001/$PLUGINSDIR/DcryptDll.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/locate.dll
unpack001/$PLUGINSDIR/nsRandom.dll
unpack002/out.upx
unpack001/$PLUGINSDIR/xml.dll
unpack001/BrowserGUI.dll
unpack001/ConfigurationGUI.dll
unpack001/LauncherGUI.dll
unpack001/Resources.dll
unpack001/StealthMode.dll
unpack001/USShellExt.dll
unpack001/USShellExt64.dll
unpack001/USShellExt64_07.dll
unpack001/USShellExt_07.dll
unpack001/US_ExcelAddin.dll
unpack001/US_ExcelAddin_07.dll
unpack001/US_WinLogon.dll
unpack001/US_WordAddin.dll
unpack001/US_WordAddin_07.dll
unpack001/sqlite3.dll
unpack001/uninst.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

0ec23f16c75a3a6d76be54dbc0ee7d48_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DcryptDll.dll
.dll windows:4 windows x86 arch:x86

5e1d3f49e5b7590e18325930cd3084f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSize
CreateFileA
lstrlenA
DeleteFileA
WriteFile
ReadFile
lstrcmpA
CloseHandle
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc

Exports

Exports

Decrypt
HexDecoder
HexEncoder
LoadStr
MD5Hash

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 730B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/locate.dll
.dll windows:4 windows x86 arch:x86

7f8181c74f882a780c7cd485241e8b51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
MultiByteToWideChar
lstrlenW
lstrlenA
GetWindowsDirectoryW
WideCharToMultiByte
CompareFileTime
FindNextFileA
FindNextFileW
FileTimeToSystemTime
RemoveDirectoryA
RemoveDirectoryW
FindFirstFileA
FindFirstFileW
FindClose
SystemTimeToFileTime
FileTimeToLocalFileTime

user32

SetWindowTextA
SetWindowTextW
GetDlgItem
FindWindowExA
MessageBoxW

Exports

Exports

_Close
_Find
_GetSize
_Open
_RMDirEmpty
_Unload

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsRandom.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetRandom

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/xml.dll
.dll windows:4 windows x86 arch:x86

b5ed5b3a951d4443ce56e5453702d536

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpynA
lstrcmpA
lstrcmpiA
lstrcpyA
RtlUnwind
GetModuleFileNameA
RaiseException
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapSize
GetLastError
LoadLibraryA
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
CloseHandle
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileA
VirtualProtect
GetSystemInfo
VirtualQuery
SetStdHandle
GetLocaleInfoA
InterlockedExchange
SetEndOfFile

Exports

Exports

_CloneNode
_Coordinate
_CreateNode
_CreateText
_CurrentAttribute
_DeclarationEncoding
_DeclarationStandalone
_DeclarationVersion
_ElementPath
_FindCloseElement
_FindNextElement
_FirstAttribute
_FirstChild
_FirstChildElement
_FreeNode
_GetAttribute
_GetNodeValue
_GetText
_GotoHandle
_GotoPath
_InsertAfterNode
_InsertBeforeNode
_InsertEndChild
_IsCDATA
_LastAttribute
_LastChild
_LoadFile
_NextAttribute
_NextSibling
_NextSiblingElement
_NoChildren
_NodeHandle
_NodeType
_Parent
_PreviousAttribute
_PreviousSibling
_RemoveAllChild
_RemoveAttribute
_RemoveNode
_ReplaceNode
_RootElement
_SaveFile
_SetAttribute
_SetAttributeName
_SetAttributeValue
_SetCDATA
_SetCondenseWhiteSpace
_SetEncoding
_SetNodeValue
_SetText
_Unload
_XPathAttribute
_XPathNode
_XPathString

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/key.lky
AppsProfiles/ACDSee Pro Photo Manager.APF
AppsProfiles/AOL Instant Messenger.apf
AppsProfiles/AVG.APF
AppsProfiles/Acrobat Reader.APF
AppsProfiles/Adobe Acrobat.APF
AppsProfiles/Adobe Photoshop CS2.APF
AppsProfiles/Adobe Photoshop Elements.APF
AppsProfiles/BSPlayer.apf
AppsProfiles/CuteFTP Home.APF
AppsProfiles/DivX Player.APF
AppsProfiles/Download Accelerator Plus.APF
AppsProfiles/Google Talk.APF
AppsProfiles/Google Toolbar.APF
AppsProfiles/ICQ2003b.apf
AppsProfiles/Kazaa.APF
AppsProfiles/LimeWire.APF
AppsProfiles/MSN.apf
AppsProfiles/Macromedia Flash Player.APF
AppsProfiles/McAfee Firewall.APF
AppsProfiles/Music Match Jukebox.APF
AppsProfiles/Norton AntiVirus.APF
AppsProfiles/Norton Internet Security.APF
AppsProfiles/Norton Personal Firewall.APF
AppsProfiles/Paint Shop Pro.APF
AppsProfiles/PowerZip.APF
AppsProfiles/QuickTime.APF
AppsProfiles/Real Player.APF
AppsProfiles/Trend Micro Anti-Spyware.APF
AppsProfiles/Trend Micro Internet Security.APF
AppsProfiles/Trend Micro Personal Firewall.APF
AppsProfiles/Trillian.apf
AppsProfiles/UEStudio.APF
AppsProfiles/UltraCompare.apf
AppsProfiles/UltraEdit.APF
AppsProfiles/UltraSentry.apf
AppsProfiles/WinRAR.APF
AppsProfiles/WinZip.APF
AppsProfiles/Winamp.APF
AppsProfiles/Yahoo Toolbar.APF
AppsProfiles/Yahoo!.apf
AppsProfiles/Zone Alarm Security Suite.APF
AppsProfiles/eMule.APF
AppsProfiles/eTrust Anti-Virus.APF
AppsProfiles/iTunes.APF
BrowserGUI.dll
.dll windows:4 windows x86 arch:x86

7a7c23fd870c1853769e41a5b993ef32

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Remove
CreateToolbarEx
ImageList_GetIconSize
ord6
_TrackMouseEvent
ImageList_LoadImageA
ImageList_GetIcon
InitCommonControlsEx
ImageList_Add

kernel32

GetModuleHandleA
GetModuleFileNameA
GetTimeFormatA
GetTickCount
LocalFree
FormatMessageA
GetProcAddress
CreateDirectoryA
GetFileAttributesA
ExitProcess
GetSystemTime
SetFileAttributesA
FileTimeToSystemTime
lstrcpynA
AreFileApisANSI
GetFullPathNameA
FindFirstFileA
HeapFree
HeapAlloc
GetProcessHeap
GetSystemInfo
LCMapStringA
ReadFile
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
LoadLibraryExA
SetHandleCount
HeapSize
GetStdHandle
WriteFile
IsValidCodePage
GetOEMCP
GetCPInfo
HeapCreate
HeapDestroy
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetDriveTypeA
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
VirtualQuery
VirtualProtect
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
SetFilePointer
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
WriteConsoleA
LCMapStringW
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
CompareStringA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
IsDBCSLeadByte
lstrcmpiA
InterlockedDecrement
InterlockedIncrement
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
SetEnvironmentVariableA
DisableThreadLibraryCalls
LoadLibraryA
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateEventA
GetVersionExA
Sleep
ResetEvent
WaitForSingleObject
FindClose
SetEvent
SetLastError
GetCurrentThreadId
GetLastError
MulDiv
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenA
GetCurrentProcess
FlushInstructionCache
GetFileType

user32

SetCapture
ScreenToClient
LoadBitmapA
CreateDialogParamA
PostMessageA
ReleaseCapture
SetWindowTextA
IsDlgButtonChecked
BeginPaint
EndPaint
SetCursor
GetCursorPos
SetParent
GetFocus
EnableWindow
GetWindowTextLengthA
CheckDlgButton
LoadImageA
GetMessageA
TranslateMessage
DispatchMessageA
RegisterClassExA
SetRect
GetDlgItemTextA
CharNextA
GetClassInfoExA
UpdateWindow
GetKeyState
TrackPopupMenuEx
DestroyMenu
LoadMenuA
LoadIconA
EnableMenuItem
PostQuitMessage
DrawIconEx
DestroyIcon
GetWindowTextA
GetSubMenu
GetActiveWindow
DialogBoxParamA
GetMenuState
CheckMenuItem
GetSystemMetrics
MessageBoxA
SetFocus
KillTimer
SetTimer
InvalidateRect
ClientToScreen
GetWindowPlacement
SetMenu
GetMenu
SetActiveWindow
SetForegroundWindow
BringWindowToTop
DrawEdge
DrawTextA
DeleteMenu
InsertMenuItemA
FillRect
GetMenuItemCount
GetMenuItemInfoA
SetMenuItemInfoA
LoadStringA
SetDlgItemTextA
GetDesktopWindow
GetDC
GetParent
GetWindow
SystemParametersInfoA
GetClientRect
MapWindowPoints
GetDlgItem
ReleaseDC
GetWindowRect
EndDialog
CreateWindowExA
SetWindowPos
GetWindowLongA
CallWindowProcA
IsWindow
DestroyWindow
DefWindowProcA
GetSysColor
SetWindowLongA
SendMessageA
MoveWindow
ShowWindow
LoadCursorA
UnregisterClassA

gdi32

CreateSolidBrush
DeleteObject
SelectObject
GetTextExtentPoint32A
EndPage
StartPage
StartDocA
CreateFontIndirectA
SetBkMode
SetTextColor
LineTo
MoveToEx
CreatePen
SetBkColor
TextOutA
GetStockObject
DeleteDC
GetDeviceCaps
EndDoc

comdlg32

PrintDlgA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey

shell32

SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree

oleaut32

VarUI4FromStr

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

Exports

Exports

CloseFileBrowserWindow
InvokeShellProgressDlg
NotifyDeletingFileName
NotifyDeletingShellFileName
NotifyDeletionFailure
NotifyOperationComplete
NotifyProgress
NotifyShellDeletionProgress
NotifyWipeComplete
RevokeShellProgressDlg
SetForegroundFBWindow
ShowFileBrowserWindow
ShowSysFilesDeletionWarning

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

epl_1
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 448KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ConfigurationGUI.dll
.dll windows:4 windows x86 arch:x86

47218ceb221ec0c4ac87595d9cd0f0ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

sqlite3

sqlite3_open
sqlite3_prepare
sqlite3_step
sqlite3_column_text
sqlite3_close

wininet

FindCloseUrlCache
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

shlwapi

StrStrA

comctl32

ord17
ImageList_Destroy
InitCommonControlsEx
ImageList_LoadImageA

kernel32

lstrlenA
SetLastError
GetCurrentThreadId
RaiseException
FlushInstructionCache
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
LoadLibraryA
DisableThreadLibraryCalls
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
GetModuleFileNameA
MultiByteToWideChar
lstrlenW
GetLastError
InitializeCriticalSection
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
MulDiv
GetLocalTime
GetSystemTime
GetDriveTypeA
GetLogicalDriveStringsA
FindClose
FindNextFileA
FindFirstFileA
lstrcatA
DeleteFileA
lstrcpynA
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
GetProcAddress
ExpandEnvironmentStringsA
GetTempPathA
lstrcpyA
SetErrorMode
CreateDirectoryA
HeapFree
LocalFree
HeapAlloc
GetProcessHeap
ExitProcess
FreeEnvironmentStringsW
GetSystemInfo
GetEnvironmentVariableA
GetVersion
ReadFile
CreateFileA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
CloseHandle
LCMapStringW
LCMapStringA
HeapCreate
HeapDestroy
GetStdHandle
WriteFile
HeapSize
Sleep
IsValidCodePage
GetOEMCP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
VirtualQuery
VirtualProtect
IsDebuggerPresent
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
GetEnvironmentStringsW
SetStdHandle
FlushFileBuffers
WriteConsoleA
SetFilePointer
GetStringTypeA
GetStringTypeW
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetTickCount

user32

GetDlgItemInt
CheckDlgButton
GetWindowTextA
GetSysColor
SetDlgItemTextA
GetDlgItemTextA
LoadIconA
IsDlgButtonChecked
SetDlgItemInt
LoadBitmapA
GetFocus
CreateDialogParamA
DestroyWindow
GetWindowTextLengthA
DestroyIcon
LoadImageA
SetWindowTextA
UnregisterClassA
GetScrollInfo
GetKeyNameTextA
MapVirtualKeyA
RedrawWindow
GetScrollBarInfo
PtInRect
GetCursorPos
CreateWindowExA
CallWindowProcA
DefWindowProcA
GetKeyState
PostMessageA
GetMessagePos
SetFocus
GetParent
GetWindow
GetWindowRect
GetWindowLongA
SystemParametersInfoA
MapWindowPoints
SetWindowPos
MessageBoxA
GetDesktopWindow
SetActiveWindow
SetForegroundWindow
BringWindowToTop
IsWindow
ShowWindow
DialogBoxParamA
LoadStringA
GetActiveWindow
GetCaretPos
ClientToScreen
EnableWindow
SetWindowLongA
GetDlgItem
InvalidateRect
ReleaseDC
EndDialog
GetDC
GetSystemMetrics
GetClientRect
MoveWindow
SendMessageA
GetDlgCtrlID
CharNextA
SetScrollInfo

gdi32

CreateFontIndirectA
GetFontData
GetTextExtentPoint32A
SelectObject
GetDeviceCaps

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegEnumKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
GetUserNameA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegEnumValueA

shell32

SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

oleaut32

VarUI4FromStr

Exports

Exports

AddProfileSelected
CloseConfiguratorWindow
RunCleanWizard
RunProfileConfirmationWindow
ScheduleProfileSelected
ShowAddSecurityLevelWindow
ShowConfigurationWindow

Sections

.text
Size: 576KB - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

epl_1
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 372KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LauncherGUI.dll
.dll windows:4 windows x86 arch:x86

3f5f676436bc62cdd45415af81130ba8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetOpenA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
InternetErrorDlg
HttpOpenRequestA
InternetCloseHandle
InternetConnectA

comctl32

ImageList_LoadImageA
_TrackMouseEvent

kernel32

ResetEvent
SetEvent
LoadLibraryA
DisableThreadLibraryCalls
TerminateProcess
GetLastError
CreateMutexA
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenA
GetModuleFileNameA
MultiByteToWideChar
lstrlenW
InitializeCriticalSection
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
FindClose
FindNextFileA
FindFirstFileA
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpA
lstrcatA
lstrcpyA
DeleteFileA
GetVersionExA
ReadFile
CreateFileA
GetDriveTypeA
CreateDirectoryA
GetFileAttributesA
ExitProcess
GetSystemTime
SetFileAttributesA
FileTimeToSystemTime
lstrcpynA
AreFileApisANSI
GetFullPathNameA
GetProcAddress
WaitForSingleObject
GetTempPathA
HeapFree
HeapAlloc
GetProcessHeap
GetSystemInfo
GetCPInfo
GetStdHandle
WriteFile
HeapSize
Sleep
HeapCreate
HeapDestroy
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
VirtualQuery
VirtualProtect
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetStartupInfoA
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetCurrentDirectoryA
SetHandleCount
GetConsoleCP
CloseHandle
CreateEventA
GetTickCount
GetTimeFormatA
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
FlushInstructionCache
RaiseException
GetCurrentThreadId
SetLastError
GetConsoleMode
MulDiv
GetOEMCP
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
ExpandEnvironmentStringsA
GetFileType

user32

DestroyWindow
UnregisterClassA
SetCapture
ReleaseCapture
ClientToScreen
CreateAcceleratorTableA
GetClassNameA
IsChild
SetFocus
GetFocus
DestroyAcceleratorTable
GetWindowTextLengthA
RegisterWindowMessageA
GetClassInfoExA
RegisterClassExA
ScreenToClient
MoveWindow
SetTimer
RegisterClassA
DispatchMessageA
GetMessageA
EnableMenuItem
PostQuitMessage
DestroyMenu
CreateWindowExA
wsprintfA
BeginPaint
EndPaint
SetCursor
LoadCursorA
SetForegroundWindow
TrackPopupMenu
EnableWindow
SendDlgItemMessageA
CallWindowProcA
DefWindowProcA
RedrawWindow
GetSubMenu
LoadMenuA
GetCursorPos
SetDlgItemInt
GetDlgCtrlID
PtInRect
GetScrollBarInfo
GetKeyState
GetScrollInfo
SetScrollInfo
DrawTextA
ShowWindow
GetSysColorBrush
FillRect
LoadIconA
GetSysColor
PostMessageA
IsWindow
LoadStringA
UpdateWindow
InvalidateRect
MessageBoxA
SetDlgItemTextA
GetDlgItemTextA
DialogBoxParamA
GetActiveWindow
GetParent
GetWindow
GetWindowRect
GetWindowLongA
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetDesktopWindow
GetDC
ReleaseDC
LoadImageA
SetWindowTextA
GetWindowTextA
SetWindowLongA
GetDlgItem
EndDialog
SendMessageA
BringWindowToTop
CharNextA
InvalidateRgn

gdi32

CreateCompatibleDC
SetBkMode
GetObjectA
GetFontData
SelectObject
StartDocA
BitBlt
GetStockObject
StartPage
GetTextExtentPoint32A
EndPage
EndDoc
DeleteDC
CreateSolidBrush
SetBkColor
SetTextColor
TextOutA
DeleteObject
CreateCompatibleBitmap
CreateFontIndirectA
GetDeviceCaps

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumValueA

shell32

ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
OleUninitialize
CreateStreamOnHGlobal
OleInitialize
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
StringFromGUID2
OleLockRunning
CoCreateInstance

oleaut32

SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
VariantInit
SysStringLen
SysAllocString
VariantClear
VarUI4FromStr
SysFreeString

Exports

Exports

FinishMonitorProfileProcessing
InvokeTrayIcon
MonitorProfileProcessing
NotifyProfileDeletionFailure
NotifyProgress
RevokeTrayIcon
RunExit
SMDeletionComplete
SetEventsHandler
SetItemState
SetLogInfo
SetOperationStatus
SetRestartOnUSWinLogon
ShowAboutDlg
ShowAuthDlg
ShowCfuDlg
ShowConfirmationDlg
ShowFailureDlg
ShowInformationDlg
ShowNagFrame
ShowPasswordWelcomeDlg
ShowRestAfterDLG
ShowRunProfileDLG
ShowTrialDlg
ShowUpdateQueryDlg

Sections

.text
Size: 308KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

epl_1
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Resources.dll
.dll windows:4 windows x86 arch:x86

d811d71710ad58776155b7a8da1fa9db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StealthMode.dll
.dll windows:4 windows x86 arch:x86

d0d6e2aa84daac0ff77db9c9e9f3c616

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CallNextHookEx
EnumWindows
SendMessageTimeoutA

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
WriteFile
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

KeyBoardHook

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
US.REG
USShellExt.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2e00c892de34ccda8adb57ad7c5b2ea7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

kernel32

lstrcmpiA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetVersionExA
GetVersion
lstrcpynA
AreFileApisANSI
SetLastError
GetFullPathNameA
GetFileAttributesA
GetProcAddress
LoadLibraryA
lstrlenA
InitializeCriticalSection
HeapAlloc
GetProcessHeap
GetCurrentProcess
CloseHandle
WaitForSingleObject
lstrcpynW
UnmapViewOfFile
CreateProcessA
MapViewOfFile
CreateFileMappingA
GlobalUnlock
GlobalLock
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLastError
HeapFree
DeleteCriticalSection
LeaveCriticalSection
GetCurrentProcessId
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
Sleep
HeapSize
TlsFree
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
VirtualFree
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue

user32

GetMenuItemCount
CharNextA
SetMenuItemBitmaps
LoadImageA
LoadBitmapA
GetKeyState
IsWindow
LoadStringA
UnregisterClassA
GetMenuStringA
DeleteMenu
InsertMenuA
GetSystemMetrics

advapi32

RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA

shell32

SHGetMalloc
SHGetDesktopFolder
DragQueryFileA
SHGetPathFromIDListA

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
ReleaseStgMedium
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
USShellExt64.dll
.dll regsvr32 windows:4 windows x64 arch:x64

0ea1ed41ecd7b089177e95264d8227ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

kernel32

lstrcmpiA
DisableThreadLibraryCalls
GetModuleFileNameA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetVersionExA
GetVersion
lstrcpynA
AreFileApisANSI
SetLastError
GetFullPathNameA
GetFileAttributesA
GetProcAddress
LoadLibraryA
HeapFree
lstrlenA
InitializeCriticalSection
GetProcessHeap
GetCurrentProcess
CloseHandle
WaitForSingleObject
lstrcpynW
UnmapViewOfFile
CreateProcessA
MapViewOfFile
CreateFileMappingA
GlobalUnlock
GlobalLock
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
GetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetConsoleOutputCP
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
SetHandleCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
CreateFileA
WriteConsoleW
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
Sleep
HeapSize
FlsAlloc
GetACP
GetLocaleInfoA
GetThreadLocale
RtlPcToFileHeader
RtlUnwindEx
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
RtlLookupFunctionEntry
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
ExitThread
GetCurrentThreadId
CreateThread
FlsSetValue
GetCommandLineA
ExitProcess
WriteFile
GetStdHandle
HeapSetInformation
HeapCreate
HeapDestroy
RtlVirtualUnwind
FlsGetValue
TlsFree
FlsFree
TlsSetValue
GetEnvironmentStrings

user32

LoadBitmapA
GetKeyState
IsWindow
LoadStringA
GetMenuItemCount
GetMenuStringA
DeleteMenu
InsertMenuA
GetSystemMetrics
LoadImageA
SetMenuItemBitmaps
CharNextA
UnregisterClassA

advapi32

RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA

shell32

DragQueryFileA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc

ole32

ReleaseStgMedium
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
USShellExt64_07.dll
.dll regsvr32 windows:4 windows x64 arch:x64

0ea1ed41ecd7b089177e95264d8227ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

kernel32

lstrcmpiA
DisableThreadLibraryCalls
GetModuleFileNameA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetVersionExA
GetVersion
lstrcpynA
AreFileApisANSI
SetLastError
GetFullPathNameA
GetFileAttributesA
GetProcAddress
LoadLibraryA
HeapFree
lstrlenA
InitializeCriticalSection
GetProcessHeap
GetCurrentProcess
CloseHandle
WaitForSingleObject
lstrcpynW
UnmapViewOfFile
CreateProcessA
MapViewOfFile
CreateFileMappingA
GlobalUnlock
GlobalLock
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
GetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetConsoleOutputCP
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
SetHandleCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
CreateFileA
WriteConsoleW
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
Sleep
HeapSize
FlsAlloc
GetACP
GetLocaleInfoA
GetThreadLocale
RtlPcToFileHeader
RtlUnwindEx
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
RtlLookupFunctionEntry
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
ExitThread
GetCurrentThreadId
CreateThread
FlsSetValue
GetCommandLineA
ExitProcess
WriteFile
GetStdHandle
HeapSetInformation
HeapCreate
HeapDestroy
RtlVirtualUnwind
FlsGetValue
TlsFree
FlsFree
TlsSetValue
GetEnvironmentStrings

user32

LoadBitmapA
GetKeyState
IsWindow
LoadStringA
GetMenuItemCount
GetMenuStringA
DeleteMenu
InsertMenuA
GetSystemMetrics
LoadImageA
SetMenuItemBitmaps
CharNextA
UnregisterClassA

advapi32

RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA

shell32

DragQueryFileA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc

ole32

ReleaseStgMedium
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
USShellExt_07.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2e00c892de34ccda8adb57ad7c5b2ea7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

kernel32

lstrcmpiA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetVersionExA
GetVersion
lstrcpynA
AreFileApisANSI
SetLastError
GetFullPathNameA
GetFileAttributesA
GetProcAddress
LoadLibraryA
lstrlenA
InitializeCriticalSection
HeapAlloc
GetProcessHeap
GetCurrentProcess
CloseHandle
WaitForSingleObject
lstrcpynW
UnmapViewOfFile
CreateProcessA
MapViewOfFile
CreateFileMappingA
GlobalUnlock
GlobalLock
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLastError
HeapFree
DeleteCriticalSection
LeaveCriticalSection
GetCurrentProcessId
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
Sleep
HeapSize
TlsFree
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
VirtualFree
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue

user32

GetMenuItemCount
CharNextA
SetMenuItemBitmaps
LoadImageA
LoadBitmapA
GetKeyState
IsWindow
LoadStringA
UnregisterClassA
GetMenuStringA
DeleteMenu
InsertMenuA
GetSystemMetrics

advapi32

RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA

shell32

SHGetMalloc
SHGetDesktopFolder
DragQueryFileA
SHGetPathFromIDListA

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
ReleaseStgMedium
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
US_ExcelAddin.dll
.dll regsvr32 windows:4 windows x86 arch:x86

e4d21f015237661533e0d9ac99878458

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

comctl32

InitCommonControlsEx
ImageList_LoadImageA
ImageList_Destroy

kernel32

lstrcmpiA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
CloseHandle
GetExitCodeProcess
WaitForSingleObject
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
FormatMessageA
GetCurrentThreadId
SetLastError
GetVersionExA
UnmapViewOfFile
CreateProcessA
MapViewOfFile
CreateFileMappingA
lstrcpynA
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
lstrlenW
lstrlenA
InitializeCriticalSection
LoadLibraryA
GetCPInfo
Sleep
HeapSize
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
LCMapStringW
SetFilePointer
GetSystemTimeAsFileTime
GetLastError
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetOEMCP
IsValidCodePage
LCMapStringA
GetProcAddress
GetConsoleCP
ExitProcess
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
HeapDestroy
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
GetCommandLineA
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
VirtualProtect
GetSystemInfo
VirtualQuery
RtlUnwind
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter

user32

SetWindowLongA
MessageBoxA
CharNextA
ShowWindow
UnregisterClassA
LoadStringA
SetFocus
DestroyIcon
LoadStringW
IsDlgButtonChecked
DestroyWindow
GetDlgItem
GetClientRect
SendMessageA
LoadImageA
OpenClipboard
GetClipboardData
SetClipboardData
CloseClipboard
SetForegroundWindow
CreateDialogParamA
IsWindow

gdi32

DeleteObject

advapi32

RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shell32

SHGetMalloc
SHGetDesktopFolder
SHGetPathFromIDListA

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc

oleaut32

VariantCopy
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi
DispCallFunc
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
VariantClear
VariantInit
SysStringLen
SysFreeString
GetErrorInfo
VariantChangeType
CreateErrorInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
US_ExcelAddin_07.dll
.dll regsvr32 windows:4 windows x86 arch:x86

e4d21f015237661533e0d9ac99878458

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

comctl32

InitCommonControlsEx
ImageList_LoadImageA
ImageList_Destroy

kernel32

lstrcmpiA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
CloseHandle
GetExitCodeProcess
WaitForSingleObject
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
FormatMessageA
GetCurrentThreadId
SetLastError
GetVersionExA
UnmapViewOfFile
CreateProcessA
MapViewOfFile
CreateFileMappingA
lstrcpynA
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
lstrlenW
lstrlenA
InitializeCriticalSection
LoadLibraryA
GetCPInfo
Sleep
HeapSize
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
LCMapStringW
SetFilePointer
GetSystemTimeAsFileTime
GetLastError
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetOEMCP
IsValidCodePage
LCMapStringA
GetProcAddress
GetConsoleCP
ExitProcess
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
HeapDestroy
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
GetCommandLineA
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
VirtualProtect
GetSystemInfo
VirtualQuery
RtlUnwind
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter

user32

SetWindowLongA
MessageBoxA
CharNextA
ShowWindow
UnregisterClassA
LoadStringA
SetFocus
DestroyIcon
LoadStringW
IsDlgButtonChecked
DestroyWindow
GetDlgItem
GetClientRect
SendMessageA
LoadImageA
OpenClipboard
GetClipboardData
SetClipboardData
CloseClipboard
SetForegroundWindow
CreateDialogParamA
IsWindow

gdi32

DeleteObject

advapi32

RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shell32

SHGetMalloc
SHGetDesktopFolder
SHGetPathFromIDListA

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc

oleaut32

VariantCopy
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi
DispCallFunc
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
VariantClear
VariantInit
SysStringLen
SysFreeString
GetErrorInfo
VariantChangeType
CreateErrorInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
US_SysService.exe
.exe windows:4 windows x86 arch:x86

77bc2984209c3997c386b057ab9b0ddc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:2e:74:2c:35:89:a0:df:5b:b2:8c:88:b0:8e:ef:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/03/2008, 00:00

Not After

22/04/2011, 23:59

Subject

CN=IDM Computer Solutions\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IDM Computer Solutions\, Inc.,L=Hamilton,ST=Ohio,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:12:b0:75:7f:83:47:e6:55:f2:38:c7:c3:b5:d6:4e:06:0b:14:e0
Signer

Actual PE Digest

ea:12:b0:75:7f:83:47:e6:55:f2:38:c7:c3:b5:d6:4e:06:0b:14:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
InternetCanonicalizeUrlA
InternetOpenA
HttpQueryInfoA
InternetErrorDlg
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA
FindCloseUrlCache

shlwapi

StrStrA
SHDeleteKeyA

sqlite3

sqlite3_column_int64
sqlite3_column_text
sqlite3_step
sqlite3_prepare
sqlite3_open
sqlite3_close
sqlite3_finalize

kernel32

GetVersionExA
GetProcAddress
GetModuleFileNameA
SetFileAttributesA
FileTimeToSystemTime
GetSystemTime
GetModuleHandleA
WritePrivateProfileStringA
ExitProcess
GetPrivateProfileStringA
DeleteFileA
CreateDirectoryA
GetFileAttributesA
GetLastError
SetLastError
lstrlenA
FindClose
FindNextFileA
GetDriveTypeA
GetLogicalDriveStringsA
WideCharToMultiByte
GetEnvironmentVariableA
lstrcmpiA
lstrcatA
WaitForSingleObject
CloseHandle
CreateFileA
GetWindowsDirectoryA
GetVersion
ReadFile
GetFileSize
MultiByteToWideChar
CreateMutexA
ReleaseMutex
LoadLibraryA
CreateEventA
FreeLibrary
ResetEvent
SetEvent
CreateProcessA
Sleep
SetErrorMode
ExitThread
GetVolumeInformationA
WriteFile
GetLocalTime
GetSystemInfo
FindFirstFileA
VirtualAlloc
VirtualFree
MoveFileA
BackupSeek
BackupRead
GetCurrentProcess
lstrcmpA
SetFilePointer
lstrcpyA
FlushFileBuffers
GetDiskFreeSpaceA
InterlockedIncrement
InterlockedDecrement
HeapFree
HeapAlloc
GetProcessHeap
DeviceIoControl
SetFileTime
SetEndOfFile
GetFileTime
GlobalMemoryStatus
RemoveDirectoryA
MoveFileExA
CreateIoCompletionPort
PostQueuedCompletionStatus
EnterCriticalSection
FreeEnvironmentStringsA
InitializeCriticalSection
DeleteCriticalSection
GetQueuedCompletionStatus
RaiseException
GetCommandLineA
lstrcpynA
AreFileApisANSI
GetFullPathNameA
GetTempPathA
LocalFree
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
CompareStringA
CompareStringW
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
HeapSize
ExpandEnvironmentStringsA
LeaveCriticalSection
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryA
GetStdHandle
TlsFree
GetLocaleInfoA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
TlsSetValue
TlsAlloc
TlsGetValue
HeapReAlloc
CreateThread
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
GetCurrentThreadId

user32

LoadStringA
CloseClipboard
EmptyClipboard
ExitWindowsEx
OpenClipboard
MessageBoxA

advapi32

RegisterServiceCtrlHandlerExA
SetServiceStatus
OpenServiceA
ControlService
DeleteService
CreateServiceA
ChangeServiceConfig2A
OpenSCManagerA
CloseServiceHandle
RegEnumKeyA
RegCreateKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
StartServiceCtrlDispatcherA

shell32

SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
CommandLineToArgvW
SHGetSpecialFolderLocation
ShellExecuteA

ole32

CLSIDFromProgID
CoUninitialize
CoCreateInstance
CoInitialize
OleRun
StringFromGUID2

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysFreeString
VariantClear
SysAllocString
GetErrorInfo

Sections

epl_1
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512KB - Virtual size: 511KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
US_WinLogon.dll
.dll windows:4 windows x86 arch:x86

8dbb013487d973afd517078608983450

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
InternetCanonicalizeUrlA
FindCloseUrlCache

shlwapi

StrStrA
SHDeleteKeyA

comctl32

ImageList_LoadImageA

sqlite3

sqlite3_column_int64
sqlite3_column_text
sqlite3_step
sqlite3_prepare
sqlite3_open
sqlite3_close
sqlite3_finalize

kernel32

HeapDestroy
SetStdHandle
GetStringTypeW
GetStringTypeA
GetSystemInfo
GetVersionExA
GetProcAddress
GetModuleFileNameA
CreateDirectoryA
GetFileAttributesA
ExitProcess
SetFileAttributesA
DeleteFileA
GetModuleHandleA
SetLastError
lstrlenA
GetEnvironmentVariableA
lstrcmpiA
FindClose
GetLastError
FindNextFileA
lstrcatA
WideCharToMultiByte
GetDriveTypeA
GetLogicalDriveStringsA
ReadFile
GetWindowsDirectoryA
GetVersion
GetFileSize
CloseHandle
CreateFileA
WaitForSingleObject
MultiByteToWideChar
SetEvent
FreeLibrary
CreateProcessA
SetErrorMode
ExitThread
LoadLibraryA
CreateEventA
WriteFile
GetVolumeInformationA
ResetEvent
Sleep
ExpandEnvironmentStringsA
GetLocalTime
HeapCreate
InterlockedIncrement
SetFilePointer
FlushFileBuffers
GetDiskFreeSpaceA
VirtualAlloc
VirtualFree
MoveFileExA
InterlockedDecrement
HeapFree
GetProcessHeap
HeapAlloc
MoveFileA
lstrcpyA
DeviceIoControl
SetFileTime
SetEndOfFile
GetFileTime
GetCurrentProcess
BackupSeek
BackupRead
lstrcmpA
GlobalMemoryStatus
RemoveDirectoryA
GetTickCount
lstrcpynA
AreFileApisANSI
GetFullPathNameA
GetTempPathA
LocalFree
GetEnvironmentStrings
CopyFileA
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
LeaveCriticalSection
EnterCriticalSection
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCommandLineA
CreateThread
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
InitializeCriticalSection
HeapReAlloc
LCMapStringA
LCMapStringW
HeapSize
FreeEnvironmentStringsA
FindFirstFileA
GetTimeFormatA
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
RaiseException
FreeEnvironmentStringsW
GetLocaleInfoA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW

user32

ShowWindow
IsWindow
SendMessageA
InvalidateRect
KillTimer
EndDialog
LoadStringW
GetDlgItem
SetDlgItemTextA
GetSystemMetrics
GetWindowRect
MoveWindow
OpenClipboard
EmptyClipboard
CloseClipboard
PostMessageA
LoadStringA
GetSysColor
SetWindowPos
LoadIconA
UpdateWindow
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
GetUserNameA
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegEnumKeyA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderLocation

ole32

CLSIDFromProgID
CoUninitialize
CoCreateInstance
CoInitialize
OleRun
StringFromGUID2

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantClear
GetErrorInfo
SysAllocString

Exports

Exports

WlxActivateUserShell
WlxDisconnectNotify
WlxDisplayLockedNotice
WlxDisplaySASNotice
WlxDisplayStatusMessage
WlxGetConsoleSwitchCredentials
WlxGetStatusMessage
WlxInitialize
WlxIsLockOk
WlxIsLogoffOk
WlxLoggedOnSAS
WlxLoggedOutSAS
WlxLogoff
WlxNegotiate
WlxNetworkProviderLoad
WlxReconnectNotify
WlxRemoveStatusMessage
WlxScreenSaverNotify
WlxShutdown
WlxStartApplication
WlxWkstaLockedSAS

Sections

epl_1
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
US_WordAddin.dll
.dll regsvr32 windows:4 windows x86 arch:x86

567bb2bf6a0d75c243de691139a9166c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

comctl32

ImageList_Destroy
ImageList_LoadImageA

kernel32

GetLastError
MultiByteToWideChar
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
GetProcAddress
GetModuleHandleA
GetVersionExA
FreeLibrary
LoadLibraryA
GetModuleFileNameA
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
SizeofResource
LoadResource
LeaveCriticalSection
lstrlenA
CloseHandle
GetCurrentThreadId
WaitForSingleObject
FormatMessageA
UnmapViewOfFile
CreateProcessA
MapViewOfFile
CreateFileMappingA
HeapDestroy
GetStdHandle
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
Sleep
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
lstrcpynA
LoadLibraryExA
SetLastError
EnterCriticalSection
RaiseException
WideCharToMultiByte
GetCurrentProcess
GetExitCodeProcess
FlushInstructionCache
HeapCreate
ExitProcess
HeapSize
FindResourceA
GetStringTypeA
WriteFile
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCommandLineA
CreateThread
ExitThread
HeapReAlloc
VirtualQuery
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
VirtualProtect
GetSystemInfo

user32

GetDlgItem
GetClientRect
SendMessageA
DestroyWindow
UnregisterClassA
OpenClipboard
GetClipboardData
SetClipboardData
CloseClipboard
SetForegroundWindow
CreateDialogParamA
ShowWindow
CharNextA
LoadStringA
SetFocus
DestroyIcon
LoadImageA
LoadStringW
IsWindow
MessageBoxA
IsDlgButtonChecked
SetWindowLongA

gdi32

DeleteObject

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegEnumKeyExA

shell32

SHGetMalloc
SHGetDesktopFolder
SHGetPathFromIDListA

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc

oleaut32

VariantCopy
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi
DispCallFunc
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
VariantClear
VariantInit
SysStringLen
SysFreeString
GetErrorInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
US_WordAddin_07.dll
.dll regsvr32 windows:4 windows x86 arch:x86

567bb2bf6a0d75c243de691139a9166c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

comctl32

ImageList_Destroy
ImageList_LoadImageA

kernel32

GetLastError
MultiByteToWideChar
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
GetProcAddress
GetModuleHandleA
GetVersionExA
FreeLibrary
LoadLibraryA
GetModuleFileNameA
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
SizeofResource
LoadResource
LeaveCriticalSection
lstrlenA
CloseHandle
GetCurrentThreadId
WaitForSingleObject
FormatMessageA
UnmapViewOfFile
CreateProcessA
MapViewOfFile
CreateFileMappingA
HeapDestroy
GetStdHandle
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
Sleep
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
lstrcpynA
LoadLibraryExA
SetLastError
EnterCriticalSection
RaiseException
WideCharToMultiByte
GetCurrentProcess
GetExitCodeProcess
FlushInstructionCache
HeapCreate
ExitProcess
HeapSize
FindResourceA
GetStringTypeA
WriteFile
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCommandLineA
CreateThread
ExitThread
HeapReAlloc
VirtualQuery
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
VirtualProtect
GetSystemInfo

user32

GetDlgItem
GetClientRect
SendMessageA
DestroyWindow
UnregisterClassA
OpenClipboard
GetClipboardData
SetClipboardData
CloseClipboard
SetForegroundWindow
CreateDialogParamA
ShowWindow
CharNextA
LoadStringA
SetFocus
DestroyIcon
LoadImageA
LoadStringW
IsWindow
MessageBoxA
IsDlgButtonChecked
SetWindowLongA

gdi32

DeleteObject

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegEnumKeyExA

shell32

SHGetMalloc
SHGetDesktopFolder
SHGetPathFromIDListA

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc

oleaut32

VariantCopy
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi
DispCallFunc
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
VariantClear
VariantInit
SysStringLen
SysFreeString
GetErrorInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ipm/images/3_apps_disk_sanitizer.gif
.gif
ipm/images/3_apps_int_cleanup.gif
.gif
ipm/images/3_apps_secure_delete.gif
.gif
ipm/images/alert_icon.gif
.gif
ipm/images/app_support.gif
.gif
ipm/images/bonus.gif
.gif
ipm/images/browser_and_email_icons.gif
.gif
ipm/images/browser_cleanup.gif
.gif
ipm/images/browser_cleanup_profile.gif
.gif
ipm/images/browser_profile.gif
.gif
ipm/images/browsers_row.gif
.gif
ipm/images/button.gif
.gif
ipm/images/clock_bg.png
.png
ipm/images/cookie_cleanup_icon.gif
.gif
ipm/images/disk_sanitizer.gif
.gif
ipm/images/dod_standards_icon.gif
.gif
ipm/images/download_cleaning_icon.gif
.gif
ipm/images/email_and_office_icons.gif
.gif
ipm/images/email_icons.gif
.gif
ipm/images/explorer_integration_icon.gif
.gif
ipm/images/faq_icon.gif
.gif
ipm/images/forums_icon.gif
.gif
ipm/images/get_it_free_w_trialpay.gif
.gif
ipm/images/lock-key_icon.gif
.gif
ipm/images/logoff_icon.gif
.gif
ipm/images/office_icons.gif
.gif
ipm/images/powertip_icon.gif
.gif
ipm/images/privacy_guard.gif
.gif
ipm/images/profiles.gif
.gif
ipm/images/profiles_icon.gif
.gif
ipm/images/progress_bar.gif
.gif
ipm/images/progress_bar_overlay.gif
.gif
ipm/images/schedule_a_task_icon.gif
.gif
ipm/images/secure_delete.gif
.gif
ipm/images/support_icon.gif
.gif
ipm/images/system_scrub_icon.gif
.gif
ipm/images/system_service_icon.gif
.gif
ipm/images/tech_support_icon.gif
.gif
ipm/images/tp_logo.gif
.gif
ipm/images/trialpay_button.gif
.gif
ipm/images/trialpay_logo.gif
.gif
ipm/images/us_application_support.gif
.gif
ipm/images/us_bg.png
.png
ipm/images/us_tp_offer_ch.gif
.gif
ipm/images/us_tp_offer_de.gif
.gif
ipm/images/us_tp_offer_en.gif
.gif
ipm/images/us_tp_offer_es.gif
.gif
ipm/images/us_tp_offer_fr.gif
.gif
ipm/images/us_tp_offer_it.gif
.gif
ipm/images/us_tp_offer_jp.gif
.gif
ipm/images/us_tp_offer_ko.gif
.gif
ipm/images/us_tp_offer_pl.gif
.gif
ipm/images/usbox_big.gif
.gif
ipm/images/usbox_sm.gif
.gif
ipm/images/web_toolbar_icon.gif
.gif
ipm/images/wizard_icon.gif
.gif
ipm/images/word_icon.gif
.gif
ipm/messaging.js
.js
ipm/ngdefault.html
.html
ipm/style.css
ipm/vars.js
.js
sqlite3.dll
.dll windows:4 windows x86 arch:x86

2421991f15556334b0db0d0dec6811b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FormatMessageA
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetProcAddress
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
InitializeCriticalSection
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LockFile
LockFileEx
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
UnlockFile
WideCharToMultiByte
WriteFile

msvcrt

atoi
free
isalnum
isdigit
isspace
isxdigit
localtime
malloc
memcpy
memmove
memset
qsort
realloc
strcmp
strcpy
strncmp
tolower
toupper

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_status
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_win32_mbcs_to_utf8

Sections

.text
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 384B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
us.chm
.chm
us.exe
.exe windows:4 windows x86 arch:x86

d9fb89b190240c315ae0b57085a8a81a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:2e:74:2c:35:89:a0:df:5b:b2:8c:88:b0:8e:ef:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/03/2008, 00:00

Not After

22/04/2011, 23:59

Subject

CN=IDM Computer Solutions\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IDM Computer Solutions\, Inc.,L=Hamilton,ST=Ohio,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ec:a5:b5:2a:0a:a7:a6:46:80:54:13:e3:c1:35:13:02:61:fe:20:fd
Signer

Actual PE Digest

ec:a5:b5:2a:0a:a7:a6:46:80:54:13:e3:c1:35:13:02:61:fe:20:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\estegemoller\Documents\Development\USDevelopment\US_For_Building - Copy - Copy\Code\US_Manager\US_Launcher\Release\us.pdb

Imports

sqlite3

sqlite3_open
sqlite3_prepare
sqlite3_step
sqlite3_column_text
sqlite3_column_int64
sqlite3_finalize
sqlite3_close

wininet

HttpOpenRequestA
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
InternetErrorDlg
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetCanonicalizeUrlA
FindCloseUrlCache

winmm

PlaySoundA
timeGetTime

shlwapi

SHDeleteKeyA
StrStrA

kernel32

FreeConsole
WaitForSingleObject
ReleaseMutex
FlushConsoleInputBuffer
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
ReadConsoleA
WriteConsoleA
CloseHandle
CreateMutexA
SetConsoleTitleA
SetConsoleMode
GetStdHandle
AllocConsole
TerminateProcess
GetCurrentProcess
SetConsoleCtrlHandler
GetProcAddress
LoadLibraryA
FreeLibrary
SetEvent
MultiByteToWideChar
GetModuleFileNameA
GetLastError
GetVersionExA
CreateFileA
MoveFileExA
DeleteFileA
lstrcmpiA
lstrlenA
CopyFileA
GetWindowsDirectoryA
CreateEventA
Sleep
GetModuleHandleA
FindClose
GetFullPathNameA
CreateProcessA
GetStartupInfoA
GetFileAttributesA
GetCurrentDirectoryA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
FindNextFileA
DeviceIoControl
SetLastError
GetVolumeInformationA
SetErrorMode
GetDriveTypeA
GetLogicalDriveStringsA
FileTimeToSystemTime
SetThreadPriority
GetThreadPriority
GetCurrentThread
CreateDirectoryA
ResetEvent
GlobalFree
GlobalAlloc
GetLocalTime
GetTickCount
lstrcpynA
AreFileApisANSI
ExpandEnvironmentStringsA
GetTempPathA
GetACP
lstrcpyA
HeapFree
LocalFree
HeapAlloc
GetProcessHeap
WritePrivateProfileStringA
ExitProcess
GetSystemTime
GetPrivateProfileStringA
SetFileAttributesA
GetSystemInfo
InterlockedIncrement
WriteFile
SetFilePointer
FlushFileBuffers
GetFileSize
GetDiskFreeSpaceA
VirtualAlloc
VirtualFree
InterlockedDecrement
MoveFileA
WideCharToMultiByte
SetFileTime
SetEndOfFile
GetFileTime
lstrcatA
GetEnvironmentStringsW
BackupRead
lstrcmpA
ReadFile
GlobalMemoryStatus
RemoveDirectoryA
GetVersion
LoadLibraryExA
GetEnvironmentVariableA
ExitThread
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapReAlloc
FatalAppExitA
DeleteCriticalSection
HeapCreate
HeapDestroy
ResumeThread
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCommandLineA
CreateThread
GetCurrentThreadId
RtlUnwind
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
SetCurrentDirectoryA
GetOEMCP
HeapSize
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InterlockedExchange
GetLocaleInfoW
GetTimeZoneInformation
SetStdHandle
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrlenW
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
FindFirstFileA
BackupSeek
GetConsoleCP
GetConsoleMode
InitializeCriticalSection

user32

UnhookWindowsHookEx
EnumWindows
IsIconic
FillRect
LoadImageA
PeekMessageA
MessageBoxA
MapVirtualKeyA
GetKeyNameTextA
SetWindowsHookExA
SendMessageTimeoutA
FindWindowA
LoadStringA
SetForegroundWindow
SetFocus
SendMessageA
GetMessageA
DispatchMessageA
TranslateMessage
DestroyIcon
ExitWindowsEx
LoadStringW
SetRect
CloseClipboard
EmptyClipboard
OpenClipboard
ShowWindow

gdi32

DeleteObject
CreateSolidBrush

advapi32

GetUserNameA
RegEnumKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegEnumKeyExA
StartServiceA
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
ControlService
QueryServiceStatus
RegDeleteValueA
RegDeleteKeyA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueA

shell32

ShellExecuteA
SHFileOperationA
SHGetDesktopFolder
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetFileInfoA

ole32

CoInitialize
CLSIDFromProgID
CoUninitialize
OleRun
StringFromGUID2
StringFromCLSID
CoCreateInstance

oleaut32

CreateErrorInfo
VariantClear
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
GetErrorInfo
VariantChangeType
SetErrorInfo
VariantInit

Sections

.text
Size: 696KB - Virtual size: 693KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

epl_1
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 80KB

.rsrc Size: 12KB - Virtual size: 12KB

5e1d3f49e5b7590e18325930cd3084f1

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 512B - Virtual size: 470B

.data Size: 2KB - Virtual size: 7KB

.reloc Size: 1024B - Virtual size: 730B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 25KB

.reloc Size: 1024B - Virtual size: 836B

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 80KB

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 512B - Virtual size: 470B

.data
Size: 2KB - Virtual size: 7KB

.reloc
Size: 1024B - Virtual size: 730B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 836B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 848B

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 19KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 4KB

CODE
Size: 28KB - Virtual size: 28KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 73B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 208KB - Virtual size: 207KB

epl_1
Size: 8KB - Virtual size: 4KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 12KB - Virtual size: 16KB