13d7aa2fe86548a0ed1652c6e83195f5bc3b82612d6464ab199f41725e1461d3N

Sharing

Copy URL Twitter E-mail

General

Target

13d7aa2fe86548a0ed1652c6e83195f5bc3b82612d6464ab199f41725e1461d3N
Size

6.5MB
MD5

b9b0790106784987d763bd7bb19843b0
SHA1

9982722713b6c675c7efd21f304c3e80633829f8
SHA256

13d7aa2fe86548a0ed1652c6e83195f5bc3b82612d6464ab199f41725e1461d3
SHA512

adddf4485b838849a1a314d6504b479883091f179d6d3eff7fe518d9cf1f3e2d224e4532f1fd0489e181134d12bfc8588e79a0c7bf33d4ef79672644f2dbf159
SSDEEP

196608:RViVXCvN6MoM3KmMFuk9mlcmkwJ2xSpHd:RVkG6lmMR9rap

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$SYSDIR/winhttp.dll
unpack001/Core.exe
unpack002/$PLUGINSDIR/NSISArray.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UserInfo.dll
unpack002/$PLUGINSDIR/fpinstall.dll
unpack002/$PLUGINSDIR/nsExec.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/install_flash_player_active_x.exe	nsis_installer_1

Files

13d7aa2fe86548a0ed1652c6e83195f5bc3b82612d6464ab199f41725e1461d3N
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:9b:46:a4:fd:c1:78:28:c3:e7:ea:71:c2:be:85:fb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

05/09/2008, 00:00

Not After

04/10/2011, 23:59

Subject

CN=Electronic Arts,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Synthetic,O=Electronic Arts,L=Redwood City,ST=Ca,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

43:9d:4c:2f:9e:66:7b:b3:bf:45:45:66:7d:31:29:1d:e7:0c:d3:17
Signer

Actual PE Digest

43:9d:4c:2f:9e:66:7b:b3:bf:45:45:66:7d:31:29:1d:e7:0c:d3:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/winhttp.dll
.dll regsvr32 windows:5 windows x86 arch:x86

9905200eb452891ca2ec3f0a6e2fd67d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

winhttp.pdb

Imports

msvcrt

_onexit
__dllonexit
_adjust_fdiv
malloc
_initterm
free
rand
wcscmp
_wcsnicmp
wcsncat
wcsncpy
_wtoi
wcstok
_purecall
_wcsicmp
wcscpy
wcsncmp
_ltoa
wcsstr
wcscat
sprintf
isalpha
iscntrl
isspace
time
islower
iswlower
iswdigit
iswxdigit
wcstol
wcschr
isdigit
memchr
isxdigit
wcsrchr
_except_handler3

shlwapi

StrStrW
StrCmpW
StrCmpNIW
StrCpyNW
StrStrIA
StrCmpIW
StrChrA
ord342
ord151
SHGetValueA
StrToIntA
StrCmpNIA
StrNCatA
StrRChrA
UrlCombineA
UrlCanonicalizeA
ord153
StrStrA
UrlUnescapeA

advapi32

RegOpenKeyA
RegQueryValueA
RegCreateKeyExW
RegQueryValueExW
AllocateAndInitializeSid
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
GetUserNameA
OpenProcessToken
GetTokenInformation
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExW
RegEnumValueW
OpenThreadToken
RevertToSelf
SetThreadToken
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

kernel32

RaiseException
ReleaseSemaphore
CreateSemaphoreA
VirtualAlloc
VirtualFree
GetComputerNameA
DeviceIoControl
GlobalSize
CompareFileTime
LoadLibraryW
GlobalLock
GlobalUnlock
FormatMessageW
lstrcmpA
GetModuleHandleA
LocalFileTimeToFileTime
CreateThread
FreeLibraryAndExitThread
GlobalMemoryStatus
PostQueuedCompletionStatus
InterlockedCompareExchange
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
LocalAlloc
LocalFree
InterlockedIncrement
GetCPInfo
IsDBCSLeadByteEx
WaitForSingleObject
ReleaseMutex
CreateMutexA
GlobalAlloc
TlsFree
TlsGetValue
TlsAlloc
GetQueuedCompletionStatus
CreateIoCompletionPort
GetSystemInfo
GetSystemTime
GetDateFormatA
SetErrorMode
OutputDebugStringA
WriteFile
SetEndOfFile
SetFilePointer
lstrcpynA
CreateFileA
RtlMoveMemory
ResetEvent
SetEvent
InterlockedExchangeAdd
IsBadStringPtrA
lstrlenA
IsProcessorFeaturePresent
Sleep
MultiByteToWideChar
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
TlsSetValue
lstrcatA
lstrcpyA
InterlockedExchange
GetVersionExA
GlobalFree
SetLastError
IsBadWritePtr
IsBadStringPtrW
IsBadReadPtr
WideCharToMultiByte
lstrlenW
IsBadCodePtr
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
lstrcmpiA
CreateEventA
CloseHandle
GetCurrentThread
lstrcmpiW
GetModuleFileNameW
GetExitCodeThread

user32

wsprintfA
CharUpperA
CharLowerA
DispatchMessageA
TranslateMessage
PeekMessageA
DestroyWindow
DefWindowProcA
GetWindowLongA
PostMessageA
RegisterClassA
UnregisterClassA
MsgWaitForMultipleObjects
SetWindowLongA
CreateWindowExA
wsprintfW
CharToOemA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
WinHttpAddRequestHeaders
WinHttpCheckPlatform
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpCreateUrl
WinHttpDetectAutoProxyConfigUrl
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryAuthSchemes
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetCredentials
WinHttpSetDefaultProxyConfiguration
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpTimeFromSystemTime
WinHttpTimeToSystemTime
WinHttpWriteData

Sections

.text
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CmdPortalClient.dll
.dll windows:4 windows x86 arch:x86

44709c3aff1e44bf952edbd516158b4d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:9b:46:a4:fd:c1:78:28:c3:e7:ea:71:c2:be:85:fb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

05/09/2008, 00:00

Not After

04/10/2011, 23:59

Subject

CN=Electronic Arts,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Synthetic,O=Electronic Arts,L=Redwood City,ST=Ca,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

18:c8:d0:03:92:1d:30:f3:e3:75:c7:ea:0f:04:a9:ae:81:cd:15:d3
Signer

Actual PE Digest

18:c8:d0:03:92:1d:30:f3:e3:75:c7:ea:0f:04:a9:ae:81:cd:15:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\p4_eadm_rc\plasma\Core\DownloadManager\runtime\CmdPortalClient.pdb

Imports

kernel32

InterlockedIncrement
WritePrivateProfileStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
RtlUnwind
RaiseException
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitThread
CreateThread
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
SetStdHandle
GetFileType
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetModuleHandleA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalFlags
GlobalFindAtomW
LoadLibraryA
GetVersionExA
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalAddAtomW
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryW
InterlockedExchange
lstrcmpW
CreateEventW
ReleaseMutex
CreateMutexW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
GetCurrentProcessId
GetLastError
InterlockedDecrement
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
FreeLibrary
lstrlenW
SetLastError
WideCharToMultiByte
SizeofResource
MultiByteToWideChar
LockResource
InitializeCriticalSection
GetCurrentThreadId
Sleep
GetTickCount
LoadResource
EnterCriticalSection
OutputDebugStringW
LeaveCriticalSection
GetStdHandle
FindResourceW

user32

GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
ClientToScreen
ShowWindow
SetWindowTextW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
GetWindowTextW
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
UnregisterClassW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
DestroyMenu
GetMessageTime
SetCursor
PostQuitMessage
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBoxW
UnhookWindowsHookEx
EnableWindow
PostMessageW
PeekMessageW
DispatchMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
SendMessageW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
UnregisterClassA

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateBitmap
SetMapMode
RestoreDC
SaveDC
DeleteObject
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteExW

shlwapi

PathFindExtensionW
PathFindFileNameW

oleaut32

VariantClear
VariantChangeType
VariantInit

ws2_32

WSACleanup
gethostbyname
closesocket
htonl
htons
inet_addr
WSAStartup
socket
select
bind
WSASetLastError
accept
ioctlsocket
WSAGetLastError
recv
send
WSAAsyncSelect
recvfrom
sendto
connect

Exports

Exports

Command
Connect
Disconnect
IsConnected
ItemClearCache
ItemDecryptStart
ItemDownloadCancel
ItemDownloadGetStatus
ItemDownloadPause
ItemDownloadResume
ItemDownloadStart
ItemDownloadTogglePauseState
ItemEnumPatches
ItemGetStatus
ItemInstallStart
ItemInstallStartBatch
ItemUnpackStart
ItemUse
UserEnumContent
UserGetEntitlements
UserGetNames
UserIsLoggedIn
UserLogin
UserLogout
ViewSetContentFilters

Sections

.text
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Core.exe
.exe windows:4 windows x86 arch:x86

e5cb13c854565aa43df36e2cf6dbc5db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

accept
ioctlsocket
bind
select
WSACleanup
WSAStartup
socket
shutdown
getaddrinfo
listen
WSAGetLastError
send
closesocket
recv

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetGetCookieA
InternetSetCookieA

winhttp

WinHttpSetOption
WinHttpSetCredentials
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpCrackUrl
WinHttpConnect
WinHttpOpen
WinHttpReadData
WinHttpQueryHeaders

kernel32

MoveFileExW
GetExitCodeProcess
OpenProcess
IsBadStringPtrA
GetVersion
GetVersionExA
CompareStringA
LocalReAlloc
LocalAlloc
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateDirectoryA
GetModuleFileNameA
LoadLibraryA
LoadLibraryW
CreateFileA
GetTempFileNameA
FindFirstFileA
GetFileAttributesA
GetFileAttributesW
SetFileAttributesA
FreeLibrary
GetProcAddress
LocalLock
LocalUnlock
GlobalLock
GlobalUnlock
VirtualAlloc
VirtualFree
GlobalMemoryStatus
SetErrorMode
GetWindowsDirectoryA
SetFilePointer
UnlockFile
DuplicateHandle
LockFile
GetFileTime
LocalFileTimeToFileTime
SetFileTime
DosDateTimeToFileTime
ExpandEnvironmentStringsA
DeviceIoControl
DefineDosDeviceA
GetVolumeInformationA
ReleaseMutex
CreateMutexA
GetLocalTime
GetComputerNameA
GetLogicalDriveStringsA
GetLogicalDrives
GetFileSize
QueryPerformanceCounter
GetCurrentProcessId
FlushConsoleInputBuffer
GetStdHandle
HeapFree
GetProcessHeap
MulDiv
GetThreadLocale
GetVolumeInformationW
lstrcmpW
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
lstrcmpA
GlobalGetAtomNameW
GetModuleHandleA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
TlsFree
GlobalFlags
HeapAlloc
GetStartupInfoW
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapReAlloc
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetFileType
SetEnvironmentVariableW
PeekNamedPipe
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
SetConsoleCtrlHandler
SetStdHandle
ExitProcess
HeapSize
VirtualProtect
VirtualQuery
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCommandLineA
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetCurrentDirectoryW
GetSystemDirectoryW
CreateMutexW
GetModuleFileNameW
GlobalAlloc
GlobalFree
ExitThread
GetCurrentProcess
SetProcessWorkingSetSize
CreateEventW
SetEvent
GetExitCodeThread
CopyFileW
GetLocaleInfoW
GetNumberFormatW
GetLocaleInfoA
GetUserDefaultUILanguage
InterlockedDecrement
InterlockedIncrement
GetSystemTime
lstrlenW
GetDiskFreeSpaceExW
GetCurrentThreadId
SuspendThread
TerminateThread
ResumeThread
GetThreadPriority
SetThreadPriority
GetSystemDirectoryA
GetModuleHandleW
CreateJobObjectW
CreateIoCompletionPort
SetInformationJobObject
AssignProcessToJobObject
GetQueuedCompletionStatus
OpenSemaphoreW
CreateSemaphoreW
ReleaseSemaphore
WaitForSingleObject
FormatMessageW
WritePrivateProfileStringW
InterlockedExchange
GetFullPathNameW
GetTempFileNameW
GetTempPathW
GetCurrentDirectoryW
GetFileInformationByHandle
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
FlushFileBuffers
SetEndOfFile
MoveFileW
DeleteFileA
CreateDirectoryW
GetCommandLineW
GetVersionExW
GetSystemInfo
SetFileAttributesW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindClose
WriteFile
GetFileSizeEx
GetTickCount
SetLastError
LocalFree
SetFilePointerEx
CreateThread
DeleteFileW
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
Sleep
LeaveCriticalSection
EnterCriticalSection
lstrlenA
MultiByteToWideChar
lstrcmpiW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
CreateFileW
ReadFile
OutputDebugStringW
InterlockedCompareExchange
ReadConsoleInputA
SetConsoleMode
GetDriveTypeA

user32

IsWindowEnabled
ShowWindow
MoveWindow
IsDialogMessageW
SetDlgItemTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextW
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetParent
ScreenToClient
EqualRect
DeferWindowPos
UnregisterClassA
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetActiveWindow
GetKeyState
ValidateRect
CharUpperW
GetMenuState
GetMenuItemID
CharPrevA
SetWindowTextW
MonitorFromWindow
GetClassInfoW
OffsetRect
LoadIconW
InsertMenuItemW
AppendMenuW
DeleteMenu
CreatePopupMenu
SetWindowsHookExW
CallNextHookEx
GetClassNameW
UnhookWindowsHookEx
GetMonitorInfoW
GetWindowLongW
SetWindowLongW
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
MonitorFromRect
SystemParametersInfoW
LoadCursorW
SetLayeredWindowAttributes
GetWindow
FindWindowExW
FindWindowW
GetDesktopWindow
DrawAnimatedRects
LockWindowUpdate
IsWindowVisible
ReleaseDC
GetWindowDC
ClientToScreen
GetWindowRect
SetWindowRgn
IsIconic
GetSystemMenu
LoadMenuW
RemoveMenu
ModifyMenuW
GetSubMenu
EnableMenuItem
DrawFocusRect
SetRect
SendMessageW
KillTimer
SetTimer
GetCursorPos
TrackPopupMenu
PostMessageW
SetForegroundWindow
IsWindow
IsMenu
UpdateWindow
ReleaseCapture
EnableWindow
SetCapture
GetCapture
InvalidateRect
GetClientRect
CopyRect
PtInRect
GetMessageW
PostThreadMessageW
GetSystemMetrics
PeekMessageW
DispatchMessageW
TranslateAcceleratorW
SetMenu
RegisterClipboardFormatW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
IsRectEmpty
UnregisterClassW
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
TranslateMessage
MessageBoxW
ShowOwnedPopups
PostQuitMessage
CharNextW
GetMenuItemInfoW
InflateRect
EndPaint
BeginPaint
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetDC
UnpackDDElParam
DestroyMenu
ReuseDDElParam
LoadAcceleratorsW
SetRectEmpty
GetMenuItemCount
BringWindowToTop
SetCursor

gdi32

ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetStockObject
SetViewportExtEx
CreateFontIndirectW
GetTextExtentPoint32W
GetBkColor
GetTextColor
GetMapMode
GetRgnBox
GetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateCompatibleBitmap
DeleteObject
CreateRectRgnIndirect
BitBlt
SelectObject
DeleteDC
TextOutW
RectVisible
PtVisible
GetPixel
CreateSolidBrush
CreateCompatibleDC
GetWindowExtEx

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
GetUserNameA
SaferCreateLevel
SaferComputeTokenFromLevel
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
SaferCloseLevel
RegEnumKeyExW
CryptImportKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
IsTextUnicode
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
CryptAcquireContextW
CryptDecrypt

shell32

SHGetFolderPathW
ord165
FindExecutableW
Shell_NotifyIconW
SHAppBarMessage
CommandLineToArgvW
ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
DragFinish
DragQueryFileW
SHCreateDirectoryExW

comctl32

ord17

shlwapi

SHGetValueW
SHDeleteValueW
SHDeleteEmptyKeyW
SHDeleteKeyA
UrlUnescapeW
UrlEscapeW
PathAppendW
SHSetValueW
UrlCreateFromPathW
PathAddExtensionW
PathRemoveExtensionW
UrlCanonicalizeW
PathRemoveFileSpecW
PathFileExistsA
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFileExistsW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

StgOpenStorageOnILockBytes
CoInitialize
CoUninitialize
CLSIDFromProgID
CoGetClassObject
CoInitializeEx
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoCreateInstance
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

SysAllocString
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocStringLen
VariantClear
SysAllocStringByteLen
SysStringLen
SysFreeString

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 584KB - Virtual size: 581KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ProxyInstaller.exe
.exe windows:4 windows x86 arch:x86

4c686c6a65d33361f55ac1a0684197dc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:9b:46:a4:fd:c1:78:28:c3:e7:ea:71:c2:be:85:fb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

05/09/2008, 00:00

Not After

04/10/2011, 23:59

Subject

CN=Electronic Arts,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Synthetic,O=Electronic Arts,L=Redwood City,ST=Ca,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

de:dc:c8:ab:f4:7c:90:ab:b2:e7:7e:fc:12:0d:e5:4a:da:c5:b0:7b
Signer

Actual PE Digest

de:dc:c8:ab:f4:7c:90:ab:b2:e7:7e:fc:12:0d:e5:4a:da:c5:b0:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\p4_eadm_rc\plasma\core\proxyinstaller\proxyinstaller\release\ProxyInstaller.pdb

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
ExitProcess
HeapReAlloc
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
VirtualAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetErrorMode
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalFindAtomW
LoadLibraryA
GetVersionExA
GlobalFlags
GetModuleHandleA
WritePrivateProfileStringW
InterlockedIncrement
InterlockedDecrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameW
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
lstrcmpW
FreeLibrary
GetModuleHandleW
GetProcAddress
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
lstrlenW
GetLastError
SetLastError
DeleteFileW
GetCommandLineW
GetCurrentDirectoryW
SetCurrentDirectoryW
LocalFree
CreateJobObjectW
CreateIoCompletionPort
SetInformationJobObject
AssignProcessToJobObject
GetQueuedCompletionStatus
OutputDebugStringW
WaitForSingleObject
CloseHandle
FindResourceW
LoadResource
LockResource
VirtualFree
SizeofResource

user32

ShowWindow
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnregisterClassW
DestroyMenu
CreateWindowExW
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
SendMessageW
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowPlacement
UnregisterClassA

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
PtVisible

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
RegCloseKey
SaferCreateLevel
SaferComputeTokenFromLevel
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
SaferCloseLevel

shell32

ShellExecuteExW

shlwapi

PathFileExistsW
PathFindFileNameW
PathFindExtensionW

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.exe.nsis
UninstallEADM.dll
.dll windows:4 windows x86 arch:x86

26f9b8b6a3b82ee43f65f0672ad4d301

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:9b:46:a4:fd:c1:78:28:c3:e7:ea:71:c2:be:85:fb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

05/09/2008, 00:00

Not After

04/10/2011, 23:59

Subject

CN=Electronic Arts,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Synthetic,O=Electronic Arts,L=Redwood City,ST=Ca,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

00:5d:b5:15:99:56:54:a0:ad:72:cf:6a:90:51:80:34:ea:2d:c8:f8
Signer

Actual PE Digest

00:5d:b5:15:99:56:54:a0:ad:72:cf:6a:90:51:80:34:ea:2d:c8:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\p4_eadm_rc\plasma\core\installerdll\release\UninstallEADM.pdb

Imports

kernel32

GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
VirtualAlloc
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
CompareStringA
InterlockedExchange
GetModuleHandleA
GlobalFlags
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
GetVersion
InterlockedIncrement
GetCurrentProcessId
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SetErrorMode
GetCurrentThreadId
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FreeLibrary
InterlockedDecrement
GetModuleHandleW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
GetProcAddress
CreateFileW
GetModuleFileNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
CloseHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryW
SetLastError
lstrlenW
GetThreadLocale
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
GetShortPathNameW
WideCharToMultiByte
VirtualFree
MultiByteToWideChar

user32

GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ClientToScreen
SetWindowTextW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
PostMessageW
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
DestroyMenu
PostQuitMessage
GetWindowTextW
GetWindowThreadProcessId
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
UnregisterClassW
SetWindowsHookExW
CallNextHookEx
DispatchMessageW
SendMessageW
GetKeyState
PeekMessageW
ValidateRect
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CharUpperW
GetSystemMetrics
GetClassInfoW
UnregisterClassA

gdi32

DeleteDC
GetStockObject
SetWindowExtEx
ScaleWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
DeleteObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

IsTextUnicode

shell32

SHGetFolderPathW

shlwapi

PathIsUNCW
UrlUnescapeW
PathAppendW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathStripToRootW

oleaut32

VariantInit
VariantClear
VariantChangeType

Exports

Exports

GetCurrentDMCachePath

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
corestrings.xml
.xml office
html/AC_OETags.js
.js
html/AboutWin.html
.js
html/AboutWin.swf
html/AppStateWin.html
.js
html/AppStateWin.swf
html/CommandCenter.swf
html/MessageBoxWin.html
.js
html/MessageBoxWin.swf
html/PatchProgressWin.html
.js
html/PatchProgressWin.swf
html/PreferencesWin.html
.js
html/PreferencesWin.swf
html/about.html
.html .js polyglot
html/cacheMgmt.html
.html .js polyglot
html/commandCenter.html
.html .js polyglot
html/controllerwin.html
.html
html/history.htm
.html .js polyglot
html/history.js
.js
html/history.swf
html/home.html
.html
html/logDataTemplate.html
.html
html/logReader.html
.js
html/messagebox.html
.html .js polyglot
html/playerProductInstall.swf
html/pref.html
.html .js polyglot
html/prefautolaunch.html
.html .js polyglot
html/prefautologin.html
.html .js polyglot
install_flash_player_active_x.exe
.exe windows:4 windows x86 arch:x86

f14903f539cc8667478f89ca4497258f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:ea:81:7c:ba:c7:c3:8a:ba:72:e7:be:6f:00:de:6d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/11/2007, 00:00

Not After

10/12/2008, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c6:9d:89:e0:d7:27:17:0a:42:7b:65:12:34:fb:9f:ca:a4:62:95:d7
Signer

Actual PE Digest

c6:9d:89:e0:d7:27:17:0a:42:7b:65:12:34:fb:9f:ca:a4:62:95:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISArray.dll
.dll windows:4 windows x86 arch:x86

91596216b99c852af6e0fb1fe8192de4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyA
lstrcpynA
lstrcmpiA
lstrcmpA
lstrcatA
GlobalAlloc

user32

MessageBoxA
SendMessageA
wsprintfA
GetDlgItem
FindWindowExA
DialogBoxParamA
EnableWindow
SetWindowTextA
EndDialog
RedrawWindow
CharLowerA

Exports

Exports

ArrayCount
ArrayExists
Clear
Concat
Copy
Cut
Debug
Delete
ErrorStyle
Exists
ExistsI
FreeUnusedMem
Join
New
Pop
Push
Put
ReDim
Read
ReadToStack
Reverse
Search
SearchI
SetSize
Shift
SizeOf
Sort
Splice
Swap
Unload
Unshift
Write
WriteList
WriteListC

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

48cfa0ea7e353e4a7dd23572da8374ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName

Sections

.text
Size: 1024B - Virtual size: 573B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/fpinstall.dll
.dll windows:4 windows x86 arch:x86

4bb7026bcfe942cdf23b6f661ad54f48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
OpenProcess
GetVersionExA
FormatMessageA
GetLastError
SetFileAttributesA
GetFileAttributesA
GetCurrentProcess
TerminateProcess
CloseHandle
lstrlenA
lstrcpyA
GlobalAlloc
lstrcpynA
LoadLibraryA
GlobalFree

user32

MessageBoxA

advapi32

GetTokenInformation
RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
OpenProcessToken

Exports

Exports

_ChangeRegKeyDACL
_FindProcess
_KillProcess
_ObjectExistsAndIsOwnedBySomeoneElse
_RecursiveRegLockUnlock
_Unload
_UnlockControl

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 466B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

238a16a49edf3ab59e2f8c89449c9af7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GlobalLock
DeleteFileA
TerminateProcess
lstrlenA
lstrcatA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CloseHandle
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
GetCommandLineA
Sleep
lstrcmpiA
GetExitCodeProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 362B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Flash9f.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

c78b62c1feda53e018e3bc7fa4a262b7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:ea:81:7c:ba:c7:c3:8a:ba:72:e7:be:6f:00:de:6d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/11/2007, 00:00

Not After

10/12/2008, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cd:3e:63:1e:88:3a:7b:1c:fc:62:9b:7e:d0:38:04:ff:10:cc:60:5e
Signer

Actual PE Digest

cd:3e:63:1e:88:3a:7b:1c:fc:62:9b:7e:d0:38:04:ff:10:cc:60:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\flashfarm\depot\main\player\branches\FlashPlayer\FlashPlayer9_DotReleases\platform\win32\ActiveX\ReleaseMinSize\Flash.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

waveOutClose
waveOutReset
timeKillEvent
waveOutGetPosition
waveOutOpen
waveOutPrepareHeader
waveInGetDevCapsA
waveOutGetNumDevs
waveInGetNumDevs
waveInStart
waveInAddBuffer
waveInStop
timeSetEvent
waveOutGetDevCapsA
waveOutUnprepareHeader
timeEndPeriod
timeBeginPeriod
timeGetDevCaps
timeGetTime
waveOutWrite
waveInPrepareHeader
waveInOpen
waveInReset
waveInUnprepareHeader
waveInClose

wininet

HttpQueryInfoA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle

crypt32

CryptVerifyMessageSignature
CryptGetMessageCertificates
CertCreateCertificateContext
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CertFreeCertificateContext
CertCloseStore

rpcrt4

UuidToStringA
RpcStringFreeA

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VariantInit
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayLock
SafeArrayUnlock
VarBstrCat
SysAllocStringByteLen
OleCreatePropertyFrame
SysStringLen
LoadRegTypeLi
VarUI4FromStr
VariantChangeType
SysStringByteLen
VariantClear

kernel32

GetLastError
FlushInstructionCache
GetCurrentProcess
lstrcmpiA
LocalFree
LocalAlloc
SetFileAttributesA
GetFileAttributesA
CreateMutexA
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GlobalUnlock
GlobalLock
MulDiv
InterlockedIncrement
InterlockedDecrement
lstrcpynA
lstrcpyA
lstrcatA
GetCurrentThreadId
OutputDebugStringA
DisableThreadLibraryCalls
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
SetErrorMode
GetTickCount
LCMapStringA
LCMapStringW
lstrlenW
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadPriority
CreateWaitableTimerA
WaitForSingleObject
SetWaitableTimer
CreateThread
GetTempFileNameW
GetSystemDefaultLangID
DeleteFileA
CreateFileA
MoveFileA
VirtualQuery
GetSystemInfo
GetUserDefaultLangID
ExitThread
GetFileAttributesW
WriteFile
SetFilePointer
LockResource
FindResourceExA
FindResourceExW
SetUnhandledExceptionFilter
GetTempPathA
GetCurrentProcessId
FindClose
FindNextFileA
FindFirstFileA
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
CreateDirectoryA
ReadFile
GetCurrentDirectoryA
GetTempFileNameA
GetSystemDirectoryA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
GetFileSize
SetCurrentDirectoryA
GetFileAttributesExA
RemoveDirectoryA
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
CreateFileMappingA
TerminateThread
IsDBCSLeadByteEx
GetProcessTimes
CreateEventA
SetEvent
ResetEvent
WaitForMultipleObjects
ReleaseSemaphore
CreateSemaphoreA
GetThreadPriority
WideCharToMultiByte
lstrlenA
GlobalAlloc
GlobalFree
GetCurrentThread
SetThreadAffinityMask
IsDBCSLeadByte
GetCPInfo
MultiByteToWideChar
InterlockedCompareExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
VirtualProtect
HeapReAlloc
GetCommandLineA
ExitProcess
GetACP
InterlockedExchange
RtlUnwind
HeapDestroy
HeapCreate
TerminateProcess
HeapSize
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetOEMCP
SetStdHandle
FlushFileBuffers
CreateProcessA

user32

EmptyClipboard
PostThreadMessageA
GetQueueStatus
MsgWaitForMultipleObjects
RegisterWindowMessageA
SetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
RegisterClipboardFormatA
PeekMessageA
WaitForInputIdle
GetForegroundWindow
TranslateMessage
DispatchMessageA
DialogBoxParamW
DialogBoxParamA
DialogBoxIndirectParamW
DialogBoxIndirectParamA
EndDialog
GetWindowRect
GetDesktopWindow
LoadIconA
SendMessageA
GetDlgItem
SetWindowTextA
GetMenuItemCount
GetMenuItemInfoA
InsertMenuItemA
MonitorFromWindow
GetParent
IsChild
PtInRect
SystemParametersInfoA
GetMenuItemID
DeleteMenu
TrackPopupMenu
KillTimer
SetTimer
UpdateWindow
RegisterClassA
MapVirtualKeyA
GetKeyState
GetFocus
ReleaseCapture
GetSystemMetrics
EnumDisplaySettingsA
GetCapture
WindowFromPoint
GetCursorPos
ScreenToClient
MessageBoxA
ClientToScreen
LoadMenuA
GetSubMenu
DestroyMenu
SetCursor
IsWindow
DestroyWindow
FillRect
EnableMenuItem
CheckMenuItem
LoadStringA
SetCapture
SetFocus
GetWindowInfo
CopyRect
SendInput
GetKeyboardLayout
RegisterClassExA
LoadCursorA
wsprintfA
CreateWindowExA
ShowWindow
GetClassInfoExA
InvalidateRect
CallWindowProcA
GetWindowLongA
DefWindowProcA
BeginPaint
GetClientRect
EndPaint
GetDC
ReleaseDC
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
UnionRect
SetWindowLongA
CharNextA
GetTopWindow
GetDoubleClickTime
EnumWindows
PostMessageA
IsWindowEnabled
GetClassNameA
GetWindowTextW
GetWindowTextA
UnregisterClassA
GetWindow

gdi32

ExtTextOutW
SetTextColor
GetClipRgn
CreateRectRgn
GetTextAlign
GetBkMode
GetTextColor
GetBkColor
SetTextCharacterExtra
CreatePen
DPtoLP
GetTextExtentPoint32W
GetCurrentObject
GetTextExtentPoint32A
CreatePalette
StartDocA
EndDoc
StrokePath
ExtCreatePen
SelectClipRgn
IntersectClipRect
SetBkMode
EnumFontFamiliesA
GetTextMetricsA
CreateFontIndirectA
CreateCompatibleBitmap
GetDIBits
EndPage
BeginPath
EndPath
SetPolyFillMode
MoveToEx
LineTo
PolyBezierTo
SelectClipPath
SaveDC
RestoreDC
TextOutA
SetTextAlign
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
SetWindowOrgEx
CreateMetaFileA
GetDeviceCaps
GetObjectA
DeleteObject
CreateSolidBrush
Rectangle
SelectObject
GetStockObject
StretchDIBits
FillPath
GetObjectType
CreateDIBSection
GetStretchBltMode
SetStretchBltMode
StretchBlt
SetBkColor
ExtTextOutA
RealizePalette
GdiFlush
GetPixel
SelectPalette
StartPage
GetSystemPaletteEntries
GetClipBox
BitBlt
LPtoDP
SetViewportOrgEx
CreateDCA
DeleteDC
CreateCompatibleDC

comdlg32

PrintDlgA
GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

advapi32

RegCreateKeyA
RegEnumKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHAppBarMessage
SHBrowseForFolderA

ole32

OleRegGetUserType
CreateOleAdviseHolder
CoTaskMemRealloc
OleRegEnumVerbs
CreateBindCtx
CoTaskMemAlloc
CoFreeUnusedLibraries
CoInitialize
CoUninitialize
CoRegisterMessageFilter
OleSaveToStream
WriteClassStm
OleLoadFromStream
StringFromGUID2
CoCreateInstance
CreateDataAdviseHolder
OleRegGetMiscStatus
CoTaskMemFree

shlwapi

PathFindExtensionA
SHDeleteKeyA

urlmon

HlinkSimpleNavigateToMoniker
RegisterBindStatusCallback
CreateURLMoniker

ws2_32

getservbyname
htons
gethostbyaddr
ntohs
getservbyport
WSASetLastError
getsockname
setsockopt
connect
recvfrom
sendto
WSAAddressToStringA
gethostname
select
ioctlsocket
ntohl
htonl
inet_ntoa
gethostbyname
send
recv
WSAStartup
WSASocketA
socket
WSAAsyncSelect
WSAIoctl
WSAGetLastError
closesocket
WSACleanup
inet_addr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
pcre_callout
pcre_compile
pcre_compile2
pcre_exec
pcre_free
pcre_fullinfo
pcre_malloc
pcre_stack_free
pcre_stack_malloc

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlashUtil9f.exe
.exe windows:4 windows x86 arch:x86

a9d79d340821ec352051fcf0138d0a55

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:ea:81:7c:ba:c7:c3:8a:ba:72:e7:be:6f:00:de:6d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/11/2007, 00:00

Not After

10/12/2008, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:b7:e4:0b:42:13:fd:77:65:c1:a1:79:66:09:38:a1:ae:76:8e:6f
Signer

Actual PE Digest

8c:b7:e4:0b:42:13:fd:77:65:c1:a1:79:66:09:38:a1:ae:76:8e:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetOpenA
InternetCloseHandle
HttpQueryInfoA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetConnectA

crypt32

CertFindCertificateInStore
CertCreateCertificateContext
CryptVerifyMessageSignature
CertCloseStore
CertFreeCertificateContext
CertVerifySubjectCertificateContext
CryptGetMessageCertificates

shlwapi

SHDeleteKeyA

kernel32

GetProcessHeap
HeapAlloc
GetCommandLineA
GetLastError
CreateMutexA
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetTempPathA
WriteFile
FormatMessageA
_lclose
_lread
OpenFile
GetSystemDirectoryA
SetThreadLocale
GetSystemDefaultLangID
LocalFree
LocalAlloc
GetCurrentProcess
CreateThread
GetModuleHandleA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
UnmapViewOfFile
GetTickCount
WaitForSingleObject
ReleaseMutex
WideCharToMultiByte
GetACP
GetFileAttributesA
CreateDirectoryA
DeleteFileA
MultiByteToWideChar
SetFilePointer
SetFileAttributesA
InterlockedIncrement
InterlockedDecrement
MapViewOfFile
CreateFileMappingA
CreateProcessA
FindClose
ExitProcess
HeapFree

user32

SendMessageA
ShowWindow
PostMessageA
SetWindowPos
GetWindowRect
GetDesktopWindow
GetParent
EndDialog
DialogBoxParamA
LoadStringA
GetWindowLongA
LoadBitmapA
MessageBoxA
SetWindowLongA
GetDlgItem
CreateWindowExA
ScreenToClient
DestroyWindow
CreateDialogParamA
DefWindowProcA
RegisterClassExA
LoadCursorA
DestroyIcon
DispatchMessageA
TranslateMessage
IsDialogMessageA
GetMessageA
LoadImageA
GetForegroundWindow
WaitForInputIdle
CharNextA
DdeUninitialize
DdeClientTransaction
DdeCreateStringHandleA
DdeConnect
DdeFreeStringHandle
DdeInitializeA
PostQuitMessage
SetWindowTextA
DdeDisconnect

gdi32

DeleteObject

advapi32

RegCreateKeyExA
RegCreateKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA

shell32

ShellExecuteA

ole32

CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoInitialize

oleaut32

DispGetIDsOfNames
DispInvoke
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SysAllocString
LoadRegTypeLi

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninstall_activeX.exe.nsis

Sharing

General

Malware Config

Signatures

Files

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

6e:9b:46:a4:fd:c1:78:28:c3:e7:ea:71:c2:be:85:fbCertificate

Extended Key Usages

Key Usages

43:9d:4c:2f:9e:66:7b:b3:bf:45:45:66:7d:31:29:1d:e7:0c:d3:17Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 452KB

.ndata Size: - Virtual size: 1.3MB

.rsrc Size: 23KB - Virtual size: 23KB

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 899B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 574B

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 48B

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 590B

9905200eb452891ca2ec3f0a6e2fd67d

Headers

File Characteristics

PDB Paths

Imports

msvcrt

shlwapi

advapi32

kernel32

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

6e:9b:46:a4:fd:c1:78:28:c3:e7:ea:71:c2:be:85:fb
Certificate

43:9d:4c:2f:9e:66:7b:b3:bf:45:45:66:7d:31:29:1d:e7:0c:d3:17
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 452KB

.ndata
Size: - Virtual size: 1.3MB

.rsrc
Size: 23KB - Virtual size: 23KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 899B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 574B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

.text
Size: 307KB - Virtual size: 307KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 13KB - Virtual size: 13KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

6e:9b:46:a4:fd:c1:78:28:c3:e7:ea:71:c2:be:85:fb
Certificate

18:c8:d0:03:92:1d:30:f3:e3:75:c7:ea:0f:04:a9:ae:81:cd:15:d3
Signer

.text
Size: 216KB - Virtual size: 214KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 28KB - Virtual size: 26KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 584KB - Virtual size: 581KB

.data
Size: 100KB - Virtual size: 259KB

.rsrc
Size: 40KB - Virtual size: 36KB