184c945fa6b58a174ca8aa8e3741ffd5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

184c945fa6b58a174ca8aa8e3741ffd5_JaffaCakes118
Size

7.4MB
MD5

184c945fa6b58a174ca8aa8e3741ffd5
SHA1

5d897ffdcbd0d630420f79ad45882289ec0fba5b
SHA256

fa46efb93d66b569e472000ad14759a8f75ae110b8e0b0a8180408a995a2c3be
SHA512

280a5ed776cfe81aa41a5df0e376bda03d072d93538beddc032ab83d1082af20427d6636ad073ccb0354b27602ecf5d5ca628550420a3f7e124b7c3a63e0639e
SSDEEP

98304:ZjE7j4Q2SXhUsZL7G53mD/XueIf6Adiliy4f0pqQUGMydXX8BQWO5eN/+u0fz3CA:9E7MtSRL7G52Dmd6ALf2AlTa3JEyeY

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EasyRecovery/EREnt.exe
unpack001/EasyRecovery/EREnt64.exe
unpack001/EasyRecovery/mailviewer/iconv.dll

Files

184c945fa6b58a174ca8aa8e3741ffd5_JaffaCakes118
.zip
EasyRecovery/EREnt.exe
.exe windows:4 windows x86 arch:x86

dbf28bf87cd46fa5f6ebd3e1106b8ec9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SetThreadExecutionState
AllocConsole
CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileW
CreateMutexA
CreatePipe
CreateProcessA
CreateProcessW
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FindResourceExA
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsA
FreeLibrary
FreeResource
GetACP
GetCommandLineA
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceExW
GetDriveTypeA
GetEnvironmentStringsA
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetProfileStringA
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemTime
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExA
GetVolumeInformationW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFree
GlobalLock
GlobalMemoryStatusEx
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalAlloc
LocalFree
LockResource
MoveFileA
MoveFileW
MulDiv
MultiByteToWideChar
OpenProcess
PeekNamedPipe
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReadProcessMemory
RemoveDirectoryA
RemoveDirectoryW
ResetEvent
ResumeThread
SetConsoleTextAttribute
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
TerminateProcess
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteFile

user32

RegisterDeviceNotificationA
UnregisterDeviceNotification
AdjustWindowRectEx
BeginDeferWindowPos
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcA
CallWindowProcW
CharLowerA
CharLowerBuffA
CharLowerBuffW
CharToOemA
CharUpperA
CharUpperBuffA
CharUpperBuffW
ChildWindowFromPointEx
ClientToScreen
CloseClipboard
CopyImage
CountClipboardFormats
CreateCaret
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DeferWindowPos
DeleteMenu
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawMenuBar
DrawStateA
DrawStateW
DrawTextA
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDeferWindowPos
EndPaint
EnumClipboardFormats
EnumPropsA
EnumThreadWindows
EnumWindows
FillRect
FrameRect
GetActiveWindow
GetCapture
GetCaretPos
GetClassInfoA
GetClassInfoW
GetClassNameA
GetClientRect
GetClipboardData
GetClipboardFormatNameA
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyState
GetMenu
GetMenuItemCount
GetMenuItemInfoA
GetParent
GetPropA
GetScrollInfo
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongA
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InflateRect
InsertMenuItemA
IntersectRect
InvalidateRect
InvalidateRgn
InvertRect
IsClipboardFormatAvailable
IsIconic
IsMenu
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorA
LoadIconA
LoadImageA
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
OemToCharA
OffsetRect
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassA
RegisterClassW
RegisterClipboardFormatA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
ScrollWindowEx
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetCaretPos
SetClassLongA
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetParent
SetPropA
SetRect
SetScrollInfo
SetSysColors
SetTimer
SetWindowLongA
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextA
SetWindowTextW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenuEx
TranslateMessage
UnregisterClassA
UnregisterClassW
UpdateWindow
WindowFromDC
WindowFromPoint
wvsprintfA

advapi32

CloseServiceHandle
ControlService
EnumDependentServicesA
EnumServicesStatusA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegFlushKey
RegOpenKeyExA
RegSetValueExA
StartServiceA

comctl32

ImageList_Add
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_EndDrag
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Remove
ImageList_Replace
ImageList_SetImageCount
InitCommonControls

comdlg32

ChooseFontA
ChooseFontW
CommDlgExtendedError
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW
PageSetupDlgA
PrintDlgA

gdi32

AbortDoc
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateDIBitmap
CreateEllipticRgn
CreateFontIndirectA
CreateFontIndirectW
CreatePatternBrush
CreatePen
CreatePenIndirect
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DPtoLP
DeleteDC
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesA
EnumFontFamiliesExA
EnumFontFamiliesExW
EqualRgn
ExcludeClipRect
ExtCreatePen
ExtCreateRegion
ExtFloodFill
ExtSelectClipRgn
ExtTextOutA
ExtTextOutW
FillRgn
GetBitmapBits
GetBkColor
GetCharABCWidthsA
GetClipBox
GetClipRgn
GetCurrentObject
GetDCOrgEx
GetDIBits
GetDeviceCaps
GetMapMode
GetObjectA
GetObjectType
GetObjectW
GetPixel
GetROP2
GetRandomRgn
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetTextExtentExPointA
GetTextExtentExPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentPointA
GetTextExtentPointW
GetTextMetricsA
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LPtoDP
LineTo
MaskBlt
MoveToEx
OffsetRgn
OffsetViewportOrgEx
PaintRgn
PatBlt
Pie
PolyBezier
Polygon
Polyline
PtInRegion
RealizePalette
RectInRegion
RectVisible
Rectangle
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetArcDirection
SetBkColor
SetBkMode
SetBrushOrgEx
SetMapMode
SetPixel
SetPolyFillMode
SetROP2
SetRectRgn
SetStretchBltMode
SetTextAlign
SetTextCharacterExtra
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
StartDocA
StartPage
StretchBlt
TextOutW

ole32

CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
GetErrorInfo
OleInitialize
OleUninitialize

oleaut32

SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
DragQueryFileW
SHBrowseForFolder
SHBrowseForFolderW
SHGetFileInfoA
SHGetPathFromIDList
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteExW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

PlaySoundA
mciSendStringA

winspool.drv

AbortPrinter
ClosePrinter
DeviceCapabilitiesA
DocumentPropertiesA
EndDocPrinter
EndPagePrinter
EnumPrintersA
GetPrinterA
OpenPrinterA
StartDocPrinterA
StartPagePrinter
WritePrinter

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1014KB - Virtual size: 1014KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 4B

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EasyRecovery/EREnt.ini
EasyRecovery/EREnt64.exe
.exe windows:4 windows x64 arch:x64

cc861723d81c3d0282bd2595327117c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

MessageBoxA

comctl32

InitCommonControls

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4KB

.idata
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 260KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.x64
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EasyRecovery/EREnt64.ini
EasyRecovery/erent_log.txt
EasyRecovery/images/16-0
.png
EasyRecovery/images/16-1
.png
EasyRecovery/images/arrowdown.png
.png
EasyRecovery/images/arrowright.png
.png
EasyRecovery/images/badblk_popup.png
.png
EasyRecovery/images/btn_back.png
.png
EasyRecovery/images/btn_cancel.png
.png
EasyRecovery/images/btn_forward.png
.png
EasyRecovery/images/btn_help.png
.png
EasyRecovery/images/btn_ok.png
.png
EasyRecovery/images/cancel.png
.png
EasyRecovery/images/chooser_back.png
.png
EasyRecovery/images/chooser_forward.png
.png
EasyRecovery/images/chooser_select.png
.png
EasyRecovery/images/details1.png
.png
EasyRecovery/images/details2.png
.png
EasyRecovery/images/details3.png
.png
EasyRecovery/images/disk_cd.png
.png
EasyRecovery/images/disk_harddisk.png
.png
EasyRecovery/images/disk_harddisk_lost.png
.png
EasyRecovery/images/disk_removable.png
.png
EasyRecovery/images/disk_volume.png
.png
EasyRecovery/images/disk_volume_lost.png
.png
EasyRecovery/images/file.png
.png
EasyRecovery/images/filelost.png
.png
EasyRecovery/images/folderclosed.png
.png
EasyRecovery/images/folderclosed_mac.png
.png
EasyRecovery/images/folderclosedbig_mac.png
.png
EasyRecovery/images/folderlostclosed.png
.png
EasyRecovery/images/folderlostclosed_mac.png
.png
EasyRecovery/images/folderlostclosedbig_mac.png
.png
EasyRecovery/images/folderlostopen.png
.png
EasyRecovery/images/folderopen.png
.png
EasyRecovery/images/foldersearch.png
.png
EasyRecovery/images/ico_lang.png
.png
EasyRecovery/images/mainicon.ico
EasyRecovery/images/media_card.png
.png
EasyRecovery/images/media_cd.png
.png
EasyRecovery/images/media_harddisk.png
.png
EasyRecovery/images/media_player.png
.png
EasyRecovery/images/media_raid.png
.png
EasyRecovery/images/new.png
.png
EasyRecovery/images/op_deletedscan.png
.png
EasyRecovery/images/op_diskcleanup.png
.png
EasyRecovery/images/op_diskcopy.png
.png
EasyRecovery/images/op_diskdiag.png
.png
EasyRecovery/images/op_diskdiags.png
.png
EasyRecovery/images/op_diskdiags_old.png
.png
EasyRecovery/images/op_diskrefresh.png
.png
EasyRecovery/images/op_diskrestore.png
.png
EasyRecovery/images/op_diskstore.png
.png
EasyRecovery/images/op_disktools.png
.png
EasyRecovery/images/op_diskview.png
.png
EasyRecovery/images/op_diskwipe.png
.png
EasyRecovery/images/op_explore.png
.png
EasyRecovery/images/op_formattedscan.png
.png
EasyRecovery/images/op_loadimage.png
.png
EasyRecovery/images/op_lostvolumescan.png
.png
EasyRecovery/images/op_wipe.png
.png
EasyRecovery/images/opt_cancelbtn.png
.png
EasyRecovery/images/opt_helpbtn.png
.png
EasyRecovery/images/opt_okbtn.png
.png
EasyRecovery/images/ordner_bg_weiss.png
.png
EasyRecovery/images/pause.png
.png
EasyRecovery/images/play.png
.png
EasyRecovery/images/raid.png
.png
EasyRecovery/images/remote1.png
.png
EasyRecovery/images/remote2.png
.png
EasyRecovery/images/remoteRecControl.png
.png
EasyRecovery/images/remoteRecServer.png
.png
EasyRecovery/images/remote_network.png
.png
EasyRecovery/images/search.png
.png
EasyRecovery/images/splashscreen.png
.png
EasyRecovery/images/tb_about.png
.png
EasyRecovery/images/tb_activate.png
.png
EasyRecovery/images/tb_buynow.png
.png
EasyRecovery/images/tb_createimage.png
.png
EasyRecovery/images/tb_diskdiag.png
.png
EasyRecovery/images/tb_diskrefresh.png
.png
EasyRecovery/images/tb_emailrecovery.png
.png
EasyRecovery/images/tb_exit.png
.png
EasyRecovery/images/tb_help.png
.png
EasyRecovery/images/tb_loadimage.png
.png
EasyRecovery/images/tb_opensavepath.png
.png
EasyRecovery/images/tb_options.png
.png
EasyRecovery/images/tb_raid.png
.png
EasyRecovery/images/tb_refresh.png
.png
EasyRecovery/images/tb_remote.png
.png
EasyRecovery/images/tb_rescan.png
.png
EasyRecovery/images/tb_restoreimage.png
.png
EasyRecovery/images/tb_save.png
.png
EasyRecovery/images/tb_savefolderreport.png
.png
EasyRecovery/images/tb_savereport.png
.png
EasyRecovery/images/tb_search.png
.png
EasyRecovery/images/tb_thumbs.png
.png
EasyRecovery/images/tb_upgrade.png
.png
EasyRecovery/images/tb_viewer.png
.png
EasyRecovery/images/tb_wipe.png
.png
EasyRecovery/images/unknown.png
.png
EasyRecovery/images/warn.png
.png
EasyRecovery/images/wiz_check.png
.png
EasyRecovery/images/wiz_checkold.png
.png
EasyRecovery/images/wiz_checkpanel.png
.png
EasyRecovery/images/wiz_destdisk.png
.png
EasyRecovery/images/wiz_hdr.png
.png
EasyRecovery/images/wiz_important.png
.png
EasyRecovery/images/wiz_important_off.png
.png
EasyRecovery/images/wiz_legend_lost.png
.png
EasyRecovery/images/wiz_legend_normal.png
.png
EasyRecovery/images/wiz_logo.png
.png
EasyRecovery/images/wiz_logo_mac.png
.png
EasyRecovery/images/wiz_selectsavevol.png
.png
EasyRecovery/images/wiz_selectvolume.png
.png
EasyRecovery/images/wiz_step.png
.png
EasyRecovery/lang/en.lif
EasyRecovery/licman/erent1000.lic
EasyRecovery/licman/liclang/en.lif
EasyRecovery/licman/licman.exe
.exe windows:4 windows x86 arch:x86

29be9188975cc7afe430ff383e62bf51

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:b5:06:73:27:04:60:86:67:3c:ec:5f:2d:8b:2a:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/02/2012, 00:00

Not After

18/02/2014, 23:59

Subject

CN=Kroll Ontrack Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kroll Ontrack Inc.,O=Kroll Ontrack Inc.,L=Eden Prairie,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

00:46:d9:b4:bb:d0:fc:5f:7f:cd:c1:ca:75:d8:0c:14:4f:07:4b:82
Signer

Actual PE Digest

00:46:d9:b4:bb:d0:fc:5f:7f:cd:c1:ca:75:d8:0c:14:4f:07:4b:82

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

RegisterDeviceNotificationA
UnregisterDeviceNotification
AdjustWindowRectEx
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcA
CallWindowProcW
CharLowerA
CharLowerBuffA
CharLowerBuffW
CharToOemA
CharUpperA
CharUpperBuffA
CharUpperBuffW
ChildWindowFromPointEx
ClientToScreen
CloseClipboard
CopyImage
CountClipboardFormats
CreateCaret
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DeleteMenu
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawMenuBar
DrawStateA
DrawStateW
DrawTextA
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumClipboardFormats
EnumPropsA
EnumThreadWindows
FillRect
FrameRect
GetActiveWindow
GetCapture
GetCaretPos
GetClassInfoA
GetClassInfoW
GetClassNameA
GetClientRect
GetClipboardData
GetClipboardFormatNameA
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyState
GetMenu
GetMenuItemCount
GetMenuItemInfoA
GetParent
GetPropA
GetScrollInfo
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongA
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InflateRect
InsertMenuItemA
IntersectRect
InvalidateRect
InvalidateRgn
IsClipboardFormatAvailable
IsIconic
IsMenu
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorA
LoadIconA
LoadImageA
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
OemToCharA
OffsetRect
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageA
PostQuitMessage
RedrawWindow
RegisterClassA
RegisterClassW
RegisterClipboardFormatA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
ScrollWindowEx
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetCaretPos
SetClassLongA
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetParent
SetPropA
SetRect
SetScrollInfo
SetSysColors
SetTimer
SetWindowLongA
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextA
SetWindowTextW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenuEx
TranslateMessage
UnregisterClassA
UnregisterClassW
UpdateWindow
WindowFromDC
WindowFromPoint
wvsprintfA

comctl32

ImageList_Add
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_EndDrag
ImageList_GetImageCount
ImageList_Remove
ImageList_Replace
ImageList_SetImageCount
InitCommonControls

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW

gdi32

Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateEllipticRgn
CreateFontIndirectA
CreateFontIndirectW
CreatePatternBrush
CreatePen
CreatePenIndirect
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DPtoLP
DeleteDC
DeleteObject
Ellipse
EnumFontFamiliesA
EnumFontFamiliesExA
EnumFontFamiliesExW
EqualRgn
ExcludeClipRect
ExtCreatePen
ExtCreateRegion
ExtFloodFill
ExtSelectClipRgn
ExtTextOutA
ExtTextOutW
FillRgn
GetBitmapBits
GetBkColor
GetCharABCWidthsA
GetClipBox
GetClipRgn
GetCurrentObject
GetDCOrgEx
GetDIBits
GetDeviceCaps
GetMapMode
GetObjectA
GetObjectType
GetObjectW
GetPixel
GetROP2
GetRandomRgn
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetTextExtentExPointA
GetTextExtentExPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentPointA
GetTextMetricsA
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LPtoDP
LineTo
MaskBlt
MoveToEx
OffsetRgn
OffsetViewportOrgEx
PaintRgn
PatBlt
Pie
PolyBezier
Polygon
Polyline
PtInRegion
RealizePalette
RectInRegion
RectVisible
Rectangle
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetArcDirection
SetBkColor
SetBkMode
SetBrushOrgEx
SetMapMode
SetPixel
SetPolyFillMode
SetROP2
SetRectRgn
SetStretchBltMode
SetTextAlign
SetTextCharacterExtra
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
StretchBlt
TextOutW

kernel32

AllocConsole
CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileW
CreatePipe
CreateProcessW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeviceIoControl
DosDateTimeToFileTime
EnterCriticalSection
EnumCalendarInfoA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FindResourceExA
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsA
FreeLibrary
FreeResource
GetACP
GetCommandLineA
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceExW
GetDriveTypeA
GetEnvironmentStringsA
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileTime
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemTime
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExA
GetVolumeInformationA
GetVolumeInformationW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalLock
GlobalMemoryStatusEx
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockResource
MoveFileA
MoveFileW
MulDiv
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReadProcessMemory
RemoveDirectoryA
RemoveDirectoryW
ResetEvent
ResumeThread
SetConsoleTextAttribute
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
TerminateProcess
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteFile

ntdll

NtQueryInformationProcess
NtSetInformationThread

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree
CoUninitialize
GetErrorInfo
OleInitialize
OleUninitialize

oleaut32

SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
DragQueryFileW
SHGetSpecialFolderPathW
ShellExecuteExW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 541KB - Virtual size: 541KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EasyRecovery/licman/resources/imageerror.png
.png
EasyRecovery/licman/resources/imagelogo.png
.png
EasyRecovery/licman/resources/imageupdate.png
.png
EasyRecovery/mailviewer/iconv.dll
.dll windows:4 windows x86 arch:x86

e7aa0aeef61e4ca89f4b87b602f40e02

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memset
malloc
memcmp
free
qsort
strlen
strcmp
_errno
_initterm
_adjust_fdiv
sprintf
abort
memcpy

kernel32

DisableThreadLibraryCalls
GetACP

Exports

Exports

_libiconv_version
libiconv
libiconv_close
libiconv_open
libiconv_set_relocation_prefix
libiconvctl
libiconvlist
locale_charset

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 800KB - Virtual size: 798KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EasyRecovery/mailviewer/lang/en.lif
EasyRecovery/mailviewer/mailviewer.exe
.exe windows:4 windows x86 arch:x86

dd9e9c14867f9eedf8ba5e348166c7b7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:b5:06:73:27:04:60:86:67:3c:ec:5f:2d:8b:2a:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/02/2012, 00:00

Not After

18/02/2014, 23:59

Subject

CN=Kroll Ontrack Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kroll Ontrack Inc.,O=Kroll Ontrack Inc.,L=Eden Prairie,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:18:6d:cb:ec:c0:b4:60:15:35:89:b7:7f:66:ff:5a:81:76:24:2b
Signer

Actual PE Digest

36:18:6d:cb:ec:c0:b4:60:15:35:89:b7:7f:66:ff:5a:81:76:24:2b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegFlushKey
RegOpenKeyExA
RegQueryValueExA

comctl32

ImageList_Add
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_EndDrag
ImageList_GetImageCount
ImageList_Remove
ImageList_Replace
ImageList_SetImageCount
InitCommonControls

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW
PageSetupDlgA
PrintDlgA

gdi32

AbortDoc
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateDIBitmap
CreateEllipticRgn
CreateFontIndirectA
CreateFontIndirectW
CreatePatternBrush
CreatePen
CreatePenIndirect
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DPtoLP
DeleteDC
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesA
EnumFontFamiliesExA
EnumFontFamiliesExW
EqualRgn
ExcludeClipRect
ExtCreatePen
ExtCreateRegion
ExtFloodFill
ExtSelectClipRgn
ExtTextOutA
ExtTextOutW
FillRgn
GetBitmapBits
GetBkColor
GetCharABCWidthsA
GetClipBox
GetClipRgn
GetCurrentObject
GetDCOrgEx
GetDIBits
GetDeviceCaps
GetMapMode
GetObjectA
GetObjectType
GetObjectW
GetPixel
GetROP2
GetRandomRgn
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetTextExtentExPointA
GetTextExtentExPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentPointA
GetTextMetricsA
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LPtoDP
LineTo
MaskBlt
MoveToEx
OffsetRgn
OffsetViewportOrgEx
PaintRgn
PatBlt
Pie
PolyBezier
Polygon
Polyline
PtInRegion
RealizePalette
RectInRegion
RectVisible
Rectangle
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetArcDirection
SetBkColor
SetBkMode
SetBrushOrgEx
SetMapMode
SetPixel
SetPolyFillMode
SetROP2
SetRectRgn
SetStretchBltMode
SetTextAlign
SetTextCharacterExtra
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
StartDocA
StartPage
StretchBlt
TextOutW

kernel32

AllocConsole
CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
EnumCalendarInfoA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FindResourceExA
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsA
FreeLibrary
FreeResource
GetACP
GetCommandLineA
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceExW
GetEnvironmentStringsA
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesW
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetProfileStringA
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemTime
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExA
GetWindowsDirectoryA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFree
GlobalLock
GlobalMemoryStatusEx
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalAlloc
LocalFree
LockResource
MoveFileA
MoveFileW
MulDiv
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReadProcessMemory
RemoveDirectoryA
RemoveDirectoryW
ResetEvent
ResumeThread
SetConsoleTextAttribute
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetLastError
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteFile

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree
CoUninitialize
GetErrorInfo
OleInitialize
OleUninitialize

oleaut32

SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
DragQueryFileW
SHGetSpecialFolderPathW
ShellExecuteA

user32

AdjustWindowRectEx
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcA
CallWindowProcW
CharLowerA
CharLowerBuffA
CharLowerBuffW
CharToOemA
CharUpperA
CharUpperBuffA
CharUpperBuffW
ChildWindowFromPointEx
ClientToScreen
CloseClipboard
CopyImage
CountClipboardFormats
CreateCaret
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DeleteMenu
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawMenuBar
DrawStateA
DrawStateW
DrawTextA
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumClipboardFormats
EnumPropsA
EnumThreadWindows
FillRect
FrameRect
GetActiveWindow
GetCapture
GetCaretPos
GetClassInfoA
GetClassInfoW
GetClassNameA
GetClientRect
GetClipboardData
GetClipboardFormatNameA
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyState
GetMenu
GetMenuItemCount
GetMenuItemInfoA
GetParent
GetPropA
GetScrollInfo
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongA
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InflateRect
InsertMenuItemA
IntersectRect
InvalidateRect
InvalidateRgn
IsClipboardFormatAvailable
IsIconic
IsMenu
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorA
LoadIconA
LoadImageA
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
OemToCharA
OffsetRect
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageA
PostQuitMessage
RedrawWindow
RegisterClassA
RegisterClassW
RegisterClipboardFormatA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
ScrollWindowEx
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetCaretPos
SetClassLongA
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetParent
SetPropA
SetRect
SetScrollInfo
SetSysColors
SetTimer
SetWindowLongA
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextA
SetWindowTextW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenuEx
TranslateMessage
UnregisterClassA
UnregisterClassW
UpdateWindow
WindowFromDC
WindowFromPoint

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winspool.drv

AbortPrinter
ClosePrinter
DeviceCapabilitiesA
DocumentPropertiesA
EndDocPrinter
EndPagePrinter
EnumPrintersA
GetPrinterA
OpenPrinterA
StartDocPrinterA
StartPagePrinter
WritePrinter

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 555KB - Virtual size: 555KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EasyRecovery/mailviewer/res/image1.bmp
EasyRecovery/mailviewer/res/image2.bmp
EasyRecovery/raidproducts.ini
EasyRecovery/smart/smart.db
EasyRecovery/sounds/complete.wav
EasyRecovery/sounds/complete1.wav
EasyRecovery/winvnc/logmessages.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:86:d5:55:e6:df:75:f9:2c:50:35:ae:b7:e1:de:3f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/09/2007, 00:00

Not After

31/10/2010, 23:59

Subject

CN=RealVNC Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=RealVNC Limited,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e7:64:cd:08:8f:77:0c:ae:7e:c3:18:be:27:17:4a:1d:c2:c5:63:c4
Signer

Actual PE Digest

e7:64:cd:08:8f:77:0c:ae:7e:c3:18:be:27:17:4a:1d:c2:c5:63:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EasyRecovery/winvnc/vncconfig.exe
.exe windows:4 windows x86 arch:x86

f631fe261cfe62dd2eed9458fa0c31b3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:86:d5:55:e6:df:75:f9:2c:50:35:ae:b7:e1:de:3f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/09/2007, 00:00

Not After

31/10/2010, 23:59

Subject

CN=RealVNC Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=RealVNC Limited,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:45:9e:17:26:7c:42:04:ae:86:70:93:b0:be:53:6b:6c:c1:a9:4d
Signer

Actual PE Digest

3a:45:9e:17:26:7c:42:04:ae:86:70:93:b0:be:53:6b:6c:c1:a9:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
TlsSetValue
CreateThread
ResumeThread
GetCurrentThread
TlsGetValue
TlsAlloc
WaitForMultipleObjects
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceCounter
HeapDestroy
GetFileType
SetHandleCount
InitializeCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
GetCPInfo
GetOEMCP
GetACP
HeapSize
SetUnhandledExceptionFilter
TlsFree
SetLastError
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
HeapFree
GetCommandLineA
DeleteCriticalSection
RaiseException
RtlUnwind
GetCurrentProcess
OpenProcess
CloseHandle
ExpandEnvironmentStringsA
GetLastError
HeapCreate
VirtualFree
ReadFile
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
InterlockedExchange
VirtualQuery
SetFilePointer
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
CreateFileA
ExitProcess
SetStdHandle
VirtualProtect
GetSystemInfo
GetTickCount
SetEndOfFile
WaitForSingleObject
TerminateProcess
GetCurrentThreadId
GetModuleFileNameA
FormatMessageA
LoadLibraryA
GetProcAddress
FreeLibrary
ResetEvent
CreateEventA
SetEvent
GetVersionExA
LeaveCriticalSection
GetStartupInfoA
EnterCriticalSection
Sleep
LocalFree
GetEnvironmentStringsW
GetModuleHandleA

user32

DefWindowProcA
CreateWindowExA
RegisterClassA
UnregisterClassA
PeekMessageA
MsgWaitForMultipleObjects
GetDesktopWindow
IsWindow
IsIconic
GetClientRect
ClientToScreen
KillTimer
SetTimer
SetWindowPos
PostThreadMessageA
MessageBoxA
SystemParametersInfoA
SendMessageA
GetDlgItem
IsWindowVisible
GetWindowRect
IsRectEmpty
GetMessageA
DispatchMessageA
DestroyWindow
EnableWindow
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
DialogBoxParamA
EndDialog
SetWindowLongA
GetWindowLongA
FindWindowA
GetProcessWindowStation
EnumDesktopsA
OpenDesktopA
EnumDesktopWindows
CloseDesktop
GetClassNameA
GetWindowThreadProcessId
LoadImageA

comctl32

PropertySheetA
CreatePropertySheetPageA

ws2_32

htonl
inet_addr
inet_ntoa

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegNotifyChangeKeyValue
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegCreateKeyA
GetUserNameA
OpenProcessToken
CopySid
GetLengthSid
IsValidSid
FreeSid
AllocateAndInitializeSid
GetTokenInformation
RegEnumValueA

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EasyRecovery/winvnc/vncviewer.exe
.exe windows:4 windows x86 arch:x86

2481f304730138d08040e9b3ae65d04c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:86:d5:55:e6:df:75:f9:2c:50:35:ae:b7:e1:de:3f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/09/2007, 00:00

Not After

31/10/2010, 23:59

Subject

CN=RealVNC Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=RealVNC Limited,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2d:d7:72:e2:78:35:66:a9:08:c9:b8:74:d2:e9:3c:70:6e:2b:ef:25
Signer

Actual PE Digest

2d:d7:72:e2:78:35:66:a9:08:c9:b8:74:d2:e9:3c:70:6e:2b:ef:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
select
getsockname
getpeername
ntohs
inet_addr
WSAStartup
inet_ntoa
shutdown
closesocket
listen
WSAGetLastError
htonl
htons
socket
accept
connect
gethostbyname
send
WSAAsyncSelect
WSAEventSelect
setsockopt
bind

comctl32

PropertySheetA
_TrackMouseEvent
CreatePropertySheetPageA

kernel32

GetStringTypeW
GetStringTypeA
SetFilePointer
VirtualQuery
InterlockedExchange
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
LCMapStringA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetCPInfo
GetOEMCP
GetACP
HeapSize
SetUnhandledExceptionFilter
TlsFree
HeapAlloc
HeapReAlloc
HeapFree
DeleteFileA
GetLocaleInfoA
SetStdHandle
ReadFile
VirtualProtect
GetSystemInfo
GetTimeZoneInformation
MoveFileA
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
GetCurrentProcess
TerminateProcess
ExitProcess
RaiseException
RtlUnwind
GetTickCount
GetCurrentProcessId
SetEndOfFile
FreeConsole
AllocConsole
GetCurrentDirectoryA
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateEventA
Sleep
ResetEvent
GetLastError
GetModuleHandleA
CloseHandle
CompareStringA
CompareStringW
FormatMessageA
QueryPerformanceFrequency
QueryPerformanceCounter
ExpandEnvironmentStringsA
TlsSetValue
CreateThread
ResumeThread
GetCurrentThread
GetCurrentThreadId
TlsGetValue
WaitForSingleObject
TlsAlloc
SetEnvironmentVariableA
GlobalLock
GlobalFree
GlobalAlloc
GetModuleFileNameA
CreateFileA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
WaitForMultipleObjects
SetLastError
GlobalUnlock

user32

SetDlgItemTextA
EnableWindow
ToAscii
GetKeyboardState
PostMessageA
CallNextHookEx
GetForegroundWindow
UnhookWindowsHookEx
SetWindowsHookExA
SystemParametersInfoA
GetDesktopWindow
GetDC
ReleaseDC
SetClipboardViewer
ChangeClipboardChain
CloseClipboard
GetClipboardData
OpenClipboard
GetClipboardOwner
SetClipboardData
EmptyClipboard
IsWindowVisible
DefWindowProcA
PostThreadMessageA
GetDlgItemTextA
EndDialog
MessageBeep
MsgWaitForMultipleObjects
DispatchMessageA
PeekMessageA
ShowWindow
AppendMenuA
GetSystemMenu
GetWindowLongA
GetUpdateRect
UpdateWindow
RemoveMenu
InsertMenuA
ModifyMenuA
CheckMenuItem
EnableMenuItem
MessageBoxA
SetWindowLongA
DestroyWindow
CreateDialogParamA
SendMessageA
GetDlgItem
UnregisterClassA
ShowCursor
SetScrollInfo
DialogBoxParamA
SetWindowPos
GetSystemMetrics
AdjustWindowRect
GetMessageA
TranslateMessage
LoadMenuA
GetSubMenu
SetMenuDefaultItem
SetForegroundWindow
PostQuitMessage
GetWindowTextA
CreateWindowExA
LoadImageA
RegisterClassA
BeginPaint
FillRect
EndPaint
GetClientRect
SetCursor
GetAsyncKeyState
GetCursorPos
TrackPopupMenu
GetWindowRect
InvalidateRect
ScrollWindowEx
KillTimer
SetTimer
SetWindowTextA
SetRect

gdi32

CreateCompatibleDC
GetObjectA
SelectObject
SetDIBColorTable
DeleteDC
CreateDIBSection
CreateCompatibleBitmap
GetStockObject
BitBlt
SelectPalette
RealizePalette
ResizePalette
UnrealizeObject
SetPaletteEntries
DeleteObject
CreatePalette
GetDIBits

comdlg32

GetSaveFileNameA
CommDlgExtendedError

shell32

Shell_NotifyIconA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegSetValueExA
RegNotifyChangeKeyValue
RegCreateKeyA

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EasyRecovery/winvnc/winvnc4.exe
.exe windows:4 windows x86 arch:x86

deddd35cca33200e76c20bc37dd77658

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:86:d5:55:e6:df:75:f9:2c:50:35:ae:b7:e1:de:3f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/09/2007, 00:00

Not After

31/10/2010, 23:59

Subject

CN=RealVNC Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=RealVNC Limited,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d6:0a:aa:cd:f0:ed:f5:2a:84:af:58:df:78:a0:97:f7:9b:d3:bb:9b
Signer

Actual PE Digest

d6:0a:aa:cd:f0:ed:f5:2a:84:af:58:df:78:a0:97:f7:9b:d3:bb:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
HeapAlloc
HeapReAlloc
HeapFree
DeleteFileA
MoveFileA
GetDateFormatA
SetLastError
TlsFree
HeapSize
GetModuleFileNameA
GetCurrentThreadId
CreateProcessA
TerminateProcess
OpenProcess
ExitProcess
SetProcessShutdownParameters
TlsSetValue
CreateThread
ResumeThread
GetCurrentThread
TlsGetValue
GetACP
FormatMessageA
GetExitCodeProcess
GetCurrentProcess
GetVersionExA
CreateFileA
QueryPerformanceFrequency
QueryPerformanceCounter
WaitForMultipleObjects
FreeLibrary
GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsA
GetCurrentProcessId
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
GetTimeFormatA
GetSystemTimeAsFileTime
GetCommandLineA
RtlUnwind
RaiseException
GetOEMCP
GetCPInfo
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetTimeZoneInformation
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
FlushFileBuffers
LCMapStringA
LCMapStringW
IsBadWritePtr
ReadFile
InterlockedExchange
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoA
GetStringTypeA
SetEnvironmentVariableA
GetStringTypeW
SetFilePointer
SetStdHandle
GetTickCount
SetEndOfFile
CompareStringA
CompareStringW
FreeConsole
CreateEventA
GetComputerNameA
ResetEvent
WaitForSingleObject
SetEvent
Sleep
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
GetModuleHandleA
FindResourceA
LoadResource
LockResource
TlsAlloc
SizeofResource

user32

VkKeyScanA
ToAscii
GetAsyncKeyState
MapVirtualKeyA
keybd_event
GetSystemMetrics
mouse_event
GetDesktopWindow
ReleaseDC
GetDC
DrawIconEx
GetIconInfo
EmptyClipboard
SetClipboardData
GetClipboardOwner
OpenClipboard
GetClipboardData
CloseClipboard
ChangeClipboardChain
SystemParametersInfoA
IsWindow
IsIconic
IsRectEmpty
GetClientRect
ClientToScreen
KillTimer
DefWindowProcA
PeekMessageA
MsgWaitForMultipleObjects
IsWindowVisible
GetWindowRect
ExitWindowsEx
GetProcessWindowStation
EnumDesktopsA
EnumDesktopWindows
GetClassNameA
WaitForInputIdle
CreateWindowExA
GetForegroundWindow
UnregisterClassA
GetWindowThreadProcessId
OpenDesktopA
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
SetThreadDesktop
CloseDesktop
SetDlgItemTextA
GetDlgItemTextA
DestroyWindow
SetTimer
PostThreadMessageA
PostMessageA
DialogBoxParamA
EndDialog
SetWindowLongA
GetWindowLongA
GetDlgItem
SetWindowTextA
SendMessageA
TrackPopupMenu
GetCursorPos
SetForegroundWindow
EnableMenuItem
SetMenuDefaultItem
GetSubMenu
LoadMenuA
PostQuitMessage
MessageBoxA
LoadImageA
GetMessageA
TranslateMessage
DispatchMessageA
FindWindowA
RegisterClassA
EnumWindows
SetClipboardViewer

shell32

Shell_NotifyIconA

ws2_32

send
WSAEnumNetworkEvents
WSAResetEvent
WSACreateEvent
WSAEventSelect
WSACloseEvent
WSAIoctl
WSAGetLastError
ntohs
inet_addr
WSAStartup
select
shutdown
setsockopt
listen
bind
htonl
htons
socket
accept
connect
gethostbyname
closesocket
recv
getsockname
inet_ntoa
getpeername

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

gdi32

CreateDIBSection
SetDIBColorTable
SelectObject
CreateCompatibleDC
DeleteDC
CreateDCA
GetClipBox
GetDIBits
DeleteObject
BitBlt
GetSystemPaletteEntries
GetBitmapBits
GdiFlush
GetObjectA
GetDeviceCaps
CreateCompatibleBitmap

advapi32

RevertToSelf
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
CloseServiceHandle
RegisterEventSourceA
DeregisterEventSource
DeleteService
OpenServiceA
OpenSCManagerA
SetServiceStatus
ReportEventA
CreateServiceA
StartServiceA
ControlService
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CreateProcessAsUserA
GetUserNameA
OpenProcessToken
RegCloseKey
ImpersonateLoggedOnUser
RegDeleteKeyA
RegDeleteValueA
RegNotifyChangeKeyValue
RegSetValueExA
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EasyRecovery/winvnc/wm_hooks.dll
.dll windows:4 windows x86 arch:x86

03d2da4043cce27fa9166306d9287c11

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:86:d5:55:e6:df:75:f9:2c:50:35:ae:b7:e1:de:3f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/09/2007, 00:00

Not After

31/10/2010, 23:59

Subject

CN=RealVNC Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=RealVNC Limited,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cb:f9:c2:78:4a:13:ce:60:72:98:81:f8:21:47:37:ad:ca:1c:7a:ed
Signer

Actual PE Digest

cb:f9:c2:78:4a:13:ce:60:72:98:81:f8:21:47:37:ad:ca:1c:7a:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GlobalAddAtomA
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LCMapStringW
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
LoadLibraryA
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA

user32

RegisterWindowMessageA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
IsWindowVisible
GetWindowRect
GetPropA
SetPropA
GetCursor
PostThreadMessageA

Exports

Exports

WM_Hooks_CursorChanged
WM_Hooks_EnableCursorShape
WM_Hooks_EnableRealInputs
WM_Hooks_EnableSynthInputs
WM_Hooks_Install
WM_Hooks_RectangleChanged
WM_Hooks_Remove
WM_Hooks_WindowBorderChanged
WM_Hooks_WindowChanged
WM_Hooks_WindowClientAreaChanged

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WM_Hook
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
使用说明.txt
数据恢复软件(Ontrack EasyRecovery)下载 11.0.2.0完美注册中文版_ - pc6下载站.url
.url

Sharing

General

Malware Config

Signatures

Files

dbf28bf87cd46fa5f6ebd3e1106b8ec9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

comctl32

comdlg32

gdi32

ole32

oleaut32

shell32

version

winmm

winspool.drv

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.data Size: 1014KB - Virtual size: 1014KB

.bss Size: - Virtual size: 30KB

.CRT Size: - Virtual size: 4B

.idata Size: 14KB - Virtual size: 14KB

.rsrc Size: 260KB - Virtual size: 260KB

cc861723d81c3d0282bd2595327117c3

Headers

File Characteristics

Imports

user32

comctl32

kernel32

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.data Size: 1.4MB - Virtual size: 1.4MB

.bss Size: - Virtual size: 36KB

.CRT Size: 512B - Virtual size: 4KB

.idata Size: 19KB - Virtual size: 20KB

.rsrc Size: 260KB - Virtual size: 264KB

.x64 Size: 5KB - Virtual size: 8KB

29be9188975cc7afe430ff383e62bf51

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4d:b5:06:73:27:04:60:86:67:3c:ec:5f:2d:8b:2a:b5Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

00:46:d9:b4:bb:d0:fc:5f:7f:cd:c1:ca:75:d8:0c:14:4f:07:4b:82Signer

Headers

File Characteristics

Imports

user32

comctl32

comdlg32

gdi32

kernel32

ntdll

ole32

oleaut32

shell32

version

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.data Size: 541KB - Virtual size: 541KB

.bss Size: - Virtual size: 29KB

.CRT Size: 512B - Virtual size: 4B

.idata Size: 13KB - Virtual size: 13KB

.rsrc Size: 261KB - Virtual size: 260KB

e7aa0aeef61e4ca89f4b87b602f40e02

Headers

.text
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 1014KB - Virtual size: 1014KB

.bss
Size: - Virtual size: 30KB

.CRT
Size: - Virtual size: 4B

.idata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 260KB - Virtual size: 260KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.data
Size: 1.4MB - Virtual size: 1.4MB

.bss
Size: - Virtual size: 36KB

.CRT
Size: 512B - Virtual size: 4KB

.idata
Size: 19KB - Virtual size: 20KB

.rsrc
Size: 260KB - Virtual size: 264KB

.x64
Size: 5KB - Virtual size: 8KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4d:b5:06:73:27:04:60:86:67:3c:ec:5f:2d:8b:2a:b5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

00:46:d9:b4:bb:d0:fc:5f:7f:cd:c1:ca:75:d8:0c:14:4f:07:4b:82
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 541KB - Virtual size: 541KB

.bss
Size: - Virtual size: 29KB

.CRT
Size: 512B - Virtual size: 4B

.idata
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 261KB - Virtual size: 260KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 800KB - Virtual size: 798KB

.data
Size: 4KB - Virtual size: 380B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4d:b5:06:73:27:04:60:86:67:3c:ec:5f:2d:8b:2a:b5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

36:18:6d:cb:ec:c0:b4:60:15:35:89:b7:7f:66:ff:5a:81:76:24:2b
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 555KB - Virtual size: 555KB

.bss
Size: - Virtual size: 30KB

.CRT
Size: 512B - Virtual size: 4B

.idata
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 259KB - Virtual size: 259KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

70:86:d5:55:e6:df:75:f9:2c:50:35:ae:b7:e1:de:3f
Certificate

e7:64:cd:08:8f:77:0c:ae:7e:c3:18:be:27:17:4a:1d:c2:c5:63:c4
Signer

.rsrc
Size: 512B - Virtual size: 144B

.reloc
Size: 512B - Virtual size: 8B