37230564929c4543dbe572178d2d08db_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

37230564929c4543dbe572178d2d08db_JaffaCakes118
Size

2.8MB
MD5

37230564929c4543dbe572178d2d08db
SHA1

f7ac247d9fee160a989324c28f2e59757f4c240d
SHA256

f6984cfdb0bb0b1d0ba486ae5e56db8b4061407c25615f528c92e03564f1d163
SHA512

6f0d89ecbe883f543e4d502eb17fed86e2cf77a4bf82f7ff6185f7c1efb612fd9fa28dc3a98fda5cc7827bfc49b1cfe859ee1a256dc275361b7e8425beac0480
SSDEEP

49152:7mvn9mviMNBymjMcz01tEs88M5xdYAm8L7NFN57dHzaMVoqbcDwgEK0h:ivn8vbNxjMG01t48gTYo7N57EMWOIwvh

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/vagk+can2.5 needn't dongle/CDM_Setup/FTBUSUI.dll
unpack001/vagk+can2.5 needn't dongle/CDM_Setup/FTD2XX.dll
unpack001/vagk+can2.5 needn't dongle/CDM_Setup/FTDIBUS.sys
unpack001/vagk+can2.5 needn't dongle/CDM_Setup/FTDIUNIN.exe
unpack001/vagk+can2.5 needn't dongle/CDM_Setup/FTLang.dll
unpack001/vagk+can2.5 needn't dongle/CDM_Setup/ftcserco.dll
unpack001/vagk+can2.5 needn't dongle/CDM_Setup/ftser2k.sys
unpack001/vagk+can2.5 needn't dongle/CDM_Setup/ftserui2.dll
unpack001/vagk+can2.5 needn't dongle/RCMicroDogSetup.dll
unpack001/vagk+can2.5 needn't dongle/VWTester.exe
unpack001/vagk+can2.5 needn't dongle/k+can 2.5.exe
unpack001/vagk+can2.5 needn't dongle/vwtester.exe.bak

Files

37230564929c4543dbe572178d2d08db_JaffaCakes118
.rar
vagk+can2.5 needn't dongle/CDM_Setup/DPInst.exe
.exe windows:5 windows x86 arch:x86

2f37bd2cfc60f22d94e4856bdefb22d6

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

11/10/2005, 21:55

Not After

26/04/2010, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:10:c3:52:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/10/2005, 23:24

Not After

11/01/2007, 23:34

Subject

CN=Microsoft Windows Component Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d6:ac:c4:be:67:64:23:a2:b1:30:b7:8a:4b:62:7f:c4:57:d9:89:97
Signer

Actual PE Digest

d6:ac:c4:be:67:64:23:a2:b1:30:b7:8a:4b:62:7f:c4:57:d9:89:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\difx\source\base\pnp\dfx\dpinst\obj\i386\DpInst.pdb

Imports

advapi32

FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
IsTextUnicode
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegDeleteKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
ControlService
StartServiceW
DeleteService
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CheckTokenMembership

kernel32

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
LocalFree
FormatMessageW
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
GetTempFileNameW
lstrcmpiW
lstrcmpW
lstrlenW
GetFileAttributesW
DeleteFileW
ReadFile
SetFilePointer
ReleaseMutex
WaitForSingleObject
HeapFree
GetProcessHeap
SetEndOfFile
HeapAlloc
InterlockedCompareExchange
CreateMutexW
CreateEventW
SetEvent
InterlockedExchangeAdd
ResetEvent
FreeLibrary
SetConsoleCursorPosition
FillConsoleOutputCharacterW
ReadConsoleOutputW
GetConsoleScreenBufferInfo
SetConsoleMode
GetConsoleMode
FreeConsole
GetStdHandle
GetProcAddress
LoadLibraryW
WriteConsoleOutputW
WriteConsoleW
QueryPerformanceCounter
GetTickCount
InterlockedDecrement
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExA
GetStartupInfoW
MultiByteToWideChar
HeapReAlloc
ExitProcess
GetModuleHandleA
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetThreadLocale
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualQuery
VirtualAlloc
IsBadWritePtr
Sleep
HeapSize
LCMapStringA
WideCharToMultiByte
LCMapStringW
VirtualProtect
GetSystemInfo
LoadLibraryA
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
CreateThread
CreateFileW
WriteFile
GetCommandLineW
GlobalFree
GetUserDefaultUILanguage
GetCurrentThreadId
IsValidLocale
WaitForMultipleObjects
lstrcpyW
LocalReAlloc
DeviceIoControl
GetSystemDirectoryW
LocalAlloc
VerSetConditionMask
VerifyVersionInfoW
CompareStringW
GetEnvironmentVariableW
GetCurrentDirectoryW
GetSystemWindowsDirectoryW
SetLastError
CopyFileW
GetShortPathNameW
MoveFileExW
RemoveDirectoryW
CreateDirectoryW
GetFullPathNameW
lstrcpynW
GetModuleHandleW
GetCurrentProcess
GetLastError
CloseHandle
FindResourceExW
FindResourceW
LoadResource
EnumResourceLanguagesW
GetLocalTime
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetWindowsDirectoryW
SetHandleCount
SetCurrentDirectoryW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
RtlUnwind

gdi32

EndPage
StartDocW
EndDoc
GetTextMetricsW
GetDeviceCaps
CreateFontIndirectW
DeleteObject
StartPage

user32

DrawTextExW
LoadImageW
LoadBitmapW
GetSystemMetrics
GetSysColor
LoadIconW
LoadStringW
DestroyWindow
GetWindowLongW
SendDlgItemMessageW
InvalidateRect
SystemParametersInfoW
GetDC
ReleaseDC
SetWindowLongW
SetWindowTextW
SetDlgItemTextW
GetParent
PostMessageW
IsDlgButtonChecked
CheckDlgButton
SetFocus
CallWindowProcW
DestroyIcon
DialogBoxParamW
EndDialog
GetDlgItem
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
SendMessageW
CharLowerW
CharPrevW

ntdll

memset

shell32

ord59
CommandLineToArgvW
SHGetFolderPathW

setupapi

SetupDefaultQueueCallbackW
SetupCommitFileQueueW
SetupInitDefaultQueueCallbackEx
SetupOpenFileQueue
SetupCloseFileQueue
SetupGetTargetPathW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupCopyOEMInfW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoList
CM_Get_DevNode_Status
SetupDiGetDeviceInstanceIdW
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiSetClassInstallParamsW
SetupDiOpenDeviceInfoW
SetupTermDefaultQueueCallback
SetupOpenInfFileW
SetupCloseInfFile
SetupDiGetActualSectionToInstallW
SetupGetLineCountW
SetupOpenAppendInfFileW
SetupFindFirstLineW
SetupInstallServicesFromInfSectionW
SetupInstallFromInfSectionW
SetupPromptReboot
SetupInstallFilesFromInfSectionW
SetupFindNextMatchLineW
SetupFindNextLine
SetupGetStringFieldW
SetupGetIntField
SetupGetFieldCount
pSetupGetGlobalFlags
pSetupSetGlobalFlags
SetupDiClassNameFromGuidW
SetupDiOpenClassRegKey
CM_Locate_DevNodeW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW
CM_Setup_DevNode
CM_Query_And_Remove_SubTreeW
CM_Enumerate_Classes
CM_Get_Device_IDW
SetupQueueCopyIndirectW
SetupQueueCopyW
SetupDiSetSelectedDevice
CMP_WaitNoPendingInstallEvents

wintrust

CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust

ole32

CoTaskMemFree
StringFromCLSID
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear
VariantChangeType
SysAllocString
VariantInit
SysFreeString

crypt32

CertFreeCTLContext
CryptQueryObject
CertFreeCertificateContext
CertGetCTLContextProperty

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vagk+can2.5 needn't dongle/CDM_Setup/FTBUSUI.dll
.dll windows:4 windows x86 arch:x86

98d4b5ce88c34a933c0d00ed38da29f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Development\DLL\FTBUSUI\Release\FTBUSUI.pdb

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceInterfaceDetailA

kernel32

GetCurrentThread
CompareStringW
CompareStringA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
OutputDebugStringA
LocalFree
LoadLibraryA
LoadLibraryW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
GetLastError
SetLastError
GetModuleFileNameW
LocalAlloc
CloseHandle
DeviceIoControl
CreateFileA
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetLocaleInfoW
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetEnvironmentVariableA
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
HeapSize
MultiByteToWideChar
GetLocaleInfoA

user32

SetWindowLongA
EnableWindow
SetCursor
LoadCursorA
IsDlgButtonChecked
GetWindowLongA
GetDlgItem
CheckDlgButton

Exports

Exports

DllMain
FTBUSUIPropPageProvider

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vagk+can2.5 needn't dongle/CDM_Setup/FTD2XX.H
vagk+can2.5 needn't dongle/CDM_Setup/FTD2XX.dll
.dll windows:4 windows x86 arch:x86

504f669c51295b957c555c183ec79ebf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Development\DLL\d2xxdll\Release\FTD2XX.pdb

Imports

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList

kernel32

TlsFree
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
IsValidCodePage
DeviceIoControl
CloseHandle
ReadFile
WriteFile
CreateFileA
GetLastError
GetOverlappedResult
CancelIo
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
SetEnvironmentVariableA
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
GetTimeZoneInformation
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
InitializeCriticalSection
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
HeapSize
GetCPInfo
GetACP
GetOEMCP
GetLocaleInfoA
GetLocaleInfoW
SetEndOfFile
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale

Exports

Exports

FT_Close
FT_ClrDtr
FT_ClrRts
FT_CreateDeviceInfoList
FT_CyclePort
FT_EE_Program
FT_EE_ProgramEx
FT_EE_Read
FT_EE_ReadEx
FT_EE_UARead
FT_EE_UASize
FT_EE_UAWrite
FT_EraseEE
FT_GetBitMode
FT_GetDeviceInfo
FT_GetDeviceInfoDetail
FT_GetDeviceInfoList
FT_GetDriverVersion
FT_GetEventStatus
FT_GetLatencyTimer
FT_GetLibraryVersion
FT_GetModemStatus
FT_GetQueueStatus
FT_GetStatus
FT_IoCtl
FT_ListDevices
FT_Open
FT_OpenEx
FT_Purge
FT_Read
FT_ReadEE
FT_ResetDevice
FT_ResetPort
FT_RestartInTask
FT_SetBaudRate
FT_SetBitMode
FT_SetBreakOff
FT_SetBreakOn
FT_SetChars
FT_SetDataCharacteristics
FT_SetDeadmanTimeout
FT_SetDivisor
FT_SetDtr
FT_SetEventNotification
FT_SetFlowControl
FT_SetLatencyTimer
FT_SetResetPipeRetryCount
FT_SetRts
FT_SetTimeouts
FT_SetUSBParameters
FT_SetWaitMask
FT_StopInTask
FT_W32_CancelIo
FT_W32_ClearCommBreak
FT_W32_ClearCommError
FT_W32_CloseHandle
FT_W32_CreateFile
FT_W32_EscapeCommFunction
FT_W32_GetCommModemStatus
FT_W32_GetCommState
FT_W32_GetCommTimeouts
FT_W32_GetLastError
FT_W32_GetOverlappedResult
FT_W32_PurgeComm
FT_W32_ReadFile
FT_W32_SetCommBreak
FT_W32_SetCommMask
FT_W32_SetCommState
FT_W32_SetCommTimeouts
FT_W32_SetupComm
FT_W32_WaitCommEvent
FT_W32_WriteFile
FT_WaitOnMask
FT_Write
FT_WriteEE

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vagk+can2.5 needn't dongle/CDM_Setup/FTD2XX.lib
vagk+can2.5 needn't dongle/CDM_Setup/FTDIBUS.INF
vagk+can2.5 needn't dongle/CDM_Setup/FTDIBUS.sys
.sys windows:5 windows x86 arch:x86

a4f776922d9b75fb7c4571d75d8595da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeInitializeSpinLock
PoSetPowerState
KeInitializeDpc
IoAttachDeviceToDeviceStack
IofCallDriver
RtlFreeUnicodeString
IofCompleteRequest
KeInitializeEvent
IoBuildDeviceIoControlRequest
ExFreePool
ExAllocatePoolWithTag
KeInitializeTimer
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoCreateDevice
InterlockedIncrement
RtlWriteRegistryValue
RtlQueryRegistryValues
ObfReferenceObject
KeWaitForSingleObject
KeSetEvent
IoDeleteDevice
IoDetachDevice
ObfDereferenceObject
IoGetDeviceProperty
RtlInitUnicodeString
PoCallDriver
PoStartNextPowerIrp
PoRequestPowerIrp
ExQueueWorkItem
InterlockedExchange
InterlockedDecrement
IoCancelIrp
IoIsWdmVersionAvailable
ExEventObjectType
KeCancelTimer
KeSetTimer
IoFreeMdl
IoBuildPartialMdl
IoAllocateMdl
MmMapLockedPagesSpecifyCache
ZwClose
PsCreateSystemThread
PsTerminateSystemThread
KeClearEvent
KeWaitForMultipleObjects
KeSetPriorityThread
KeGetCurrentThread
RtlCompareUnicodeString
RtlUnicodeStringToInteger
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
ObReferenceObjectByPointer
IoGetDeviceObjectPointer
RtlCompareMemory
IoOpenDeviceRegistryKey
ZwOpenKey
ZwEnumerateKey
ZwQueryKey
ZwQueryValueKey
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ZwSetValueKey
IoInvalidateDeviceRelations
ZwEnumerateValueKey
swprintf
IoReleaseCancelSpinLock
ObReferenceObjectByHandle

hal

KeGetCurrentIrql
KfAcquireSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KfReleaseSpinLock

usbd.sys

_USBD_CreateConfigurationRequestEx@8
_USBD_ParseConfigurationDescriptorEx@28
USBD_GetUSBDIVersion

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 448B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 765B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 800B - Virtual size: 785B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 864B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vagk+can2.5 needn't dongle/CDM_Setup/FTDIPORT.INF
vagk+can2.5 needn't dongle/CDM_Setup/FTDIUN2K.INI
vagk+can2.5 needn't dongle/CDM_Setup/FTDIUNIN.exe
.exe windows:4 windows x86 arch:x86

bea23ef2baf06b93fa89f7195e770437

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Development\Util\Unin\4.00.04\Release\FTDIUNIN.pdb

Imports

shlwapi

SHDeleteKeyA

kernel32

CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
FreeLibrary
SetFilePointer
CreateFileA
InitializeCriticalSection
ReadFile
FlushFileBuffers
GetConsoleMode
HeapCreate
HeapDestroy
GetVersionExA
GetLastError
RemoveDirectoryA
GetSystemDirectoryA
FindClose
GetModuleHandleA
GetProcAddress
GetCurrentProcess
FindFirstFileA
FindNextFileA
SetFileAttributesA
GetWindowsDirectoryA
CompareStringW
InterlockedExchange
TlsFree
RtlUnwind
DeleteFileA
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
SetEnvironmentVariableA
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
CloseHandle
SetHandleCount
GetFileType
DeleteCriticalSection
Sleep
ExitProcess
FatalAppExitA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
HeapSize
SetConsoleCtrlHandler
LoadLibraryA
MultiByteToWideChar
GetLocaleInfoA
GetLocaleInfoW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
GetConsoleCP

user32

GetSysColor
GetSysColorBrush
EndDialog
SetWindowTextA
SetFocus
DialogBoxParamA
GetDC
ReleaseDC
GetDlgItem
SendMessageA
LoadStringA
wsprintfA
EnableWindow

gdi32

GetTextMetricsA
CreateFontIndirectA
SelectObject
SetBkColor

advapi32

RegEnumKeyExA
RegOpenKeyA
InitializeSecurityDescriptor
RegSetKeySecurity
RegQueryInfoKeyA
RegEnumValueA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vagk+can2.5 needn't dongle/CDM_Setup/FTLang.dll
.dll windows:4 windows x86 arch:x86

8c3a16551d585a8847403d33eb5f90fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Development\DLL\FTLang\Release\FTLang.pdb

Imports

user32

LoadStringW

kernel32

GetSystemTimeAsFileTime
SetEnvironmentVariableA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
GetCurrentThread
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
WriteFile
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetLocaleInfoW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeZoneInformation
CompareStringA
CompareStringW

Exports

Exports

??0CFTLang@@QAE@XZ
??4CFTLang@@QAEAAV0@ABV0@@Z
FTGetText
nFTLang

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vagk+can2.5 needn't dongle/CDM_Setup/dpinst.xml
.xml
vagk+can2.5 needn't dongle/CDM_Setup/ftcserco.dll
.dll windows:5 windows x86 arch:x86

331fdfe7bf5ac00fa0ee4d8f02d54c91

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupOpenInfFileW
SetupDiGetActualSectionToInstallW
SetupDiGetDriverInfoDetailW
SetupInstallFromInfSectionW
SetupDiGetSelectedDriverW
SetupDiCreateDevRegKeyW
SetupCloseInfFile
CM_Get_Device_IDW

kernel32

VirtualFree
GetLastError
lstrlenW
LocalFree
LocalAlloc
WideCharToMultiByte
MultiByteToWideChar
VirtualAlloc
HeapFree
HeapAlloc
LCMapStringA
LCMapStringW

advapi32

RegOpenKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey

user32

wsprintfW

msports

ComDBClose
ComDBClaimPort
ComDBReleasePort
ComDBClaimNextFreePort
ComDBOpen

Exports

Exports

FTCSERCoInstaller

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vagk+can2.5 needn't dongle/CDM_Setup/ftdibus.cat
vagk+can2.5 needn't dongle/CDM_Setup/ftdiport.cat
vagk+can2.5 needn't dongle/CDM_Setup/ftser2k.sys
.sys windows:5 windows x86 arch:x86

274589354590468b338a50282519c7bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_except_handler3
InterlockedDecrement
KeRemoveQueueDpc
ExFreePool
PoSetPowerState
KeWaitForSingleObject
IoWMIRegistrationControl
IoDeleteDevice
IoDetachDevice
KeDelayExecutionThread
IoCancelIrp
KeInitializeDpc
KeInitializeTimer
KeInitializeSpinLock
MmLockPagableDataSection
MmUnmapIoSpace
IofCallDriver
KeWaitForMultipleObjects
MmLockPagableSectionByHandle
MmQuerySystemSize
InterlockedIncrement
ZwClose
IoOpenDeviceRegistryKey
KeQuerySystemTime
KeInsertQueueDpc
KeSetTimer
KeCancelTimer
PoCallDriver
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
ExAllocatePoolWithQuotaTag
IoCreateDevice
KefAcquireSpinLockAtDpcLevel
KeInitializeEvent
ExAllocatePoolWithTag
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlInitUnicodeString
RtlAppendUnicodeToString
IoAttachDeviceToDeviceStack
IoGetConfigurationInformation
wcslen
RtlDeleteRegistryValue
IoDeleteSymbolicLink
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
RtlWriteRegistryValue
IoCreateSymbolicLink
ObfDereferenceObject
RtlQueryRegistryValues
ZwQueryValueKey
PoRequestPowerIrp
PoStartNextPowerIrp
KeClearEvent
IoFreeIrp
IoAllocateIrp
ObReferenceObjectByHandle
PsCreateSystemThread
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
memmove
DbgBreakPoint
MmUnlockPagableImageSection
KeSetEvent
_allmul
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
InterlockedExchange
IofCompleteRequest
KefReleaseSpinLockFromDpcLevel

hal

KeRaiseIrqlToDpcLevel
KfLowerIrql
READ_PORT_UCHAR
ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock
KfReleaseSpinLock

wmilib.sys

WmiCompleteRequest
WmiSystemControl

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 288B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGESRP0
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGESER
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 160B - Virtual size: 143B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vagk+can2.5 needn't dongle/CDM_Setup/ftserui2.dll
.dll windows:5 windows x86 arch:x86

d8f41154f2c3f1f5f8a953afcd7ad722

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcscpy
wcslen
_wcsupr
wcsspn
wcscspn
wcscat
wcscmp
wcsstr
wcschr
_itoa

setupapi

CM_Get_Res_Des_Data
CM_Get_Next_Res_Des
CM_Get_First_Log_Conf
SetupDiInstallDevice
CM_Get_DevNode_Status
SetupDiGetDeviceInstanceIdW
CM_Free_Res_Des_Handle
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupCloseInfFile
SetupDiGetDeviceInfoListDetailW
SetupDiGetActualSectionToInstallW
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiCreateDevRegKeyW
CM_Free_Log_Conf_Handle
SetupDiGetSelectedDriverW
SetupDiGetDriverInfoDetailW
SetupOpenInfFileW
SetupDiRemoveDevice
SetupDiSetDeviceRegistryPropertyW
SetupInstallFromInfSectionW
SetupDiGetClassInstallParamsW
SetupDiMoveDuplicateDevice

user32

CheckDlgButton
CharNextW
CheckRadioButton
GetWindowTextW
CharPrevW
MessageBoxW
SendMessageTimeoutW
wvsprintfW
GetWindowTextLengthW
ShowWindow
GetDlgCtrlID
SetDlgItemTextW
DialogBoxParamW
IsDlgButtonChecked
SendDlgItemMessageW
LoadStringW
SetWindowLongW
GetDlgItem
EnableWindow
WinHelpW
GetWindowLongW
EndDialog
GetParent
SendMessageW
GetFocus
SetWindowTextW
wsprintfW

advapi32

RegQueryValueExW
RegSetValueExW
RegCloseKey
RegEnumValueW
RegOpenKeyExW

kernel32

CreateFileW
CloseHandle
DefineDosDeviceW
GetProfileStringW
QueryDosDeviceW
DisableThreadLibraryCalls
GetLastError
lstrcmpW
lstrcmpiW
lstrcatW
GetUserDefaultLCID
GetLocaleInfoW
lstrcpyW
LocalFree
LocalAlloc
SetLastError
MultiByteToWideChar
lstrlenW
WriteProfileStringW

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW

msports

ComDBClaimNextFreePort
ComDBReleasePort
ComDBClose
ComDBOpen
ComDBGetCurrentPortUsage
ComDBClaimPort

Exports

Exports

LibMain
ParallelPortPropPageProvider
PortsClassInstaller
SerialPortPropPageProvider

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vagk+can2.5 needn't dongle/FixDiag.ini
vagk+can2.5 needn't dongle/Instructions, Must read !!!!!!.rtf
.rtf
vagk+can2.5 needn't dongle/MWB.TXT
vagk+can2.5 needn't dongle/MWB_de.TXT
vagk+can2.5 needn't dongle/RCMicroDogSetup.dll
.dll windows:4 windows x86 arch:x86

c3a04bf4069ea70bcba6a6cd75fde90d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
RaiseException
ExitProcess
TerminateProcess
HeapSize
HeapReAlloc
GetACP
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
GetCurrentProcess
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
GlobalAlloc
lstrcmpA
GetCurrentThread
GetModuleFileNameA
GlobalFree
lstrcpynA
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalUnlock
FreeLibrary
MulDiv
GetVersion
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
FindResourceA
LoadResource
LockResource
CreateFileA
SizeofResource
WriteFile
SetFileAttributesA
Sleep
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
LocalAlloc
LocalFree
SetLastError
GetProcAddress
GetVersionExA
CreateMutexA
GetLastError
ReleaseMutex
CloseHandle
GetSystemDirectoryA
lstrcatA
lstrlenA
WinExec
lstrcpyA
GetWindowsDirectoryA
LoadLibraryA
GetFileType

user32

SetActiveWindow
GetFocus
DispatchMessageA
PeekMessageA
MapWindowPoints
SendDlgItemMessageA
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
ShowWindow
IsWindowEnabled
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA
GetCursorPos
LoadStringA
CreateDialogIndirectParamA
EndDialog
PostQuitMessage
ValidateRect
TranslateMessage
GetMessageA
UnregisterClassA
GetClassNameA
GetSysColorBrush
IsWindowVisible
GetTopWindow
GetCapture
WinHelpA
SetFocus
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
GetWindow
RegisterWindowMessageA
SystemParametersInfoA
GetWindowPlacement
MessageBoxA
PostMessageA
SetWindowPos
LoadBitmapA
DrawTextA
RedrawWindow
UpdateWindow
IsIconic
GetSystemMetrics
DrawIcon
GetSystemMenu
AppendMenuA
LoadIconA
LoadCursorA
CopyIcon
GetDC
ReleaseDC
IsWindow
GetMessagePos
ScreenToClient
PtInRect
SetTimer
MessageBeep
SetWindowLongA
KillTimer
EnableWindow
FillRect
GetIconInfo
LoadImageA
DrawStateA
GetClientRect
CopyRect
DestroyMenu
DestroyCursor
AdjustWindowRectEx
wsprintfA
FrameRect
InflateRect
GetSysColor
OffsetRect
DrawFocusRect
GetSubMenu
GetWindowRect
TrackPopupMenuEx
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
SendMessageA
GetWindowLongA
DestroyIcon
SetForegroundWindow

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
MoveToEx
LineTo
SetBkMode
GetDeviceCaps
CreatePen
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
RestoreDC
SaveDC
GetClipBox
GetTextExtentPoint32A
CreateFontIndirectA
CreateSolidBrush
GetObjectA
CreateBitmap
SetBkColor
SetTextColor
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetStockObject
DeleteObject

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegDeleteValueA
RegQueryValueA
CreateServiceA
StartServiceA
RegDeleteKeyA
QueryServiceStatus
ControlService
DeleteService
RegCloseKey
RegCreateKeyExA
RegSetValueExA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA
ShellExecuteA

comctl32

_TrackMouseEvent
ord17

Exports

Exports

DriverDialog
ForInstallSheild
GetDogDriverInfo
InstDriver
NotifyPullOutAndPlugInUsbDog
UninstallDriver

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vagk+can2.5 needn't dongle/Tester.ini
vagk+can2.5 needn't dongle/VAG.txt
vagk+can2.5 needn't dongle/VWTester.exe
.exe windows:4 windows x86 arch:x86

472e4d13fc5481cc1b48ee4fbae2c5fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
LoadLibraryA
VirtualProtect
GetModuleFileNameA

user32

CharNextA
MessageBoxA

gdi32

GetDeviceCaps

comdlg32

GetSaveFileNameA

winspool.drv

ClosePrinter

advapi32

RegQueryValueExW

comctl32

ord17

oledlg

ord8

ole32

OleDuplicateData

olepro32

ord253

oleaut32

SysStringLen

Exports

Exports

_EXECryptor_AntiDebug@0
_EXECryptor_DecryptStr@8
_EXECryptor_DecryptStrW@8
_EXECryptor_EncryptStr@8
_EXECryptor_EncryptStrW@8
_EXECryptor_GetDate@0
_EXECryptor_GetEXECryptorVersion@0
_EXECryptor_GetHardwareID@0
_EXECryptor_GetProcAddr@8
_EXECryptor_GetReleaseDate@0
_EXECryptor_GetTrialDaysLeft@4
_EXECryptor_GetTrialRunsLeft@4
_EXECryptor_IsAppProtected@0
_EXECryptor_MessageBoxA@16
_EXECryptor_ProtectImport@0
_EXECryptor_SecureRead@8
_EXECryptor_SecureReadW@8
_EXECryptor_SecureWrite@8
_EXECryptor_SecureWriteW@8

Sections

.text
Size: - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 21.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_BSS
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.asd0
Size: - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.asd1
Size: 484KB - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vagk+can2.5 needn't dongle/dilloDIE.log
vagk+can2.5 needn't dongle/k+can 2.5.exe
.exe windows:4 windows x86 arch:x86

26197317de0c30f977e0873076f7d845

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetModuleFileNameA
MoveFileExA
SetThreadPriority
CreateFileW
GetCommandLineA
CreateProcessA
GetCurrentThreadId
CreateThread
WaitForSingleObject
DeviceIoControl
GetTempPathA
SetFileAttributesA
DeleteFileA
WriteFile
GetShortPathNameA
Sleep
ReleaseSemaphore
GetVersionExA
GetStringTypeW
GetStringTypeA
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First
GetWindowsDirectoryA
Module32Next
GetCurrentProcessId
OpenProcess
TerminateProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
GetLastError
LCMapStringW
CreateFileA
CreateSemaphoreA
lstrlenA
lstrcpyA
RtlUnwind
HeapAlloc
HeapFree
GetVersion
ExitProcess
HeapReAlloc
GetCurrentProcess
HeapSize
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
FlushFileBuffers
LCMapStringA
CloseHandle

user32

FindWindowA
MessageBoxA
GetInputState
PostThreadMessageA
GetMessageA
CharUpperBuffA
GetSystemMetrics
SetWindowTextA

advapi32

RegEnumKeyExA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
StartServiceA
CreateServiceA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList

hid

HidD_SetFeature
HidD_GetFeature
HidP_GetScaledUsageValue
HidP_GetUsageValue
HidP_GetUsages
HidP_SetUsageValue
HidP_SetUsages
HidP_GetCaps
HidD_FreePreparsedData
HidD_GetAttributes
HidD_GetPreparsedData
HidP_GetSpecificValueCaps
HidD_GetHidGuid

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pack
Size: 528KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
vagk+can2.5 needn't dongle/vwtester.exe.bak
.exe windows:4 windows x86 arch:x86

402e792ea27fe942e6054052f9e50ba8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

CharNextA
MessageBoxA

gdi32

GetDeviceCaps

comdlg32

GetSaveFileNameA

winspool.drv

ClosePrinter

advapi32

RegQueryValueExW

comctl32

ord17

oledlg

ord8

ole32

OleDuplicateData

olepro32

ord253

oleaut32

SysStringLen

Exports

Exports

_EXECryptor_AntiDebug@0
_EXECryptor_DecryptStr@8
_EXECryptor_DecryptStrW@8
_EXECryptor_EncryptStr@8
_EXECryptor_EncryptStrW@8
_EXECryptor_GetDate@0
_EXECryptor_GetEXECryptorVersion@0
_EXECryptor_GetHardwareID@0
_EXECryptor_GetProcAddr@8
_EXECryptor_GetReleaseDate@0
_EXECryptor_GetTrialDaysLeft@4
_EXECryptor_GetTrialRunsLeft@4
_EXECryptor_IsAppProtected@0
_EXECryptor_MessageBoxA@16
_EXECryptor_ProtectImport@0
_EXECryptor_SecureRead@8
_EXECryptor_SecureReadW@8
_EXECryptor_SecureWrite@8
_EXECryptor_SecureWriteW@8

Sections

.text
Size: - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 21.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_BSS
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qq0
Size: - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qq1
Size: 592KB - Virtual size: 590KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f37bd2cfc60f22d94e4856bdefb22d6

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88Certificate

Extended Key Usages

Key Usages

61:10:c3:52:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

d6:ac:c4:be:67:64:23:a2:b1:30:b7:8a:4b:62:7f:c4:57:d9:89:97Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

ntdll

shell32

setupapi

wintrust

ole32

oleaut32

crypt32

version

Sections

.text Size: 394KB - Virtual size: 393KB

.data Size: 3KB - Virtual size: 12KB

Shared Size: 512B - Virtual size: 8B

.rsrc Size: 103KB - Virtual size: 102KB

98d4b5ce88c34a933c0d00ed38da29f2

Headers

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

504f669c51295b957c555c183ec79ebf

Headers

File Characteristics

PDB Paths

Imports

setupapi

kernel32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 125KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 988B

.reloc Size: 8KB - Virtual size: 5KB

a4f776922d9b75fb7c4571d75d8595da

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

61:10:c3:52:00:00:00:00:00:03
Certificate

d6:ac:c4:be:67:64:23:a2:b1:30:b7:8a:4b:62:7f:c4:57:d9:89:97
Signer

.text
Size: 394KB - Virtual size: 393KB

.data
Size: 3KB - Virtual size: 12KB

Shared
Size: 512B - Virtual size: 8B

.rsrc
Size: 103KB - Virtual size: 102KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 128KB - Virtual size: 125KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 988B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 448B - Virtual size: 424B

.data
Size: 768B - Virtual size: 765B

PAGE
Size: 800B - Virtual size: 785B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 864B - Virtual size: 856B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 66KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 1024B - Virtual size: 624B

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 512B - Virtual size: 488B

.data
Size: 288B - Virtual size: 276B

PAGESRP0
Size: 12KB - Virtual size: 12KB

PAGESER
Size: 13KB - Virtual size: 13KB

PAGE
Size: 160B - Virtual size: 143B