3c3a9a6f4f62f34f76442489ca4d5faa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c3a9a6f4f62f34f76442489ca4d5faa_JaffaCakes118
Size

2.7MB
MD5

3c3a9a6f4f62f34f76442489ca4d5faa
SHA1

47d58d1f16ca31b67e55e937b5921f6d9f68d0f2
SHA256

4293eea5de3c8b7e593730e04be4dcddef239d6fd19cd3f926beea30b6ceda53
SHA512

bfb3ad589d06a441fc3f4ccb100b7991de33bc569f90ee9db6f87ef9e9d93fcfe3343b481a52ddb294df3c317988e95fda3b806c3112677b19ee8d4e2b47bbeb
SSDEEP

49152:LKFODEgDNiq4Ryo3V3U3eT5lsUm1a0pWmct/5edstvL8qpUcOg3KmUyKFODG:+FE1DYq4oSU3m5qUCpWmcVppamURFEG

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/CABSetup.dll
unpack001/$PLUGINSDIR/IEClose.dll
unpack001/$PLUGINSDIR/InetLoad.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/RUtil.dll
unpack001/$PLUGINSDIR/gplunger.dll
unpack001/$PLUGINSDIR/nsExec.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/RakutenToolbarHelper.exe	nsis_installer_1
static1/unpack001/RakutenToolbarHelper.exe	nsis_installer_2

Files

3c3a9a6f4f62f34f76442489ca4d5faa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:52:a6:72:8e:5a:47:f2:76:22:d6:03:52:e8:5f:7c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/12/2012, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Rakuten\,Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=System Integration Division,O=Rakuten\,Inc.,L=Shinagawa-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:ee:40:f5:94:16:69:a7:23:01:ed:83:89:ef:ff:42:5b:22:43:83
Signer

Actual PE Digest

26:ee:40:f5:94:16:69:a7:23:01:ed:83:89:ef:ff:42:5b:22:43:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CABSetup.dll
.dll windows:4 windows x86 arch:x86

5070fa13a62547a5beae58004a204cbb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
HeapFree
lstrcatA
lstrlenA
lstrcmpA
HeapAlloc
GetProcessHeap
CloseHandle
ReleaseMutex
WaitForSingleObject
OpenMutexA
WriteFile
GetFileAttributesA
GetLastError
ReadFile
CreateFileA
lstrcmpiA
GetNumberFormatA
GetLocaleInfoA
CreateDirectoryA
GetTickCount
Sleep
GetExitCodeProcess
CreateProcessA
FindClose
FindNextFileA
FindFirstFileA
CreateMutexA

user32

CreateWindowExA
MapWindowPoints
GetWindowRect
GetDlgItem
CallWindowProcA
wvsprintfA
SetDlgItemTextA
GetDlgItemTextA
GetWindowLongA
wsprintfA
FindWindowExA
SetForegroundWindow
MoveWindow
FindWindowA
GetDesktopWindow
DestroyWindow
EnableWindow
SetWindowLongA
ShowWindow
SendMessageA
UpdateWindow

setupapi

SetupIterateCabinetA
SetupPromptForDiskA

Exports

Exports

BuildSetupFiles
DataSetSize
Extract

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/IEClose.dll
.dll windows:4 windows x86 arch:x86

03484a6bc016d64c2911bbb00d3e5527

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStdHandle
Module32Next
Module32First
CreateToolhelp32Snapshot
Process32Next
Process32First
OpenProcess
TerminateProcess
WaitForSingleObject
Sleep
WideCharToMultiByte
FreeEnvironmentStringsW
RtlUnwind
GetStringTypeW
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
CloseHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
LoadLibraryA
VirtualAlloc
HeapReAlloc
GetProcAddress
GetStringTypeA

user32

FindWindowA
EnumWindows
GetWindowThreadProcessId
SendMessageTimeoutA
GetClassNameA
PostMessageA

ole32

CoFreeUnusedLibraries

Exports

Exports

closeIE
refreshProcesses

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InetLoad.dll
.dll windows:4 windows x86 arch:x86

24a4a671f5cc294ce3543d18a1e873cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strchr
_adjust_fdiv
malloc
_initterm
free
memset
strstr
strtol
strncmp
strtoul
time
strrchr

kernel32

GlobalFree
lstrcpynA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
lstrcmpA
lstrlenA
MulDiv
WriteFile
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx

user32

GetDlgItem
SendMessageA
SetWindowTextA
wsprintfA
GetWindowTextA
RegisterWindowMessageA
CallWindowProcA
PostMessageA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
MessageBoxA
SendDlgItemMessageA
SetDlgItemTextA
SetTimer
LoadIconA
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindow
CreateDialogParamA
FindWindowExA
RedrawWindow
SetWindowLongA

wininet

InternetErrorDlg
InternetSetFilePointer
HttpQueryInfoA
InternetQueryOptionA
HttpSendRequestA
HttpAddRequestHeadersA
InternetSetOptionA
HttpOpenRequestA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

comctl32

ord17

Exports

Exports

load

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/RUtil.dll
.dll windows:5 windows x86 arch:x86

96c1e978eb233889e42f453b1dfc3bad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\goto\projects\NsisRUtil\Release\RUtil.pdb

Imports

kernel32

IsProcessorFeaturePresent
GetCurrentThreadId
DecodePointer
GetCommandLineA
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
GetProcAddress
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize

user32

SwitchToThisWindow
GetForegroundWindow

Exports

Exports

BringToForeground

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/gplunger.dll
.dll windows:5 windows x86 arch:x86

bb24ab9fddb167f7754f91e378a2b052

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
OpenProcess
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcessId
CreateProcessW
GetNativeSystemInfo
CreateFileW
InitializeCriticalSection
LocalFree
GetLocaleInfoW
CreateFileA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
CloseHandle
GetTempFileNameA
FreeLibrary
WideCharToMultiByte
lstrlenW
GetProcAddress
LoadLibraryA
MultiByteToWideChar
lstrlenA
GlobalAlloc
lstrcpynA
lstrcpyA
GlobalFree
InterlockedDecrement
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
GetLocaleInfoA
GetUserDefaultLCID
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RtlUnwind
RaiseException
HeapCreate
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointer
ReadFile
Sleep
FlushFileBuffers
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapSize
SetEndOfFile

user32

MessageBoxA
SendMessageA
GetDlgItem
IsWindow
CallWindowProcA
DefWindowProcA
GetWindowLongA
SetWindowLongA
CallNextHookEx
UnhookWindowsHookEx
GetWindowThreadProcessId
SetWindowsHookExA
FindWindowA

advapi32

GetSidSubAuthority
GetSidSubAuthorityCount
RegSetValueExA
RegDeleteValueA
RegQueryValueExA
RegCloseKey
SetSecurityInfo
SetEntriesInAclA
EqualSid
GetTokenInformation
OpenProcessToken
GetExplicitEntriesFromAclA
GetSecurityInfo
RegOpenKeyExA
DuplicateTokenEx

shell32

DoEnvironmentSubstW
DoEnvironmentSubstA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

GetErrorInfo
SysStringLen
SysFreeString
VariantClear
SysAllocString

shlwapi

UrlEscapeA
PathAppendA

Exports

Exports

addSearch
delSearch
getRequiredPluginsList
justDoIt
launchProtectedIE
parseToolbarVars
urlEncode

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/request_reboot.ini
$TEMP/IEToolbarBackup.exe
.exe windows:5 windows x86 arch:x86

2dab782e6d7257eb0da0f8f38075bb88

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:52:a6:72:8e:5a:47:f2:76:22:d6:03:52:e8:5f:7c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/12/2012, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Rakuten\,Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=System Integration Division,O=Rakuten\,Inc.,L=Shinagawa-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:cd:1a:da:3d:81:37:4a:f6:8a:e2:d9:6b:04:7e:94:ba:93:7d:b0
Signer

Actual PE Digest

8d:cd:1a:da:3d:81:37:4a:f6:8a:e2:d9:6b:04:7e:94:ba:93:7d:b0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\TB3\ietoolbarbackup\Release\IEToolbarBackup.pdb

Imports

kernel32

SetLastError
FindNextFileW
FindClose
GetCurrentProcess
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
GetFullPathNameW
GetVersionExW
InterlockedDecrement
FormatMessageW
InterlockedCompareExchange
FindFirstFileW
lstrcpyW
LocalFree
LocalAlloc
GetLastError
lstrlenW
GetModuleHandleW
MultiByteToWideChar
WriteFile
CreateFileW
CloseHandle
CreateDirectoryW
DeleteFileW
FreeLibrary
GetProcAddress
LoadLibraryW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
Process32NextW
GetLongPathNameW
SetStdHandle
VirtualQuery
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetStringTypeW
FlushFileBuffers
SetFilePointer
GetConsoleMode
GetConsoleCP
LCMapStringW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapQueryInformation
WideCharToMultiByte
TlsFree
GetCurrentThreadId
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoW
GetCurrentProcessId
RaiseException
SetEvent
OpenEventA
OutputDebugStringA
OutputDebugStringW
lstrlenA
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
InterlockedIncrement
GetModuleFileNameW
InterlockedExchange
InitializeCriticalSection
DecodePointer
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
HeapValidate
IsBadReadPtr
ExitProcess
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetModuleFileNameA
RtlUnwind
WriteConsoleW
GetFileType
GetStdHandle
GetCPInfo
IsProcessorFeaturePresent

user32

MessageBoxW

advapi32

SetThreadToken
OpenThreadToken
ConvertSidToStringSidW
LookupAccountNameW
GetUserNameW
LookupAccountSidW
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegLoadKeyW
RevertToSelf

shell32

SHFileOperationW
DoEnvironmentSubstW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
OleRun
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString
VariantClear

shlwapi

UrlEscapeW
PathFileExistsW

wininet

HttpSendRequestW
HttpAddRequestHeadersW
InternetQueryOptionW
InternetConnectW
InternetReadFile
HttpOpenRequestW
InternetSetOptionW
InternetCloseHandle
InternetCrackUrlW
InternetOpenW
HttpQueryInfoW

urlmon

ObtainUserAgentString

userenv

GetProfilesDirectoryW

Sections

.text
Size: 543KB - Virtual size: 542KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RakutenToolbarHelper.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:52:a6:72:8e:5a:47:f2:76:22:d6:03:52:e8:5f:7c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/12/2012, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Rakuten\,Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=System Integration Division,O=Rakuten\,Inc.,L=Shinagawa-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8e:d2:c3:a9:62:7b:88:0d:34:2a:92:6b:23:22:87:c9:f1:14:13:1e
Signer

Actual PE Digest

8e:d2:c3:a9:62:7b:88:0d:34:2a:92:6b:23:22:87:c9:f1:14:13:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RakutenToolbarHelper/DeleteWait.exe
.exe windows:5 windows x86 arch:x86

38f9f9592dfe2bb6cab5bd9d84a7a124

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:52:a6:72:8e:5a:47:f2:76:22:d6:03:52:e8:5f:7c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/12/2012, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Rakuten\,Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=System Integration Division,O=Rakuten\,Inc.,L=Shinagawa-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:cd:a9:7c:f5:77:35:93:6b:a3:84:5d:4a:99:5e:ce:bb:df:9d:0a
Signer

Actual PE Digest

08:cd:a9:7c:f5:77:35:93:6b:a3:84:5d:4a:99:5e:ce:bb:df:9d:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
lstrlenW
GetProcAddress
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
GetModuleFileNameW
Sleep
FindResourceExW
LCMapStringW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
LoadLibraryW
RtlUnwind
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapCreate
ExitProcess
WriteFile
GetStdHandle
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

user32

CharNextW
DefWindowProcW
DestroyWindow

advapi32

RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

ole32

CoTaskMemAlloc
CoUninitialize
CoTaskMemRealloc
CoCreateInstance
CoInitialize
CoTaskMemFree

oleaut32

VarUI4FromStr

shlwapi

PathFileExistsW

comctl32

InitCommonControlsEx

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RakutenToolbarHelper/RakutenToolbarErrorReportTool.exe
.exe windows:5 windows x86 arch:x86

06bb290a25d6f11c12c1299d2e74fadd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:52:a6:72:8e:5a:47:f2:76:22:d6:03:52:e8:5f:7c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/12/2012, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Rakuten\,Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=System Integration Division,O=Rakuten\,Inc.,L=Shinagawa-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a6:c0:44:24:16:98:84:de:af:49:6d:bf:c5:80:1b:60:c5:be:fb:3b
Signer

Actual PE Digest

a6:c0:44:24:16:98:84:de:af:49:6d:bf:c5:80:1b:60:c5:be:fb:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
lstrlenW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
SetLastError
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
DeleteFileW
ResetEvent
Sleep
InterlockedExchange
lstrcatW
lstrcpyW
FindNextFileW
FindClose
GetFullPathNameW
FindFirstFileW
CreateDirectoryW
GetExitCodeProcess
CreateProcessW
SetCurrentDirectoryW
GetCurrentDirectoryW
DeleteFileA
GetVersionExW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FreeEnvironmentStringsW
GetEnvironmentStringsW
lstrlenA
GetVersion
LoadLibraryW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
WriteConsoleW
RaiseException
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsValidCodePage
GetOEMCP
GetACP
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
HeapCreate
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
IsDebuggerPresent
CreateEventW
CreateThread
WaitForSingleObject
SetEvent
WideCharToMultiByte
MultiByteToWideChar
GetFileSize
WriteFile
ReadFile
CloseHandle
GetModuleHandleW
GetProcAddress
LocalFree
CreateFileW
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CompareStringW
GetDateFormatA
GetTimeFormatA
LCMapStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetFileAttributesW
GetCPInfo
VirtualQuery
GetSystemInfo
VirtualProtect
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetLongPathNameW
GetStringTypeW
InitializeCriticalSection
EncodePointer
RtlUnwind
GetLocaleInfoW
DecodePointer
GetTimeZoneInformation

user32

EndDialog
MoveWindow
ScreenToClient
ShowWindow
GetTopWindow
DefWindowProcW
LoadImageW
CreateDialogParamW
GetSystemMetrics
MessageBoxW
InvalidateRect
CopyRect
GetActiveWindow
DialogBoxParamW
DestroyWindow
CharNextW
SetWindowLongW
PostMessageW
SendMessageW
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
IsWindow
GetClientRect
GetWindowLongW
SetWindowTextW
GetParent
GetDlgItem
GetDC
SetWindowPos
MapWindowPoints
UnregisterClassA
EnumDisplayMonitors

advapi32

OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegEnumValueW
GetTokenInformation
IsWellKnownSid
GetUserNameW

ole32

CoUninitialize
CoInitialize
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

shell32

DoEnvironmentSubstW
DoEnvironmentSubstA
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
SHFileOperationW

oleaut32

VariantChangeType
SysAllocString
VariantClear
VariantInit
SysFreeString
VarUI4FromStr

shlwapi

PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathFindExtensionW

comctl32

InitCommonControlsEx

gdi32

SelectObject
CreateCompatibleDC
BitBlt
DeleteObject
CreateDIBSection
GetObjectW
DeleteDC

gdiplus

GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage
GdipAlloc
GdipFree

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestW
HttpQueryInfoA
InternetReadFile
InternetCrackUrlA
InternetCloseHandle

urlmon

ObtainUserAgentString
URLDownloadToFileA

Sections

.text
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RakutenToolbarHelper/RakutenToolbarHelper.exe
.exe windows:5 windows x86 arch:x86

c7ac17c29554c91d2bc9d468b92c1254

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:52:a6:72:8e:5a:47:f2:76:22:d6:03:52:e8:5f:7c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/12/2012, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Rakuten\,Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=System Integration Division,O=Rakuten\,Inc.,L=Shinagawa-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ee:2c:07:c2:0a:53:65:f5:63:21:a1:32:27:fb:a0:44:29:f8:65:c0
Signer

Actual PE Digest

ee:2c:07:c2:0a:53:65:f5:63:21:a1:32:27:fb:a0:44:29:f8:65:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
GetCurrentThreadId
GetSystemTimeAsFileTime
HeapFree
GetProcessHeap
ReleaseSemaphore
HeapAlloc
CreateSemaphoreA
DuplicateHandle
GetTickCount
GetProcAddress
GetModuleHandleW
GetVersionExW
GetSystemInfo
OpenProcess
lstrcatW
GetFullPathNameW
CreateProcessW
GetStringTypeW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
GetExitCodeThread
WaitForMultipleObjects
CreateWaitableTimerA
SetWaitableTimer
SystemTimeToFileTime
OpenEventA
LocalFree
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileA
SetStdHandle
WriteConsoleW
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
EnterCriticalSection
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
HeapCreate
GetLocaleInfoW
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetFileAttributesW
GetDateFormatW
GetTimeFormatW
RtlUnwind
CreateThread
ExitThread
DecodePointer
EncodePointer
InitializeCriticalSection
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
RaiseException
RemoveDirectoryW
Sleep
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
CreateFileW
WriteFile
CreateMutexW
ReleaseMutex
GetCurrentProcess
FlushInstructionCache
lstrlenW
WideCharToMultiByte
lstrlenA
CreateEventA
GetLastError
lstrcpyW
SetFileAttributesW
SetLastError
CreateDirectoryW
CopyFileW
ResetEvent
MultiByteToWideChar
FindResourceExW
lstrcpynW
FindResourceW
LoadResource
SizeofResource
LockResource
FreeResource
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
CreateEventW
ResumeThread
GlobalAlloc
SetEvent
WaitForSingleObject
CloseHandle
GetCurrentProcessId

user32

CreateDialogParamW
PeekMessageW
CopyRect
RegisterClassW
SetWindowPos
FillRect
UnregisterClassA
EndPaint
GetUpdateRect
InvalidateRect
GetSysColor
ReleaseDC
GetDC
DefWindowProcW
SetRect
SetWindowLongW
GetWindowLongW
CallWindowProcW
EndDialog
SetWindowTextW
GetParent
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
GetForegroundWindow
GetWindowThreadProcessId
GetDlgItem
GetWindow
SendMessageW
GetTopWindow
MapWindowPoints
GetClientRect
GetClassInfoW
BeginPaint
AttachThreadInput
SetForegroundWindow
SetActiveWindow
SystemParametersInfoW
FrameRect
SetLayeredWindowAttributes
TrackMouseEvent
SetCursor
SetWindowRgn
RedrawWindow
LoadBitmapW
UnionRect
PtInRect
SetScrollInfo
PostMessageA
IsWindow
ShowScrollBar
SetFocus
DrawFrameControl
DrawTextW
GetSystemMetrics
DialogBoxParamW
CreateWindowExW
RegisterClassExW
GetSysColorBrush
PostQuitMessage
LoadImageW
DestroyWindow
LoadCursorW
GetClassInfoExW
IsDialogMessageW
KillTimer
SetTimer
ShowWindow
ScreenToClient
MoveWindow
PostMessageW
MessageBoxW
FindWindowW
EnableWindow
EnumWindows
EnumChildWindows
GetClassNameW
FindWindowExW
IsWindowVisible
GetWindowTextLengthW
GetWindowTextW
GetWindowRect
MonitorFromWindow
GetMonitorInfoW

gdi32

SetBkMode
CreateFontIndirectW
GetDeviceCaps
BitBlt
SelectObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
SetTextColor
StretchBlt
SetStretchBltMode
GetObjectW
SaveDC
SetBkColor
CreateRectRgn
PatBlt
CreateBitmap
DPtoLP
RestoreDC

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegNotifyChangeKeyValue

shell32

ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetFolderPathW

ole32

CoTaskMemFree
OleRun
CoInitialize
CoInitializeEx
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

OleLoadPicture
VariantTimeToSystemTime
SysAllocString
VariantClear
SysFreeString
VarUI4FromStr
VarUdateFromDate
SystemTimeToVariantTime
VarDateFromStr

shlwapi

PathIsDirectoryW
PathRemoveFileSpecW
PathFileExistsW
PathStripPathW
UrlEscapeW

comctl32

InitCommonControlsEx

msimg32

GradientFill

setupapi

SetupIterateCabinetW

wininet

InternetCrackUrlW
InternetCloseHandle
HttpSendRequestW
InternetOpenW
InternetConnectW
HttpOpenRequestW
InternetQueryOptionW
InternetSetOptionW
HttpAddRequestHeadersW
InternetReadFile
HttpQueryInfoW

urlmon

ObtainUserAgentString

crypt32

CryptMsgClose
CertFreeCertificateContext
CertFindCertificateInStore
CryptQueryObject
CertCloseStore

wintrust

WinVerifyTrust

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 508KB - Virtual size: 507KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RakutenToolbarHelper/Recover.exe
.exe windows:5 windows x86 arch:x86

831ecd709c1a750932343ae83622e225

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:52:a6:72:8e:5a:47:f2:76:22:d6:03:52:e8:5f:7c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/12/2012, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Rakuten\,Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=System Integration Division,O=Rakuten\,Inc.,L=Shinagawa-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

97:92:46:7f:57:f2:2e:86:df:e3:95:cf:9a:34:dc:01:42:8a:51:ca
Signer

Actual PE Digest

97:92:46:7f:57:f2:2e:86:df:e3:95:cf:9a:34:dc:01:42:8a:51:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
lstrcmpiW
SetLastError
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
Sleep
WideCharToMultiByte
LockResource
FindResourceExW
CreateFileW
SetStdHandle
WriteConsoleW
GetModuleHandleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CloseHandle
SetFilePointer
ReadFile
RaiseException
GetProcAddress
lstrlenW
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetCurrentThreadId
LeaveCriticalSection
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
TlsSetValue
TlsGetValue
TlsAlloc
ExitProcess
EnterCriticalSection
LoadLibraryW
InterlockedCompareExchange
InterlockedPushEntrySList
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
HeapDestroy
HeapReAlloc
HeapSize
InterlockedExchange
InitializeCriticalSection
EncodePointer
DecodePointer
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
GetStartupInfoW
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
WriteFile
GetStdHandle
GetLocaleInfoW
HeapCreate
TlsFree

user32

DestroyWindow
SendMessageW
GetWindowLongW
MoveWindow
GetWindowRect
ScreenToClient
ShowWindow
DefWindowProcW
CreateDialogParamW
CharNextW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SetWindowLongW
GetSystemMetrics
PostQuitMessage
LoadImageW
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
IsWindow
IsDialogMessageW
GetDlgItem
UnregisterClassA

advapi32

RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

UrlEscapeW

comctl32

InitCommonControlsEx

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RakutenToolbarHelper/conf/RakutenToolbarHelper.xml
.xml
$PROGRAMFILES/RakutenToolbarHelper/conf/appearance.xml
.xml
$PROGRAMFILES/RakutenToolbarHelper/conf/setting.xml
.xml
$PROGRAMFILES/RakutenToolbarHelper/images/homeset.bmp
$PROGRAMFILES/RakutenToolbarHelper/images/scopeset.bmp
Uninst.exe.nsis
Uninst.exe.nsis
tb_static_files.cab
.cab
RTBHelper_32.dll
.dll regsvr32 windows:5 windows x86 arch:x86

870645e315a37e5d39c940c2b10fe691

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:52:a6:72:8e:5a:47:f2:76:22:d6:03:52:e8:5f:7c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/12/2012, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Rakuten\,Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=System Integration Division,O=Rakuten\,Inc.,L=Shinagawa-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

af:07:99:98:23:10:f0:31:c4:09:9c:5c:76:57:bf:eb:7a:07:d7:b7
Signer

Actual PE Digest

af:07:99:98:23:10:f0:31:c4:09:9c:5c:76:57:bf:eb:7a:07:d7:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
FreeLibrary
LoadLibraryW
LocalFree
GetCurrentProcess
SetLastError
GetModuleFileNameW
CreateFileW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
lstrcmpiW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
SetThreadLocale
GetThreadLocale
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleHandleW
GetProcAddress
lstrlenW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetLastError
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
RaiseException
SizeofResource
GetStringTypeW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetStdHandle
WriteFile
HeapCreate
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
IsDebuggerPresent
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
Sleep
InitializeCriticalSection
EncodePointer
DecodePointer
LCMapStringW
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

CharNextW

advapi32

RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW

shell32

DoEnvironmentSubstW

ole32

StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

oleaut32

SysAllocString
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
VariantClear
SysFreeString

shlwapi

PathStripPathW
PathAppendW

Exports

Exports

AttachInstance
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RTBHelper_64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

cf65d8766fa8199b2cba097fa396a276

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:52:a6:72:8e:5a:47:f2:76:22:d6:03:52:e8:5f:7c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/12/2012, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Rakuten\,Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=System Integration Division,O=Rakuten\,Inc.,L=Shinagawa-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e8:07:48:58:82:b2:d6:55:95:9c:9a:b8:a6:c4:ad:01:c4:45:9b:a1
Signer

Actual PE Digest

e8:07:48:58:82:b2:d6:55:95:9c:9a:b8:a6:c4:ad:01:c4:45:9b:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
FreeLibrary
LoadLibraryW
LocalFree
GetCurrentProcess
SetLastError
GetModuleFileNameW
CreateFileW
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
DisableThreadLibraryCalls
lstrcmpiW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
SetThreadLocale
GetThreadLocale
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleHandleW
GetProcAddress
lstrlenW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetLastError
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetStringTypeW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetStdHandle
WriteFile
HeapCreate
HeapSetInformation
ExitProcess
FlsAlloc
FlsFree
FlsGetValue
TerminateProcess
RtlCaptureContext
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
Sleep
InitializeCriticalSection
EncodePointer
DecodePointer
LCMapStringW
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemTimeAsFileTime
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind

user32

CharNextW

advapi32

RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW

shell32

DoEnvironmentSubstW

ole32

StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantClear
SysAllocString
SysFreeString

shlwapi

PathStripPathW
PathAppendW

Exports

Exports

AttachInstance
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RakutenToolbar_32.dll
.dll regsvr32 windows:5 windows x86 arch:x86

262197143b4e3b339a27ec592ba485a1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:52:a6:72:8e:5a:47:f2:76:22:d6:03:52:e8:5f:7c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/12/2012, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Rakuten\,Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=System Integration Division,O=Rakuten\,Inc.,L=Shinagawa-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b3:ba:fb:d2:b5:98:b2:c5:35:6b:e5:4e:5a:71:16:20:b4:af:96:92
Signer

Actual PE Digest

b3:ba:fb:d2:b5:98:b2:c5:35:6b:e5:4e:5a:71:16:20:b4:af:96:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidToStringW
UuidCreate

kernel32

Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetShortPathNameW
SetFileAttributesW
RemoveDirectoryW
ReadFile
GetFileSize
GetFileTime
InterlockedExchange
CreateProcessW
CreateDirectoryW
GetVersionExW
GetLongPathNameW
GlobalMemoryStatusEx
FlushFileBuffers
WriteConsoleW
SetEndOfFile
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
SetHandleCount
GetTimeZoneInformation
GetCurrentDirectoryW
GetFileType
PeekNamedPipe
GetFileInformationByHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
IsValidCodePage
LoadLibraryW
GetACP
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
MoveFileExW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
GetCPInfo
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
GetDateFormatW
GetTimeFormatW
FindFirstFileExW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
RtlUnwind
LCMapStringW
LCMapStringA
GetStringTypeExW
GetStringTypeExA
GetUserDefaultLCID
DecodePointer
EncodePointer
InitializeCriticalSection
GetStringTypeW
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
lstrcpyW
FindFirstFileW
GetFullPathNameW
FindClose
FindNextFileW
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
lstrcpynW
MulDiv
WaitForSingleObject
GetLastError
DeleteFileW
CreateFileW
WriteFile
CloseHandle
GetCurrentProcessId
CopyFileW
MultiByteToWideChar
CreateMutexW
ReleaseMutex
ResetEvent
SetEvent
CreateEventW
GlobalHandle
GlobalFree
WideCharToMultiByte
LocalAlloc
LocalFree
CompareFileTime
GetThreadLocale
SetThreadLocale
Sleep
FreeLibrary
LoadLibraryExW
lstrcmpiW
DisableThreadLibraryCalls
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetCurrentThreadId
RaiseException
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcmpW
GetCurrentProcess
FlushInstructionCache
lstrlenW
lstrlenA
OutputDebugStringA
GetModuleFileNameW
TerminateProcess
SetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CompareStringW
SetEnvironmentVariableA
GetOEMCP

user32

GetMessageW
OffsetRect
GetSystemMetrics
GetUpdateRect
SetWindowRgn
PtInRect
DrawEdge
GetSysColorBrush
EnumChildWindows
DrawTextW
LoadStringW
LoadStringA
GetDlgItem
GetWindowLongW
EndDialog
UpdateWindow
IsWindow
IsWindowVisible
SendMessageW
KillTimer
SetTimer
EnumDisplayMonitors
SetWindowPos
MapWindowPoints
CreateCaret
ShowCaret
GetScrollInfo
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
GetWindow
GetParent
ReleaseDC
GetDC
MapDialogRect
SetWindowLongW
SetWindowContextHelpId
RegisterClassExW
GetClassInfoExW
CreateWindowExW
DefWindowProcW
GetSysColor
CharNextW
MoveWindow
ClientToScreen
ScreenToClient
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetClassNameW
ReleaseCapture
FillRect
DestroyWindow
CallWindowProcW
EndPaint
BeginPaint
GetDesktopWindow
DestroyAcceleratorTable
GetFocus
SetFocus
LoadCursorW
CreateAcceleratorTableW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
CreatePopupMenu
DestroyMenu
SetForegroundWindow
SendInput
UnhookWindowsHookEx
SetWindowsHookExW
GetCapture
GetAsyncKeyState
MonitorFromPoint
TrackPopupMenu
GetKeyState
UnregisterClassA
MessageBoxW
GetCursorPos
DialogBoxIndirectParamW
IsRectEmpty
CopyRect
CallNextHookEx
SystemParametersInfoW
GetAncestor
GetWindowThreadProcessId
AnimateWindow
EqualRect
SetRect
PeekMessageW
TranslateMessage
DispatchMessageW
PostMessageW
SetCursor
InsertMenuItemW
ShowWindow

gdi32

SaveDC
SetBkMode
TextOutW
SetTextColor
SetBkColor
ExtTextOutW
CreateRectRgn
CombineRgn
GetDIBits
CreateDIBSection
StretchBlt
RestoreDC
SetDIBColorTable
GetDIBColorTable
GetTextExtentPoint32W
GetStockObject
GetObjectW
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
GetDeviceCaps
DPtoLP
CreateFontIndirectW
DeleteObject
MoveToEx
LineTo
CreatePen
GetTextExtentPointW
CreateRectRgnIndirect

advapi32

RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
GetUserNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
RegEnumValueW
FreeSid
EqualSid
AllocateAndInitializeSid
RegQueryValueExW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
DoEnvironmentSubstW
SHFileOperationW

ole32

StringFromGUID2
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning

oleaut32

VarUI4FromStr
SysFreeString
OleLoadPicture
VariantCopy
VarBstrCmp
RegisterTypeLi
UnRegisterTypeLi
VariantChangeType
DispCallFunc
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
SysAllocStringLen
SysAllocString
VariantClear
VariantInit

shlwapi

PathIsNetworkPathW
PathCreateFromUrlW
PathAppendW
PathFileExistsW
PathFindFileNameW
PathIsDirectoryW
PathRemoveFileSpecW
PathAddBackslashW
PathStripPathW
UrlIsW

urlmon

IsValidURL

msimg32

AlphaBlend
TransparentBlt

gdiplus

GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusShutdown

wininet

HttpAddRequestHeadersW
InternetQueryOptionW
InternetGetCookieW
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
InternetSetOptionW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetErrorDlg

crypt32

CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CryptMsgClose
CryptQueryObject

wintrust

WinVerifyTrust

setupapi

SetupIterateCabinetW

Exports

Exports

AttachInstance
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 913KB - Virtual size: 912KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RakutenToolbar_64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

e1c8d0528fac9716b952ff5bbc8d3cff

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:52:a6:72:8e:5a:47:f2:76:22:d6:03:52:e8:5f:7c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/12/2012, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Rakuten\,Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=System Integration Division,O=Rakuten\,Inc.,L=Shinagawa-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b0:b0:f4:b9:74:fa:d7:56:45:ef:b2:34:b9:84:83:5f:00:10:6e:10
Signer

Actual PE Digest

b0:b0:f4:b9:74:fa:d7:56:45:ef:b2:34:b9:84:83:5f:00:10:6e:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidToStringW
UuidCreate

kernel32

Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetShortPathNameW
SetFileAttributesW
RemoveDirectoryW
ReadFile
GetFileSize
GetFileTime
GetVersion
CreateProcessW
CreateDirectoryW
GetVersionExW
GetLongPathNameW
GlobalMemoryStatusEx
FlushFileBuffers
WriteConsoleW
SetEndOfFile
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
SetHandleCount
GetTimeZoneInformation
GetCurrentDirectoryW
GetFileType
PeekNamedPipe
GetFileInformationByHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
IsValidCodePage
GetOEMCP
GetACP
GetStdHandle
GetModuleFileNameW
FlsAlloc
FlsFree
FlsGetValue
TerminateProcess
RtlCaptureContext
MoveFileExW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
HeapSetInformation
GetCPInfo
GetCommandLineA
FlsSetValue
GetFileAttributesW
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualProtect
GetTimeFormatW
GetDateFormatW
FindFirstFileExW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
LoadLibraryA
LCMapStringW
LCMapStringA
GetStringTypeExW
GetStringTypeExA
GetUserDefaultLCID
DecodePointer
EncodePointer
InitializeCriticalSection
GetStringTypeW
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
lstrcpyW
FindFirstFileW
GetFullPathNameW
FindClose
FindNextFileW
CreateThread
SetLastError
LoadLibraryW
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
lstrcpynW
MulDiv
WaitForSingleObject
GetLastError
DeleteFileW
CreateFileW
WriteFile
CreateMutexW
ReleaseMutex
ResetEvent
SetEvent
CreateEventW
GlobalHandle
GlobalFree
WideCharToMultiByte
LocalAlloc
LocalFree
CompareFileTime
GetThreadLocale
SetThreadLocale
Sleep
FreeLibrary
LoadLibraryExW
lstrcmpiW
GetModuleHandleW
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetCurrentThreadId
RaiseException
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcmpW
GetCurrentProcess
FlushInstructionCache
lstrlenW
lstrlenA
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
RtlVirtualUnwind
GetModuleHandleExW
CloseHandle
GetCurrentProcessId
CopyFileW
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CompareStringW
SetEnvironmentVariableA
ExitProcess

user32

GetSystemMetrics
SetWindowRgn
PtInRect
DrawEdge
GetSysColorBrush
EnumChildWindows
DrawTextW
LoadStringW
LoadStringA
UnregisterClassA
SetTimer
KillTimer
SendMessageW
GetDlgItem
UpdateWindow
GetWindowLongW
EndDialog
IsWindow
GetUpdateRect
SetWindowPos
MapWindowPoints
CreateCaret
ShowCaret
GetScrollInfo
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
GetWindow
GetParent
ReleaseDC
GetDC
RegisterClassExW
GetClassInfoExW
CreateWindowExW
MapDialogRect
SetWindowContextHelpId
SetWindowLongPtrW
DefWindowProcW
GetSysColor
CharNextW
SetWindowLongW
MoveWindow
ClientToScreen
ScreenToClient
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetClassNameW
ReleaseCapture
FillRect
DestroyWindow
CallWindowProcW
GetWindowLongPtrW
EndPaint
BeginPaint
GetDesktopWindow
DestroyAcceleratorTable
GetFocus
SetFocus
LoadCursorW
CreateAcceleratorTableW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
EnumDisplayMonitors
OffsetRect
GetMessageW
SetForegroundWindow
SendInput
CreatePopupMenu
DestroyMenu
GetKeyState
IsWindowVisible
UnhookWindowsHookEx
SetWindowsHookExW
GetCapture
GetAsyncKeyState
MessageBoxW
GetCursorPos
IsRectEmpty
CopyRect
CallNextHookEx
DialogBoxIndirectParamW
SystemParametersInfoW
GetAncestor
GetWindowThreadProcessId
AnimateWindow
EqualRect
SetRect
PeekMessageW
TranslateMessage
DispatchMessageW
PostMessageW
SetCursor
InsertMenuItemW
ShowWindow
TrackPopupMenu
MonitorFromPoint

gdi32

SaveDC
SetBkMode
TextOutW
SetTextColor
SetBkColor
ExtTextOutW
CreateRectRgn
CombineRgn
GetDIBits
CreateDIBSection
GetDIBColorTable
RestoreDC
SetDIBColorTable
GetTextExtentPoint32W
GetStockObject
GetObjectW
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
GetDeviceCaps
DPtoLP
CreateFontIndirectW
DeleteObject
MoveToEx
LineTo
CreatePen
GetTextExtentPointW
StretchBlt
CreateRectRgnIndirect

advapi32

RegDeleteValueW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
GetUserNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptGetHashParam
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegEnumValueW
FreeSid
EqualSid
AllocateAndInitializeSid
OpenProcessToken

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
DoEnvironmentSubstW
SHFileOperationW

ole32

StringFromGUID2
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning

oleaut32

VariantInit
VarUI4FromStr
VariantClear
OleLoadPicture
VariantCopy
VarBstrCmp
RegisterTypeLi
UnRegisterTypeLi
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
SysFreeString
DispCallFunc
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
SysAllocStringLen
SysAllocString

shlwapi

PathIsNetworkPathW
PathCreateFromUrlW
PathAppendW
PathFileExistsW
UrlIsW
PathFindFileNameW
PathRemoveFileSpecW
PathAddBackslashW
PathStripPathW
PathIsDirectoryW

urlmon

IsValidURL

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusShutdown

wininet

InternetReadFile
InternetQueryOptionW
InternetGetCookieW
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetCloseHandle
InternetErrorDlg
InternetSetOptionW

crypt32

CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CryptMsgClose
CryptQueryObject

wintrust

WinVerifyTrust

setupapi

SetupIterateCabinetW

Exports

Exports

AttachInstance
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1021KB - Virtual size: 1021KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SHARED
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
build
default.xml
default_3.1R.xml
preinstall/LatestMsg
.html
preinstall/bubble_error.html
.html
preinstall/bubble_loading.html
.html
preinstall/button_01_ichiba.png
.png
preinstall/button_01_movie.png
.png
preinstall/button_01_photo.png
.png
preinstall/button_01_search.png
.png
preinstall/button_01_stock.png
.png
preinstall/button_01_travel.png
.png
preinstall/button_back.png
.png
preinstall/button_login.png
.png
preinstall/chevron.png
.png
preinstall/handle.png
.png
preinstall/highlight_text.dat
.js
preinstall/icon_config.png
.png
preinstall/icon_highlight_off.png
.png
preinstall/icon_highlight_on.png
.png
preinstall/icon_ichiba.png
.png
preinstall/icon_movie.png
.png
preinstall/icon_photo.png
.png
preinstall/icon_stock.png
.png
preinstall/icon_travel.png
.png
preinstall/input_word_search.dat
.js
preinstall/kuchisu_bubble.html
.html
preinstall/logo.png
.png
preinstall/rtbclose.png
.png
preinstall/select_word_search.dat
.js
rtb_3.1R.xsl
settings
version.xml
version.xsl

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1d:52:a6:72:8e:5a:47:f2:76:22:d6:03:52:e8:5f:7cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

26:ee:40:f5:94:16:69:a7:23:01:ed:83:89:ef:ff:42:5b:22:43:83Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 48KB

.rsrc Size: 12KB - Virtual size: 11KB

5070fa13a62547a5beae58004a204cbb

Headers

File Characteristics

Imports

kernel32

user32

setupapi

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 212B

.reloc Size: 1KB - Virtual size: 1KB

03484a6bc016d64c2911bbb00d3e5527

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 2KB

24a4a671f5cc294ce3543d18a1e873cd

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

wininet

comctl32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1d:52:a6:72:8e:5a:47:f2:76:22:d6:03:52:e8:5f:7c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

26:ee:40:f5:94:16:69:a7:23:01:ed:83:89:ef:ff:42:5b:22:43:83
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 48KB

.rsrc
Size: 12KB - Virtual size: 11KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 212B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 410B