OpenFirefox
OpenInternetExplorer
SendHttpRequest
Overview
overview
7Static
static
3395feb0db0...18.exe
windows7-x64
3395feb0db0...18.exe
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3ShopAtHome...st.exe
windows7-x64
3ShopAtHome...st.exe
windows10-2004-x64
7ShopAtHome...nd.exe
windows7-x64
3ShopAtHome...nd.exe
windows10-2004-x64
3ShopAtHome...in.dll
windows7-x64
3ShopAtHome...in.dll
windows10-2004-x64
3ShopAtHome...lA.exe
windows7-x64
7ShopAtHome...lA.exe
windows10-2004-x64
7ShopAtHome...ls.dll
windows7-x64
3ShopAtHome...ls.dll
windows10-2004-x64
3ShopAtHome...r2.exe
windows7-x64
3ShopAtHome...r2.exe
windows10-2004-x64
3ShopAtHome...3U.dll
windows7-x64
6ShopAtHome...3U.dll
windows10-2004-x64
6ShopAtHome...er.dll
windows7-x64
3ShopAtHome...er.dll
windows10-2004-x64
3ShopAtHome...rch.js
windows7-x64
3ShopAtHome...rch.js
windows10-2004-x64
3ShopAtHome...bar.js
windows7-x64
3ShopAtHome...bar.js
windows10-2004-x64
3ShopAtHome...ll.exe
windows7-x64
3ShopAtHome...ll.exe
windows10-2004-x64
7Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
395feb0db0a8204d4eb9206873b7f9b0_JaffaCakes118.exe
Resource
win7-20241010-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
395feb0db0a8204d4eb9206873b7f9b0_JaffaCakes118.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/HTTPHelper.dll
Resource
win7-20241010-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/HTTPHelper.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20241010-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral9
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral10
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral11
Sample
ShopAtHomeToolbar/ClearHist.exe
Resource
win7-20240708-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral12
Sample
ShopAtHomeToolbar/ClearHist.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
8 signatures
150 seconds
Behavioral task
behavioral13
Sample
ShopAtHomeToolbar/IE8GuardWorkaround.exe
Resource
win7-20240903-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral14
Sample
ShopAtHomeToolbar/IE8GuardWorkaround.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral15
Sample
ShopAtHomeToolbar/SAHPlugin.dll
Resource
win7-20241010-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral16
Sample
ShopAtHomeToolbar/SAHPlugin.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral17
Sample
ShopAtHomeToolbar/ShopAtHomeUninstallA.exe
Resource
win7-20240903-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral18
Sample
ShopAtHomeToolbar/ShopAtHomeUninstallA.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
6 signatures
150 seconds
Behavioral task
behavioral19
Sample
ShopAtHomeToolbar/TbCommonUtils.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral20
Sample
ShopAtHomeToolbar/TbCommonUtils.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral21
Sample
ShopAtHomeToolbar/TbHelper2.exe
Resource
win7-20240903-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral22
Sample
ShopAtHomeToolbar/TbHelper2.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral23
Sample
ShopAtHomeToolbar/tbcore3U.dll
Resource
win7-20240903-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral24
Sample
ShopAtHomeToolbar/tbcore3U.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
5 signatures
150 seconds
Behavioral task
behavioral25
Sample
ShopAtHomeToolbar/tbhelper.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral26
Sample
ShopAtHomeToolbar/tbhelper.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral27
Sample
ShopAtHomeToolbar/tbs_include_script_externalsearch.js
Resource
win7-20240729-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral28
Sample
ShopAtHomeToolbar/tbs_include_script_externalsearch.js
Resource
win10v2004-20241007-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral29
Sample
ShopAtHomeToolbar/tbs_include_script_showhidetoolbar.js
Resource
win7-20241010-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral30
Sample
ShopAtHomeToolbar/tbs_include_script_showhidetoolbar.js
Resource
win10v2004-20241007-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral31
Sample
ShopAtHomeToolbar/uninstall.exe
Resource
win7-20240708-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral32
Sample
ShopAtHomeToolbar/uninstall.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
395feb0db0a8204d4eb9206873b7f9b0_JaffaCakes118
-
Size
1.1MB
-
MD5
395feb0db0a8204d4eb9206873b7f9b0
-
SHA1
0474219d57e3410906ca5cf27f363eff8db1e3c5
-
SHA256
a124647617b598e1bf34fe07770d0d6b1a9aab8aa5167949b9693d16046bc291
-
SHA512
56eb5b7a440215675a338c9e24422d17642a339410662ffb538f16b3406eb55376009115164f7e842166aa98ab9e3f9af9917268a705e74d542c65116f2e204c
-
SSDEEP
24576:qVOYQIRPK/Z1DFc/nGKDzyZZ2eYvgNgS1GoElig44vIPybuioo:sUD0Gmy/2eelS1pvY7iioo
Score
3/10
Malware Config
Signatures
-
Unsigned PE 5 IoCs
Checks for missing Authenticode signature.
resource 395feb0db0a8204d4eb9206873b7f9b0_JaffaCakes118 unpack001/$PLUGINSDIR/HTTPHelper.dll unpack001/$PLUGINSDIR/KillProcDLL.dll unpack001/$PLUGINSDIR/System.dll unpack001/$PLUGINSDIR/UAC.dll -
NSIS installer 2 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2
Files
-
395feb0db0a8204d4eb9206873b7f9b0_JaffaCakes118.exe windows:5 windows x86 arch:x86
f14aba31075188e8a83ea826ace3eca3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
CompareFileTime
lstrlenA
lstrcpynA
lstrlenW
lstrcpynW
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryA
CreateProcessA
GetTempFileNameA
lstrcatA
GetProcAddress
OpenProcess
lstrcpyA
GetVersionExA
GetSystemDirectoryA
GetVersion
RemoveDirectoryA
SetFileTime
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleA
LoadLibraryExA
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
WideCharToMultiByte
user32
GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcA
IsWindowVisible
LoadBitmapA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
CheckDlgButton
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharUpperA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
SendMessageTimeoutA
FindWindowExA
LoadCursorA
SetCursor
GetWindowLongA
GetSysColor
CharNextA
DialogBoxParamA
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
wsprintfA
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegEnumKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumValueA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 250KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 540KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 90KB - Virtual size: 89KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/HTTPHelper.dll.dll windows:4 windows x86 arch:x86
0e72c770c257ac8e3bf41f9ae25782bd
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetEnvironmentVariableA
GetVersion
GlobalFree
OpenProcess
GetModuleHandleA
GetProcAddress
MultiByteToWideChar
lstrcpyA
CloseHandle
FlushFileBuffers
HeapFree
HeapAlloc
GetCommandLineA
GetModuleFileNameA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
user32
GetDesktopWindow
GetWindowThreadProcessId
advapi32
DuplicateTokenEx
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
shell32
ShellExecuteA
wininet
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile
Exports
Exports
Sections
.text Size: 28KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/KillProcDLL.dll.dll windows:5 windows x86 arch:x86
1f8074a193b10b2b403ed3682d545693
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
GetCurrentThreadId
GetCommandLineA
GetLastError
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapAlloc
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteFile
InitializeCriticalSectionAndSpinCount
RtlUnwind
HeapSize
Exports
Exports
KillProc
Sections
.text Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:5 windows x86 arch:x86
aaa34d9251e34ceebd6bf5066471d799
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
GetProcAddress
lstrcatA
lstrlenA
lstrcmpiA
LoadLibraryA
GetModuleHandleA
WideCharToMultiByte
VirtualAlloc
VirtualProtect
MultiByteToWideChar
FreeLibrary
user32
wsprintfA
ole32
CLSIDFromString
StringFromGUID2
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 915B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 64B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 582B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/UAC.dll.dll windows:4 windows x86 arch:x86
40ffeaaff4dd6648ff7802eda4676ee6
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
SetLastError
GetVersionExA
lstrcmpiA
GetCurrentThreadId
GetProcAddress
GetCommandLineA
UnmapViewOfFile
WaitForSingleObject
GetCurrentProcessId
SetEvent
lstrlenA
SetCurrentDirectoryA
MapViewOfFile
Sleep
OpenProcess
GetExitCodeProcess
GetModuleHandleA
GetExitCodeThread
CreateThread
CreateFileMappingA
CreateEventA
GlobalAlloc
CreateProcessA
GetLastError
MultiByteToWideChar
FormatMessageA
LocalFree
GlobalFree
CloseHandle
GetModuleFileNameA
lstrcatA
GetPrivateProfileIntA
GetPrivateProfileStringA
DuplicateHandle
LoadLibraryA
user32
GetClassNameA
SetWindowsHookExA
DispatchMessageA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
DefWindowProcA
SetForegroundWindow
PostMessageA
CreateWindowExA
GetWindowThreadProcessId
CallWindowProcA
SetWindowPos
GetWindowRect
UnhookWindowsHookEx
GetClientRect
LoadIconA
CreateDialogParamA
IsWindowVisible
CallNextHookEx
CharNextA
DialogBoxParamA
SendMessageW
MessageBoxA
EndDialog
SetWindowLongA
DestroyWindow
GetWindowLongA
EnableWindow
ShowWindow
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
LoadImageA
advapi32
GetUserNameA
OpenSCManagerA
GetTokenInformation
OpenProcessToken
CloseServiceHandle
FreeSid
EqualSid
AllocateAndInitializeSid
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueA
QueryServiceStatus
OpenServiceA
shell32
ShellExecuteExA
ole32
CoInitialize
Exports
Exports
_
Sections
.text Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 816B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 946B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/modern-header.bmp
-
ShopAtHomeToolbar/ClearHist.exe.exe windows:5 windows x86 arch:x86
6e618e5cbaee5b1f71fb9098ed8fd9a1
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before07/06/2012, 00:00Not After06/06/2022, 23:59SubjectCN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
05:aa:cc:1d:ba:f9:89:dd:69:97:92:6c:96:49:ba:efCertificate
IssuerCN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before22/05/2013, 00:00Not After06/06/2014, 23:59SubjectSERIALNUMBER=19871692567,CN=ShopAtHome.com (Belcaro Group\, Inc),O=ShopAtHome.com (Belcaro Group\, Inc),L=Greenwood Village,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1308436f6c6f7261646f,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
77:5f:ad:de:47:44:0f:eb:d1:ea:4b:47:2f:34:b6:48:ca:f1:3a:20Signer
Actual PE Digest77:5f:ad:de:47:44:0f:eb:d1:ea:4b:47:2f:34:b6:48:ca:f1:3a:20Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Projects\Toolbar\IE\main\IEToolbar\release_bin\ClearHist.pdb
Imports
kernel32
FormatMessageA
GetLastError
TerminateProcess
OpenProcess
Process32Next
OutputDebugStringA
CreateToolhelp32Snapshot
HeapReAlloc
DebugBreak
lstrlenA
InterlockedDecrement
GetModuleHandleA
Process32First
GetProcAddress
HeapSize
LoadLibraryW
RtlUnwind
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapFree
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
IsProcessorFeaturePresent
GetStringTypeW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
RaiseException
LeaveCriticalSection
EnterCriticalSection
Sleep
user32
CharNextA
wvsprintfA
MessageBoxA
advapi32
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
shell32
ShellExecuteA
Sections
.text Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
ShopAtHomeToolbar/IE8GuardWorkaround.exe.exe windows:5 windows x86 arch:x86
ec70ce5450a6824ada5ecf87d1dbb937
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before07/06/2012, 00:00Not After06/06/2022, 23:59SubjectCN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
05:aa:cc:1d:ba:f9:89:dd:69:97:92:6c:96:49:ba:efCertificate
IssuerCN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before22/05/2013, 00:00Not After06/06/2014, 23:59SubjectSERIALNUMBER=19871692567,CN=ShopAtHome.com (Belcaro Group\, Inc),O=ShopAtHome.com (Belcaro Group\, Inc),L=Greenwood Village,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1308436f6c6f7261646f,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
16:d1:7d:c4:c2:9e:46:c1:21:ff:4d:a1:b3:6f:26:a0:0b:ef:81:27Signer
Actual PE Digest16:d1:7d:c4:c2:9e:46:c1:21:ff:4d:a1:b3:6f:26:a0:0b:ef:81:27Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Projects\Toolbar\IE\main\IEToolbar\Release_bin\IE8GuardWorkaround.pdb
Imports
kernel32
FindResourceW
FindResourceExW
GetModuleFileNameW
GetCommandLineW
CreateMutexW
SizeofResource
LockResource
LoadResource
Sleep
GetLastError
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetProcAddress
LCMapStringW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
LoadLibraryW
user32
GetDlgItem
GetWindowTextW
FindWindowExW
SendMessageW
advapi32
RegCloseKey
RegCreateKeyExW
RegSetValueExW
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 49KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ShopAtHomeToolbar/SAHPlugin.dll.dll windows:5 windows x86 arch:x86
cd3aa0eb0ec2616efaa9f8fbe1065c95
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before07/06/2012, 00:00Not After06/06/2022, 23:59SubjectCN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
05:aa:cc:1d:ba:f9:89:dd:69:97:92:6c:96:49:ba:efCertificate
IssuerCN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before22/05/2013, 00:00Not After06/06/2014, 23:59SubjectSERIALNUMBER=19871692567,CN=ShopAtHome.com (Belcaro Group\, Inc),O=ShopAtHome.com (Belcaro Group\, Inc),L=Greenwood Village,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1308436f6c6f7261646f,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
a3:ea:62:a0:6b:49:77:2d:72:34:43:c0:82:11:9f:1b:45:7c:55:c9Signer
Actual PE Digesta3:ea:62:a0:6b:49:77:2d:72:34:43:c0:82:11:9f:1b:45:7c:55:c9Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
C:\Projects\Toolbar\IE\main\IEToolbar\release_bin\SAHPlugin.pdb
Imports
kernel32
lstrcmpiW
RaiseException
GetLastError
MultiByteToWideChar
SizeofResource
LoadResource
GetModuleHandleW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CloseHandle
CreateFileW
GetProcAddress
FreeLibrary
InterlockedIncrement
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
FindResourceW
InterlockedDecrement
LCMapStringW
WriteConsoleW
SetStdHandle
LoadLibraryW
GetStringTypeW
RtlUnwind
IsValidCodePage
GetOEMCP
HeapFree
DecodePointer
EncodePointer
HeapAlloc
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
ExitProcess
HeapReAlloc
HeapSize
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
FlushFileBuffers
user32
CharNextW
LoadStringW
advapi32
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
ole32
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
oleaut32
VarUI4FromStr
DispCallFunc
VariantClear
VariantInit
LoadTypeLi
LoadRegTypeLi
SysFreeString
SysStringLen
Exports
Exports
IsUnicode
PlugCreate
PlugInit
PlugInvoke
PlugTerm
Sections
.text Size: 60KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ShopAtHomeToolbar/ShopAtHomeUninstallA.exe.exe windows:4 windows x86 arch:x86
e7d4c33538f236789b7d3d577b7b4505
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before07/06/2012, 00:00Not After06/06/2022, 23:59SubjectCN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
05:aa:cc:1d:ba:f9:89:dd:69:97:92:6c:96:49:ba:efCertificate
IssuerCN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before22/05/2013, 00:00Not After06/06/2014, 23:59SubjectSERIALNUMBER=19871692567,CN=ShopAtHome.com (Belcaro Group\, Inc),O=ShopAtHome.com (Belcaro Group\, Inc),L=Greenwood Village,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1308436f6c6f7261646f,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3f:4b:83:ec:c6:69:83:19:67:ef:68:18:06:b8:5a:50:8c:48:d6:8bSigner
Actual PE Digest3f:4b:83:ec:c6:69:83:19:67:ef:68:18:06:b8:5a:50:8c:48:d6:8bDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
wininet
InternetSetCookieA
mfc42
ord2446
ord2124
ord5277
ord3402
ord4627
ord641
ord567
ord324
ord2302
ord4234
ord4376
ord4853
ord2379
ord5261
ord3874
ord4710
ord5875
ord3089
ord4476
ord755
ord470
ord3698
ord765
ord2370
ord6197
ord6379
ord5953
ord1948
ord5303
ord5715
ord565
ord817
ord2726
ord4226
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord1168
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4998
ord5265
ord926
ord2818
ord2256
ord924
ord2725
ord2621
ord4204
ord6662
ord561
ord815
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord6663
ord4278
ord2764
ord538
ord4277
ord5683
ord859
ord939
ord941
ord535
ord4129
ord858
ord537
ord860
ord540
ord800
ord823
ord825
ord1576
msvcrt
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
toupper
tolower
localtime
strftime
_mbsnbicmp
__p___argc
_mbsrchr
_mbsstr
sprintf
time
_strdate
_strtime
fopen
_iob
fprintf
fflush
fclose
vfprintf
_splitpath
memcpy
_itoa
_mbschr
_mbsnbcpy
atoi
_mbscmp
strcmp
strrchr
malloc
free
_mbsupr
_mbsicmp
memmove
strncpy
_mbsnbcmp
strlen
strcpy
strcat
towupper
strstr
strchr
__CxxFrameHandler
_stricmp
_CxxThrowException
_setmbcp
??1type_info@@UAE@XZ
memset
kernel32
CloseHandle
HeapFree
GetProcAddress
LoadLibraryA
FreeLibrary
SetFilePointer
MultiByteToWideChar
InterlockedDecrement
WideCharToMultiByte
lstrcatA
RemoveDirectoryA
GetFileAttributesA
GetEnvironmentVariableA
WritePrivateProfileStringA
Sleep
CreateEventA
ReadFile
SetEvent
WinExec
GetVersionExA
DeleteFileA
GetShortPathNameA
MoveFileExA
lstrcmpA
CopyFileA
GetLongPathNameA
GetCurrentProcess
TerminateProcess
CreateProcessA
GetModuleHandleA
ReleaseMutex
OpenProcess
CreateMutexA
GetStartupInfoA
GetFileSize
CreateFileA
GetWindowsDirectoryA
WriteFile
GetLastError
GetPrivateProfileStringA
CreateDirectoryA
lstrcpyA
GetSystemDirectoryA
lstrlenA
GetModuleFileNameA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
SetLastError
FindClose
FindNextFileA
FindFirstFileA
LocalFree
HeapAlloc
WaitForSingleObject
GetProcessHeap
user32
GetWindowThreadProcessId
CharLowerA
PeekMessageA
IsWindow
SendMessageA
GetWindowRect
PtInRect
FillRect
wsprintfA
MessageBoxA
EnableWindow
FindWindowA
SetCursor
LoadCursorA
ScreenToClient
GetCursorPos
SetWindowTextA
GetWindowTextA
PostMessageA
gdi32
GetTextExtentPoint32A
advapi32
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA
CreateProcessAsUserA
GetSecurityDescriptorSacl
RegEnumValueA
RegDeleteKeyA
RegEnumKeyA
RegFlushKey
RegCreateKeyExA
RegEnumKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
FreeSid
AllocateAndInitializeSid
AddAccessAllowedAce
SetSecurityDescriptorSacl
OpenProcessToken
shell32
ShellExecuteA
oleaut32
SysStringLen
SysAllocStringLen
SysFreeString
Sections
.text Size: 53KB - Virtual size: 52KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 188KB - Virtual size: 188KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
ShopAtHomeToolbar/TbCommonUtils.dll.dll regsvr32 windows:5 windows x86 arch:x86
e557a8b0ea8064d8f3723c6f5ab20c71
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before07/06/2012, 00:00Not After06/06/2022, 23:59SubjectCN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
05:aa:cc:1d:ba:f9:89:dd:69:97:92:6c:96:49:ba:efCertificate
IssuerCN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before22/05/2013, 00:00Not After06/06/2014, 23:59SubjectSERIALNUMBER=19871692567,CN=ShopAtHome.com (Belcaro Group\, Inc),O=ShopAtHome.com (Belcaro Group\, Inc),L=Greenwood Village,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1308436f6c6f7261646f,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
e0:1c:df:10:00:3c:dd:4a:23:94:82:a0:b4:19:a2:63:e6:c4:df:f9Signer
Actual PE Digeste0:1c:df:10:00:3c:dd:4a:23:94:82:a0:b4:19:a2:63:e6:c4:df:f9Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
C:\Projects\Toolbar\IE\main\IEToolbar\Release_bin\TbCommonUtils.pdb
Imports
kernel32
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
SetThreadLocale
GetThreadLocale
CloseHandle
GetModuleFileNameW
GetProcessHeap
GetCurrentProcess
HeapFree
WriteConsoleW
CreateFileW
LeaveCriticalSection
EnterCriticalSection
lstrcmpiW
GetModuleHandleW
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
HeapAlloc
lstrlenW
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
LCMapStringW
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
SetFilePointer
GetStartupInfoW
GetFileType
SetHandleCount
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
DecodePointer
EncodePointer
GetCurrentThreadId
GetCommandLineA
ExitProcess
WriteFile
GetStdHandle
HeapCreate
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
Sleep
GetStringTypeW
user32
CharNextW
advapi32
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
shell32
ShellExecuteW
ole32
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
oleaut32
VariantInit
SysFreeString
LoadTypeLi
VariantClear
RegisterTypeLi
UnRegisterTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
VariantCopy
shlwapi
PathRemoveFileSpecW
UrlEscapeW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 68KB - Virtual size: 68KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ShopAtHomeToolbar/TbHelper2.exe.exe windows:5 windows x86 arch:x86
0909f3c20ec8912cd0e0431e47db74b5
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before07/06/2012, 00:00Not After06/06/2022, 23:59SubjectCN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
05:aa:cc:1d:ba:f9:89:dd:69:97:92:6c:96:49:ba:efCertificate
IssuerCN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before22/05/2013, 00:00Not After06/06/2014, 23:59SubjectSERIALNUMBER=19871692567,CN=ShopAtHome.com (Belcaro Group\, Inc),O=ShopAtHome.com (Belcaro Group\, Inc),L=Greenwood Village,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1308436f6c6f7261646f,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
bb:1b:93:47:4a:a4:07:8b:e3:62:a4:24:cc:2b:fd:52:9b:20:eb:dfSigner
Actual PE Digestbb:1b:93:47:4a:a4:07:8b:e3:62:a4:24:cc:2b:fd:52:9b:20:eb:dfDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Projects\Toolbar\IE\main\IEToolbar\Release_bin\TbHelper2.pdb
Imports
wininet
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetSetOptionW
InternetReadFile
InternetCloseHandle
InternetOpenW
HttpQueryInfoW
kernel32
GetTickCount
CloseHandle
WaitForSingleObject
lstrlenW
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetProcAddress
GetModuleHandleW
lstrcmpiW
GetModuleFileNameW
Sleep
CreateThread
CreateEventW
SetEvent
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
GetCommandLineW
GetCurrentThreadId
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
PostQueuedCompletionStatus
WideCharToMultiByte
CreateIoCompletionPort
lstrlenA
InterlockedExchange
GetQueuedCompletionStatus
ResetEvent
GetSystemInfo
TerminateThread
GetExitCodeThread
GetPrivateProfileSectionNamesW
LCMapStringW
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
EnterCriticalSection
ReadFile
SetEndOfFile
CreateFileW
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetACP
GetStringTypeW
LoadLibraryW
GetCPInfo
HeapCreate
GetStdHandle
WriteFile
ExitProcess
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
VirtualQuery
VirtualAlloc
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
EncodePointer
DecodePointer
ExitThread
VirtualProtect
SetFilePointer
user32
CharUpperW
CharNextW
PostThreadMessageW
GetMessageW
DispatchMessageW
TranslateMessage
LoadStringW
advapi32
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegEnumValueW
ole32
CoUnmarshalInterface
CoMarshalInterThreadInterfaceInStream
CoReleaseServerProcess
CoAddRefServerProcess
StringFromGUID2
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
VariantCopy
VariantClear
VariantInit
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString
Sections
.text Size: 124KB - Virtual size: 123KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ShopAtHomeToolbar/basis.xml.xml
-
ShopAtHomeToolbar/merchants.xml.xml
-
ShopAtHomeToolbar/prefs.xml.vbs .xml
-
ShopAtHomeToolbar/tbcore3U.dll.dll regsvr32 windows:5 windows x86 arch:x86
420384bd60a9b05b21cfc29945420a3f
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before07/06/2012, 00:00Not After06/06/2022, 23:59SubjectCN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
05:aa:cc:1d:ba:f9:89:dd:69:97:92:6c:96:49:ba:efCertificate
IssuerCN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before22/05/2013, 00:00Not After06/06/2014, 23:59SubjectSERIALNUMBER=19871692567,CN=ShopAtHome.com (Belcaro Group\, Inc),O=ShopAtHome.com (Belcaro Group\, Inc),L=Greenwood Village,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1308436f6c6f7261646f,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
51:2e:ec:5e:e5:76:11:85:43:6f:9e:df:a2:72:f3:8b:1d:85:23:a6Signer
Actual PE Digest51:2e:ec:5e:e5:76:11:85:43:6f:9e:df:a2:72:f3:8b:1d:85:23:a6Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
C:\Projects\Toolbar\IE\main\IEToolbar\Release_bin\tbcore3U.pdb
Imports
wininet
InternetCloseHandle
InternetWriteFile
FtpOpenFileW
InternetSetCookieExW
InternetOpenW
FindCloseUrlCache
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetConnectW
FtpCreateDirectoryW
InternetGetCookieExW
FtpSetCurrentDirectoryW
shlwapi
UrlEscapeW
PathRemoveFileSpecW
PathFileExistsW
PathStripPathW
dbghelp
SymGetOptions
SymCleanup
SymLoadModule
SymInitialize
SymSetOptions
SymGetLineFromAddr
SymFunctionTableAccess
StackWalk
SymGetModuleBase
SymGetSymFromAddr
MiniDumpWriteDump
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
iphlpapi
GetAdaptersInfo
rpcrt4
UuidCreate
UuidToStringW
RpcStringFreeW
winmm
PlaySoundW
gdiplus
GdipSetSmoothingMode
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdipDrawPath
GdipCreatePen1
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipSetImagePalette
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromScan0
GdipDrawImageRectRect
GdipGetImageGraphicsContext
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateHBITMAPFromBitmap
GdipBitmapGetPixel
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromResource
GdipGetImageThumbnail
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipAlloc
GdipFree
GdipGraphicsClear
GdipFillPath
GdiplusStartup
GdiplusShutdown
GdipGetImagePixelFormat
GdipCreateBitmapFromHBITMAP
GdipDeletePen
urlmon
URLDownloadToFileW
kernel32
InterlockedCompareExchange
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
HeapDestroy
HeapReAlloc
HeapSize
InterlockedExchange
RtlUnwind
DecodePointer
EncodePointer
ExitThread
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
GetCommandLineA
UnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
lstrlenW
SetLastError
GetLastError
OutputDebugStringA
LoadLibraryW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
GetCurrentThreadId
RaiseException
FlushInstructionCache
GetCurrentProcess
LoadLibraryA
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetLocaleInfoW
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
lstrcmpiW
IsBadCodePtr
HeapFree
GetProcessHeap
SetUnhandledExceptionFilter
HeapAlloc
IsBadWritePtr
GetCurrentProcessId
lstrcpynW
lstrlenA
FormatMessageW
IsBadReadPtr
ReadProcessMemory
InterlockedPushEntrySList
GetVersionExW
CreateFileW
CloseHandle
OpenProcess
WideCharToMultiByte
OpenMutexW
GlobalUnlock
GlobalLock
TerminateThread
WaitForSingleObject
CreateThread
CopyFileW
VerLanguageNameW
ReadFile
GetFileSize
RemoveDirectoryW
DeleteFileW
MoveFileExW
WriteFile
GetTempPathW
GetLongPathNameW
MoveFileW
CreateDirectoryW
TerminateProcess
Process32NextW
Module32NextW
Module32FirstW
Process32FirstW
CreateToolhelp32Snapshot
GetStringTypeExW
GetFullPathNameW
FindFirstFileW
FindNextFileW
FindClose
GlobalFree
GlobalReAlloc
GlobalAlloc
lstrcmpW
MulDiv
InitializeCriticalSection
CreateEventW
SetEvent
GetTempFileNameW
WriteProcessMemory
DisableThreadLibraryCalls
CreateMutexW
GetShortPathNameW
CreateProcessW
GetTickCount
QueueUserAPC
SleepEx
Sleep
ResumeThread
LocalFree
LocalAlloc
FileTimeToSystemTime
SetFilePointer
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
SystemTimeToFileTime
GetLocalTime
SetCurrentDirectoryW
ExpandEnvironmentStringsW
HeapCreate
GetCurrentThread
IsProcessorFeaturePresent
ExitProcess
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FatalAppExitA
SetConsoleCtrlHandler
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
FlushFileBuffers
WriteConsoleW
SetEndOfFile
CompareStringW
SetEnvironmentVariableA
InitializeCriticalSectionAndSpinCount
user32
SetCursor
CallNextHookEx
IsWindowVisible
SetWindowsHookExW
GetWindowThreadProcessId
UnhookWindowsHookEx
GetDC
DialogBoxParamW
OffsetRect
GetSysColorBrush
GetKeyState
GetWindowTextLengthW
GetUpdateRect
DrawTextW
EndMenu
GetNextDlgTabItem
SetWindowRgn
LoadImageW
RegisterWindowMessageW
DestroyAcceleratorTable
GetDesktopWindow
CreateAcceleratorTableW
InvalidateRgn
LoadCursorFromFileW
MessageBeep
GetDlgItemInt
SetDlgItemTextW
GetMessageW
FindWindowExW
GetMenuItemRect
WindowFromDC
GetAsyncKeyState
PeekMessageW
TrackPopupMenu
CreateDialogParamW
MonitorFromPoint
CheckMenuItem
InsertMenuItemW
CloseClipboard
EmptyClipboard
OpenClipboard
CharLowerBuffW
DialogBoxIndirectParamW
UpdateWindow
PtInRect
ReleaseCapture
GetCapture
SystemParametersInfoW
GetSystemMetrics
InflateRect
EndPaint
DestroyCursor
SetFocus
SetActiveWindow
InvalidateRect
GetWindowTextW
TranslateMessage
DispatchMessageW
CharUpperBuffW
MessageBoxW
SetLastErrorEx
wsprintfW
CharNextW
IsChild
GetDlgItem
MapWindowPoints
MoveWindow
UpdateLayeredWindow
GetSysColor
PostMessageW
GetMessagePos
GetCursorPos
ScreenToClient
GetWindowLongW
DefWindowProcW
CallWindowProcW
RedrawWindow
GetClientRect
GetWindowRect
GetClassNameW
CopyRect
SetWindowLongW
RegisterClassExW
LoadCursorW
GetClassInfoExW
GetParent
ReleaseDC
GetWindowDC
ShowWindow
SetWindowPos
SetWindowTextW
CreateWindowExW
GetFocus
IsWindow
DestroyWindow
DestroyMenu
CreatePopupMenu
AppendMenuW
GetMenuInfo
SetMenuInfo
GetMenuItemInfoW
SetMenuItemInfoW
ClientToScreen
SendMessageW
EnumChildWindows
GetWindow
MonitorFromWindow
GetMonitorInfoW
EndDialog
GetActiveWindow
EnableWindow
DrawEdge
DrawFocusRect
FillRect
GetMenu
AdjustWindowRectEx
GetDlgCtrlID
SetCapture
IsWindowEnabled
KillTimer
UnregisterClassA
SetTimer
WindowFromPoint
BeginPaint
gdi32
ExtTextOutW
GetTextMetricsW
SelectObject
DeleteDC
GetTextExtentPoint32W
DeleteObject
CreateRectRgn
EnumFontsW
GetDeviceCaps
CreateCompatibleBitmap
BitBlt
GetObjectW
CombineRgn
SelectClipRgn
GetClipBox
RestoreDC
SaveDC
SetBkColor
SetBkMode
GetTextExtentPointW
CreateBrushIndirect
CreateDIBSection
GetStockObject
CreateCompatibleDC
CreateRectRgnIndirect
CreateSolidBrush
FrameRgn
CreateFontW
SetTextColor
advapi32
CopySid
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
GetUserNameW
RegQueryValueExW
RegEnumValueW
SetNamedSecurityInfoW
GetSidSubAuthority
InitializeSecurityDescriptor
RegGetKeySecurity
RegEnumKeyW
RegSetKeySecurity
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorDacl
GetLengthSid
IsValidSid
AddAce
InitializeAcl
GetTokenInformation
OpenProcessToken
GetSidSubAuthorityCount
GetSidIdentifierAuthority
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
EqualSid
OpenThreadToken
shell32
SHEmptyRecycleBinW
SHAddToRecentDocs
DragQueryFileW
SHLoadInProc
DoEnvironmentSubstW
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteW
ole32
CoGetInterfaceAndReleaseStream
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
RegisterDragDrop
ReleaseStgMedium
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoCreateGuid
CoInitialize
StringFromCLSID
OleLockRunning
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleInitialize
CreateStreamOnHGlobal
OleUninitialize
oleaut32
SysFreeString
VariantClear
SysAllocStringByteLen
SysStringByteLen
VariantCopy
VarUI4FromStr
VarBstrCmp
SysAllocStringLen
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
OleCreateFontIndirect
RegisterTypeLi
UnRegisterTypeLi
SafeArrayPutElement
SafeArrayCreate
VariantChangeType
VarBstrCat
GetErrorInfo
SetErrorInfo
CreateErrorInfo
VariantInit
DispCallFunc
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysAllocString
Exports
Exports
CanReload
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetUpdaterAPI
GetUrlData
MyUnregisterServer
TBStudioReg
Sections
.text Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 435KB - Virtual size: 434KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 39KB - Virtual size: 54KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.SHARED Size: 254KB - Virtual size: 253KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 77KB - Virtual size: 77KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ShopAtHomeToolbar/tbhelper.dll.dll regsvr32 windows:5 windows x86 arch:x86
d520ad1b73d0db540ace0c2c37782c58
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before07/06/2012, 00:00Not After06/06/2022, 23:59SubjectCN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
05:aa:cc:1d:ba:f9:89:dd:69:97:92:6c:96:49:ba:efCertificate
IssuerCN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before22/05/2013, 00:00Not After06/06/2014, 23:59SubjectSERIALNUMBER=19871692567,CN=ShopAtHome.com (Belcaro Group\, Inc),O=ShopAtHome.com (Belcaro Group\, Inc),L=Greenwood Village,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1308436f6c6f7261646f,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
78:8c:1b:33:f0:ed:d5:2f:62:bf:6d:2f:4a:46:4f:8a:fb:04:93:acSigner
Actual PE Digest78:8c:1b:33:f0:ed:d5:2f:62:bf:6d:2f:4a:46:4f:8a:fb:04:93:acDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
C:\Projects\Toolbar\IE\main\IEToolbar\Release_bin\tbhelperU.pdb
Imports
wininet
InternetReadFile
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
InternetSetOptionW
InternetQueryOptionW
InternetCloseHandle
HttpSendRequestW
HttpQueryInfoW
FtpOpenFileW
FtpGetFileSize
InternetQueryDataAvailable
InternetOpenW
rpcrt4
UuidFromStringA
kernel32
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameW
lstrlenW
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
lstrcmpiW
GetProcAddress
FreeEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
TerminateThread
CloseHandle
WaitForSingleObject
OpenThread
GlobalUnlock
GlobalLock
WideCharToMultiByte
WriteFile
CreateFileW
GetCurrentThreadId
lstrlenA
GetACP
GetCPInfo
ExitProcess
HeapCreate
IsProcessorFeaturePresent
GetLocaleInfoW
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
FatalAppExitA
SetFilePointer
GetConsoleCP
GetConsoleMode
RaiseException
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetCurrentProcess
GetUserDefaultLCID
LCMapStringW
GetStringTypeW
LoadLibraryW
TerminateProcess
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCommandLineA
GetSystemTimeAsFileTime
CreateThread
ExitThread
EncodePointer
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
Sleep
InterlockedExchange
RtlUnwind
DecodePointer
SetConsoleCtrlHandler
user32
PostMessageW
OpenClipboard
GetClipboardData
PeekMessageW
CharLowerBuffW
SendMessageW
PostThreadMessageW
CharNextW
CloseClipboard
advapi32
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
ole32
CoInitialize
CoUninitialize
CoGetInterfaceAndReleaseStream
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CoCreateInstance
oleaut32
VariantClear
VariantInit
VarBstrCmp
UnRegisterTypeLi
SysAllocString
RegisterTypeLi
SysStringLen
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysFreeString
Exports
Exports
CreateHelperObject
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IsUnicode
Sections
.text Size: 201KB - Virtual size: 200KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 63KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.SHARED Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ShopAtHomeToolbar/tbs_include_script_externalsearch.js.js
-
ShopAtHomeToolbar/tbs_include_script_showhidetoolbar.js.js
-
ShopAtHomeToolbar/uninstall.exe.exe windows:5 windows x86 arch:x86
91d4c4cb5a2fee19d37d0d10a1f9e2ed
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before07/06/2012, 00:00Not After06/06/2022, 23:59SubjectCN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
05:aa:cc:1d:ba:f9:89:dd:69:97:92:6c:96:49:ba:efCertificate
IssuerCN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before22/05/2013, 00:00Not After06/06/2014, 23:59SubjectSERIALNUMBER=19871692567,CN=ShopAtHome.com (Belcaro Group\, Inc),O=ShopAtHome.com (Belcaro Group\, Inc),L=Greenwood Village,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1308436f6c6f7261646f,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
8c:38:99:07:e4:b5:63:9a:09:07:0b:8f:d2:b6:39:40:ae:09:fa:98Signer
Actual PE Digest8c:38:99:07:e4:b5:63:9a:09:07:0b:8f:d2:b6:39:40:ae:09:fa:98Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Projects\Toolbar\IE\main\IEToolbar\Release_bin\uninstall.pdb
Imports
shlwapi
PathFileExistsW
kernel32
TlsAlloc
MultiByteToWideChar
CreateMutexW
GetLastError
GetCommandLineW
LoadLibraryW
GetProcAddress
FreeLibrary
CloseHandle
LocalFree
LCMapStringW
IsProcessorFeaturePresent
HeapReAlloc
HeapAlloc
HeapSize
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
GetStringTypeW
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapFree
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
WideCharToMultiByte
shell32
CommandLineToArgvW
ole32
CoInitialize
CoUninitialize
Sections
.text Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ShopAtHomeToolbar/update.exe.exe windows:5 windows x86 arch:x86
07e21fd5a97bb733b3a019966e68c77e
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before07/06/2012, 00:00Not After06/06/2022, 23:59SubjectCN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
05:aa:cc:1d:ba:f9:89:dd:69:97:92:6c:96:49:ba:efCertificate
IssuerCN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before22/05/2013, 00:00Not After06/06/2014, 23:59SubjectSERIALNUMBER=19871692567,CN=ShopAtHome.com (Belcaro Group\, Inc),O=ShopAtHome.com (Belcaro Group\, Inc),L=Greenwood Village,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1308436f6c6f7261646f,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
11:74:bc:98:ba:86:cb:0e:0c:44:14:9d:56:35:ed:db:cc:cd:4b:44Signer
Actual PE Digest11:74:bc:98:ba:86:cb:0e:0c:44:14:9d:56:35:ed:db:cc:cd:4b:44Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Projects\Toolbar\IE\main\IEToolbar\release_bin\update.pdb
Imports
setupapi
SetupIterateCabinetW
shell32
CommandLineToArgvW
ShellExecuteW
kernel32
lstrlenW
GetLastError
LoadLibraryW
GetProcAddress
GetModuleHandleW
DeleteFileW
MoveFileW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
lstrcpyW
GetFileAttributesW
LocalFree
Process32FirstW
Process32NextW
Sleep
CreateMutexW
GetCommandLineW
CreateDirectoryW
CopyFileW
SetCurrentDirectoryW
HeapReAlloc
HeapSize
SetStdHandle
WriteConsoleW
CreateFileW
CloseHandle
CreateToolhelp32Snapshot
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapSetInformation
GetStartupInfoW
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DecodePointer
EncodePointer
IsProcessorFeaturePresent
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
RtlUnwind
RaiseException
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW
user32
MessageBoxW
LoadStringW
advapi32
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
ole32
CoInitialize
shlwapi
PathStripPathW
Sections
.text Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ