3cbb25f5426880ae6db8af8f7582408f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3cbb25f5426880ae6db8af8f7582408f_JaffaCakes118
Size

2.0MB
MD5

3cbb25f5426880ae6db8af8f7582408f
SHA1

f9a8e0ce5453e4d182bdf4c69da2b31f0020bee9
SHA256

b87dc9a0ce9064927bc30b356c7d650de45654c8e54bdc403c3e17bc6f9ef41d
SHA512

1f2e6d63ee087bba13d21b20570939f741b0597bbf83739bc895202fc64321eaf32392db26b9a44d47653f1b1430178c8ea3dce5349321f7610b49985732522c
SSDEEP

49152:XHcqvrDoMJ1l6q8+W2OAQyuTmZkAQzSyguNE401eoNVoUrgoqU:XHcmrDpJWqBLY54uHInVd

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll

Files

3cbb25f5426880ae6db8af8f7582408f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/PublisherLogoDefault.bmp
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/alerts_icon.bmp
$PLUGINSDIR/home_icon.bmp
$PLUGINSDIR/license.txt
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/search_icon.bmp
$PLUGINSDIR/setup_top.bmp
$PLUGINSDIR/truste_setup.bmp
$PROGRAMFILES/$_34_/$_44_
.dll regsvr32 windows:5 windows x86 arch:x86

c965218dce0f32b85d45b6615a5a5cb1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Conduit\RnD\Client\IE\Dev\6.4 (Kill Engine)\ConduitToolbar\Release\tbedrs.pdb

Imports

comctl32

CreateToolbarEx
ImageList_Create
InitCommonControlsEx
CreatePropertySheetPageW
PropertySheetW
_TrackMouseEvent
ImageList_ReplaceIcon
ord17

wininet

InternetOpenW
InternetSetOptionW
InternetOpenUrlW
InternetGetConnectedState
InternetCrackUrlA
InternetOpenA
HttpOpenRequestA
InternetSetOptionExA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetReadFile
InternetGetLastResponseInfoA
GetUrlCacheEntryInfoW
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetGetCookieW
InternetSetOptionA
InternetCloseHandle
InternetGetCookieA
HttpSendRequestA
HttpQueryInfoA
InternetSetCookieW
InternetConnectA

shlwapi

PathFindFileNameW
SHDeleteKeyA
PathFileExistsW

wsock32

closesocket
socket
gethostbyname
WSAGetLastError
WSACleanup
WSAStartup
setsockopt
WSASetLastError
ioctlsocket
htons
connect
send
recv
select

msimg32

GradientFill

urlmon

ObtainUserAgentString
URLDownloadToFileW

crypt32

CryptMsgGetParam
CryptUnprotectData
CryptProtectData
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertGetNameStringW
CertGetNameStringA
CertFindCertificateInStore
CryptQueryObject

winmm

sndPlaySoundW
PlaySoundW
timeGetTime
PlaySoundA

kernel32

VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
InitializeCriticalSection
GetModuleHandleW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
InterlockedExchange
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
LCMapStringA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetModuleFileNameA
GetStdHandle
ExitProcess
VirtualAlloc
VirtualFree
CopyFileW
HeapCreate
TlsFree
RtlUnwind
RaiseException
GetFileType
GetProcAddress
GetConsoleCP
MoveFileW
GetCommandLineA
ExitThread
HeapReAlloc
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
TlsGetValue
TlsSetValue
TlsAlloc
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
GetOverlappedResult
WriteFile
SetNamedPipeHandleState
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetThreadPriority
GetCurrentThread
GetComputerNameW
MoveFileExW
FindClose
FindNextFileW
RemoveDirectoryW
FindFirstFileW
GetFileTime
GetSystemTimeAsFileTime
GetProcessHeap
HeapFree
OutputDebugStringW
SetFileAttributesW
Process32Next
Process32First
DeleteFileW
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GetExitCodeProcess
LocalAlloc
ReadFile
GlobalLock
GlobalAlloc
GetFileSize
CreateFileW
LoadLibraryA
GlobalFree
GlobalUnlock
SizeofResource
MulDiv
CreateRemoteThread
WideCharToMultiByte
SetLastError
MultiByteToWideChar
CreateMutexW
TerminateProcess
LoadLibraryW
GetVersionExA
GetShortPathNameW
GetUserDefaultLCID
GetLongPathNameW
CreateDirectoryW
WaitForMultipleObjects
CreateEventA
SetEvent
CreateThread
VirtualProtect
FlushInstructionCache
GetCurrentProcess
CreateProcessW
ExpandEnvironmentStringsW
GetLocaleInfoW
GetTempPathW
Beep
GetTimeFormatW
GetDateFormatW
GetLocalTime
SystemTimeToFileTime
FreeResource
LockResource
LoadResource
FindResourceW
GetFileAttributesW
GetModuleHandleA
lstrlenW
TerminateThread
GetConsoleMode
FreeLibrary
WaitForSingleObject
HeapDestroy
LocalFree
lstrcpyA
lstrcpyW
InterlockedIncrement
OpenProcess
GetModuleFileNameW
GetTickCount
GetLastError
GetCurrentThreadId
Sleep
InterlockedDecrement
CloseHandle
ReleaseMutex
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateEventW

user32

SendMessageA
SetWindowTextA
SetWindowTextW
MoveWindow
SetDlgItemTextW
GetClientRect
SetWindowLongW
wsprintfW
ShowWindow
GetWindowRect
GetDlgCtrlID
GetWindowLongW
GetParent
ClientToScreen
IsWindow
CallWindowProcA
PostMessageA
GetDC
DrawTextW
ReleaseDC
SetCursor
LoadCursorA
SetRectEmpty
LoadCursorW
GetMessageW
PeekMessageW
IsRectEmpty
RegisterClassExW
GetClassInfoExW
SetClassLongA
CopyRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CharUpperW
GetDlgItem
InvalidateRect
GetForegroundWindow
InflateRect
SetLayeredWindowAttributes
LoadImageW
GetWindowRgn
MessageBeep
GetActiveWindow
IsDialogMessageW
IsDialogMessageA
MessageBoxW
MessageBoxA
DialogBoxParamW
DialogBoxParamA
CreateDialogParamA
CreateDialogParamW
TrackPopupMenuEx
SetDlgItemInt
GetKeyState
SetForegroundWindow
GetDlgItemTextA
SetClassLongW
FrameRect
DrawFrameControl
AllowSetForegroundWindow
DeferWindowPos
DrawEdge
MsgWaitForMultipleObjects
PeekMessageA
PostThreadMessageA
SetParent
GetDlgItemTextW
GetScrollInfo
GetMenuItemRect
GetMenuState
GetMenuItemInfoW
SetMenuItemInfoW
CheckMenuItem
EnableMenuItem
DeleteMenu
TrackPopupMenu
InsertMenuItemA
GetMenuItemCount
CreatePopupMenu
DestroyMenu
GetMenuItemID
SetMenuInfo
GetMenuInfo
IsMenu
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
CharLowerBuffA
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetUpdateRect
DefWindowProcA
GetCapture
DispatchMessageA
ReleaseCapture
SetCapture
SetActiveWindow
EndPaint
BeginPaint
SetRect
OffsetRect
DrawIconEx
GetIconInfo
EnumChildWindows
GetSystemMetrics
FillRect
UnregisterClassA
DestroyIcon
GetWindowTextLengthW
SendMessageW
EndDialog
FindWindowW
GetWindowTextW
GetAsyncKeyState
GetMenuItemInfoA
SetWindowRgn
RegisterWindowMessageA
GetClassNameW
DestroyWindow
SetWindowLongA
GetWindowLongA
GetDesktopWindow
IsChild
GetFocus
KillTimer
GetSysColor
CallWindowProcW
IsWindowUnicode
DispatchMessageW
TranslateMessage
GetMessageA
CreateWindowExW
DefWindowProcW
GetWindowThreadProcessId
FindWindowExW
PostMessageW
SetWindowPos
RegisterClassW
GetClassInfoW
SetTimer
SetFocus
PtInRect
ScreenToClient
GetCursorPos
IsWindowVisible
SystemParametersInfoW
DrawFocusRect
SendInput
IsIconic
GetLastInputInfo
RegisterWindowMessageW
MonitorFromRect
GetMonitorInfoA

gdi32

StretchBlt
SetStretchBltMode
GetStretchBltMode
GetObjectW
FrameRgn
OffsetRgn
SetRectRgn
ExcludeClipRect
TextOutW
SetTextAlign
GetPixel
CombineRgn
BitBlt
CreateCompatibleBitmap
Polygon
GdiFlush
SetPixel
GetObjectA
GetTextAlign
GetLayout
GetTextExtentPoint32W
Rectangle
DeleteDC
CreateCompatibleDC
SetBkColor
CreateSolidBrush
CreateFontIndirectW
CreateRectRgn
DeleteObject
LineTo
MoveToEx
SelectObject
CreatePen
SetWindowOrgEx
GetWindowOrgEx
SetTextColor
SetBkMode
GetStockObject
RoundRect
GetDeviceCaps
PtInRegion
GetTextColor
SetLayout
SelectPalette
RealizePalette
GetDIBits
CreateDCW
GetBkColor
GetBkMode
PlgBlt

comdlg32

GetOpenFileNameW

advapi32

RegSetValueA
RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExA
RegDeleteKeyA
RegSetValueW
RegSetValueExA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
DuplicateTokenEx
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
OpenProcessToken
RegCreateKeyExW

shell32

ShellExecuteW
ShellExecuteExW
SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoGetMalloc
IIDFromString
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateGuid
CoUninitialize
CLSIDFromString
StringFromIID
CoInitialize
StringFromGUID2
CoCreateInstance

oleaut32

SafeArrayCreateVector
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocString
SysFreeString
CreateDispTypeInfo
OleLoadPicture
VariantInit
VariantClear
VariantChangeType
SysAllocStringByteLen
SysStringLen
VarBstrCmp
SysAllocStringLen
SysStringByteLen
VariantCopy

psapi

GetProcessImageFileNameW
EnumProcessModules
GetModuleBaseNameW
GetProcessMemoryInfo
GetModuleFileNameExW
EnumProcesses

dnsapi

DnsQuery_A

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Exports

Exports

DLLOnUninstallEraseAll
DllBrowserSearchProtectorRevert
DllCanUnloadNow
DllConnectToIE
DllDeleteOldName
DllExpireSocialCookies
DllGetClassObject
DllGetInstallFileNameExt
DllGetInstallFileNameExtW
DllHomePageProtectorRevert
DllOnUninstall
DllOnUpdateFinish
DllProxyRegisterEngineEmbeddedUpdate
DllProxyRegisterServer
DllProxyUnregisterServer
DllRegisterEngineEmbeddedUpdate
DllRegisterServer
DllRunNonSilentInstall
DllShowUninstallDialog
DllSingleComponentInstall
DllUpdate
DllWriteSocialCookies

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 687KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 475KB - Virtual size: 475KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_100_/$_100_/$_105_
.dll regsvr32 windows:5 windows x86 arch:x86

3c61799cd9cd96c12ec0a4430a66248b

Code Sign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Conduit\RnD\Client\IE\Dev\5.4\SingleComponent\Alert\Release\Alert.pdb

Imports

winmm

timeGetTime

user32

GetCapture
ReleaseCapture
GetIconInfo
CopyRect
CharLowerBuffA
SetWindowTextW
SetWindowRgn
CreateDialogParamW
DialogBoxParamW
EnableWindow
EndDialog
SetLayeredWindowAttributes
GetSysColor
SystemParametersInfoW
EnumChildWindows
GetClassNameW
SetCapture
GetMonitorInfoA
RegisterWindowMessageW
DrawFocusRect
GetDC
ReleaseDC
SetDlgItemTextW
IsWindow
GetDlgItem
PostMessageA
SetTimer
KillTimer
PostThreadMessageA
DestroyWindow
DefWindowProcA
GetWindowLongA
SendMessageA
FindWindowW
MonitorFromRect
GetWindowTextW
InflateRect
GetAsyncKeyState
IsWindowUnicode
GetSystemMetrics
IsChild
SetWindowLongW
CreateWindowExA
DrawIconEx
DispatchMessageW
GetMessageA
MsgWaitForMultipleObjects
DispatchMessageA
TranslateMessage
GetLastInputInfo
SendMessageW
PeekMessageA
GetDesktopWindow
ShowWindow
FindWindowExW
PostMessageW
GetWindowRect
GetClientRect
SetForegroundWindow
SetFocus
TrackPopupMenu
GetMenuItemCount
InsertMenuItemW
CreatePopupMenu
DestroyMenu
FindWindowExA
LoadImageW
DestroyIcon
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
GetClassInfoW
RegisterClassW
GetWindowRgn
SetWindowLongA
CallWindowProcA
GetParent
BeginPaint
EndPaint
SetParent
MoveWindow
IsWindowVisible
CreateWindowExW
GetWindowLongW
DefWindowProcW
CallWindowProcW
FillRect
LoadCursorA
SetCursor
GetCursorPos
ClientToScreen
ScreenToClient
OffsetRect
PtInRect
DrawTextW
InvalidateRect
SetWindowPos
wsprintfW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

urlmon

URLDownloadToFileW
ObtainUserAgentString

kernel32

GetExitCodeThread
CreateThread
GetModuleFileNameW
GetModuleHandleW
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentThreadId
TerminateThread
CreateMutexW
GetLastError
ReleaseMutex
CloseHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
CreateFileA
ReadFile
FindClose
InterlockedExchange
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringA
CreateFileW
GetFileSize
VirtualAlloc
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FindFirstFileW
CopyFileW
RemoveDirectoryW
MoveFileExW
FindNextFileW
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
SetLastError
InterlockedIncrement
TlsFree
GetFileType
GetConsoleMode
GetConsoleCP
MoveFileW
HeapReAlloc
HeapAlloc
GetCommandLineA
ResumeThread
ExitThread
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetLocalTime
WriteFile
CreateDirectoryW
SystemTimeToFileTime
SetFilePointer
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
GlobalAlloc
GlobalLock
LoadLibraryA
GlobalUnlock
GlobalFree
GetLongPathNameW
GetSystemTimeAsFileTime
HeapFree
GetProcessHeap
SizeofResource
SetThreadPriority
GetCurrentThread
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringW
LockResource
LoadResource
FindResourceW
LocalFree
LocalAlloc
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetVersionExA
DeleteFileW
SetFileAttributesW
GetFileAttributesW
TerminateProcess
MulDiv
lstrcpyW
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetComputerNameW

gdi32

CreateRectRgn
GetBkMode
GetBkColor
GetPixel
SetPixel
PlgBlt
SelectPalette
RealizePalette
GdiFlush
OffsetRgn
GetObjectA
CombineRgn
SetLayout
GetDeviceCaps
CreateFontIndirectW
GetWindowOrgEx
SetWindowOrgEx
MoveToEx
LineTo
FrameRgn
GetTextColor
GetLayout
SetTextColor
SetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
ExcludeClipRect
Rectangle
BitBlt
DeleteDC
CreateSolidBrush
CreatePen
SelectObject
RoundRect
DeleteObject
SetBkMode
GetStockObject

shell32

SHGetFolderPathW
ShellExecuteW
SHCreateDirectoryExW
Shell_NotifyIconW

ole32

IIDFromString
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoCreateGuid
StringFromGUID2
CoInitialize
CoUninitialize
CLSIDFromString

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString
SysStringLen
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
OleLoadPicture

psapi

GetProcessMemoryInfo

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent
ord17

wininet

InternetCrackUrlW
InternetOpenW
InternetSetOptionW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetCanonicalizeUrlA

crypt32

CryptQueryObject
CertCloseStore
CryptMsgClose
CertFreeCertificateContext
CertGetNameStringW
CertGetNameStringA
CertFindCertificateInStore
CryptMsgGetParam

advapi32

RegDeleteValueW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyW
RegEnumValueW
RegEnumKeyExW
SetSecurityDescriptorSacl
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllOnUpdateFinish
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_60_/$_63_
.exe windows:5 windows x86 arch:x86

99e6114cbd01a2f3bb7611da1b2ecb2a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\RnD\Client\IE\Dev\6.0.3\ToolbarHelper2003\Release\ToolbarHelper.pdb

Imports

kernel32

Sleep
FreeLibrary
GetProcAddress
LoadLibraryA
RtlUnwind
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RaiseException
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
HeapSize
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_61_
.dll regsvr32 windows:5 windows x86 arch:x86

5f83a11830f9697bf47fa51dd15b8062

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Conduit\RnD\Client\IE\Dev\6.4KillEngine\ConduitProxy\Release\prxtbedrs.pdb

Imports

kernel32

GetVersionExA
DeleteFileW
GetModuleHandleW
GetLongPathNameW
GetSystemTimeAsFileTime
GetFileSize
CreateFileW
ReadFile
CopyFileW
GetCurrentThreadId
OutputDebugStringW
GetComputerNameW
InterlockedDecrement
TlsAlloc
TlsSetValue
TlsGetValue
SetFilePointer
WriteFile
GetTickCount
GetLocalTime
InterlockedIncrement
HeapFree
GetProcessHeap
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
GetFileType
RaiseException
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsFree
SetLastError
LCMapStringW
Sleep
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
LCMapStringA
GetStringTypeA
GetStringTypeW
VirtualAlloc
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
CreateFileA
GetCurrentProcess
FreeLibrary
LoadLibraryW
TerminateProcess
GetLastError
OpenProcess
GetCurrentProcessId
LocalFree
LocalAlloc
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
LoadLibraryA
GetModuleFileNameW

shlwapi

PathFileExistsW
PathFindFileNameW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

user32

IsWindow
SendMessageA
IsWindowVisible
RegisterWindowMessageW
wsprintfW
PostMessageA

advapi32

RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
RegCreateKeyExW
RegCloseKey
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
OpenProcessToken

shell32

SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllDeleteOldName
DllGetClassObject
DllGetInstallFileNameExt
DllIsDowngradeVersion
DllIsDowngradeVersionW
DllOnUninstall
DllOnUninstallEraseAll
DllOnUpdateFinish
DllRegisterEngineEmbeddedUpdate
DllRegisterServer
DllShowToolbarUninstallDialog
DllShowUninstallDialog
DllSingleComponentInstall
DllUnregisterServer

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_67_
.dll windows:5 windows x86 arch:x86

4e5e8d5b3ec5f09d021f82e2eae3cef5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\RnD\Client\IE\Dev\6.4 (Kill Engine)\ConduitLoader\Release\ldrtbedrs.pdb

Imports

wsock32

gethostbyname

kernel32

GetLongPathNameW
LoadLibraryW
GetModuleHandleW
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
GetCurrentProcessId
OutputDebugStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
LocalAlloc
LocalFree
OpenProcess
GetLastError
TerminateProcess
GetCurrentProcess
GetVersionExA
GetComputerNameW
GetTickCount
GetSystemTimeAsFileTime
CreateFileW
ReadFile
InterlockedDecrement
TlsAlloc
TlsSetValue
TlsGetValue
SetFilePointer
WriteFile
LoadLibraryA
WaitForMultipleObjects
WaitForSingleObject
TerminateThread
GetCurrentThread
SetThreadPriority
CreateEventW
SetEvent
GetLocalTime
InterlockedIncrement
HeapFree
GetProcessHeap
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
GetFileType
RaiseException
RtlUnwind
TlsFree
SetLastError
Sleep
HeapSize
lstrcpyW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
LCMapStringA
GetStringTypeA
GetStringTypeW
VirtualAlloc
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
CreateFileA
GetCurrentThreadId
GetModuleFileNameW
GetProcAddress
ExitProcess

user32

CallWindowProcW
CallWindowProcA
SetCursor
GetAsyncKeyState
ScreenToClient
SendMessageA
GetSysColor
GetParent
RegisterWindowMessageW
GetWindowRect
LoadCursorA
ReleaseDC
DrawTextW
GetDC
IsWindowVisible
ShowWindow
GetClientRect
RegisterClassW
LoadCursorW
GetClassInfoW
IsWindowUnicode
DefWindowProcA
SetTimer
SetFocus
GetFocus
IsChild
CreateWindowExW
PostMessageA
IsWindow
DestroyWindow
InsertMenuW
GetClassNameW
MoveWindow
KillTimer
DefWindowProcW
SetWindowLongW
SendMessageW

gdi32

SetWindowOrgEx
GetWindowOrgEx
DeleteDC
BitBlt
SetLayout
CreateCompatibleBitmap
CreateCompatibleDC
GetLayout
Rectangle
CreateSolidBrush
DeleteObject
SetBkMode
SetTextColor
CreatePen
GetStockObject
SelectObject

ole32

CLSIDFromString
StringFromGUID2
CoTaskMemFree

comctl32

ord17

shlwapi

PathFindFileNameW
PathFileExistsW

advapi32

GetSidSubAuthorityCount
RegCloseKey
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
GetUserNameW

shell32

SHGetFolderPathW
SHCreateDirectoryExW

Exports

Exports

DllCanUnloadNow
DllDeleteOldName
DllGetClassObject
DllGetInstallFileNameExt
DllOnUninstall
DllOnUninstallEraseAll
DllOnUpdateFinish
DllProxyRegisterEngineEmbeddedUpdate
DllProxyRegisterServer
DllProxyUnregisterServer
DllShowToolbarUninstallDialog
DllShowUninstallDialog
DllSingleComponentInstall

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_76_
.dll regsvr32 windows:5 windows x86 arch:x86

c965218dce0f32b85d45b6615a5a5cb1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Conduit\RnD\Client\IE\Dev\6.4 (Kill Engine)\ConduitToolbar\Release\tbedrs.pdb

Imports

comctl32

CreateToolbarEx
ImageList_Create
InitCommonControlsEx
CreatePropertySheetPageW
PropertySheetW
_TrackMouseEvent
ImageList_ReplaceIcon
ord17

wininet

InternetOpenW
InternetSetOptionW
InternetOpenUrlW
InternetGetConnectedState
InternetCrackUrlA
InternetOpenA
HttpOpenRequestA
InternetSetOptionExA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetReadFile
InternetGetLastResponseInfoA
GetUrlCacheEntryInfoW
FindFirstUrlCacheEntryA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetGetCookieW
InternetSetOptionA
InternetCloseHandle
InternetGetCookieA
HttpSendRequestA
HttpQueryInfoA
InternetSetCookieW
InternetConnectA

shlwapi

PathFindFileNameW
SHDeleteKeyA
PathFileExistsW

wsock32

closesocket
socket
gethostbyname
WSAGetLastError
WSACleanup
WSAStartup
setsockopt
WSASetLastError
ioctlsocket
htons
connect
send
recv
select

msimg32

GradientFill

urlmon

ObtainUserAgentString
URLDownloadToFileW

crypt32

CryptMsgGetParam
CryptUnprotectData
CryptProtectData
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertGetNameStringW
CertGetNameStringA
CertFindCertificateInStore
CryptQueryObject

winmm

sndPlaySoundW
PlaySoundW
timeGetTime
PlaySoundA

kernel32

VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
InitializeCriticalSection
GetModuleHandleW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
InterlockedExchange
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
LCMapStringA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetModuleFileNameA
GetStdHandle
ExitProcess
VirtualAlloc
VirtualFree
CopyFileW
HeapCreate
TlsFree
RtlUnwind
RaiseException
GetFileType
GetProcAddress
GetConsoleCP
MoveFileW
GetCommandLineA
ExitThread
HeapReAlloc
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
TlsGetValue
TlsSetValue
TlsAlloc
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
GetOverlappedResult
WriteFile
SetNamedPipeHandleState
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetThreadPriority
GetCurrentThread
GetComputerNameW
MoveFileExW
FindClose
FindNextFileW
RemoveDirectoryW
FindFirstFileW
GetFileTime
GetSystemTimeAsFileTime
GetProcessHeap
HeapFree
OutputDebugStringW
SetFileAttributesW
Process32Next
Process32First
DeleteFileW
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GetExitCodeProcess
LocalAlloc
ReadFile
GlobalLock
GlobalAlloc
GetFileSize
CreateFileW
LoadLibraryA
GlobalFree
GlobalUnlock
SizeofResource
MulDiv
CreateRemoteThread
WideCharToMultiByte
SetLastError
MultiByteToWideChar
CreateMutexW
TerminateProcess
LoadLibraryW
GetVersionExA
GetShortPathNameW
GetUserDefaultLCID
GetLongPathNameW
CreateDirectoryW
WaitForMultipleObjects
CreateEventA
SetEvent
CreateThread
VirtualProtect
FlushInstructionCache
GetCurrentProcess
CreateProcessW
ExpandEnvironmentStringsW
GetLocaleInfoW
GetTempPathW
Beep
GetTimeFormatW
GetDateFormatW
GetLocalTime
SystemTimeToFileTime
FreeResource
LockResource
LoadResource
FindResourceW
GetFileAttributesW
GetModuleHandleA
lstrlenW
TerminateThread
GetConsoleMode
FreeLibrary
WaitForSingleObject
HeapDestroy
LocalFree
lstrcpyA
lstrcpyW
InterlockedIncrement
OpenProcess
GetModuleFileNameW
GetTickCount
GetLastError
GetCurrentThreadId
Sleep
InterlockedDecrement
CloseHandle
ReleaseMutex
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateEventW

user32

SendMessageA
SetWindowTextA
SetWindowTextW
MoveWindow
SetDlgItemTextW
GetClientRect
SetWindowLongW
wsprintfW
ShowWindow
GetWindowRect
GetDlgCtrlID
GetWindowLongW
GetParent
ClientToScreen
IsWindow
CallWindowProcA
PostMessageA
GetDC
DrawTextW
ReleaseDC
SetCursor
LoadCursorA
SetRectEmpty
LoadCursorW
GetMessageW
PeekMessageW
IsRectEmpty
RegisterClassExW
GetClassInfoExW
SetClassLongA
CopyRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CharUpperW
GetDlgItem
InvalidateRect
GetForegroundWindow
InflateRect
SetLayeredWindowAttributes
LoadImageW
GetWindowRgn
MessageBeep
GetActiveWindow
IsDialogMessageW
IsDialogMessageA
MessageBoxW
MessageBoxA
DialogBoxParamW
DialogBoxParamA
CreateDialogParamA
CreateDialogParamW
TrackPopupMenuEx
SetDlgItemInt
GetKeyState
SetForegroundWindow
GetDlgItemTextA
SetClassLongW
FrameRect
DrawFrameControl
AllowSetForegroundWindow
DeferWindowPos
DrawEdge
MsgWaitForMultipleObjects
PeekMessageA
PostThreadMessageA
SetParent
GetDlgItemTextW
GetScrollInfo
GetMenuItemRect
GetMenuState
GetMenuItemInfoW
SetMenuItemInfoW
CheckMenuItem
EnableMenuItem
DeleteMenu
TrackPopupMenu
InsertMenuItemA
GetMenuItemCount
CreatePopupMenu
DestroyMenu
GetMenuItemID
SetMenuInfo
GetMenuInfo
IsMenu
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
CharLowerBuffA
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetUpdateRect
DefWindowProcA
GetCapture
DispatchMessageA
ReleaseCapture
SetCapture
SetActiveWindow
EndPaint
BeginPaint
SetRect
OffsetRect
DrawIconEx
GetIconInfo
EnumChildWindows
GetSystemMetrics
FillRect
UnregisterClassA
DestroyIcon
GetWindowTextLengthW
SendMessageW
EndDialog
FindWindowW
GetWindowTextW
GetAsyncKeyState
GetMenuItemInfoA
SetWindowRgn
RegisterWindowMessageA
GetClassNameW
DestroyWindow
SetWindowLongA
GetWindowLongA
GetDesktopWindow
IsChild
GetFocus
KillTimer
GetSysColor
CallWindowProcW
IsWindowUnicode
DispatchMessageW
TranslateMessage
GetMessageA
CreateWindowExW
DefWindowProcW
GetWindowThreadProcessId
FindWindowExW
PostMessageW
SetWindowPos
RegisterClassW
GetClassInfoW
SetTimer
SetFocus
PtInRect
ScreenToClient
GetCursorPos
IsWindowVisible
SystemParametersInfoW
DrawFocusRect
SendInput
IsIconic
GetLastInputInfo
RegisterWindowMessageW
MonitorFromRect
GetMonitorInfoA

gdi32

StretchBlt
SetStretchBltMode
GetStretchBltMode
GetObjectW
FrameRgn
OffsetRgn
SetRectRgn
ExcludeClipRect
TextOutW
SetTextAlign
GetPixel
CombineRgn
BitBlt
CreateCompatibleBitmap
Polygon
GdiFlush
SetPixel
GetObjectA
GetTextAlign
GetLayout
GetTextExtentPoint32W
Rectangle
DeleteDC
CreateCompatibleDC
SetBkColor
CreateSolidBrush
CreateFontIndirectW
CreateRectRgn
DeleteObject
LineTo
MoveToEx
SelectObject
CreatePen
SetWindowOrgEx
GetWindowOrgEx
SetTextColor
SetBkMode
GetStockObject
RoundRect
GetDeviceCaps
PtInRegion
GetTextColor
SetLayout
SelectPalette
RealizePalette
GetDIBits
CreateDCW
GetBkColor
GetBkMode
PlgBlt

comdlg32

GetOpenFileNameW

advapi32

RegSetValueA
RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExA
RegDeleteKeyA
RegSetValueW
RegSetValueExA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
DuplicateTokenEx
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
OpenProcessToken
RegCreateKeyExW

shell32

ShellExecuteW
ShellExecuteExW
SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoGetMalloc
IIDFromString
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateGuid
CoUninitialize
CLSIDFromString
StringFromIID
CoInitialize
StringFromGUID2
CoCreateInstance

oleaut32

SafeArrayCreateVector
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocString
SysFreeString
CreateDispTypeInfo
OleLoadPicture
VariantInit
VariantClear
VariantChangeType
SysAllocStringByteLen
SysStringLen
VarBstrCmp
SysAllocStringLen
SysStringByteLen
VariantCopy

psapi

GetProcessImageFileNameW
EnumProcessModules
GetModuleBaseNameW
GetProcessMemoryInfo
GetModuleFileNameExW
EnumProcesses

dnsapi

DnsQuery_A

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Exports

Exports

DLLOnUninstallEraseAll
DllBrowserSearchProtectorRevert
DllCanUnloadNow
DllConnectToIE
DllDeleteOldName
DllExpireSocialCookies
DllGetClassObject
DllGetInstallFileNameExt
DllGetInstallFileNameExtW
DllHomePageProtectorRevert
DllOnUninstall
DllOnUpdateFinish
DllProxyRegisterEngineEmbeddedUpdate
DllProxyRegisterServer
DllProxyUnregisterServer
DllRegisterEngineEmbeddedUpdate
DllRegisterServer
DllRunNonSilentInstall
DllShowUninstallDialog
DllSingleComponentInstall
DllUpdate
DllWriteSocialCookies

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 687KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 475KB - Virtual size: 475KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_77_
.exe windows:5 windows x86 arch:x86

99e6114cbd01a2f3bb7611da1b2ecb2a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\RnD\Client\IE\Dev\6.0.3\ToolbarHelper2003\Release\ToolbarHelper.pdb

Imports

kernel32

Sleep
FreeLibrary
GetProcAddress
LoadLibraryA
RtlUnwind
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RaiseException
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
HeapSize
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GottenAppsContextMenu.xml
OtherAppsContextMenu.xml
SharedAppsContextMenu.xml
ToolbarContextMenu.xml
toolbar.cfg
uninstall.exe
.exe windows:5 windows x86 arch:x86

6956bc6214dc471c2d2756a3215ace8f

Code Sign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

17/02/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=Conduit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Conduit Ltd.,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Conduit\RnD\Client\IE\Dev\6.0.3\Setup\NSIS-SetupSource\uninstall.pdb

Imports

kernel32

GetModuleHandleA
DeleteCriticalSection
CloseHandle
GetFileSize
GetSystemTimeAsFileTime
ReadFile
EnterCriticalSection
GetLastError
MultiByteToWideChar
LeaveCriticalSection
WideCharToMultiByte
GetShortPathNameW
GetProcAddress
GetLongPathNameW
GetModuleFileNameW
LoadLibraryW
FreeLibrary
CreateFileW
UnhandledExceptionFilter
CreateFileA
SetStdHandle
SetFilePointer
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
Sleep
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RaiseException
HeapCreate
VirtualFree
VirtualAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:ddCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 2.8MB

.rsrc Size: 4KB - Virtual size: 3KB

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 48B

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 590B

c965218dce0f32b85d45b6615a5a5cb1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:ddCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 2.8MB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 687KB - Virtual size: 686KB

.data
Size: 34KB - Virtual size: 52KB

SHARED
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 475KB - Virtual size: 475KB

.reloc
Size: 217KB - Virtual size: 217KB

37:36:da:15:af:64:76:32:cc:e6:1c:d4:1b:65:77:dd
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 408KB - Virtual size: 407KB

.rdata
Size: 121KB - Virtual size: 121KB

.data
Size: 10KB - Virtual size: 20KB

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 41KB - Virtual size: 40KB