430070681ec8ed41f9ee91d8d304a310_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

430070681ec8ed41f9ee91d8d304a310_JaffaCakes118
Size

912KB
MD5

430070681ec8ed41f9ee91d8d304a310
SHA1

b8905437b459f6472df77ac234f3fcd12512d527
SHA256

0c46457101d2d4939dd1cbf4426bd9450f091b4cabc7ccbf69c38b077d9a903a
SHA512

d695d7d5df4a6abec14169976b84f5d1fe32be90511c9cc6949126670628b1a163343f6992444d39d4ce9c78b2acf589108f82fa07c80f709dd36f5607c7aeb8
SSDEEP

24576:Kp4XVcDv4I8tgNlTYFZsXi7QCLSJ0nA3ISo:DKF8tQlqt7BQTo

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/ShellLink.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack002/$PLUGINSDIR/nsExec.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

430070681ec8ed41f9ee91d8d304a310_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:3d:78:ec:72:12:3c:bc:5a:16:89:1c:d2:12:9a:fb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/07/2011, 00:00

Not After

28/06/2012, 23:59

Subject

CN=Zonerider Networks,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zonerider Networks,L=London,ST=England,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fa:95:63:28:9e:cc:00:79:27:4b:06:27:67:78:61:84:83:42:28:07
Signer

Actual PE Digest

fa:95:63:28:9e:cc:00:79:27:4b:06:27:67:78:61:84:83:42:28:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ShellLink.dll
.dll windows:5 windows x86 arch:x86

50112fdd20200a51dbedeae8f1f33cdb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
MultiByteToWideChar
LocalAlloc
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc

user32

wsprintfA

ole32

CoCreateInstance

Exports

Exports

GetShortCutArgs
GetShortCutDescription
GetShortCutHotkey
GetShortCutIconIndex
GetShortCutIconLocation
GetShortCutShowMode
GetShortCutTarget
GetShortCutWorkingDirectory
SetRunAsAdministrator
SetShortCutArgs
SetShortCutDescription
SetShortCutHotkey
SetShortCutIconIndex
SetShortCutIconLocation
SetShortCutShowMode
SetShortCutTarget
SetShortCutWorkingDirectory

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1014B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/makensis.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GateManager.exe
.exe windows:5 windows x86 arch:x86

d4560dcd7e81cf9e018318b26de3a593

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:3d:78:ec:72:12:3c:bc:5a:16:89:1c:d2:12:9a:fb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/07/2011, 00:00

Not After

28/06/2012, 23:59

Subject

CN=Zonerider Networks,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zonerider Networks,L=London,ST=England,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:8a:39:92:cd:c0:37:49:74:ff:1c:0b:d7:67:aa:3e:b0:c6:93:c1
Signer

Actual PE Digest

4b:8a:39:92:cd:c0:37:49:74:ff:1c:0b:d7:67:aa:3e:b0:c6:93:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GetSystemDirectoryA
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
SetConsoleMode
ReadConsoleInputA
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
HeapAlloc
HeapFree
WaitForSingleObject
DeviceIoControl
CreateFileA
FlushConsoleInputBuffer
GlobalMemoryStatus
SetEnvironmentVariableA
CompareStringW
GetTimeZoneInformation
GetModuleFileNameA
LoadLibraryExA
FindResourceA
GetVersion
LocalFree
SetEndOfFile
CreateFileW
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetStringTypeW
LoadLibraryW
FreeLibrary
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadFile
SetFilePointer
LCMapStringW
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
FindFirstFileA
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapCreate
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetStartupInfoW
HeapSetInformation
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualProtect
EncodePointer
DecodePointer
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
FileTimeToSystemTime
FindNextFileA
FindClose
GetWindowsDirectoryA
GetFileAttributesA
LoadLibraryA
SetThreadExecutionState
SetEvent
CreateEventA
ResetEvent
WaitForMultipleObjects
CreateDirectoryA
GetLocalTime
InitializeCriticalSection
TerminateThread
SetLastError
lstrcpynA
GetVersionExA
CreateProcessA
IsDBCSLeadByte
InterlockedDecrement
InterlockedIncrement
lstrlenW
MultiByteToWideChar
GetCurrentThreadId
GetTickCount
Sleep
GetProcAddress
lstrcmpA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetLastError
WideCharToMultiByte
LoadResource
SizeofResource
lstrcmpiA
CompareStringA
GetCurrentProcess
FlushInstructionCache
InterlockedCompareExchange
CreateThread
CloseHandle
DeleteFileA
GetACP
CopyFileA
lstrlenA
lstrcpyA
GetModuleHandleA
SetConsoleCtrlHandler
GetDriveTypeW

user32

MapWindowPoints
GetMonitorInfoA
MonitorFromWindow
GetWindowRect
GetWindow
EndDialog
DrawTextA
SetWindowPos
GetDC
ReleaseDC
IsWindow
GetDlgItem
GetParent
SetDlgItemTextA
OffsetRect
LoadCursorA
GetClassNameA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
UnregisterClassA
ShowWindow
EnumChildWindows
FindWindowA
RegisterWindowMessageA
DestroyMenu
GetClientRect
SendMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetWindowLongA
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
SetWindowLongA
CharNextA
SetParent
PostQuitMessage
IsDialogMessageA
SetActiveWindow
BringWindowToTop
SetForegroundWindow
SetMenuDefaultItem
GetMenuItemID
PostMessageA
wsprintfA
CheckDlgButton
GetSystemMetrics
LoadImageA
AppendMenuA
GetActiveWindow
TrackPopupMenuEx
RegisterClassExA
GetClassInfoExA
IsChild
CreateDialogParamA
DialogBoxParamA
EnableWindow
GetSysColorBrush
GetSubMenu
TrackPopupMenu
MonitorFromPoint
LoadMenuA
MoveWindow
LoadStringA
MessageBoxA
ClientToScreen
GetNextDlgTabItem
IsDlgButtonChecked
GetCapture
ReleaseCapture
EndPaint
BeginPaint
GetSysColor
GetFocus
GetCursorPos
SetCursor
FillRect
DrawFocusRect
PtInRect
CallWindowProcA
GetDlgCtrlID
SetFocus
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
ScreenToClient
DestroyWindow
SetRectEmpty
DefWindowProcA
PeekMessageA

gdi32

SetBkMode
CombineRgn
CreateRectRgnIndirect
FillRgn
SetBkColor
CreateSolidBrush
SetTextColor
GetStockObject
CreateFontIndirectA
DeleteDC
SelectObject
GetObjectA
DeleteObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

ControlService
ReportEventA
DeregisterEventSource
RegOpenKeyExA
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CopySid
IsValidSid
GetLengthSid
SetNamedSecurityInfoA
InitializeAcl
AddAce
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyW
RegDeleteValueA
RegDeleteKeyA
ChangeServiceConfigA
StartServiceA
QueryServiceStatus
RegSetValueExA
RegCreateKeyExA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegQueryValueExA
RegCloseKey
RegisterEventSourceA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitializeSecurity
CoInitialize
OleRun

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreateVector
VariantClear
VariantInit
GetErrorInfo

comctl32

ImageList_LoadImageA
_TrackMouseEvent
InitCommonControlsEx

winmm

PlaySoundA

ws2_32

inet_addr
WSACleanup
recv
send
connect
setsockopt
bind
listen
shutdown
WSAStartup
ioctlsocket
WSASetLastError
getservbyport
ntohs
gethostbyaddr
WSAGetLastError
getservbyname
inet_ntoa
gethostbyname
htonl
socket
closesocket
ntohl
select
__WSAFDIsSet
WSACreateEvent
htons

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupCopyOEMInfA
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoA

iphlpapi

GetBestInterface
GetAdaptersInfo
NotifyAddrChange
GetIfEntry

Sections

.text
Size: 699KB - Virtual size: 698KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ZoneriderGate.exe
.exe windows:5 windows x86 arch:x86

652129bce14967d4813a9426a65f56dd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:3d:78:ec:72:12:3c:bc:5a:16:89:1c:d2:12:9a:fb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/07/2011, 00:00

Not After

28/06/2012, 23:59

Subject

CN=Zonerider Networks,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zonerider Networks,L=London,ST=England,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:26:89:e5:18:8d:df:7b:b9:ce:8a:c1:fd:17:0a:0c:f1:c1:cc:36
Signer

Actual PE Digest

75:26:89:e5:18:8d:df:7b:b9:ce:8a:c1:fd:17:0a:0c:f1:c1:cc:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\PAG\ZR_v51\ZR_v61.hw\R6\release\ZoneriderGate_rel.pdb

Imports

kernel32

GetCommandLineA
CreateEventA
SetEvent
GetCurrentThreadId
GetModuleHandleW
WaitForSingleObject
GetWindowsDirectoryA
SetStdHandle
GetStdHandle
DeviceIoControl
SetLastError
HeapFree
HeapAlloc
GetProcessHeap
GetVersionExA
GetSystemDirectoryA
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentDirectoryW
PeekNamedPipe
GetFullPathNameA
SetConsoleMode
ReadConsoleInputA
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
LoadLibraryA
ResetEvent
FindFirstFileA
FindNextFileA
FindClose
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetFileInformationByHandle
GetFileSize
FileTimeToSystemTime
WriteFile
SetFileTime
GetFileAttributesA
LocalFileTimeToFileTime
GetCurrentDirectoryA
SystemTimeToFileTime
ReadFile
CreateFileA
SetFilePointer
GetCurrentProcess
CreateThread
CloseHandle
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
RaiseException
IsDBCSLeadByte
GetProcAddress
lstrcmpiA
LoadLibraryExA
FindResourceA
FreeLibrary
lstrlenW
MultiByteToWideChar
GetModuleFileNameA
lstrlenA
GetModuleHandleA
DeleteCriticalSection
InitializeCriticalSection
FindFirstChangeNotificationA
WaitForMultipleObjects
FindCloseChangeNotification
CreateDirectoryA
GetLocalTime
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
FindResourceExW
LoadResource
LockResource
FlushConsoleInputBuffer
GlobalMemoryStatus
LocalFree
GetVersion
SetEnvironmentVariableA
CompareStringW
GetDriveTypeW
SetEndOfFile
CreateFileW
WriteConsoleW
FlushFileBuffers
GetStringTypeW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
LoadLibraryW
SetConsoleCtrlHandler
LCMapStringW
GetTimeZoneInformation
HeapReAlloc
HeapDestroy
HeapCreate
GetModuleFileNameW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
IsProcessorFeaturePresent
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
ExitProcess
SizeofResource
FindResourceW
GetLastError
GetTickCount
Sleep
DeleteFileA
GetDateFormatA
GetTimeFormatA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
GetSystemTimeAsFileTime
EncodePointer
DecodePointer

user32

GetProcessWindowStation
PostThreadMessageA
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
CharNextW
CharUpperA
LoadStringA
GetDesktopWindow
GetUserObjectInformationW
wsprintfA
CharNextA

advapi32

QueryServiceConfigA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
CloseServiceHandle
OpenServiceA
EnumServicesStatusA
OpenSCManagerA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegSetValueExA
RegQueryInfoKeyW
RegEnumValueA
StartServiceCtrlDispatcherA
InitializeAcl
AddAce
SetNamedSecurityInfoA
IsValidSid
GetLengthSid
CopySid
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
ChangeServiceConfig2A
RegisterEventSourceA
ReportEventA
DeregisterEventSource
ControlService
DeleteService
CreateServiceA
RegisterServiceCtrlHandlerA
RegQueryInfoKeyA
SetServiceStatus

ole32

CoTaskMemFree
CoTaskMemRealloc
CoInitializeEx
CoInitializeSecurity
CoRevokeClassObject
CoRegisterClassObject
StringFromGUID2
CoCreateInstance
CoInitialize
CoUninitialize
CoAddRefServerProcess
CoReleaseServerProcess
CoTaskMemAlloc

oleaut32

SafeArrayDestroy
SysFreeString
VarUI4FromStr
LoadTypeLi
SysStringLen
RegisterTypeLi
SysAllocString
UnRegisterTypeLi
VariantClear
VariantInit
LoadRegTypeLi
SafeArrayPutElement
SafeArrayCreateVector

ws2_32

shutdown
accept
listen
bind
setsockopt
connect
send
recv
WSACleanup
ioctlsocket
WSASetLastError
inet_ntoa
ntohs
htons
recvfrom
htonl
getservbyname
gethostbyname
gethostbyaddr
getservbyport
__WSAFDIsSet
select
closesocket
sendto
socket
inet_addr
WSAGetLastError
WSACreateEvent
ntohl
WSAStartup

psapi

GetProcessMemoryInfo

iphlpapi

GetBestInterface
GetIfEntry
NotifyAddrChange
SendARP
GetAdaptersInfo

setupapi

SetupDiOpenDeviceInfoA
SetupDiGetDeviceRegistryPropertyA
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 964KB - Virtual size: 964KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ZoneriderServices.exe
.exe windows:5 windows x86 arch:x86

b12292161da6e3aab204019f0d1703aa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:3d:78:ec:72:12:3c:bc:5a:16:89:1c:d2:12:9a:fb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/07/2011, 00:00

Not After

28/06/2012, 23:59

Subject

CN=Zonerider Networks,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zonerider Networks,L=London,ST=England,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:78:47:22:33:7c:43:77:64:51:c9:dd:db:37:d6:f1:39:bc:e8:57
Signer

Actual PE Digest

79:78:47:22:33:7c:43:77:64:51:c9:dd:db:37:d6:f1:39:bc:e8:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\PAG\ZR_v51\ZR_v61.hw\R6\release\ZoneriderServices_rel.pdb

Imports

kernel32

GetCurrentProcess
HeapFree
HeapAlloc
GetProcessHeap
GetVersionExA
InterlockedIncrement
LockResource
FindResourceW
FindResourceExW
DeleteFileA
GetCurrentProcessId
SetUnhandledExceptionFilter
ReadFile
SetFilePointer
GetFileSize
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
WriteFile
SystemTimeToFileTime
UnmapViewOfFile
GetTickCount
GlobalAlloc
HeapReAlloc
HeapDestroy
DeviceIoControl
LocalFree
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileW
CreateFileA
SetLastError
FileTimeToSystemTime
EnterCriticalSection
GetLocalTime
LeaveCriticalSection
LoadLibraryA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
InitializeCriticalSection
MultiByteToWideChar
GetCommandLineA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
InterlockedDecrement
IsDBCSLeadByte
CreateEventA
CreateThread
GetCurrentThreadId
SetEvent
GetModuleHandleW
Sleep
WaitForSingleObject
CloseHandle
GetModuleFileNameA
lstrcmpiA
lstrlenA
GetModuleHandleA
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetStringTypeW
QueryPerformanceCounter
RaiseException
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
LCMapStringW
GetConsoleMode
GetConsoleCP
lstrlenW
WideCharToMultiByte
GlobalFree
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
ExitThread
LoadLibraryW
GetFileType
SetHandleCount
IsProcessorFeaturePresent
HeapCreate
GetModuleFileNameW
GetStdHandle
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoW
HeapSetInformation
GetDateFormatA
GetTimeFormatA
ResumeThread
HeapSize

user32

GetDesktopWindow
PostThreadMessageA
GetMessageA
DispatchMessageA
TranslateMessage
MessageBoxA
CharNextW
CharUpperA
CharNextA
LoadStringA

advapi32

SetServiceStatus
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
EnumServicesStatusA
QueryServiceConfigA
ChangeServiceConfig2A
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegQueryInfoKeyA
RegEnumKeyExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
ControlService
DeleteService
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegQueryInfoKeyW
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoInitializeSecurity
CoUninitialize
StringFromGUID2
CoCreateInstance
CoAddRefServerProcess
CoReleaseServerProcess
CoInitialize

oleaut32

VariantInit
VariantClear
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString

ws2_32

socket
setsockopt
bind
listen
accept
shutdown
closesocket
connect
ntohs
htons
htonl
inet_ntoa
WSAGetLastError
ntohl
inet_addr
send
recv
select
sendto
WSACleanup
recvfrom
WSAIoctl
WSASocketA
__WSAFDIsSet
WSAStartup

setupapi

SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

iphlpapi

GetAdaptersInfo
GetBestInterface
GetNetworkParams
GetIfEntry

Sections

.text
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
auth/cert/server.crt
auth/cert/server.crt_
auth/cert/server.crt_old
auth/cert/server.key
auth/templ/behaviour/go_popup
.html
auth/templ/behaviour/stat_logout
auth/templ/errors/db_problem
auth/templ/errors/logout_already_logged_out
auth/templ/errors/not_logged_in
auth/templ/footer
auth/templ/header
.html
auth/templ/in_zone
auth/templ/login_form
auth/templ/login_ok
auth/templ/login_welcome
auth/templ/prev_link
auth/templ/stat_footer
auth/templ/stat_header
.html .js polyglot
auth/templ_admin/footer
auth/templ_admin/header
.html
auth/templ_admin/header2
.html
auth/templ_admin/sessions_table_footer
auth/templ_admin/sessions_table_header
auth/www/404.html
auth/www/assets/buy2.gif
.gif
auth/www/assets/hotspotlogo.jpg
.jpg
auth/www/assets/smallcc2.gif
.gif
auth/www/assets/top_tile_blue.gif
.gif
auth/www/css/light.css
auth/www/favicon.ico
auth/www/img/buyaccess.jpg
.jpg
auth/www/img/logo2.jpg
.jpg
auth/www/img/pay_logos2.gif
.gif
auth/www/img/submit2.gif
.gif
auth/www/main.css
auth/www_admin/404.html
auth/www_admin/i/login.gif
.gif
auth/www_admin/i/main.css
auth/www_admin/i/p0.gif
.gif
auth/www_admin/i/p1.gif
.gif
auth/www_admin/i/p2.gif
.gif
auth/www_admin/i/p3.gif
.gif
auth/www_admin/i/p4.gif
.gif
auth/www_admin/i/p5.gif
.gif
auth/www_admin/i/p6.gif
.gif
auth/www_admin/i/px.gif
.gif
auth/www_admin/login.html
driver/znrdrx64.sys
.sys windows:5 windows x64 arch:x64

1040e876bfea388a6974d1467351a9ba

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:3d:78:ec:72:12:3c:bc:5a:16:89:1c:d2:12:9a:fb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/07/2011, 00:00

Not After

28/06/2012, 23:59

Subject

CN=Zonerider Networks,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zonerider Networks,L=London,ST=England,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e6:63:21:66:31:07:fa:d9:38:74:83:c2:01:97:ed:11:1d:c0:5d:00
Signer

Actual PE Digest

e6:63:21:66:31:07:fa:d9:38:74:83:c2:01:97:ed:11:1d:c0:5d:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\pag\zr_v51\zr_v61.hw\r6\src\driver\rel\objfre_wnet_AMD64\amd64\znrdr.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeClearEvent
ObReferenceObjectByHandle
IofCompleteRequest
strncpy
ObfDereferenceObject
KeSetEvent
_purecall
IoFreeMdl
MmMapLockedPagesSpecifyCache
KeReleaseSpinLockFromDpcLevel
KeAcquireSpinLockAtDpcLevel
RtlUnicodeStringToAnsiString
RtlEqualUnicodeString
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
KeInitializeTimer
KeInitializeDpc
KeSetTimer
DbgPrint
KeCancelTimer
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock

ndis.sys

NdisMRegisterUnloadHandler
NdisMRemoveMiniport
NdisMPromoteMiniport
NdisMSetMiniportSecondary
NdisCloseAdapter
NdisIMDeInitializeDeviceInstance
NdisReEnumerateProtocolBindings
NdisIMInitializeDeviceInstanceEx
NdisIMGetDeviceContext
NdisAllocatePacketPoolEx
NdisWriteErrorLogEntry
NdisMSetAttributesEx
NdisReturnPackets
NdisRequest
NdisPacketPoolUsage
NdisMSleep
NdisReadConfiguration
NdisInitializeEvent
NdisInitializeWrapper
NdisTerminateWrapper
NdisFreeMemory
NdisResetEvent
NdisWaitEvent
NdisQueryAdapterInstanceName
NdisGetReceivedPacket
NdisSetEvent
NdisOpenConfiguration
NdisOpenProtocolConfiguration
NdisCloseConfiguration
NdisAllocateBufferPool
NdisAllocateBuffer
NdisUnchainBufferAtFront
NdisAllocatePacket
NdisFreePacket
NdisDeregisterProtocol
NdisIMDeregisterLayeredMiniport
NdisAllocateMemoryWithTag
NdisIMCopySendCompletePerPacketInfo
NdisMDeregisterDevice
NdisMDeregisterAdapterShutdownHandler
NdisRegisterProtocol
NdisIMRegisterLayeredMiniport
NdisAllocatePacketPool
NdisFreePacketPool
NdisIMAssociateMiniport
NdisMRegisterAdapterShutdownHandler
NdisOpenAdapter
NdisMRegisterDevice
NdisIMCopySendPerPacketInfo

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.STL
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/znrdrx86.sys
.sys windows:5 windows x86 arch:x86

e116dfe62000eaf358bd88db14fbebdb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:3d:78:ec:72:12:3c:bc:5a:16:89:1c:d2:12:9a:fb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/07/2011, 00:00

Not After

28/06/2012, 23:59

Subject

CN=Zonerider Networks,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zonerider Networks,L=London,ST=England,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

96:12:c7:ed:b9:e4:07:c3:a8:b5:88:d2:ec:9b:e4:9b:b3:4f:8c:32
Signer

Actual PE Digest

96:12:c7:ed:b9:e4:07:c3:a8:b5:88:d2:ec:9b:e4:9b:b3:4f:8c:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\pag\zr_v51\zr_v61.hw\r6\src\driver\rel\objfre_w2K_x86\i386\znrdr.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
KeQuerySystemTime
KeClearEvent
ObReferenceObjectByHandle
IofCompleteRequest
strncpy
ObfDereferenceObject
KeSetEvent
_purecall
IoFreeMdl
MmMapLockedPagesSpecifyCache
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
KeInitializeSpinLock
RtlUnicodeStringToAnsiString
RtlEqualUnicodeString
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
KeInitializeTimer
KeInitializeDpc
KeSetTimer
memmove
DbgPrint
KeCancelTimer

ndis.sys

NdisMDeregisterDevice
NdisMRemoveMiniport
NdisMPromoteMiniport
NdisMSetMiniportSecondary
NdisReleaseSpinLock
NdisAcquireSpinLock
NdisCloseAdapter
NdisIMDeInitializeDeviceInstance
NdisReEnumerateProtocolBindings
NdisIMInitializeDeviceInstanceEx
NdisIMGetDeviceContext
NdisAllocatePacketPoolEx
NdisWriteErrorLogEntry
NdisMSetAttributesEx
NdisTransferData
NdisReturnPackets
NdisSend
NdisRequest
NdisPacketPoolUsage
NdisMSleep
NdisFreeSpinLock
NdisAllocateSpinLock
NdisResetEvent
NdisWaitEvent
NdisQueryAdapterInstanceName
NdisGetReceivedPacket
NdisSetEvent
NdisOpenConfiguration
NdisOpenProtocolConfiguration
NdisCloseConfiguration
NdisAllocateBufferPool
NdisAllocateBuffer
NdisUnchainBufferAtFront
NdisAllocatePacket
NdisFreePacket
NdisDeregisterProtocol
NdisIMDeregisterLayeredMiniport
NdisMRegisterUnloadHandler
NdisIMCopySendCompletePerPacketInfo
NdisMDeregisterAdapterShutdownHandler
NdisRegisterProtocol
NdisIMRegisterLayeredMiniport
NdisAllocatePacketPool
NdisFreePacketPool
NdisIMAssociateMiniport
NdisMRegisterAdapterShutdownHandler
NdisOpenAdapter
NdisMRegisterDevice
NdisIMCopySendPerPacketInfo
NdisAllocateMemoryWithTag
NdisFreeMemory
NdisTerminateWrapper
NdisInitializeWrapper
NdisInitializeEvent
NdisReadConfiguration

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.STL
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 128B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/zonerider.inf
driver/zoneridermp.inf
eula.rtf
.rtf
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:3d:78:ec:72:12:3c:bc:5a:16:89:1c:d2:12:9a:fb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/07/2011, 00:00

Not After

28/06/2012, 23:59

Subject

CN=Zonerider Networks,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zonerider Networks,L=London,ST=England,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:16:22:15:f8:26:c5:06:55:22:49:eb:8e:c0:94:84:8b:7a:b3:f5
Signer

Actual PE Digest

67:16:22:15:f8:26:c5:06:55:22:49:eb:8e:c0:94:84:8b:7a:b3:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4c:3d:78:ec:72:12:3c:bc:5a:16:89:1c:d2:12:9a:fbCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

fa:95:63:28:9e:cc:00:79:27:4b:06:27:67:78:61:84:83:42:28:07Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 5KB - Virtual size: 5KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

50112fdd20200a51dbedeae8f1f33cdb

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 1014B

.data Size: - Virtual size: 12B

.reloc Size: 512B - Virtual size: 262B

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4c:3d:78:ec:72:12:3c:bc:5a:16:89:1c:d2:12:9a:fb
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

fa:95:63:28:9e:cc:00:79:27:4b:06:27:67:78:61:84:83:42:28:07
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 1014B

.data
Size: - Virtual size: 12B

.reloc
Size: 512B - Virtual size: 262B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 410B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4c:3d:78:ec:72:12:3c:bc:5a:16:89:1c:d2:12:9a:fb
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4b:8a:39:92:cd:c0:37:49:74:ff:1c:0b:d7:67:aa:3e:b0:c6:93:c1
Signer

.text
Size: 699KB - Virtual size: 698KB

.rdata
Size: 202KB - Virtual size: 201KB

.data
Size: 20KB - Virtual size: 139KB

.rsrc
Size: 27KB - Virtual size: 27KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4c:3d:78:ec:72:12:3c:bc:5a:16:89:1c:d2:12:9a:fb
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

75:26:89:e5:18:8d:df:7b:b9:ce:8a:c1:fd:17:0a:0c:f1:c1:cc:36
Signer