520c63c2b871f581e2ad0182e91299bf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

520c63c2b871f581e2ad0182e91299bf_JaffaCakes118
Size

3.2MB
MD5

520c63c2b871f581e2ad0182e91299bf
SHA1

f417718249c2d09f3409e2d663c66bfc8143f142
SHA256

14d82a58871233cc038e26ec42c967ecb77ce6747b387999892bd057b3cfb2a1
SHA512

c93d720fefc14680f08f84ffa90034038284de2b7a374d8dfe6ecbc4d897f6cb6c8685ab1f390a243be653a42b8100f7a87d537157398b3d9c670cb691a3c24b
SSDEEP

49152:/iJyGuWzFJNrK/46BYQMnp3Gi6K3BebggXPvzvpkLwwizYDc0mc8ZuMZ:6YGu22w6BKnp3Gi6K3BebHwiOEj3

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/data/default.skn	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/data/default.skn	upx
static1/unpack001/upx.exe	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BlackShadesNet.exe
unpack001/data/default.skn
unpack002/out.upx
unpack001/stub.bin
unpack001/upx.exe

Files

520c63c2b871f581e2ad0182e91299bf_JaffaCakes118
.rar
BlackShadesNet.exe
.exe windows:4 windows x86 arch:x86

22fe75e4e2cec50f4cbf12304ccde23b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarForInit

kernel32

GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

��q$SDY�l�L��IF��Ϫh$z��4��tD_��;:5�^�{Lq�Y��y"��o`��x^�J\WDvP�3�5�)��9�9��'w�^��`FDM�x.��Vw<K ��ڋr2�X�_O�`x�U{J��_�<?#�G6�1 �%I ��ք��h6i�� #�D��' p?�r��辐K��C�٫�5�j�uLLƏYY�_�*U'� M�q��2�W)�}f�P��`$�V/i�$x^b��U��3Xe��Jݽا8� y�u��+i��W�A�g�� ᙋ��t�R��(S_��$��h�8�� A9f��t�T�9�WO�[�&��, �� ]��QQ��Px6˳��Yh�=��C��"��L��c��l�' L�5s��)�p��矘��s��ՙ �>��K[u��e��H��:�>��0ɺ��>�u�&n��1��|w��B7Y��r�� ˯�\9�=<�~�f��6-UvXz��_�� 0��Rw4ilSv~��^���R��+\��͞��4�'t��f��s�q6W�GO94~��=�ͥ$X/g4J��񢥐֌g=��ǆ.n��"�Q��)P��e�X��U�S��Hj?��w,��V� D6��j �Lv |Ti#��}��ѐ"�@�d�b��U�L�6]��(V�U1��=@��9��¨)� 1��Gx;"��?+�G� ��<�3lF��0|�U��O)ւ��!&tL*|Y��Q�J�bj�!�eN�^�3�$v��$��k[�8S��p��|��+�8��Y��xC��E�%pT^3f�Z}�g��/LnWWUa͠�&K�"�e��!#�d��_��w7c�Q[�0 �QB�Af�91(�0��%{��&浂=��ܡ��_�)�y�ж��N�Z-E��?�_�9m�x99<��⢗D��P0X �K��RtF��b�+��|~��)�X�ם��Α@�W�N`��a�y0$�D$�?�� -��Ƚ��CN�n��Qr3�N�{@"��PA�ݘ\�Q3</!�>�Հ�7��ą�7~��p�BC=�ڲR�A͌{{Z�Ċ�3��c��[�\O� ~�*o��A��-1u��W��i PP��R�MRx��Z��,#��x<33��ux* ��C�s�fp��X_u.��t��=.Ġ�@�N�9��0� J��#�?h � mFr�Pj��`��hwh��=��:��S�̡��M�ӚR�O'C� ��+��Be"�[Z�k�2J�2�x�E"�_�9�+�X��xi�|�h�5$:�/�h��r�y�Rƭ~�(��$; �/a��y��&z��-��[n I��U&�"T4�]�Z�1��b��15��(��g͚\�()�M��5�h��jW�TY��9��8k��%��k��K�?� ��1r��]�� u�^U�K��T��& �Y�Rb8ƴ��|Y��H��$t~ר��Z��ш��yksO�N��R��>��Xn(Q��o��91b-�a��^}��M�Ja�H��:@+�� 5��o��~�� V��g{��V��z��^��r ��_�W0>DT�:�� UEX�t��Q}��,��8�]v��K��>_��\��$ ��ㄓ�~� ��[�C ߓ#=�D��_0 �R��R�%��;��ƻ�S�X�.j�BVk��C��b�VV]��aK�$�L*��n"Z~��a��<��5 q#��U��pŔ��f��z�z ,ӔS�� 'V(��c9%�ׅ��I�MC��J��S4�˦�9�a��ֺ�[��rO(�qK㪳�7�`��P��}��#D��e��0��1�s�}E��A�%��VY'�f�`��n�+�r$|�j�7��[v1Z�h�;eY��^F.Ŭ�2�C��lb��I��{�_�|tW`�%WF��F�}��8�ȯ��u�[�/�rٜ:v��I5�MӐmJ5W��:��hw��W:�y�e��73N�@܎��"�ߟ�WU��V�9�_�#�3�'!��,,L@-��v= ͳ�r �ѡ<�}+�o6-F57��Mi�Qu��͌��9l�I�y5ۜ�Ǽ�D6sSʋN�k��;@?�6��A��5n�7�D��s,��%;��n��(��z��!��\��T��Q�ub��u�)P�J] ��v�%i�`�Л��Ɨ[�ߧ�� !�v��<�gՆ�w��RV�<� �/w��rt�8"ũ,$[? ([�"��N��7��S�o��+EI��9MxP$HG�4AC��Y�w*Ĵ3��L��U��0��Uy�Q?H��`�^�� 5�k�%�|pE�*;�~�0�}�w� �<"��aYJC𽠏��V&w�ݼ��lx=&\5��#�;��t-�c��1bKB��M�+M�qs��S\1|[�[�k��U�#�ݣ[�U��޷��c��'�w/� ��H�T�7��'�YF��5�OBgAy]t��,O\�VM�@\��w+y1�=1��N1Qܻ��V`u��X;{�&��2�/^H3�V�`��b�NVZ��5�/��I�˭�ε?�c2N8Q��9��[��r �I��;D�~��8Ϧmw�=:�4I2[�:��U� =Bs� d��o_P~�m�<yI��f�k�ݱ�yW�a�s��6k��u�Sl�{�t��^��Kش��R/�{�--x(�1��.��_Uꮸ A��?�Y��&�-?�wǃ��ϔ\9��/>C �� Q�� xuD�J��'��$!�H��A

Sections

.text
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata1
Size: 684KB - Virtual size: 681KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
OCX Error Read Me.txt
data/Codejock.Controls.v12.0.2.Demo.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

7e50f991f7d01f40aaf28a462b9644e1

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/11/2006, 00:00

Not After

20/10/2008, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:7e:b2:4f:ca:12:f9:36:31:64:7a:44:f1:40:a1:8a:66:9c:e8:eb
Signer

Actual PE Digest

50:7e:b2:4f:ca:12:f9:36:31:64:7a:44:f1:40:a1:8a:66:9c:e8:eb

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4220
ord2584
ord3654
ord2438
ord1176
ord6197
ord6379
ord6380
ord6215
ord6055
ord1776
ord5290
ord3742
ord567
ord818
ord4299
ord6442
ord1233
ord4275
ord755
ord470
ord613
ord289
ord2379
ord6041
ord2452
ord1146
ord1265
ord1567
ord268
ord703
ord603
ord1969
ord2454
ord273
ord403
ord2393
ord1259
ord1770
ord462
ord3115
ord3315
ord3470
ord452
ord6307
ord521
ord4167
ord6157
ord699
ord3938
ord397
ord5593
ord3438
ord6876
ord912
ord4188
ord538
ord4277
ord6283
ord4278
ord2763
ord4204
ord834
ord836
ord2814
ord4160
ord2813
ord5216
ord861
ord1572
ord849
ord850
ord906
ord845
ord1133
ord2233
ord404
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2890
ord6572
ord2915
ord857
ord940
ord6779
ord536
ord6385
ord6389
ord1979
ord5442
ord3318
ord665
ord5186
ord354
ord924
ord926
ord539
ord922
ord1206
ord1223
ord2868
ord5575
ord3525
ord433
ord4202
ord5710
ord1644
ord4163
ord1200
ord4020
ord2727
ord2730
ord2729
ord1949
ord2152
ord6453
ord6605
ord3797
ord2380
ord2381
ord2567
ord4270
ord1134
ord3005
ord2135
ord3732
ord556
ord809
ord2122
ord1940
ord4287
ord1229
ord5053
ord1795
ord2575
ord3402
ord3574
ord4396
ord609
ord4284
ord4123
ord3089
ord6170
ord6880
ord5785
ord939
ord1150
ord6662
ord1140
ord3610
ord656
ord765
ord6458
ord4480
ord3092
ord2645
ord2108
ord6377
ord2078
ord6199
ord3721
ord795
ord2116
ord6663
ord3698
ord3957
ord2642
ord1871
ord1000
ord5589
ord394
ord696
ord3435
ord4185
ord2580
ord4400
ord3630
ord682
ord1844
ord1849
ord4083
ord1848
ord5805
ord6086
ord1908
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord2041
ord498
ord1008
ord3475
ord4259
ord5849
ord4715
ord2646
ord5788
ord472
ord4258
ord3719
ord5161
ord5162
ord5160
ord4905
ord4742
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord3699
ord793
ord768
ord489
ord2294
ord2362
ord2302
ord4976
ord6334
ord1771
ord6366
ord2413
ord2024
ord4401
ord692
ord1847
ord3803
ord6194
ord4124
ord1815
ord5861
ord1651
ord2867
ord2112
ord6195
ord3520
ord6401
ord3870
ord2463
ord3711
ord783
ord1816
ord4234
ord324
ord2714
ord6008
ord6905
ord2301
ord668
ord2770
ord356
ord1858
ord2652
ord1669
ord4538
ord3530
ord2439
ord1693
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord3133
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord4534
ord4949
ord2541
ord2954
ord2384
ord6370
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord1205
ord723
ord4249
ord4996
ord4743
ord5888
ord5979
ord6128
ord5573
ord3199
ord5033
ord5574
ord3057
ord4820
ord2566
ord559
ord812
ord1088
ord3830
ord5610
ord4530
ord4544
ord4523
ord5685
ord3274
ord439
ord736
ord5495
ord5782
ord3920
ord3811
ord2820
ord551
ord4203
ord941
ord5683
ord1262
ord1832
ord5651
ord350
ord6447
ord4033
ord5642
ord1083
ord6394
ord1114
ord1113
ord1877
ord3376
ord423
ord1126
ord1614
ord4811
ord1685
ord6040
ord1686
ord3474
ord5008
ord5953
ord3499
ord2515
ord355
ord801
ord541
ord4042
ord2613
ord1706
ord6570
ord729
ord2504
ord2795
ord430
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord366
ord1842
ord4242
ord4793
ord5252
ord5228
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord5260
ord4432
ord761
ord480
ord1904
ord4256
ord4894
ord4723
ord5121
ord674
ord5483
ord2496
ord5959
ord3119
ord6042
ord3230
ord3212
ord2901
ord5984
ord3203

msvcrt

_ftol
wcscmp
wcsstr
_wcslwr
_mbsicmp
atoi
_purecall
memmove
free
malloc
_mbscmp
strchr
sscanf
__CxxFrameHandler
wcslen
strtod
mbstowcs
wcsncpy
calloc
realloc
_splitpath
floor
fseek
_fstat
fopen
fclose
ftell
fgets
isprint
sprintf
isxdigit
qsort
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
wcsncmp
_CxxThrowException
_mbsnbcpy
wcschr
_wcsicmp
_wtoi
_mbctype
swscanf
ceil
_strdup
_mbsrchr
_mbsinc
_ismbcalnum
_ismbcspace
_ismbcdigit
_ismbcprint
_ismbcalpha
wcstombs
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_CIpow

kernel32

lstrlenW
IsDBCSLeadByte
InterlockedDecrement
lstrcpynA
GetCurrentProcess
TerminateProcess
GlobalSize
LocalFree
GetPrivateProfileIntA
lstrlenA
GetCurrentDirectoryA
GetModuleFileNameA
GetTickCount
GetOEMCP
GetCPInfo
GetVersionExA
EnumResourceLanguagesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
WritePrivateProfileStringA
GetFileAttributesA
lstrcmpA
EnumResourceNamesA
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceA
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
InterlockedIncrement
GlobalLock
GlobalUnlock
GetModuleHandleA
MulDiv
LoadLibraryA
GetProcAddress
GetCurrentThreadId
GetLastError
LocalAlloc

user32

PeekMessageA
SetRect
SystemParametersInfoA
DefWindowProcA
LoadCursorA
GetForegroundWindow
GetLastActivePopup
GetWindowLongA
GetDialogBaseUnits
IntersectRect
SetCapture
LockWindowUpdate
IsRectEmpty
GetCapture
GetMessageA
ClientToScreen
GetWindowPlacement
DispatchMessageA
ReleaseCapture
InvertRect
CopyRect
GetClientRect
IsWindow
GetWindowRect
SetRectEmpty
GetCursorPos
ScreenToClient
PtInRect
CallNextHookEx
GetParent
SetWindowsHookExA
UnhookWindowsHookEx
GetDesktopWindow
GetDC
ReleaseDC
GetSysColor
ShowWindow
GetClassLongA
LoadIconA
GetSubMenu
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
wsprintfA
UnionRect
EmptyClipboard
WinHelpA
CheckMenuItem
GetNextDlgTabItem
MessageBeep
PostMessageA
DrawFrameControl
SetCursor
AdjustWindowRectEx
RedrawWindow
GetSysColorBrush
LoadStringA
SetWindowTextA
GetDlgCtrlID
GetWindow
GetClassNameA
DrawFocusRect
FillRect
GetFocus
InflateRect
SetActiveWindow
UpdateWindow
EqualRect
SetWindowPos
SetTimer
InvalidateRect
GetCursor
GetKeyState
KillTimer
IsWindowVisible
WindowFromPoint
GetSystemMetrics
LoadMenuIndirectA
DrawAnimatedRects
FindWindowA
EnumChildWindows
SetForegroundWindow
ValidateRect
SetParent
SetClassLongA
GetDlgItem
HideCaret
LookupIconIdFromDirectoryEx
LoadMenuA
CopyImage
SetClipboardData
LoadBitmapA
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateA
CreateIconFromResourceEx
LoadImageA
TranslateMessage
GetDoubleClickTime
VkKeyScanA
CreateAcceleratorTableA
CloseClipboard
DestroyAcceleratorTable
GetAsyncKeyState
IsIconic
IsChild
MoveWindow
DrawEdge
SetScrollPos
GetClipboardData
EnableMenuItem
IsClipboardFormatAvailable
EnableScrollBar
ShowScrollBar
CreateCaret
SetCaretPos
DragDetect
ShowCaret
GetScrollInfo
DestroyCaret
OpenClipboard
GetScrollPos
RegisterClipboardFormatA
SetWindowRgn
GetWindowRgn
CallWindowProcA
RegisterWindowMessageA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetWindowLongA
SendMessageA
EnableWindow
GrayStringA
DrawTextA
OffsetRect
TabbedTextOutA

gdi32

CreateDIBSection
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
GetTextMetricsA
CreatePatternBrush
GetBkColor
GetTextColor
GetTextAlign
SetPixelV
GetWindowOrgEx
CreateFontA
GetCharWidthA
SetBoundsRect
GetRgnBox
CreatePolygonRgn
RoundRect
SetBkMode
CombineRgn
GetViewportOrgEx
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
GetClipRgn
IntersectClipRect
ExtSelectClipRgn
ExtTextOutW
GetTextExtentPoint32W
MoveToEx
Polyline
Ellipse
LineTo
Rectangle
GetTextExtentPointA
SetBrushOrgEx
CreateRectRgn
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateFontIndirectA
GetTextExtentPoint32A
Polygon
GetStockObject
EnumFontFamiliesExA
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectA
GetClipBox
GetDeviceCaps
GetPixel

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA

shell32

DragQueryFileA
ShellExecuteA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHAppBarMessage
Shell_NotifyIconA

comctl32

ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIcon
ImageList_GetIconSize
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageInfo
ImageList_Create
_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked
ord17

ole32

CoCreateInstance
OleRun
ReleaseStgMedium

olepro32

ord252
ord254
ord253

oleaut32

SafeArrayCreate
VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantChangeType
SysFreeString
SysAllocString
VariantChangeTypeEx
OleLoadPicturePath
SafeArrayGetDim
VariantClear
LoadRegTypeLi
SysAllocStringLen

Exports

Exports

?interfaceMap@CWebBrowserSite@@1UAFX_INTERFACEMAP@@B
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 932KB - Virtual size: 928KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 376KB - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/Codejock.SkinFramework.v12.0.2.Demo.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

3b88dfcd07af09944815316e07120745

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/11/2006, 00:00

Not After

20/10/2008, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c1:52:cf:31:95:57:8f:bb:bf:38:b1:3b:7d:c1:fe:34:29:09:aa:2f
Signer

Actual PE Digest

c1:52:cf:31:95:57:8f:bb:bf:38:b1:3b:7d:c1:fe:34:29:09:aa:2f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord423
ord723
ord5163
ord1614
ord3797
ord4299
ord3474
ord5008
ord800
ord2764
ord3262
ord1206
ord540
ord1223
ord2486
ord3237
ord860
ord1168
ord1601
ord2818
ord858
ord4278
ord5683
ord5265
ord4853
ord4998
ord2514
ord6052
ord1775
ord2385
ord6374
ord5280
ord4627
ord4425
ord3597
ord640
ord4160
ord2450
ord2642
ord6215
ord6199
ord1640
ord323
ord2915
ord5572
ord641
ord537
ord801
ord2640
ord2623
ord541
ord1177
ord6467
ord5861
ord4042
ord2613
ord1706
ord6570
ord1799
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord366
ord1842
ord4242
ord4793
ord5805
ord2379
ord4123
ord5252
ord2393
ord6197
ord2233
ord5228
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord5260
ord4432
ord761
ord480
ord1904
ord4256
ord4894
ord3495
ord1140
ord3874
ord5981
ord4723
ord5121
ord3092
ord2859
ord2860
ord6880
ord1567
ord5575
ord3525
ord433
ord268
ord535
ord861
ord539
ord674
ord2575
ord4396
ord3574
ord3402
ord3721
ord609
ord795
ord567
ord324
ord2086
ord2302
ord4234
ord3811
ord2820
ord551
ord5710
ord4129
ord4203
ord3571
ord3626
ord941
ord6380
ord1146
ord4710
ord6334
ord755
ord470
ord3663
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord3670
ord561
ord3952
ord2724
ord6354
ord1216
ord1227
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3681
ord4668
ord743
ord6440
ord1214
ord4249
ord2687
ord1226
ord1210
ord922
ord3946
ord2956
ord2556
ord5785
ord5314
ord6030
ord1269
ord668
ord3178
ord3181
ord5825
ord2781
ord2770
ord924
ord356
ord4277
ord2763
ord2614
ord6282
ord939
ord536
ord5440
ord6383
ord5450
ord6394
ord2740
ord2801
ord686
ord2096
ord384
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3706
ord5781
ord3693
ord3573
ord2405
ord2753
ord2754
ord6648
ord3138
ord2919
ord3517
ord6877
ord3619
ord5875
ord764
ord3028
ord2863
ord824
ord826
ord2107
ord2841
ord2452
ord1265
ord703
ord603
ord1969
ord2454
ord273
ord403
ord1259
ord1770
ord462
ord3115
ord3315
ord3470
ord452
ord6307
ord521
ord4167
ord4275
ord3742
ord818
ord6157
ord699
ord3938
ord397
ord5593
ord3438
ord6876
ord912
ord4188
ord6283
ord4204
ord834
ord836
ord2814
ord2813
ord5216
ord1572
ord849
ord850
ord906
ord845
ord404
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2890
ord6572
ord857
ord940
ord6779
ord6385
ord6389
ord1979
ord5442
ord3318
ord665
ord5186
ord354
ord926
ord2868
ord4202
ord1644
ord4163
ord805
ord3030
ord2381
ord1153
ord1176
ord6493
ord533
ord923
ord6874
ord2567
ord1270
ord2867
ord6662
ord5631
ord4284
ord4287
ord2714
ord1949
ord4226
ord3884
ord3920
ord1229
ord2380
ord3089
ord2862
ord3752
ord3754
ord6194
ord289
ord613
ord1262
ord1132
ord4624
ord1116
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord269
ord4081
ord3080
ord4908
ord4909
ord4659
ord4935
ord4930
ord4925
ord4988
ord4594
ord4521
ord4548
ord4903
ord4650
ord4768
ord4660
ord4661
ord4113
ord5649
ord2998
ord2876
ord4707
ord4705
ord5150
ord3868
ord2953
ord5213
ord1963
ord2137
ord6002
ord3133
ord4920
ord4856
ord2156
ord5674
ord4639
ord4687
ord4342
ord1693
ord3376
ord2986
ord3269
ord4466
ord3260
ord3148
ord2983
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6370
ord2384
ord5241
ord4407
ord1776
ord4078
ord6055
ord2954
ord2541
ord4949
ord4534
ord4539
ord3404
ord2488
ord4979
ord4992
ord4415
ord4603
ord4409
ord4738
ord4741
ord4739
ord4356
ord4361
ord4371
ord4584
ord5060
ord4636
ord4637
ord4649
ord4780
ord4354
ord4643
ord4654
ord5023

msvcrt

_CxxThrowException
_ftol
_strdup
free
_mbscmp
atoi
wcsncpy
wcslen
_mbsicmp
_CIpow
wcscmp
wcsstr
_wcslwr
malloc
__CxxFrameHandler
memmove
sscanf
strtod
mbstowcs
strrchr
wcschr
_mbsstr
sprintf
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
??1type_info@@UAE@XZ
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_purecall

kernel32

LocalSize
OpenProcess
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
CreateThread
VirtualQuery
VirtualProtect
GetSystemInfo
GetCurrentProcessId
GetVersionExA
EnumResourceLanguagesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
EnumResourceNamesA
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
LocalFree
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceA
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetFileAttributesA
InterlockedDecrement
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameA
InterlockedIncrement
MulDiv
lstrlenA
DeleteCriticalSection
LocalAlloc

user32

GetCursorPos
ScreenToClient
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetSysColor
LoadStringA
GetAsyncKeyState
LoadCursorA
SetCursor
IsIconic
MessageBeep
LoadBitmapA
PostMessageA
GetWindowRect
EqualRect
InvalidateRect
SystemParametersInfoA
DefDlgProcW
IsWindow
EnableWindow
SetTimer
KillTimer
GetKeyState
UpdateWindow
SetRect
CopyRect
IsWindowVisible
InflateRect
MoveWindow
GetParent
GetWindowLongA
SendMessageA
GetSystemMetrics
PtInRect
SetWindowRgn
ReleaseDC
GetSystemMenu
DefDlgProcA
DefFrameProcW
DefFrameProcA
DefWindowProcW
CallWindowProcW
GetScrollInfo
EnableScrollBar
SetScrollInfo
SetScrollPos
GetSysColorBrush
CallWindowProcA
GetClassNameA
GetClassLongA
FillRect
LoadMenuIndirectA
LookupIconIdFromDirectoryEx
LoadMenuA
CopyImage
RegisterWindowMessageA
GetDoubleClickTime
OffsetRect
TranslateMessage
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateA
CreateIconFromResourceEx
LoadImageA
RegisterClipboardFormatA
GrayStringA
DrawTextA
TabbedTextOutA
GetWindowTextLengthA
GetWindowTextA
SetClassLongA
GetFocus
DrawFocusRect
GetMenuState
GetMenu
GetDesktopWindow
GetMenuItemCount
EnumWindows
GetWindowThreadProcessId
GetWindow
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetWindowLongA
EndPaint
BeginPaint
SendMessageTimeoutA
LoadIconA
DrawFrameControl
DrawEdge
AdjustWindowRectEx
RegisterClassW
RegisterClassA
DefMDIChildProcW
GetDC
DefMDIChildProcA
DefWindowProcA
IntersectRect
SetCapture
IsRectEmpty
GetCapture
GetMessageA
ClientToScreen
DispatchMessageA
ReleaseCapture
GetClientRect
SetRectEmpty

gdi32

Polygon
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
CreateDIBSection
SetStretchBltMode
GetDIBits
CreateDIBitmap
SelectPalette
GetObjectType
GetTextColor
ExtSelectClipRgn
IntersectClipRect
GetClipRgn
CreateRectRgn
GetTextCharsetInfo
CombineRgn
OffsetRgn
SetBrushOrgEx
SetBkMode
CreatePatternBrush
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
CreateCompatibleBitmap
SelectObject
GetPixel
BitBlt
CreateCompatibleDC
GetTextExtentPoint32A
CreateFontIndirectA
CreatePalette
GetObjectA
GetDeviceCaps

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey

shell32

DragQueryFileA
ShellExecuteA

comctl32

ImageList_Add
ImageList_DrawEx
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIcon
_TrackMouseEvent
FlatSB_GetScrollProp
ImageList_Draw
ImageList_GetBkColor
ImageList_GetIconSize
ImageList_DrawIndirect

ole32

CoCreateInstance
ReleaseStgMedium
OleRun

olepro32

ord254
ord253
ord252

oleaut32

SysAllocString
VariantChangeTypeEx
OleLoadPicturePath
SafeArrayGetDim
SafeArrayCreate
VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantChangeType
VariantClear
LoadRegTypeLi
SysFreeString

imagehlp

ImageDirectoryEntryToData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 336KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/IPList.dat
data/MSCOMCTL.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

b22bd7d6f2b83c193c4c7e9c0a2de8b2

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/05/2002, 00:55

Not After

25/11/2003, 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
LocalReAlloc
GetProfileIntA
RtlMoveMemory
LocalSize
FreeResource
GetCurrentProcessId
MulDiv
GetTickCount
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GlobalReAlloc
IsBadReadPtr
Sleep
WaitForSingleObject
GlobalHandle
GetThreadLocale
LocalFree
LocalAlloc
GlobalAddAtomA
SetFilePointer
SetStdHandle
FlushFileBuffers
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
CompareStringW
GlobalSize
CreateFileA
GetFileSize
GlobalUnlock
GlobalLock
ReadFile
CloseHandle
GlobalFree
IsDBCSLeadByte
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetLastError
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
IsBadWritePtr
lstrcmpiA
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpA
GlobalAlloc
GetVersionExA
GetCurrentThreadId
MultiByteToWideChar
CompareStringA
lstrcpyA
InterlockedExchange
lstrlenA
GetSystemDefaultLCID
lstrcpynA
HeapAlloc
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
HeapReAlloc

user32

DrawFocusRect
AdjustWindowRect
DrawFrameControl
TrackPopupMenu
GetMessageA
AdjustWindowRectEx
CopyRect
GetKeyNameTextA
ShowCaret
SetCaretPos
GrayStringA
HideCaret
DestroyCaret
CreateCaret
SetWindowTextA
SetScrollInfo
DrawTextExA
InvertRect
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
GetScrollInfo
GetKeyboardLayout
DestroyCursor
GetUpdateRgn
GetUpdateRect
GetWindowRgn
ValidateRect
CallMsgFilterA
LockWindowUpdate
IsZoomed
GetDesktopWindow
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
EndDeferWindowPos
EnumChildWindows
GetDoubleClickTime
FindWindowA
GetMessageTime
GetWindowThreadProcessId
RemovePropA
SendNotifyMessageA
SetScrollPos
SetScrollRange
GetWindowTextLengthA
EnableScrollBar
ChildWindowFromPoint
EndDialog
GetWindow
GetPropA
GetCursorPos
WindowFromPoint
GetClassNameA
GetDlgCtrlID
IsWindow
SetPropA
SetTimer
KillTimer
SendDlgItemMessageA
IsWindowVisible
UnregisterClassA
CharNextA
SetActiveWindow
CheckRadioButton
SetFocus
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
IsWindowEnabled
GetDCEx
DrawIconEx
CreateIconIndirect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
SetCursorPos
RegisterClipboardFormatA
MessageBeep
RegisterWindowMessageA
PeekMessageA
PostMessageW
PeekMessageW
VkKeyScanA
SetParent
CharUpperA
GetDlgItemInt
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
IsDialogMessageA
ScrollWindowEx
GetDlgItemTextA
SetWindowRgn
IntersectRect
EqualRect
MoveWindow
BeginPaint
EndPaint
DeferWindowPos
BeginDeferWindowPos
CharNextExA
DrawIcon
DestroyIcon
MapWindowPoints
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
DestroyMenu
GetActiveWindow
MessageBoxA
WinHelpA
PtInRect
DefWindowProcA
GetWindowDC
SetRect
LoadCursorA
IsRectEmpty
ClientToScreen
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetAsyncKeyState
EnableWindow
PostMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DialogBoxParamA
UpdateWindow
GetWindowLongA
SetWindowLongA
GetDC
ReleaseDC
GetParent
OffsetRect
UnionRect
GetFocus
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetMessagePos
ScreenToClient
SetWindowPos
SetCapture
GetWindowTextA
WindowFromDC
GetClientRect
CallWindowProcA
DrawEdge
GetSysColor
FrameRect
InflateRect
FillRect
DrawTextA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
InvalidateRect
LoadIconA
GetSystemMetrics
CopyImage
SendMessageA
LoadStringA
RedrawWindow
ShowWindow
CreateAcceleratorTableA

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
OleLoadFromStream
OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

advapi32

RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
OleCreateFontIndirect
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLi
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysAllocStringLen
VariantCopy
OleTranslateColor
VariantChangeType
OleCreatePictureIndirect
VariantCopyInd
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

Arc
GetTextExtentPointA
GetCharWidthA
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
Polyline
GetTextAlign
SetTextAlign
OffsetRgn
GetTextColor
CombineRgn
GetTextMetricsA
MoveToEx
LineTo
Ellipse
DeleteObject
SelectObject
CreateSolidBrush
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetDeviceCaps
CreateFontIndirectA
GetObjectA
SelectClipRgn
ExcludeClipRect
RectVisible
GetClipBox
IntersectClipRect
GetClipRgn
CreateRectRgnIndirect
RealizePalette
SelectPalette
PatBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
GetTextExtentPoint32A
TextOutA
SetBkColor
SetTextColor
SetBkMode
Rectangle
CreatePen
GetStockObject
GetViewportExtEx
GetWindowExtEx
LPtoDP
DeleteDC
CreateDCA
CreateRectRgn
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
GetDIBits
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
CreatePatternBrush
CreateDIBSection
CreateHalftonePalette
BitBlt
SetDIBColorTable
GetDIBColorTable
GetPixel
StretchDIBits
SetBrushOrgEx
GetBkColor
ExtTextOutA
RestoreDC
SaveDC
CreateFontA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 688KB - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/MSDATGRD.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

876294974e137decb1d3a02e0db7e3b1

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
CompareStringW
GetVersionExA
IsDBCSLeadByte
LoadResource
CompareStringA
FindResourceA
HeapReAlloc
LockResource
lstrcmpiA
lstrcpyA
GetLocaleInfoA
GetWindowsDirectoryA
lstrcpynA
GetModuleFileNameA
lstrcatA
DisableThreadLibraryCalls
GetFileAttributesA
GetVersion
GetLastError
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
IsBadWritePtr
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
LoadLibraryA
EnterCriticalSection
HeapAlloc
GetProcessHeap
lstrlenA
GetProcAddress

user32

GetDesktopWindow
GetCapture
EndDialog
SetCursor
UnregisterClassA
ReleaseCapture
GetDlgItem
GetDCEx
WaitMessage
DefWindowProcA
GetWindow
GetActiveWindow
GetParent
EqualRect
SetWindowRgn
ShowWindow
SetParent
EndPaint
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
BeginPaint
EnableMenuItem
PeekMessageW
PostMessageW
RegisterWindowMessageA
KillTimer
SetTimer
wsprintfA
PeekMessageA
GetMessageA
PostQuitMessage
InvalidateRect
SetDlgItemTextA
TranslateMessage
CharNextA
IsWindowVisible
GetFocus
IsChild
GetDlgItemInt
SetDlgItemInt
GetWindowTextLengthA
SendDlgItemMessageA
EnableWindow
GetDlgItemTextA
IsDlgButtonChecked
LoadMenuA
GetSubMenu
DestroyMenu
CheckDlgButton
TrackPopupMenu
GetScrollInfo
ScrollWindowEx
ShowScrollBar
DrawFrameControl
SetScrollInfo
EnableScrollBar
IntersectRect
DrawTextA
DrawTextW
WindowFromDC
DrawTextExW
SetRect
FillRect
InflateRect
OffsetRect
GetDC
DrawTextExA
UpdateWindow
GetWindowRect
GetClientRect
ReleaseDC
CreateDialogIndirectParamA
DialogBoxParamA
PostMessageA
PtInRect
WinHelpA
GetAsyncKeyState
DispatchMessageA
GetKeyState
CreateWindowExW
SetWindowLongW
RedrawWindow
SendMessageW
ClientToScreen
ScreenToClient
CallWindowProcW
CallWindowProcA
MoveWindow
CreateWindowExA
SetWindowLongA
SetWindowPos
LoadBitmapA
RegisterClipboardFormatA
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
MessageBoxA
SetFocus
MessageBeep
GetKeyboardLayout
GetWindowLongA
SendMessageA
GetSysColor
LoadCursorA
RegisterClassA
DestroyWindow
GetSystemMetrics
LoadStringA
GetMessagePos
EnumClipboardFormats
SetCapture

ole32

OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoCreateInstance
OleLoadFromStream
CoTaskMemFree
CreateStreamOnHGlobal
GetHGlobalFromStream

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SafeArrayCreateVector
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
CreateErrorInfo
SafeArrayAccessData
OleCreatePropertyFrame
LoadTypeLibEx
SetErrorInfo
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
OleCreatePictureIndirect
OleTranslateColor
VariantChangeTypeEx
SysAllocStringByteLen
LoadRegTypeLi
OleCreateFontIndirect
VarR4FromStr
VarBstrFromR4
VariantChangeType
VariantCopy
VariantClear
GetErrorInfo
VariantInit
SysStringLen
SysAllocStringLen
SysStringByteLen
SysFreeString
SysAllocString

gdi32

GetTextExtentPoint32W
ExtTextOutW
CreatePen
ExtTextOutA
CreateDCA
SetROP2
SetWindowExtEx
SetViewportExtEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
LPtoDP
DeleteObject
CreateSolidBrush
GetTextExtentPoint32A
SetTextColor
DeleteDC
SetBkColor
CloseEnhMetaFile
GetDeviceCaps
CreateEnhMetaFileA
BitBlt
DeleteEnhMetaFile
GetObjectA
SetMapMode
DPtoLP
SelectClipRgn
GetWindowOrgEx
CreateRectRgnIndirect
Rectangle
IntersectClipRect
SetWindowOrgEx
PatBlt
SetTextAlign
GetDIBits
StretchDIBits
GetClipBox
CreateBitmap
GetSystemPaletteEntries
SelectObject
GetStockObject
CreateCompatibleDC
GetMapMode

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/MSINET.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

96286284ff8e040938ba779778d1542e

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wininet

FtpSetCurrentDirectoryA
FtpCreateDirectoryA
InternetCrackUrlA
InternetSetOptionA
InternetCreateUrlA
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetFindNextFileA
FtpDeleteFileA
FtpGetFileA
FtpPutFileA
FtpRenameFileA
InternetReadFile
InternetConnectA
FtpGetCurrentDirectoryA
FtpRemoveDirectoryA
FtpFindFirstFileA
HttpQueryInfoA
HttpOpenRequestA
HttpSendRequestA
InternetOpenUrlA

kernel32

LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
GetProcessHeap
CloseHandle
LocalFree
FormatMessageA
SetEvent
CreateEventA
GetLastError
MultiByteToWideChar
lstrcatA
lstrcpyA
lstrlenA
ResetEvent
SetLastError
lstrcpynA
WaitForSingleObject
WaitForMultipleObjects
GetTickCount
IsBadWritePtr
DisableThreadLibraryCalls
GetVersion
GetFileAttributesA
GetModuleFileNameA
GetWindowsDirectoryA
LoadLibraryA
GetLocaleInfoA
GetProcAddress
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
lstrcmpiA
LockResource
LoadResource
FindResourceA
lstrcmpA

user32

SetDlgItemInt
SendDlgItemMessageA
GetMessageA
PostQuitMessage
GetDlgItemInt
GetDlgItemTextA
SendMessageA
ReleaseDC
GetDC
CharNextA
SetDlgItemTextA
SetWindowPos
SetWindowLongA
SetParent
EndPaint
GetClientRect
BeginPaint
GetWindowLongA
SetFocus
MoveWindow
GetWindow
GetActiveWindow
GetWindowRect
IsWindowVisible
TranslateMessage
OffsetRect
EqualRect
IntersectRect
DispatchMessageA
GetWindowThreadProcessId
PtInRect
WinHelpA
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBoxA
MessageBeep
SetTimer
PeekMessageA
MsgWaitForMultipleObjects
PostMessageA
GetParent
ClientToScreen
CreateWindowExA
EndDialog
LoadIconA
DrawEdge
DrawIcon
LoadCursorA
RegisterClassA
DestroyIcon
KillTimer
DestroyWindow
GetSystemMetrics
LoadStringA
wsprintfA
DialogBoxParamA
SetWindowRgn
ShowWindow
DefWindowProcA
PostThreadMessageA
UnregisterClassA

ole32

CoUninitialize
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegEnumKeyExA
RegQueryValueExA
RegQueryValueA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

oleaut32

OleCreatePropertyFrame
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
SafeArrayCreate
SetErrorInfo
CreateErrorInfo
GetErrorInfo
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
VariantChangeTypeEx
SysAllocString

gdi32

GetWindowExtEx
SetViewportOrgEx
LPtoDP
DeleteDC
SetWindowExtEx
SetMapMode
SetViewportExtEx
GetViewportExtEx
SetWindowOrgEx
CreateDCA
GetDeviceCaps
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/RICHTX32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

aaca01ab2cd35af160b8025e9dcfad9f

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

shell32

DragAcceptFiles
DragQueryFileA
DragFinish

oledlg

ord1

kernel32

GlobalUnlock
GetVersionExA
GlobalSize
GlobalLock
FindResourceA
GlobalAlloc
GlobalFree
GetLocaleInfoA
LoadResource
LockResource
GetModuleFileNameA
GetWindowsDirectoryA
HeapReAlloc
GetFileAttributesA
lstrcatA
lstrcpynA
DisableThreadLibraryCalls
GetProcAddress
GetVersion
GetAtomNameA
FindAtomA
AddAtomA
IsBadWritePtr
DeleteAtom
InterlockedIncrement
FreeLibrary
LoadLibraryA
InterlockedDecrement
GetProcessHeap
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
WriteFile
GetLastError
ReadFile
LeaveCriticalSection
CreateFileA
lstrcmpA
lstrcpyA
HeapAlloc
lstrlenA
HeapFree
WideCharToMultiByte
lstrlenW
SetFilePointer
MultiByteToWideChar
IsDBCSLeadByte
CloseHandle
lstrcmpiA

user32

SetCursorPos
ScreenToClient
GetClipboardFormatNameA
PeekMessageW
PostMessageW
PeekMessageA
RegisterWindowMessageA
IsDlgButtonChecked
SetDlgItemInt
SetDlgItemTextA
CheckDlgButton
ReleaseCapture
DefWindowProcA
LoadCursorA
SetCursor
CreateDialogIndirectParamA
MapWindowPoints
FillRect
GetDlgItemTextA
GetClientRect
InvalidateRect
ValidateRect
SetRect
GetSysColor
InflateRect
GetClassInfoA
TrackPopupMenu
GetWindow
GetWindowTextA
CharNextA
MessageBoxA
SendDlgItemMessageA
GetDlgItem
PostMessageA
IsChild
TranslateMessage
DispatchMessageA
IsWindowEnabled
GetNextDlgTabItem
IsDialogMessageA
WinHelpA
BeginPaint
MoveWindow
SetFocus
IsWindowVisible
EndPaint
SetParent
ShowWindow
EnableMenuItem
DeleteMenu
EqualRect
SetWindowRgn
IntersectRect
GetWindowRect
OffsetRect
GetDlgItemInt
GetActiveWindow
SetWindowLongA
SetWindowPos
LoadMenuA
UnregisterClassA
DestroyWindow
DestroyMenu
GetSubMenu
RemoveMenu
GetParent
GetMenuItemCount
GetFocus
IsWindow
WindowFromDC
RegisterClassA
LoadStringA
RegisterClipboardFormatA
GetCapture
GetCursorPos
EnableWindow
EndDialog
wsprintfA
GetKeyState
MessageBeep
CallWindowProcA
GetDC
GetSystemMetrics
ReleaseDC
UpdateWindow
SendMessageA
DialogBoxParamA
GetWindowLongA
CreateWindowExA
ClientToScreen
PtInRect

ole32

DoDragDrop
RegisterDragDrop
CreateOleAdviseHolder
OleCreateFromFile
CLSIDFromProgID
OleCreate
OleSetContainedObject
StringFromCLSID
OleGetIconOfClass
CoGetMalloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSaveToStream
OleLoadFromStream
RevokeDragDrop
CoTaskMemRealloc
ReleaseStgMedium
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA

oleaut32

SafeArrayGetElement
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetLBound
VariantCopyInd
VariantCopy
SafeArrayUnaccessData
SetErrorInfo
OleCreatePropertyFrame
CreateErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
OleCreatePictureIndirect
LoadRegTypeLi
GetErrorInfo
OleCreateFontIndirect
SysAllocStringLen
OleLoadPicture
OleTranslateColor
SysStringLen
SysFreeString
VariantChangeType
VariantClear
SysAllocString
VariantInit
SafeArrayCopy

comdlg32

GetOpenFileNameA
CommDlgExtendedError

gdi32

GetNearestColor
CreateSolidBrush
DeleteObject
EnumFontFamiliesExA
CreatePalette
GetBitmapBits
StretchBlt
GetObjectA
SelectPalette
CreateDIBitmap
GetDIBits
GetPaletteEntries
RealizePalette
CreateBitmap
CopyEnhMetaFileA
GetStockObject
CreateDCA
LPtoDP
CopyMetaFileA
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
GetClipBox
SetWindowExtEx
SetBkColor
SelectObject
CreateCompatibleBitmap
SetViewportExtEx
DeleteDC
EndDoc
PatBlt
StartPage
StartDocA
EndPage
SetWindowOrgEx
SetViewportOrgEx
DPtoLP
CreateCompatibleDC
GetMapMode
CreateICA
GetObjectType
SetMapMode
GetDeviceCaps

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VBFrameworkMapClassObject

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/client.ini
data/default.skn
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/mswinsck.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

cb0275eec9ac31b6d4d44320e576fadb

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wsock32

accept
listen
inet_ntoa
recv
WSAGetLastError
WSASetLastError
select
__WSAFDIsSet
shutdown
ntohs
sendto
recvfrom
connect
getsockopt
setsockopt
getsockname
getpeername
closesocket
WSACancelAsyncRequest
gethostbyaddr
bind
WSAAsyncSelect
socket
WSAStartup
WSACleanup
inet_addr
WSAAsyncGetHostByName
WSAAsyncGetHostByAddr
gethostbyname
htons
gethostname
ioctlsocket
send

kernel32

lstrlenW
GetFileAttributesA
GetModuleFileNameA
InitializeCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
lstrcpynA
lstrcpyA
lstrlenA
lstrcatA
IsBadWritePtr
WideCharToMultiByte
GetVersion
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
LocalFree
FormatMessageA
GetTickCount
MultiByteToWideChar
SetLastError
GetProcAddress
GetLocaleInfoA
DeleteCriticalSection
FreeLibrary
DisableThreadLibraryCalls
lstrcmpA
InterlockedDecrement
GetWindowsDirectoryA
LoadLibraryA
HeapReAlloc
InterlockedIncrement
lstrcmpiA
GetLastError
LockResource
LoadResource
FindResourceA

user32

EndDialog
DialogBoxParamA
GetActiveWindow
MessageBoxA
DrawEdge
GetDC
CharNextA
LoadCursorA
wsprintfA
GetWindowRect
SetWindowPos
ShowWindow
IsDialogMessageA
GetWindow
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
SetParent
WinHelpA
IsWindowVisible
EndPaint
GetClientRect
BeginPaint
SendDlgItemMessageA
LoadStringA
ClientToScreen
OffsetRect
EqualRect
IntersectRect
SetWindowRgn
PtInRect
MessageBeep
LoadBitmapA
GetSystemMetrics
GetParent
CreateDialogIndirectParamA
GetDlgItemTextA
SetDlgItemInt
SendMessageA
DefWindowProcA
GetWindowLongA
DestroyWindow
KillTimer
SetTimer
UnregisterClassA
RegisterClassA
PeekMessageA
PostMessageA
SetDlgItemTextA
SetFocus
GetDlgItemInt
MoveWindow
SetWindowLongA
CreateWindowExA
ReleaseDC

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SysAllocString
VariantChangeType
SysAllocStringLen
SysStringLen
SafeArrayRedim
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
OleCreatePropertyFrame
LoadRegTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SetErrorInfo
CreateErrorInfo
GetErrorInfo
SysFreeString
SysAllocStringByteLen
SafeArrayCreate
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
VariantInit

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateRectRgnIndirect
GetWindowExtEx
GetViewportExtEx
DeleteDC
DeleteObject
GetObjectA
LPtoDP
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetViewportOrgEx
SetWindowOrgEx
CreateDCA
BitBlt
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sql/README.txt
sql/bssnet.sql
stub.bin
.exe windows:4 windows x86 arch:x86

6c4a988109eb1e0bc692012bfb25ba5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord690
ord694
ord696
MethCallEngine
EVENT_SINK_Invoke
ord621
ord516
ord518
ord626
ord519
ord660
ord558
ord666
ord667
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord592
ord593
ord594
ord595
ord303
ord702
ord598
ord599
ord520
ord309
ord709
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord528
ord529
ord561
DllFunctionCall
ord563
ord569
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord711
ord712
ord606
ord607
ord714
ord608
ord716
ord717
ord319
ProcCallEngine
ord535
ord536
ord537
ord644
ord645
ord570
ord648
ord571
ord572
ord573
EVENT_SINK2_AddRef
ord681
ord576
ord577
ord685
ord578
ord100
ord579
ord689
ord610
ord320
ord612
ord321
ord616
ord617
ord618
ord619
ord580
ord581

Sections

.text
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
upx.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1012KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 253KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

22fe75e4e2cec50f4cbf12304ccde23b

Headers

File Characteristics

Imports

msvbvm60

kernel32

Exports

Exports

Sections

.text Size: - Virtual size: 1.3MB

.data Size: - Virtual size: 42KB

.rsrc Size: 40KB - Virtual size: 341KB

.adata0 Size: - Virtual size: 52KB

.tls Size: 4KB - Virtual size: 24B

.adata1 Size: 684KB - Virtual size: 681KB

7e50f991f7d01f40aaf28a462b9644e1

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5Certificate

Extended Key Usages

Key Usages

50:7e:b2:4f:ca:12:f9:36:31:64:7a:44:f1:40:a1:8a:66:9c:e8:ebSigner

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

Exports

Exports

Sections

.text Size: 932KB - Virtual size: 928KB

.rdata Size: 204KB - Virtual size: 201KB

.data Size: 44KB - Virtual size: 54KB

.rsrc Size: 376KB - Virtual size: 374KB

.reloc Size: 96KB - Virtual size: 95KB

3b88dfcd07af09944815316e07120745

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5Certificate

Extended Key Usages

Key Usages

c1:52:cf:31:95:57:8f:bb:bf:38:b1:3b:7d:c1:fe:34:29:09:aa:2fSigner

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

.text
Size: - Virtual size: 1.3MB

.data
Size: - Virtual size: 42KB

.rsrc
Size: 40KB - Virtual size: 341KB

.adata0
Size: - Virtual size: 52KB

.tls
Size: 4KB - Virtual size: 24B

.adata1
Size: 684KB - Virtual size: 681KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

50:7e:b2:4f:ca:12:f9:36:31:64:7a:44:f1:40:a1:8a:66:9c:e8:eb
Signer

.text
Size: 932KB - Virtual size: 928KB

.rdata
Size: 204KB - Virtual size: 201KB

.data
Size: 44KB - Virtual size: 54KB

.rsrc
Size: 376KB - Virtual size: 374KB

.reloc
Size: 96KB - Virtual size: 95KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

c1:52:cf:31:95:57:8f:bb:bf:38:b1:3b:7d:c1:fe:34:29:09:aa:2f
Signer

.text
Size: 336KB - Virtual size: 333KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 24KB - Virtual size: 30KB

.rsrc
Size: 84KB - Virtual size: 81KB

.reloc
Size: 36KB - Virtual size: 32KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

.text
Size: 688KB - Virtual size: 687KB

.data
Size: 32KB - Virtual size: 28KB

.rsrc
Size: 280KB - Virtual size: 279KB

.reloc
Size: 40KB - Virtual size: 38KB

.text
Size: 166KB - Virtual size: 166KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 10KB - Virtual size: 9KB