575ef9c44320a1c2b4670cd31c909f0c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

575ef9c44320a1c2b4670cd31c909f0c_JaffaCakes118
Size

3.7MB
MD5

575ef9c44320a1c2b4670cd31c909f0c
SHA1

01994bc88945983b1876368b4118bb6d710303e8
SHA256

66f983e687811f271493fe6ea85d59ae9761ea784f368313ba20710f6416fa23
SHA512

51dac2b077db67c9d38764addd50250086112307b35eeb8735232c6b32d95172f0c66cc68b806a2fc17e89fdcd1cb50e20f8b28ee0631d177ea3130a44dc8929
SSDEEP

98304:yJDDs6yVulJULlq1YRqhmTglHm2iMkUNoKv58ORS1jI:yxlqxqCkmTeHm2N7a5+

Score

3^/10

Malware Config

Signatures

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
575ef9c44320a1c2b4670cd31c909f0c_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/WmiInspector.dll
unpack001/$SYSDIR/qq.exe
unpack001/$TEMP/YoudaoDict_zhusha_quantui_003.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/RunDict.exe
unpack003/$PLUGINSDIR/NSISArray.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/UserInfo.dll
unpack003/$PLUGINSDIR/fpinstall.dll
unpack001/$TEMP/sobar.exe
unpack001/pvz.exe

NSIS installer 3 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$TEMP/install_flash_player_ax.exe	nsis_installer_1

Files

575ef9c44320a1c2b4670cd31c909f0c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dfb06052e74b26a42b0e490bd1c07959

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

0b51ce6ce6bf8d5c68b3ea9f3ac1bf2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
MessageBoxA
CallWindowProcA
PostMessageA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/WmiInspector.dll
.dll windows:4 windows x86 arch:x86

35e8b490cb254ba4b70b06fe54a9dae6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

r:\123\release\WmiInspector.pdb

Imports

kernel32

lstrcpynA
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalFree
lstrcpyA
FlushFileBuffers
CloseHandle
CreateFileA
GetLastError
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
InitializeCriticalSection
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

ole32

CoSetProxyBlanket
CoCreateInstance

oleaut32

SysFreeString
VariantInit
SysAllocStringByteLen
VariantClear
SysStringLen
SysAllocString

Exports

Exports

AntiVirus
CPU
FireWall
FullOS
FullSQLVersion
OS
OSVersion
Request
Resolution
SQLVersion
ShortUserName
UserName
UserSID

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/163pan.ico
$SYSDIR/55277.ico
$SYSDIR/down.ico
$SYSDIR/mimi.ico
$SYSDIR/pvz.ico
$SYSDIR/qq.exe
.exe windows:4 windows x86 arch:x86

57221ad2e18bf822f1d27864669e331d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\VC6Work\OpenURL\Release\OpenURL.pdb

Imports

shell32

ShellExecuteA

kernel32

HeapReAlloc
GetSystemInfo
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
GetVersionExA
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
HeapAlloc
HeapSize
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/qq.ico
$SYSDIR/setup.ico
$SYSDIR/tao.ico
$SYSDIR/uninst.ico
$SYSDIR/wagamm.ico
$TEMP/YoudaoDict_zhusha_quantui_003.exe
.exe windows:5 windows x86 arch:x86

d733325afb1b78a1866016af1f6cd3a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Work\nsis-unicode\build\udebug\stub_lzma_solid\stub_lzma.pdb

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
ExitProcess
CopyFileW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrcpynA
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
lstrcpyA
lstrcpyW
lstrcatW
GetSystemDirectoryW
GetVersion
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
GetVersionExW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
WriteFile
MulDiv
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
LoadLibraryW

user32

IsWindowEnabled
SetWindowPos
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
EndDialog
SetClassLongW
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
RegisterClassW
AppendMenuW
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
CharUpperW
wvsprintfW
DispatchMessageW
PeekMessageW
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
FindWindowExW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
DefWindowProcW
SendMessageTimeoutW

gdi32

SetBkColor
GetDeviceCaps
CreateBrushIndirect
DeleteObject
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegQueryValueExW
RegSetValueExW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 612KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

daeb419961fa3d87aec2a1a0b184db31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Work\nsis-unicode\build\udebug\InstallOptions\InstallOptions.pdb

Imports

kernel32

GetModuleHandleW
lstrcmpiW
GlobalLock
MultiByteToWideChar
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
WideCharToMultiByte
GlobalAlloc

user32

OpenClipboard
GetClientRect
LoadCursorW
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetClipboardData
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
MessageBoxW
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
GetDlgItem
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
SetWindowRgn

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 691B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
RunDict.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/install_flash_player_ax.exe
.exe windows:4 windows x86 arch:x86

8f26fcd857d64db1a0ee4f8bdb240223

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:57:f9:cb:ca:c1:ea:95:04:83:8e:3e:d9:35:5d:2d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/10/2008, 00:00

Not After

10/12/2009, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d7:ad:75:88:32:48:ee:11:39:f3:f8:7e:30:75:2d:a0:3b:84:51:d6
Signer

Actual PE Digest

d7:ad:75:88:32:48:ee:11:39:f3:f8:7e:30:75:2d:a0:3b:84:51:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
lstrcmpiA
CopyFileA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCurrentProcess

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISArray.dll
.dll windows:4 windows x86 arch:x86

91596216b99c852af6e0fb1fe8192de4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyA
lstrcpynA
lstrcmpiA
lstrcmpA
lstrcatA
GlobalAlloc

user32

MessageBoxA
SendMessageA
wsprintfA
GetDlgItem
FindWindowExA
DialogBoxParamA
EnableWindow
SetWindowTextA
EndDialog
RedrawWindow
CharLowerA

Exports

Exports

ArrayCount
ArrayExists
Clear
Concat
Copy
Cut
Debug
Delete
ErrorStyle
Exists
ExistsI
FreeUnusedMem
Join
New
Pop
Push
Put
ReDim
Read
ReadToStack
Reverse
Search
SearchI
SetSize
Shift
SizeOf
Sort
Splice
Swap
Unload
Unshift
Write
WriteList
WriteListC

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

48cfa0ea7e353e4a7dd23572da8374ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName

Sections

.text
Size: 1024B - Virtual size: 573B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/fpinstall.dll
.dll windows:4 windows x86 arch:x86

4bb7026bcfe942cdf23b6f661ad54f48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
OpenProcess
GetVersionExA
FormatMessageA
GetLastError
SetFileAttributesA
GetFileAttributesA
GetCurrentProcess
TerminateProcess
CloseHandle
lstrlenA
lstrcpyA
GlobalAlloc
lstrcpynA
LoadLibraryA
GlobalFree

user32

MessageBoxA

advapi32

GetTokenInformation
RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
OpenProcessToken

Exports

Exports

_ChangeRegKeyDACL
_FindProcess
_KillProcess
_ObjectExistsAndIsOwnedBySomeoneElse
_RecursiveRegLockUnlock
_Unload
_UnlockControl

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 466B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/FlashUtil10d.exe
.exe windows:5 windows x86 arch:x86

c8a9f0aa8ca1ec9669a57e97c635955d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:57:f9:cb:ca:c1:ea:95:04:83:8e:3e:d9:35:5d:2d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/10/2008, 00:00

Not After

10/12/2009, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:5f:2e:65:bf:2c:7a:d4:8b:07:ef:30:0c:ae:cf:f9:94:be:07:1c
Signer

Actual PE Digest

52:5f:2e:65:bf:2c:7a:d4:8b:07:ef:30:0c:ae:cf:f9:94:be:07:1c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetCloseHandle
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA

crypt32

CertVerifySubjectCertificateContext
CryptGetMessageCertificates
CertCloseStore
CertFreeCertificateContext
CryptVerifyMessageSignature
CertFindCertificateInStore
CertCreateCertificateContext

shlwapi

SHDeleteKeyA

kernel32

GetCPInfo
IsDebuggerPresent
GetLastError
CreateMutexA
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetTempPathA
WriteFile
FormatMessageA
_lclose
_lread
OpenFile
GetSystemDirectoryA
SetThreadLocale
GetSystemDefaultLangID
LocalFree
LocalAlloc
GetCurrentProcess
CreateThread
GetModuleHandleA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
UnmapViewOfFile
GetTickCount
WaitForSingleObject
ReleaseMutex
WideCharToMultiByte
GetACP
GetFileAttributesA
CreateDirectoryA
DeleteFileA
MultiByteToWideChar
CreateFileW
SetFilePointer
SetFileAttributesA
InterlockedIncrement
InterlockedDecrement
CreateFileMappingA
FindClose
FindNextFileA
FindFirstFileA
CreateProcessA
ExitProcess
GetCommandLineA
TerminateProcess
HeapSize
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetOEMCP
FreeEnvironmentStringsA
Sleep
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
GetStdHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
HeapAlloc
HeapFree
GetStartupInfoA
IsValidCodePage
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
MapViewOfFile
RtlUnwind

user32

GetForegroundWindow
SystemParametersInfoA
WaitForInputIdle
LoadImageA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyIcon
LoadCursorA
RegisterClassExA
DefWindowProcA
CreateDialogParamA
SetWindowTextA
CharNextA
CreateWindowExA
GetDlgItem
SetWindowLongA
MessageBoxA
LoadBitmapA
LoadStringA
DialogBoxParamA
EndDialog
GetParent
GetDesktopWindow
GetWindowRect
SetWindowPos
PostMessageA
ShowWindow
SendMessageA
DestroyWindow
PostQuitMessage
DdeInitializeA
DdeDisconnect
DdeUninitialize
DdeClientTransaction
DdeCreateStringHandleA
DdeConnect
DdeFreeStringHandle
ScreenToClient
GetWindowLongA

gdi32

DeleteObject

advapi32

RegDeleteValueA
RegCreateKeyExA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
LookupAccountSidA

shell32

ShellExecuteA

ole32

CoRegisterClassObject
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoRevokeClassObject

oleaut32

SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayDestroy
DispInvoke
SysAllocString
SafeArrayAccessData
LoadRegTypeLi
DispGetIDsOfNames

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Flash10d.ocx
.dll regsvr32 windows:5 windows x86 arch:x86

bbcf2461b6afdae4c3c84c0cf582063b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:57:f9:cb:ca:c1:ea:95:04:83:8e:3e:d9:35:5d:2d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/10/2008, 00:00

Not After

10/12/2009, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:f0:a0:3e:dc:97:48:8b:2a:5f:89:16:b0:0c:02:a5:da:a6:64:28
Signer

Actual PE Digest

0a:f0:a0:3e:dc:97:48:8b:2a:5f:89:16:b0:0c:02:a5:da:a6:64:28

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\flashfarm\depot\main\player\branches\FlashPlayer\FlashPlayer10_Marlin\platform\win32\obj\Flash5AX\Release\Flash.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

winmm

waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveInGetNumDevs
waveOutGetDevCapsA
waveOutUnprepareHeader
waveOutGetNumDevs
waveOutOpen
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveOutGetPosition
timeSetEvent
timeKillEvent
timeBeginPeriod
timeGetTime
waveOutPrepareHeader
waveOutWrite
waveOutClose
waveOutReset
timeGetDevCaps
waveInGetDevCapsA
timeEndPeriod

wininet

HttpSendRequestA
InternetOpenA
HttpQueryInfoA
HttpOpenRequestA
InternetConnectA
InternetReadFile
InternetCloseHandle

crypt32

CryptGetMessageCertificates
CertCreateCertificateContext
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CertFreeCertificateContext
CertCloseStore
CryptVerifyMessageSignature

rpcrt4

UuidToStringA
RpcStringFreeA

oleaut32

OleCreatePropertyFrame
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
SysAllocStringLen
SysStringLen
SysStringByteLen
VariantInit
VariantClear
VariantChangeType
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SafeArrayDestroy
VarBstrCat
SysAllocStringByteLen
SafeArrayUnlock
SafeArrayLock
SafeArrayCreateVector

kernel32

LocalFree
LocalAlloc
SetFileAttributesA
GetFileAttributesA
CreateMutexA
FreeLibrary
GetModuleFileNameA
MulDiv
GlobalUnlock
GlobalLock
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
GetCurrentThreadId
OutputDebugStringA
SetLastError
DisableThreadLibraryCalls
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
SetErrorMode
GetTickCount
LCMapStringA
LCMapStringW
CreateProcessA
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadPriority
WaitForSingleObject
SetWaitableTimer
CreateThread
CreateWaitableTimerA
GetProcessTimes
GetCurrentProcessId
GlobalSize
GetTempFileNameW
GetSystemInfo
GetSystemDefaultLangID
MoveFileA
DeleteFileA
GetUserDefaultLangID
CreateFileA
ExitThread
WriteFile
SetFilePointer
ReadFile
GetFileSize
LockResource
GetCurrentProcess
FindResourceExW
GetFileAttributesW
SetUnhandledExceptionFilter
GetTempPathA
FindClose
FindNextFileA
FindFirstFileA
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
CreateDirectoryA
CreateFileW
GetCurrentDirectoryA
GetTempFileNameA
GetSystemDirectoryA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
SetCurrentDirectoryA
SetFilePointerEx
GetFileSizeEx
GetFileAttributesExA
RemoveDirectoryA
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
CreateFileMappingA
TerminateThread
lstrcpyA
IsDBCSLeadByteEx
VirtualProtectEx
HeapAlloc
GetProcessHeap
HeapFree
VirtualAlloc
VirtualFree
VirtualProtect
CreateSemaphoreA
ReleaseSemaphore
IsProcessorFeaturePresent
GetCommandLineA
UnhandledExceptionFilter
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
TerminateProcess
IsDebuggerPresent
HeapCreate
FindResourceExA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
FlushInstructionCache
lstrcmpiA
GetModuleHandleA
GetLastError
LoadLibraryA
GetProcAddress
GlobalAlloc
GetLocaleInfoA
GetVersionExA
lstrlenW
lstrlenA
RaiseException
WideCharToMultiByte
GlobalFree
GetCurrentThread
SetThreadAffinityMask
VirtualQuery
IsDBCSLeadByte
GetACP
GetCPInfo
MultiByteToWideChar
ResetEvent
CreateEventA
CloseHandle
WaitForMultipleObjects
SetEvent
InterlockedExchange
InterlockedCompareExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
IsValidCodePage
GetOEMCP
RtlUnwind
HeapDestroy
HeapReAlloc
ExitProcess

user32

IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindowThreadProcessId
PeekMessageA
WaitForInputIdle
GetForegroundWindow
TranslateMessage
DispatchMessageA
DialogBoxParamW
DialogBoxParamA
RedrawWindow
DialogBoxIndirectParamW
DialogBoxIndirectParamA
EndDialog
GetDesktopWindow
LoadIconA
SendMessageA
GetDlgItem
SetWindowTextA
GetMenuItemCount
InsertMenuItemW
GetClipboardFormatNameA
RegisterClipboardFormatA
GetParent
IsChild
PtInRect
BeginPaint
EndPaint
SystemParametersInfoA
GetMenuItemID
DeleteMenu
InsertMenuItemA
GetMenuItemInfoA
TrackPopupMenu
KillTimer
SetTimer
UpdateWindow
RegisterClassA
GetWindowRect
MapVirtualKeyA
GetKeyState
GetFocus
ReleaseCapture
GetSystemMetrics
EnumDisplaySettingsA
GetCapture
LoadMenuA
GetSubMenu
DestroyMenu
SetCursor
WindowFromPoint
GetCursorPos
ScreenToClient
GetClientRect
MessageBoxA
LoadStringA
SetCapture
IsWindow
DestroyWindow
EnableMenuItem
CheckMenuItem
SetFocus
GetWindowInfo
CopyRect
SendInput
GetKeyboardLayout
FillRect
UnregisterClassA
CreateWindowExA
RegisterClassExA
InvalidateRect
DefWindowProcA
UnionRect
CallWindowProcA
IntersectRect
EqualRect
SetWindowRgn
SetWindowPos
GetDC
LoadCursorA
GetClassInfoExA
ShowWindow
GetWindowLongA
SetWindowLongA
CharNextW
CharNextA
ClientToScreen
GetMonitorInfoA
OffsetRect
SetRect
MonitorFromWindow
GetTopWindow
GetDoubleClickTime
EnumWindows
PostMessageA
IsWindowEnabled
GetWindow
GetClassNameA
GetWindowTextW
GetWindowTextA
ReleaseDC

gdi32

CreateMetaFileA
GetObjectA
CreateDIBSection
DeleteObject
GetDIBits
CreateCompatibleBitmap
SetWindowOrgEx
SelectObject
SelectPalette
RealizePalette
ExtTextOutA
SetBkColor
CreateSolidBrush
StretchBlt
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
SetTextAlign
StartPage
BitBlt
EndPage
SetStretchBltMode
GetStretchBltMode
Rectangle
GetStockObject
StretchDIBits
SetViewportOrgEx
SetPolyFillMode
GetClipBox
GetSystemPaletteEntries
GetObjectType
GetICMProfileA
CreateDCA
CreateFontIndirectA
GetTextMetricsA
EnumFontFamiliesA
SetBkMode
IntersectClipRect
SelectClipRgn
ExtTextOutW
SetTextColor
GetClipRgn
CreateRectRgn
GetTextAlign
GetBkMode
GetTextColor
GetBkColor
CreateFontIndirectW
SetWorldTransform
SetGraphicsMode
GetWorldTransform
SetTextCharacterExtra
CreatePen
DPtoLP
GetTextExtentPoint32W
GetCurrentObject
GetTextExtentPoint32A
CreatePalette
StartDocA
EndDoc
StrokePath
ExtCreatePen
FillPath
SaveDC
BeginPath
EndPath
LineTo
MoveToEx
PolyBezierTo
SelectClipPath
RestoreDC
GdiFlush
CreateCompatibleDC
DeleteDC
GetPixel
GetDeviceCaps
GetFontData
LPtoDP
EnumFontFamiliesExW
TextOutA

comdlg32

CommDlgExtendedError
GetSaveFileNameA
PrintDlgA
GetOpenFileNameA

advapi32

RegEnumKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHAppBarMessage

ole32

OleRegGetMiscStatus
CreateDataAdviseHolder
CoCreateInstance
StringFromGUID2
WriteClassStm
OleSaveToStream
OleRegGetUserType
CoInitialize
ReleaseStgMedium
OleFlushClipboard
OleIsCurrentClipboard
OleGetClipboard
OleUninitialize
OleRegEnumVerbs
CreateOleAdviseHolder
CoTaskMemRealloc
CoTaskMemFree
ReadClassStm
CoTaskMemAlloc
OleSetClipboard
OleInitialize
CoRegisterMessageFilter
CoInitializeEx
CreateBindCtx
CoUninitialize

shlwapi

SHDeleteKeyA

urlmon

HlinkSimpleNavigateToMoniker
RegisterBindStatusCallback
CreateURLMoniker
CopyStgMedium

mscms

DeleteColorTransform
CloseColorProfile
CreateColorTransformW
OpenColorProfileA
TranslateBitmapBits

ws2_32

getservbyname
htons
gethostbyaddr
getservbyport
WSASetLastError
setsockopt
ioctlsocket
connect
recvfrom
sendto
WSAAddressToStringA
gethostname
select
ntohl
htonl
WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACleanup
closesocket
WSAGetLastError
WSAIoctl
WSAAsyncSelect
socket
WSASocketA
WSAStartup
recv
send
bind
ntohs
getsockname
inet_addr
gethostbyname
inet_ntoa

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 519KB - Virtual size: 519KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 962KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlashUtil10d.exe
.exe windows:5 windows x86 arch:x86

c8a9f0aa8ca1ec9669a57e97c635955d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:57:f9:cb:ca:c1:ea:95:04:83:8e:3e:d9:35:5d:2d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/10/2008, 00:00

Not After

10/12/2009, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:5f:2e:65:bf:2c:7a:d4:8b:07:ef:30:0c:ae:cf:f9:94:be:07:1c
Signer

Actual PE Digest

52:5f:2e:65:bf:2c:7a:d4:8b:07:ef:30:0c:ae:cf:f9:94:be:07:1c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetCloseHandle
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA

crypt32

CertVerifySubjectCertificateContext
CryptGetMessageCertificates
CertCloseStore
CertFreeCertificateContext
CryptVerifyMessageSignature
CertFindCertificateInStore
CertCreateCertificateContext

shlwapi

SHDeleteKeyA

kernel32

GetCPInfo
IsDebuggerPresent
GetLastError
CreateMutexA
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetTempPathA
WriteFile
FormatMessageA
_lclose
_lread
OpenFile
GetSystemDirectoryA
SetThreadLocale
GetSystemDefaultLangID
LocalFree
LocalAlloc
GetCurrentProcess
CreateThread
GetModuleHandleA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
UnmapViewOfFile
GetTickCount
WaitForSingleObject
ReleaseMutex
WideCharToMultiByte
GetACP
GetFileAttributesA
CreateDirectoryA
DeleteFileA
MultiByteToWideChar
CreateFileW
SetFilePointer
SetFileAttributesA
InterlockedIncrement
InterlockedDecrement
CreateFileMappingA
FindClose
FindNextFileA
FindFirstFileA
CreateProcessA
ExitProcess
GetCommandLineA
TerminateProcess
HeapSize
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetOEMCP
FreeEnvironmentStringsA
Sleep
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
GetStdHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
HeapAlloc
HeapFree
GetStartupInfoA
IsValidCodePage
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
MapViewOfFile
RtlUnwind

user32

GetForegroundWindow
SystemParametersInfoA
WaitForInputIdle
LoadImageA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyIcon
LoadCursorA
RegisterClassExA
DefWindowProcA
CreateDialogParamA
SetWindowTextA
CharNextA
CreateWindowExA
GetDlgItem
SetWindowLongA
MessageBoxA
LoadBitmapA
LoadStringA
DialogBoxParamA
EndDialog
GetParent
GetDesktopWindow
GetWindowRect
SetWindowPos
PostMessageA
ShowWindow
SendMessageA
DestroyWindow
PostQuitMessage
DdeInitializeA
DdeDisconnect
DdeUninitialize
DdeClientTransaction
DdeCreateStringHandleA
DdeConnect
DdeFreeStringHandle
ScreenToClient
GetWindowLongA

gdi32

DeleteObject

advapi32

RegDeleteValueA
RegCreateKeyExA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
LookupAccountSidA

shell32

ShellExecuteA

ole32

CoRegisterClassObject
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoRevokeClassObject

oleaut32

SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayDestroy
DispInvoke
SysAllocString
SafeArrayAccessData
LoadRegTypeLi
DispGetIDsOfNames

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninstall_activeX.exe.nsis
$TEMP/sobar.exe
.exe windows:4 windows x86 arch:x86

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
config.ini
data.xml
.xml
index.html
.html
pvz.exe
.exe windows:4 windows x86 arch:x86

6096b5db997cb997d346e3f608a9e6f1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\dgreen\Мои документы\Visual Studio 2005\Projects\CDBrowser\release\CDBrowser.pdb

Imports

kernel32

GetFileAttributesA
GetFileTime
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
GetACP
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
FileTimeToLocalFileTime
SetErrorMode
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetOEMCP
GetCPInfo
GlobalFlags
GetTickCount
FileTimeToSystemTime
FormatMessageA
MulDiv
InterlockedDecrement
GetModuleFileNameW
GetThreadLocale
GetCurrentProcessId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
SetLastError
lstrcmpW
GetVersionExA
WritePrivateProfileStringA
FreeResource
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
lstrcmpA
FreeLibrary
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
TlsFree
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedIncrement
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersion
GetLastError
InterlockedExchange
lstrlenW
MultiByteToWideChar
CompareStringW
WideCharToMultiByte
lstrlenA
GetPrivateProfileStringA
GetPrivateProfileIntA
CompareStringA
CloseHandle
CreateProcessA
GetCurrentDirectoryA

user32

DestroyMenu
UnregisterClassA
PostThreadMessageA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
MoveWindow
SetWindowTextA
CharNextA
GetWindowThreadProcessId
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
MessageBeep
GetNextDlgGroupItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
PtInRect
LoadIconA
IsIconic
SendMessageA
GetSystemMetrics
GetClientRect
DrawIcon
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SystemParametersInfoA
GetWindowPlacement
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
GetSysColorBrush
LoadCursorA
RegisterClipboardFormatA
IsChild
EnableWindow
CharUpperA
CopyAcceleratorTableA
IsWindow
GetWindowLongA
IsWindowVisible
IsWindowEnabled
CopyRect
IsRectEmpty
SetRect
OffsetRect
IntersectRect
EqualRect
GetWindowRect
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
SetCapture
GetFocus
GetDesktopWindow
SetWindowPos
SetFocus
ReleaseCapture
PostMessageA
PostQuitMessage
MapDialogRect
GetParent
SetWindowContextHelpId
GetWindow
EndDialog
IsDialogMessageA

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetMapMode
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateRectRgnIndirect
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetTextColor
GetBkColor
GetDeviceCaps
GetStockObject
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetRgnBox

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoRevokeClassObject
CLSIDFromString
CLSIDFromProgID
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantInit
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantClear
SafeArrayDestroy
SysAllocStringLen
VariantChangeType
OleCreateFontIndirect
SysAllocStringByteLen
VariantCopy
SysAllocString

Sections

.text
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 392KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pvz_9_15.swf
readme.txt

Sharing

General

Malware Config

Signatures

Files

dfb06052e74b26a42b0e490bd1c07959

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 252KB

.ndata Size: - Virtual size: 288KB

.rsrc Size: 175KB - Virtual size: 175KB

0b51ce6ce6bf8d5c68b3ea9f3ac1bf2c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 446B

35e8b490cb254ba4b70b06fe54a9dae6

Headers

File Characteristics

PDB Paths

Imports

kernel32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 66KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 8KB - Virtual size: 6KB

57221ad2e18bf822f1d27864669e331d

Headers

File Characteristics

PDB Paths

Imports

shell32

kernel32

Sections

.text Size: 16KB - Virtual size: 15KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 252KB

.ndata
Size: - Virtual size: 288KB

.rsrc
Size: 175KB - Virtual size: 175KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 446B

.text
Size: 68KB - Virtual size: 66KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 48KB - Virtual size: 47KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 9KB - Virtual size: 507KB

.idata
Size: 6KB - Virtual size: 5KB

.ndata
Size: - Virtual size: 612KB

.rsrc
Size: 18KB - Virtual size: 17KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 21KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 691B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 152KB - Virtual size: 149KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 152KB - Virtual size: 150KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

76:57:f9:cb:ca:c1:ea:95:04:83:8e:3e:d9:35:5d:2d
Certificate

d7:ad:75:88:32:48:ee:11:39:f3:f8:7e:30:75:2d:a0:3b:84:51:d6
Signer