cf1b38106e42989ddffb99e0163787135e7b294c5d5e88e3b47ca1b7cd0d6681

Sharing

Copy URL

Twitter E-mail

General

Target

cf1b38106e42989ddffb99e0163787135e7b294c5d5e88e3b47ca1b7cd0d6681
Size

9.0MB
MD5

65db9d146bda563ec5749ec53091b2aa
SHA1

220b5f4edfb7310ed96020cdbac22f13911304ab
SHA256

cf1b38106e42989ddffb99e0163787135e7b294c5d5e88e3b47ca1b7cd0d6681
SHA512

ddd8cc9178b2f5605d28dc6110bb23ba56209677c29089ee8977b11333ed677be8439183c1181f2d75b5ac97357aecf6d7fcc50748ac724e79ffd5f3a7aa46b3
SSDEEP

196608:1OUwPDysgxilKFrSyj9yEwC9CSApC53wbTCwlN2xoWTrjFexDfRFy:dwPFgGKFmrLC9CSAA53mux/Trjr

Score

9^/10

upx vmprotect

Malware Config

Signatures

Detected Nirsoft tools 2 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
static1/unpack001/0x000700000001ab5f-23.exe	Nirsoft
static1/unpack001/0x000700000001ab64-30.exe	Nirsoft

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/0x000b00000001a8ef-137.exe	vmprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/0x000200000001aca8-173.exe	upx

Unsigned PE 19 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0x000100000001ab9c-70.exe
unpack001/0x000100000001ad02-313.exe
unpack001/0x000200000001aca8-173.exe
unpack001/0x000200000001acb5-183.exe
unpack001/0x000200000001acdf-236.exe
unpack001/0x000200000001ace9-240.exe
unpack001/0x000300000001a5a2-209.exe
unpack001/0x000300000001ac90-122.exe
unpack001/0x000300000001ac99-126.exe
unpack001/0x000300000001ac9e-134.exe
unpack001/0x000300000001ac9e-206.exe
unpack001/0x000300000001ac9f-141.exe
unpack001/0x000300000001acec-245.exe
unpack001/0x000300000001aced-248.exe
unpack001/0x000400000001ace8-243.exe
unpack001/0x000500000001a9bf-107.exe
unpack001/0x000900000001a8ef-97.exe
unpack001/0x000b00000001a8ef-137.exe
unpack001/0x000c00000001a921-100.exe

Files

cf1b38106e42989ddffb99e0163787135e7b294c5d5e88e3b47ca1b7cd0d6681
.rar
0x000100000001ab86-55.exe
.exe windows:4 windows x86 arch:x86

39c9c7cd2ff99952b66b87f21b223970

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:ff:7b:32:9c:ff:7f:3b:8d:2d:54:2a:b2:58:26:ba
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18-09-2013 00:00

Not After

23-06-2015 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operate,O=ShenZhen Thunder Networking Technologies Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:21:31:5c:4f:8a:84:20:25:34:84:bd:fa:97:3f:14:92:fd:df:73
Signer

Actual PE Digest

23:21:31:5c:4f:8a:84:20:25:34:84:bd:fa:97:3f:14:92:fd:df:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

rasapi32

RasEnumConnectionsW

kernel32

SetEvent
OpenMutexW
GetTickCount
WaitForSingleObject
TerminateProcess
GetCurrentProcess
GetProcAddress
LoadLibraryW
FreeLibrary
GetVersionExW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
TerminateThread
SuspendThread
ResumeThread
GetCurrentThreadId
CreateThread
ResetEvent
CreateEventW
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
VirtualQuery
IsBadCodePtr
CreateDirectoryW
GetFileAttributesW
lstrcatW
GetTempPathW
UnmapViewOfFile
FormatMessageW
LocalFree
OutputDebugStringA
lstrlenW
GetExitCodeProcess
CreateProcessW
OpenEventW
MapViewOfFile
CreateFileMappingW
FindClose
FindNextFileW
CopyFileW
FindFirstFileW
FileTimeToSystemTime
GetCommandLineW
GetModuleHandleW
lstrcpyW
LocalAlloc
QueryPerformanceCounter
DebugBreak
CreateMutexW
GetLastError
GetPrivateProfileStringW
CloseHandle
GetCurrentProcessId
RaiseException
DeleteCriticalSection
LoadLibraryA
ExitProcess
GetStartupInfoW
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
SetFileAttributesW
DeleteFileW
InitializeCriticalSection
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapAlloc
HeapFree
GetProcessHeap
SetLastError
GetFileAttributesExW
GetCurrentDirectoryW
SetCurrentDirectoryW
RemoveDirectoryW
GetFileSizeEx
CreateFileW

user32

UnregisterClassA
UnregisterClassW

advapi32

GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
SetSecurityInfo

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteExW
ord680

ole32

CoTaskMemFree

oleaut32

SysFreeString

msvcp71

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
?to_char_type@?$char_traits@_W@std@@SA_WABG@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?max_size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?to_int_type@?$char_traits@_W@std@@SAGAB_W@Z
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?clear@ios_base@std@@QAEXH_N@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?eof@?$char_traits@_W@std@@SAGXZ
?to_int_type@?$char_traits@D@std@@SAHABD@Z

shlwapi

PathCombineW
PathRemoveFileSpecW
PathFileExistsW

msvcr71

??1exception@@UAE@XZ
??0exception@@QAE@XZ
_wcsicmp
??_V@YAXPAX@Z
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
fclose
fwprintf
fwrite
_wfopen
getc
fgetwc
fseek
fread
_purecall
wcsrchr
wcschr
swprintf
swscanf
_ultoa
_ultow
_ltoa
_ltow
_ui64toa
_ui64tow
_i64toa
_i64tow
sprintf
atol
_wtoi64
_wtol
_atoi64
sscanf
_stricmp
_vsnprintf
_itow
wcscpy
wcslen
wcscat
wcscmp
malloc
_callnewh
memmove
realloc
_CRT_RTC_INIT
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__security_error_handler
_controlfp
_CxxThrowException
tolower
memcpy
free
_except_handler3
memset
??3@YAXPAX@Z
__CxxFrameHandler
_itoa
??0exception@@QAE@ABV0@@Z

crypt32

CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CryptMsgClose
CertCloseStore

Sections

.textbss
Size: - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
0x000100000001ab87-47.exe
.exe windows:5 windows x86 arch:x86

2fb79d630975ed8d224afda8654df16a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:ff:7b:32:9c:ff:7f:3b:8d:2d:54:2a:b2:58:26:ba
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18-09-2013 00:00

Not After

23-06-2015 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operate,O=ShenZhen Thunder Networking Technologies Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:c8:26:00:d6:af:e9:63:35:6e:04:38:d6:bb:e7:9d:e7:af:b4:4d
Signer

Actual PE Digest

27:c8:26:00:d6:af:e9:63:35:6e:04:38:d6:bb:e7:9d:e7:af:b4:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\workspace\xlframework\win32_component\ThunderFW\Release\ThunderFW.pdb

Imports

kernel32

GetVersionExA
RaiseException
GetProcessHeap
lstrlenA
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
RtlUnwind
HeapAlloc
VirtualAlloc
HeapReAlloc
GetModuleHandleA

ole32

CoInitialize
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SysAllocString
VariantClear

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0x000100000001ab9c-70.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
0x000100000001ad02-313.exe
.exe windows:5 windows x86 arch:x86

4584390e3359f3d94c85a822722c83f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
HeapCompact
lstrlenA
GetLocaleInfoA
AllocConsole
CommConfigDialogA
HeapAlloc
WriteTapemark
SetConsoleTextAttribute
ReadConsoleOutputAttribute
WaitForSingleObject
InterlockedCompareExchange
GetModuleHandleW
GetTickCount
GenerateConsoleCtrlEvent
GetConsoleTitleA
ReadConsoleW
WriteFile
CreateActCtxW
ActivateActCtx
GlobalAlloc
ReadConsoleInputA
GetFileAttributesA
GetVolumePathNamesForVolumeNameW
GetGeoInfoA
GetModuleFileNameW
CreateMailslotW
SetTapePosition
LCMapStringA
ReleaseActCtx
VirtualAlloc
HeapUnlock
ResetEvent
LoadLibraryA
SetConsoleCtrlHandler
BeginUpdateResourceA
HeapLock
SetConsoleWindowInfo
SetConsoleTitleW
GetModuleHandleA
CreateMutexA
GetPrivateProfileSectionA
CloseHandle
WriteProcessMemory
WriteConsoleW
GetConsoleOutputCP
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapCreate
VirtualFree
HeapReAlloc
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA

user32

GetAltTabInfoW

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 460KB - Virtual size: 66.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gakiy
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kekaku
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0x000200000001aca8-173.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
0x000200000001acb5-183.exe
.exe windows:5 windows x86 arch:x86

4584390e3359f3d94c85a822722c83f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
HeapCompact
lstrlenA
GetLocaleInfoA
AllocConsole
CommConfigDialogA
HeapAlloc
WriteTapemark
SetConsoleTextAttribute
ReadConsoleOutputAttribute
WaitForSingleObject
InterlockedCompareExchange
GetModuleHandleW
GetTickCount
GenerateConsoleCtrlEvent
GetConsoleTitleA
ReadConsoleW
WriteFile
CreateActCtxW
ActivateActCtx
GlobalAlloc
ReadConsoleInputA
GetFileAttributesA
GetVolumePathNamesForVolumeNameW
GetGeoInfoA
GetModuleFileNameW
CreateMailslotW
SetTapePosition
LCMapStringA
ReleaseActCtx
VirtualAlloc
HeapUnlock
ResetEvent
LoadLibraryA
SetConsoleCtrlHandler
BeginUpdateResourceA
HeapLock
SetConsoleWindowInfo
SetConsoleTitleW
GetModuleHandleA
CreateMutexA
GetPrivateProfileSectionA
CloseHandle
WriteProcessMemory
WriteConsoleW
GetConsoleOutputCP
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapCreate
VirtualFree
HeapReAlloc
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA

user32

GetAltTabInfoW

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 66.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hiw
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.teloso
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9.9MB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0x000200000001acdf-236.exe
.exe windows:5 windows x86 arch:x86

5921adaaf66f8c259aeda9e22686cd4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitThread
GetStartupInfoW
GetLastError
GetProcAddress
GlobalFree
LoadLibraryA
AddAtomA
FindFirstChangeNotificationA
VirtualProtect
GetCurrentDirectoryA
SetProcessShutdownParameters
GetACP
CompareStringA
CreateFileA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CloseHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
InitAtomTable
GetSystemTimes
GetTickCount
FreeEnvironmentStringsA
GetComputerNameW
FindCloseChangeNotification
FindResourceExW
CompareStringW
GetCPInfo
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FatalAppExitA
VirtualAlloc
HeapReAlloc
MultiByteToWideChar
ReadFile
InitializeCriticalSectionAndSpinCount
HeapSize
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
SetStdHandle
GetLocaleInfoW
SetEnvironmentVariableA

user32

CloseClipboard
GetSubMenu
LoadBitmapA
BeginPaint
CallMsgFilterW
PeekMessageA
MapVirtualKeyExW
RegisterRawInputDevices
SetWindowsHookExW
GetClipboardSequenceNumber
GetDialogBaseUnits
MessageBoxIndirectA

gdi32

CreateCompatibleDC
PlayEnhMetaFile
ScaleViewportExtEx
SetStretchBltMode
SetPixelV
CreateDiscardableBitmap
AddFontResourceW
SetDeviceGammaRamp

shell32

ExtractAssociatedIconA
ShellExecuteW
ShellAboutW
DragQueryFileA

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0x000200000001ace9-240.exe
.exe windows:5 windows x86 arch:x86

171b91a7bc4bb92a64e3ed31d3391f58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
CreateActCtxA
GetModuleHandleA
InterlockedExchangeAdd
ReadConsoleInputA
GetTapeParameters
SetTapePosition
CreateMutexW
GetTickCount
CreateFileA
GetPrivateProfileSectionW
PulseEvent
LocalAlloc
ReadProcessMemory
ResetEvent
FreeConsole
SetConsoleTitleA
LoadLibraryA
VirtualAlloc
CommConfigDialogA
GetFileAttributesA
HeapAlloc
HeapCompact
GetUserDefaultLangID
lstrcatA
WriteConsoleOutputAttribute
GetVolumePathNamesForVolumeNameW
GetProcessHeaps
WaitForSingleObject
lstrlenA
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
HeapReAlloc
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
HeapSize
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CloseHandle

user32

GetAltTabInfoW

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 444KB - Virtual size: 66.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cusehut
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.docag
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0x000300000001a5a2-209.exe
.exe windows:5 windows x86 arch:x86

1d5232f8519f5ff6dec562c97b920f70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
CreateActCtxA
HeapUnlock
GetModuleHandleA
InterlockedExchangeAdd
ReadConsoleInputA
SetTapeParameters
SetTapePosition
CreateMutexW
GetTickCount
CreateFileA
GetPrivateProfileSectionW
PulseEvent
LocalAlloc
WriteProcessMemory
SetEvent
FreeConsole
SetConsoleTitleA
LoadLibraryA
VirtualAlloc
CommConfigDialogA
GetFileAttributesA
HeapAlloc
HeapCompact
GetUserDefaultLangID
lstrcatA
WriteConsoleOutputAttribute
GetVolumePathNamesForVolumeNameW
WaitForSingleObject
lstrlenA
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
HeapReAlloc
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
HeapSize
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CloseHandle

user32

GetAltTabInfoW

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 684KB - Virtual size: 67.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rame
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.timuduw
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0x000300000001ac90-122.exe
.exe windows:5 windows x86 arch:x86

3a03315a69d67f27a457461cabbd9821

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
CreateMutexW
HeapCompact
lstrlenA
GetLocaleInfoA
AllocConsole
CommConfigDialogA
HeapAlloc
ReadConsoleOutputAttribute
WaitForSingleObject
InterlockedCompareExchange
GetModuleHandleW
GetTickCount
GenerateConsoleCtrlEvent
GetConsoleTitleA
ReadConsoleW
CreateActCtxW
ActivateActCtx
ReadConsoleInputA
FreeConsole
GetFileAttributesA
GetVolumePathNamesForVolumeNameW
GetGeoInfoA
ReadFile
GetModuleFileNameW
CreateMailslotW
SetConsoleTitleA
SetTapePosition
LCMapStringA
ReleaseActCtx
GetProcessHeaps
VirtualAlloc
HeapUnlock
ResetEvent
LoadLibraryA
LocalAlloc
SetConsoleCtrlHandler
BeginUpdateResourceA
HeapLock
SetConsoleWindowInfo
GetTapeParameters
GetModuleHandleA
lstrcatW
CreateMutexA
GetPrivateProfileSectionA
CloseHandle
WriteProcessMemory
WriteConsoleW
GetConsoleOutputCP
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapCreate
VirtualFree
HeapReAlloc
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA

user32

GetAltTabInfoW

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 251KB - Virtual size: 66.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.culunol
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kol
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0x000300000001ac99-126.exe
.exe windows:5 windows x86 arch:x86

4584390e3359f3d94c85a822722c83f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
HeapCompact
lstrlenA
GetLocaleInfoA
AllocConsole
CommConfigDialogA
HeapAlloc
WriteTapemark
SetConsoleTextAttribute
ReadConsoleOutputAttribute
WaitForSingleObject
InterlockedCompareExchange
GetModuleHandleW
GetTickCount
GenerateConsoleCtrlEvent
GetConsoleTitleA
ReadConsoleW
WriteFile
CreateActCtxW
ActivateActCtx
GlobalAlloc
ReadConsoleInputA
GetFileAttributesA
GetVolumePathNamesForVolumeNameW
GetGeoInfoA
GetModuleFileNameW
CreateMailslotW
SetTapePosition
LCMapStringA
ReleaseActCtx
VirtualAlloc
HeapUnlock
ResetEvent
LoadLibraryA
SetConsoleCtrlHandler
BeginUpdateResourceA
HeapLock
SetConsoleWindowInfo
SetConsoleTitleW
GetModuleHandleA
CreateMutexA
GetPrivateProfileSectionA
CloseHandle
WriteProcessMemory
WriteConsoleW
GetConsoleOutputCP
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapCreate
VirtualFree
HeapReAlloc
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA

user32

GetAltTabInfoW

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 66.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.figoni
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pejo
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0x000300000001ac9e-134.exe
.exe windows:5 windows x86 arch:x86

4584390e3359f3d94c85a822722c83f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
HeapCompact
lstrlenA
GetLocaleInfoA
AllocConsole
CommConfigDialogA
HeapAlloc
WriteTapemark
SetConsoleTextAttribute
ReadConsoleOutputAttribute
WaitForSingleObject
InterlockedCompareExchange
GetModuleHandleW
GetTickCount
GenerateConsoleCtrlEvent
GetConsoleTitleA
ReadConsoleW
WriteFile
CreateActCtxW
ActivateActCtx
GlobalAlloc
ReadConsoleInputA
GetFileAttributesA
GetVolumePathNamesForVolumeNameW
GetGeoInfoA
GetModuleFileNameW
CreateMailslotW
SetTapePosition
LCMapStringA
ReleaseActCtx
VirtualAlloc
HeapUnlock
ResetEvent
LoadLibraryA
SetConsoleCtrlHandler
BeginUpdateResourceA
HeapLock
SetConsoleWindowInfo
SetConsoleTitleW
GetModuleHandleA
CreateMutexA
GetPrivateProfileSectionA
CloseHandle
WriteProcessMemory
WriteConsoleW
GetConsoleOutputCP
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapCreate
VirtualFree
HeapReAlloc
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA

user32

GetAltTabInfoW

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 151KB - Virtual size: 66.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dacotix
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xoko
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0x000300000001ac9e-206.exe
.exe windows:5 windows x86 arch:x86

4584390e3359f3d94c85a822722c83f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
HeapCompact
lstrlenA
GetLocaleInfoA
AllocConsole
CommConfigDialogA
HeapAlloc
WriteTapemark
SetConsoleTextAttribute
ReadConsoleOutputAttribute
WaitForSingleObject
InterlockedCompareExchange
GetModuleHandleW
GetTickCount
GenerateConsoleCtrlEvent
GetConsoleTitleA
ReadConsoleW
WriteFile
CreateActCtxW
ActivateActCtx
GlobalAlloc
ReadConsoleInputA
GetFileAttributesA
GetVolumePathNamesForVolumeNameW
GetGeoInfoA
GetModuleFileNameW
CreateMailslotW
SetTapePosition
LCMapStringA
ReleaseActCtx
VirtualAlloc
HeapUnlock
ResetEvent
LoadLibraryA
SetConsoleCtrlHandler
BeginUpdateResourceA
HeapLock
SetConsoleWindowInfo
SetConsoleTitleW
GetModuleHandleA
CreateMutexA
GetPrivateProfileSectionA
CloseHandle
WriteProcessMemory
WriteConsoleW
GetConsoleOutputCP
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapCreate
VirtualFree
HeapReAlloc
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA

user32

GetAltTabInfoW

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 151KB - Virtual size: 66.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dacotix
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xoko
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0x000300000001ac9f-141.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0x000300000001acec-245.exe
.exe windows:5 windows x86 arch:x86

4584390e3359f3d94c85a822722c83f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
HeapCompact
lstrlenA
GetLocaleInfoA
AllocConsole
CommConfigDialogA
HeapAlloc
WriteTapemark
SetConsoleTextAttribute
ReadConsoleOutputAttribute
WaitForSingleObject
InterlockedCompareExchange
GetModuleHandleW
GetTickCount
GenerateConsoleCtrlEvent
GetConsoleTitleA
ReadConsoleW
WriteFile
CreateActCtxW
ActivateActCtx
GlobalAlloc
ReadConsoleInputA
GetFileAttributesA
GetVolumePathNamesForVolumeNameW
GetGeoInfoA
GetModuleFileNameW
CreateMailslotW
SetTapePosition
LCMapStringA
ReleaseActCtx
VirtualAlloc
HeapUnlock
ResetEvent
LoadLibraryA
SetConsoleCtrlHandler
BeginUpdateResourceA
HeapLock
SetConsoleWindowInfo
SetConsoleTitleW
GetModuleHandleA
CreateMutexA
GetPrivateProfileSectionA
CloseHandle
WriteProcessMemory
WriteConsoleW
GetConsoleOutputCP
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapCreate
VirtualFree
HeapReAlloc
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA

user32

GetAltTabInfoW

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 237KB - Virtual size: 66.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nov
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ximipa
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0x000300000001aced-248.exe
.exe windows:5 windows x86 arch:x86

4584390e3359f3d94c85a822722c83f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
HeapCompact
lstrlenA
GetLocaleInfoA
AllocConsole
CommConfigDialogA
HeapAlloc
WriteTapemark
SetConsoleTextAttribute
ReadConsoleOutputAttribute
WaitForSingleObject
InterlockedCompareExchange
GetModuleHandleW
GetTickCount
GenerateConsoleCtrlEvent
GetConsoleTitleA
ReadConsoleW
WriteFile
CreateActCtxW
ActivateActCtx
GlobalAlloc
ReadConsoleInputA
GetFileAttributesA
GetVolumePathNamesForVolumeNameW
GetGeoInfoA
GetModuleFileNameW
CreateMailslotW
SetTapePosition
LCMapStringA
ReleaseActCtx
VirtualAlloc
HeapUnlock
ResetEvent
LoadLibraryA
SetConsoleCtrlHandler
BeginUpdateResourceA
HeapLock
SetConsoleWindowInfo
SetConsoleTitleW
GetModuleHandleA
CreateMutexA
GetPrivateProfileSectionA
CloseHandle
WriteProcessMemory
WriteConsoleW
GetConsoleOutputCP
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapCreate
VirtualFree
HeapReAlloc
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA

user32

GetAltTabInfoW

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 460KB - Virtual size: 66.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gakiy
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kekaku
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0x000400000001ace8-243.exe
.exe windows:5 windows x86 arch:x86

23de8616ac9c12ffbd1fafdbde08cec4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
HeapAlloc
WriteTapemark
SetConsoleTextAttribute
ReadConsoleOutputAttribute
InterlockedCompareExchange
GetModuleHandleW
GetConsoleTitleA
WriteFile
CreateActCtxW
ReadConsoleInputA
GetSystemPowerStatus
GetSystemWindowsDirectoryA
GetFileAttributesA
GetVolumePathNamesForVolumeNameW
GetGeoInfoA
GetModuleFileNameW
lstrlenA
CreateMailslotW
SetTapePosition
LCMapStringA
GetLastError
VirtualAlloc
ResetEvent
LoadLibraryA
WaitForMultipleObjects
SetConsoleTitleW
GetModuleHandleA
CreateMutexA
GetPrivateProfileSectionA
RequestDeviceWakeup
CloseHandle
GetWindowsDirectoryW
WriteProcessMemory
lstrcpyW
HeapCompact
SetDefaultCommConfigA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapCreate
VirtualFree
HeapReAlloc
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA

user32

GetAltTabInfoW

advapi32

BackupEventLogW
DeregisterEventSource
RegQueryValueExA
CloseEventLog

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 403KB - Virtual size: 66.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.caca
Size: 1024B - Virtual size: 626B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yejodu
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xap
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ruwuz
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.kuz
Size: 512B - Virtual size: 346B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0x000500000001a9bf-107.exe
.exe windows:5 windows x86 arch:x86

4584390e3359f3d94c85a822722c83f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
HeapCompact
lstrlenA
GetLocaleInfoA
AllocConsole
CommConfigDialogA
HeapAlloc
WriteTapemark
SetConsoleTextAttribute
ReadConsoleOutputAttribute
WaitForSingleObject
InterlockedCompareExchange
GetModuleHandleW
GetTickCount
GenerateConsoleCtrlEvent
GetConsoleTitleA
ReadConsoleW
WriteFile
CreateActCtxW
ActivateActCtx
GlobalAlloc
ReadConsoleInputA
GetFileAttributesA
GetVolumePathNamesForVolumeNameW
GetGeoInfoA
GetModuleFileNameW
CreateMailslotW
SetTapePosition
LCMapStringA
ReleaseActCtx
VirtualAlloc
HeapUnlock
ResetEvent
LoadLibraryA
SetConsoleCtrlHandler
BeginUpdateResourceA
HeapLock
SetConsoleWindowInfo
SetConsoleTitleW
GetModuleHandleA
CreateMutexA
GetPrivateProfileSectionA
CloseHandle
WriteProcessMemory
WriteConsoleW
GetConsoleOutputCP
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapCreate
VirtualFree
HeapReAlloc
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA

user32

GetAltTabInfoW

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 66.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hiw
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.teloso
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0x000700000001ab5f-23.exe
.exe windows:4 windows x86 arch:x86

8af2c7eb50d43c555fabdb92e7a7eb7a

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-09-2014 00:00

Not After

12-09-2019 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30-03-2016 00:00

Not After

30-06-2019 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4e:53:19:1e:d4:10:4c:e2:32:b2:07:93:dc:01:fe:4b:c3:00:11:b9:66:dd:d0:6a:ba:25:71:4f:aa:4c:80:98
Signer

Actual PE Digest

4e:53:19:1e:d4:10:4c:e2:32:b2:07:93:dc:01:fe:4b:c3:00:11:b9:66:dd:d0:6a:ba:25:71:4f:aa:4c:80:98

Digest Algorithm

sha256

PE Digest Matches

true

6f:3f:9b:b0:fc:89:0a:83:93:c9:b7:5b:85:8c:a8:7c:9a:e2:cd:78
Signer

Actual PE Digest

6f:3f:9b:b0:fc:89:0a:83:93:c9:b7:5b:85:8c:a8:7c:9a:e2:cd:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\EdgeCookiesView\Release\EdgeCookiesView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
__p__fmode
_onexit
__dllonexit
_wcslwr
strlen
qsort
_purecall
_itow
wcscmp
free
_memicmp
modf
__set_app_type
_controlfp
_except_handler3
_c_exit
wcschr
_wtoi
memcmp
wcsrchr
wcstoul
malloc
_wcsnicmp
_wcsicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
wcslen
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_ReplaceIcon
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

Process32NextW
OpenProcess
DuplicateHandle
GetCurrentProcessId
ExitProcess
ReadProcessMemory
SetErrorMode
GetStdHandle
GetPrivateProfileIntW
CreateToolhelp32Snapshot
Process32FirstW
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
GetTickCount
WritePrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileStringW
CreateFileMappingW
SystemTimeToFileTime
FileTimeToSystemTime
CompareFileTime
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
DeleteFileW
CloseHandle
SetFilePointerEx
GetLastError
GlobalLock
FormatMessageW
GetVersionExW
GetTimeFormatW
GetFileAttributesW
GetWindowsDirectoryW
FileTimeToLocalFileTime
FindResourceW
WriteFile
LoadResource
ReadFile
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
CreateFileW
LockResource
LocalFree
LoadLibraryExW
MultiByteToWideChar
GlobalAlloc
lstrlenW
lstrcpyW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
GetDateFormatW
GetCurrentProcess
GetTempFileNameW
GetFileSize
SizeofResource
MapViewOfFile
UnmapViewOfFile

user32

TranslateMessage
IsDialogMessageW
DispatchMessageW
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
GetKeyState
ChildWindowFromPoint
GetDC
DrawTextExW
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
SetDlgItemTextW
GetDlgItemTextW
InvalidateRect
GetSystemMetrics
GetWindowRect
GetWindowPlacement
DeferWindowPos
GetDlgItemInt
SetDlgItemInt
GetWindow
CreateWindowExW
BeginPaint
GetClientRect
EndPaint
DrawFrameControl
SendDlgItemMessageW
EndDialog
SetWindowLongW
SetWindowTextW
GetDlgItem
UpdateWindow
SendMessageW
RegisterClassW
MessageBoxW
PostMessageW
SetMenu
TranslateAcceleratorW
SetWindowPos
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
LoadImageW
LoadIconW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetParent
KillTimer
SetTimer
GetMenuStringW
GetMenuItemCount
SetClipboardData
EnableWindow
CloseClipboard
MapWindowPoints
GetCursorPos
GetMenu
GetSubMenu
EmptyClipboard
EnableMenuItem
MoveWindow
GetClassNameW
OpenClipboard
CheckMenuItem
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
ReleaseDC

gdi32

GetTextExtentPoint32W
GetStockObject
SetBkColor
CreateCompatibleDC
GetObjectW
DeleteDC
SetPixel
GetPixel
SelectObject
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkMode
DeleteObject

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHGetFileInfoW
ShellExecuteW

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
0x000700000001ab64-30.exe
.exe windows:4 windows x86 arch:x86

8af2c7eb50d43c555fabdb92e7a7eb7a

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-09-2014 00:00

Not After

12-09-2019 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30-03-2016 00:00

Not After

30-06-2019 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4e:53:19:1e:d4:10:4c:e2:32:b2:07:93:dc:01:fe:4b:c3:00:11:b9:66:dd:d0:6a:ba:25:71:4f:aa:4c:80:98
Signer

Actual PE Digest

4e:53:19:1e:d4:10:4c:e2:32:b2:07:93:dc:01:fe:4b:c3:00:11:b9:66:dd:d0:6a:ba:25:71:4f:aa:4c:80:98

Digest Algorithm

sha256

PE Digest Matches

true

6f:3f:9b:b0:fc:89:0a:83:93:c9:b7:5b:85:8c:a8:7c:9a:e2:cd:78
Signer

Actual PE Digest

6f:3f:9b:b0:fc:89:0a:83:93:c9:b7:5b:85:8c:a8:7c:9a:e2:cd:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\EdgeCookiesView\Release\EdgeCookiesView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
__p__fmode
_onexit
__dllonexit
_wcslwr
strlen
qsort
_purecall
_itow
wcscmp
free
_memicmp
modf
__set_app_type
_controlfp
_except_handler3
_c_exit
wcschr
_wtoi
memcmp
wcsrchr
wcstoul
malloc
_wcsnicmp
_wcsicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
wcslen
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_ReplaceIcon
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

Process32NextW
OpenProcess
DuplicateHandle
GetCurrentProcessId
ExitProcess
ReadProcessMemory
SetErrorMode
GetStdHandle
GetPrivateProfileIntW
CreateToolhelp32Snapshot
Process32FirstW
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
GetTickCount
WritePrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileStringW
CreateFileMappingW
SystemTimeToFileTime
FileTimeToSystemTime
CompareFileTime
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
DeleteFileW
CloseHandle
SetFilePointerEx
GetLastError
GlobalLock
FormatMessageW
GetVersionExW
GetTimeFormatW
GetFileAttributesW
GetWindowsDirectoryW
FileTimeToLocalFileTime
FindResourceW
WriteFile
LoadResource
ReadFile
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
CreateFileW
LockResource
LocalFree
LoadLibraryExW
MultiByteToWideChar
GlobalAlloc
lstrlenW
lstrcpyW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
GetDateFormatW
GetCurrentProcess
GetTempFileNameW
GetFileSize
SizeofResource
MapViewOfFile
UnmapViewOfFile

user32

TranslateMessage
IsDialogMessageW
DispatchMessageW
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
GetKeyState
ChildWindowFromPoint
GetDC
DrawTextExW
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
SetDlgItemTextW
GetDlgItemTextW
InvalidateRect
GetSystemMetrics
GetWindowRect
GetWindowPlacement
DeferWindowPos
GetDlgItemInt
SetDlgItemInt
GetWindow
CreateWindowExW
BeginPaint
GetClientRect
EndPaint
DrawFrameControl
SendDlgItemMessageW
EndDialog
SetWindowLongW
SetWindowTextW
GetDlgItem
UpdateWindow
SendMessageW
RegisterClassW
MessageBoxW
PostMessageW
SetMenu
TranslateAcceleratorW
SetWindowPos
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
LoadImageW
LoadIconW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetParent
KillTimer
SetTimer
GetMenuStringW
GetMenuItemCount
SetClipboardData
EnableWindow
CloseClipboard
MapWindowPoints
GetCursorPos
GetMenu
GetSubMenu
EmptyClipboard
EnableMenuItem
MoveWindow
GetClassNameW
OpenClipboard
CheckMenuItem
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
ReleaseDC

gdi32

GetTextExtentPoint32W
GetStockObject
SetBkColor
CreateCompatibleDC
GetObjectW
DeleteDC
SetPixel
GetPixel
SelectObject
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkMode
DeleteObject

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHGetFileInfoW
ShellExecuteW

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
0x000900000001a8ef-97.exe
.exe windows:5 windows x86 arch:x86

146e7fadf37dc1a6aabb0951b715f04e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetPriorityClass
WritePrivateProfileStructA
TlsGetValue
CompareFileTime
GetUserDefaultLCID
_lcreat
SetTapeParameters
GetProcessPriorityBoost
GetTickCount
GetSystemTimeAsFileTime
ReadConsoleW
ActivateActCtx
TerminateThread
Sleep
IsDBCSLeadByte
ReadFile
CompareStringW
lstrlenW
SetThreadPriority
DeactivateActCtx
EnumResourceNamesW
GetPrivateProfileIntW
IsDBCSLeadByteEx
GetProcAddress
GetTapeStatus
SetVolumeLabelW
GetConsoleDisplayMode
SearchPathA
DisableThreadLibraryCalls
GetLocalTime
LoadLibraryA
CreateSemaphoreW
LocalAlloc
SetConsoleDisplayMode
AddAtomW
GetPrivateProfileStructA
GetModuleHandleA
VirtualProtect
CloseHandle
lstrcpyW
lstrcpyA
GetNamedPipeHandleStateW
GetThreadContext
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
HeapAlloc
GetCommandLineA
GetStartupInfoA
GetCPInfo
RtlUnwind
RaiseException
LCMapStringW
LCMapStringA
GetStringTypeW
GetCurrentProcessId
GetModuleHandleW
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetFileType
CreateFileA
HeapCreate
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetStringTypeA
HeapSize
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointer
SetEndOfFile
GetProcessHeap
GetLocaleInfoW
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

gdi32

GetCharWidthA

Sections

.text
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
0x000b00000001a8ef-137.exe
.exe windows:6 windows x86 arch:x86

04dea572d5f50f736d3f0c103863079d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageW
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

AllocateAndInitializeSid

shell32

ShellExecuteExA

winhttp

WinHttpQueryHeaders

user32

GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
0x000c00000001a921-100.exe
.exe windows:5 windows x86 arch:x86

146e7fadf37dc1a6aabb0951b715f04e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetPriorityClass
WritePrivateProfileStructA
TlsGetValue
CompareFileTime
GetUserDefaultLCID
_lcreat
SetTapeParameters
GetProcessPriorityBoost
GetTickCount
GetSystemTimeAsFileTime
ReadConsoleW
ActivateActCtx
TerminateThread
Sleep
IsDBCSLeadByte
ReadFile
CompareStringW
lstrlenW
SetThreadPriority
DeactivateActCtx
EnumResourceNamesW
GetPrivateProfileIntW
IsDBCSLeadByteEx
GetProcAddress
GetTapeStatus
SetVolumeLabelW
GetConsoleDisplayMode
SearchPathA
DisableThreadLibraryCalls
GetLocalTime
LoadLibraryA
CreateSemaphoreW
LocalAlloc
SetConsoleDisplayMode
AddAtomW
GetPrivateProfileStructA
GetModuleHandleA
VirtualProtect
CloseHandle
lstrcpyW
lstrcpyA
GetNamedPipeHandleStateW
GetThreadContext
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
HeapAlloc
GetCommandLineA
GetStartupInfoA
GetCPInfo
RtlUnwind
RaiseException
LCMapStringW
LCMapStringA
GetStringTypeW
GetCurrentProcessId
GetModuleHandleW
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetFileType
CreateFileA
HeapCreate
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetStringTypeA
HeapSize
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointer
SetEndOfFile
GetProcessHeap
GetLocaleInfoW
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

gdi32

GetCharWidthA

Sections

.text
Size: 418KB - Virtual size: 418KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39c9c7cd2ff99952b66b87f21b223970

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0c:ff:7b:32:9c:ff:7f:3b:8d:2d:54:2a:b2:58:26:baCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

23:21:31:5c:4f:8a:84:20:25:34:84:bd:fa:97:3f:14:92:fd:df:73Signer

Headers

File Characteristics

PDB Paths

Imports

version

rasapi32

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp71

shlwapi

msvcr71

crypt32

Sections

.textbss Size: - Virtual size: 85KB

.text Size: 196KB - Virtual size: 195KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 3KB

.idata Size: 20KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 1KB

2fb79d630975ed8d224afda8654df16a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0c:ff:7b:32:9c:ff:7f:3b:8d:2d:54:2a:b2:58:26:baCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

27:c8:26:00:d6:af:e9:63:35:6e:04:38:d6:bb:e7:9d:e7:af:b4:4dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

oleaut32

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 5KB

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 41KB - Virtual size: 40KB

DATA Size: 1024B - Virtual size: 592B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0c:ff:7b:32:9c:ff:7f:3b:8d:2d:54:2a:b2:58:26:ba
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

23:21:31:5c:4f:8a:84:20:25:34:84:bd:fa:97:3f:14:92:fd:df:73
Signer

.textbss
Size: - Virtual size: 85KB

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 3KB

.idata
Size: 20KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0c:ff:7b:32:9c:ff:7f:3b:8d:2d:54:2a:b2:58:26:ba
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

27:c8:26:00:d6:af:e9:63:35:6e:04:38:d6:bb:e7:9d:e7:af:b4:4d
Signer

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 5KB

CODE
Size: 41KB - Virtual size: 40KB

DATA
Size: 1024B - Virtual size: 592B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 72KB - Virtual size: 72KB

.text
Size: 61KB - Virtual size: 61KB

.data
Size: 460KB - Virtual size: 66.9MB

.gakiy
Size: 512B - Virtual size: 23B

.kekaku
Size: 512B - Virtual size: 6B

.rsrc
Size: 54KB - Virtual size: 54KB

.reloc
Size: 41KB - Virtual size: 41KB

UPX0
Size: - Virtual size: 76KB

UPX1
Size: 42KB - Virtual size: 44KB

.rsrc
Size: 9KB - Virtual size: 12KB

.text
Size: 61KB - Virtual size: 61KB

.data
Size: 156KB - Virtual size: 66.6MB

.hiw
Size: 512B - Virtual size: 23B

.teloso
Size: 512B - Virtual size: 6B

.rsrc
Size: 54KB - Virtual size: 54KB

.reloc
Size: 9.9MB - Virtual size: 41KB

.text
Size: 112KB - Virtual size: 112KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 95KB - Virtual size: 115KB

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 56KB - Virtual size: 56KB

.data
Size: 444KB - Virtual size: 66.9MB

.cusehut
Size: 512B - Virtual size: 23B

.docag
Size: 512B - Virtual size: 6B

.rsrc
Size: 58KB - Virtual size: 58KB

.reloc
Size: 41KB - Virtual size: 40KB