General

Malware Config

Signatures

Files

• 7d674a947b095c8c8c3a3cfa42ffe88a_JaffaCakes118

  .exe windows:4 windows x86 arch:x86

  7c2c71dfce9a27650634dc8b1ca03bf0

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  SetEnvironmentVariableA

  CreateFileA

  GetFileSize

  GetModuleFileNameA

  ReadFile

  GetCurrentProcess

  CopyFileA

  Sleep

  GetTickCount

  GetWindowsDirectoryA

  GetTempPathA

  GetCommandLineA

  lstrlenA

  GetVersion

  SetErrorMode

  lstrcpynA

  ExitProcess

  SetFileAttributesA

  GlobalLock

  CreateThread

  GetLastError

  CreateDirectoryA

  CreateProcessA

  RemoveDirectoryA

  GetTempFileNameA

  WriteFile

  lstrcpyA

  MoveFileExA

  lstrcatA

  GetSystemDirectoryA

  GetProcAddress

  GetExitCodeProcess

  WaitForSingleObject

  CompareFileTime

  SetFileTime

  GetFileAttributesA

  SetCurrentDirectoryA

  MoveFileA

  GetFullPathNameA

  GetShortPathNameA

  SearchPathA

  CloseHandle

  lstrcmpiA

  GlobalUnlock

  GetDiskFreeSpaceA

  lstrcmpA

  DeleteFileA

  FindFirstFileA

  FindNextFileA

  FindClose

  SetFilePointer

  GetPrivateProfileStringA

  WritePrivateProfileStringA

  MulDiv

  MultiByteToWideChar

  FreeLibrary

  LoadLibraryExA

  GetModuleHandleA

  GlobalAlloc

  GlobalFree

  ExpandEnvironmentStringsA

  user32

  GetSystemMenu

  SetClassLongA

  EnableMenuItem

  IsWindowEnabled

  SetWindowPos

  GetSysColor

  GetWindowLongA

  SetCursor

  LoadCursorA

  CheckDlgButton

  GetMessagePos

  CallWindowProcA

  IsWindowVisible

  CloseClipboard

  SetClipboardData

  EmptyClipboard

  OpenClipboard

  ScreenToClient

  GetWindowRect

  GetDlgItem

  GetSystemMetrics

  SetDlgItemTextA

  GetDlgItemTextA

  MessageBoxIndirectA

  CharPrevA

  DispatchMessageA

  PeekMessageA

  GetDC

  ReleaseDC

  EnableWindow

  InvalidateRect

  SendMessageA

  DefWindowProcA

  BeginPaint

  GetClientRect

  FillRect

  EndDialog

  RegisterClassA

  SystemParametersInfoA

  CreateWindowExA

  GetClassInfoA

  DialogBoxParamA

  CharNextA

  ExitWindowsEx

  LoadImageA

  CreateDialogParamA

  SetTimer

  SetWindowTextA

  SetForegroundWindow

  ShowWindow

  SetWindowLongA

  SendMessageTimeoutA

  FindWindowExA

  IsWindow

  AppendMenuA

  TrackPopupMenu

  CreatePopupMenu

  DrawTextA

  EndPaint

  DestroyWindow

  wsprintfA

  PostQuitMessage

  gdi32

  SelectObject

  SetTextColor

  SetBkMode

  CreateFontIndirectA

  CreateBrushIndirect

  DeleteObject

  GetDeviceCaps

  SetBkColor

  shell32

  SHGetSpecialFolderLocation

  ShellExecuteExA

  SHGetPathFromIDListA

  SHBrowseForFolderA

  SHGetFileInfoA

  SHFileOperationA

  advapi32

  AdjustTokenPrivileges

  RegCreateKeyExA

  RegOpenKeyExA

  SetFileSecurityA

  OpenProcessToken

  LookupPrivilegeValueA

  RegEnumValueA

  RegDeleteKeyA

  RegDeleteValueA

  RegCloseKey

  RegSetValueExA

  RegQueryValueExA

  RegEnumKeyA

  comctl32

  ImageList_Create

  ImageList_AddMasked

  ord17

  ImageList_Destroy

  ole32

  OleUninitialize

  OleInitialize

  CoTaskMemFree

  CoCreateInstance

  Sections

  .text

  Size: 25KB - Virtual size: 25KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1KB - Virtual size: 149KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .ndata

  Size: - Virtual size: 56KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 16KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• $APPDATA/sys/Office/36.opends60.dll
• $APPDATA/sys/Office/51.opends60.dll
• $APPDATA/sys/Office/MicrosoftVisualCVSCodeProvider.dll

  .dll windows:4 windows x86 arch:x86

  dae02f32a21e03ce65412f6e56942daa

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  f:\binaries.x86ret\bin\i386\Microsoft.VisualC.VSCodeProvider.pdb

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 36KB - Virtual size: 34KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 4KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $APPDATA/sys/Office/RapiConfig.exe

  .exe windows:4 windows x86 arch:x86

  059f4f6cdf1fa06c9cdd00dd2fd90353

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  rapi

  CeRapiFreeBuffer

  ord25

  CeRapiInit

  CeRapiUninit

  ole32

  CoUninitialize

  CoCreateInstance

  CoInitialize

  oleaut32

  VariantInit

  SysAllocString

  VariantClear

  kernel32

  GetProcAddress

  TerminateProcess

  LCMapStringA

  GetCurrentProcess

  GetOEMCP

  GetStringTypeW

  GetStringTypeA

  LCMapStringW

  GetCPInfo

  FlushFileBuffers

  SetFilePointer

  LoadLibraryA

  CloseHandle

  MultiByteToWideChar

  ReadFile

  GetFileSize

  GetLastError

  CreateFileA

  LocalFree

  FormatMessageA

  WriteFile

  WideCharToMultiByte

  GetModuleFileNameA

  GetCommandLineA

  GetVersion

  ExitProcess

  HeapFree

  HeapAlloc

  GetACP

  SetStdHandle

  GetStartupInfoA

  UnhandledExceptionFilter

  FreeEnvironmentStringsA

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  GetEnvironmentStringsW

  SetHandleCount

  GetStdHandle

  GetFileType

  HeapCreate

  GetModuleHandleA

  GetEnvironmentVariableA

  GetVersionExA

  HeapDestroy

  VirtualFree

  RtlUnwind

  VirtualAlloc

  HeapReAlloc

  user32

  LoadStringA

  Sections

  .text

  Size: 28KB - Virtual size: 25KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 12KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• $APPDATA/sys/Office/clstencilui.dll

  .dll windows:4 windows x86 arch:x86

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Sections

  .rsrc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 8B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $APPDATA/sys/Office/model34.xml

  .xml
• $APPDATA/sys/Office/sbsmscordbi.dll

  .dll windows:5 windows x86 arch:x86

  67a93297e14b927bc8a7a8f49c55bfe1

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  f:\clr\bin\i386\bbt\sbs_mscordbi.pdb

  Imports

  msvcr70

  _adjust_fdiv

  _initterm

  _onexit

  _except_handler3

  __dllonexit

  malloc

  free

  kernel32

  DisableThreadLibraryCalls

  Sections

  .text

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 36B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 120B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $APPDATA/test/formsend/27.opends60.dll
• $APPDATA/test/formsend/46.opends60.dll
• $APPDATA/test/formsend/VCTechNetLibsFilter80.xml

  .xml
• $APPDATA/test/formsend/commentsbar.xml

  .xml
• $APPDATA/test/formsend/msword.xml

  .xml
• $APPDATA/test/formsend/octet-stream.xml

  .xml
• $APPDATA/test/formsend/platformHTMLBindings.xml

  .xml
• $APPDATA/test/formsend/regasm.exe

  .xml
• $APPDATA/test/formsend/u25dts.dll

  .dll windows:4 windows x86 arch:x86

  ed0a9726fb75e6a4d15c49b3de416aa6

  
  

  Code Sign

  47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  04-12-2003 00:00

  Not After

  03-12-2013 23:59

  Subject

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88

  Certificate

  Issuer

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Not Before

  04-12-2003 00:00

  Not After

  03-12-2008 23:59

  Subject

  CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a

  Certificate

  Issuer

  OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

  Not Before

  16-07-2004 00:00

  Not After

  15-07-2009 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  62:38:83:0d:12:9b:9a:97:ce:d5:b1:d8:76:03:24:5b

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

  Not Before

  24-11-2004 00:00

  Not After

  19-02-2006 23:59

  Subject

  CN=Business Objects Americas,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Business Objects Americas,L=San Jose,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  Signer

  Actual PE Digest

  Digest Algorithm

  PE Digest Matches

  false

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  y:\components\cpp\ufls\u25dts\Release\U25dts.pdb

  Imports

  kernel32

  GlobalFindAtomA

  GetVersionExA

  MultiByteToWideChar

  WideCharToMultiByte

  GetProfileStringA

  GetModuleFileNameA

  LoadLibraryA

  FreeLibrary

  GetProcAddress

  SetErrorMode

  GetCurrentProcessId

  GetCurrentThreadId

  GetTickCount

  QueryPerformanceCounter

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  InterlockedCompareExchange

  Sleep

  InterlockedExchange

  GetSystemTimeAsFileTime

  user32

  LoadStringA

  msvcr80

  atoi

  _encode_pointer

  _malloc_crt

  _encoded_null

  memset

  _decode_pointer

  _initterm

  _initterm_e

  _amsg_exit

  _adjust_fdiv

  __CppXcptFilter

  _crt_debugger_hook

  __clean_type_info_names_internal

  _unlock

  __dllonexit

  _lock

  _onexit

  _except_handler4_common

  strcmp

  wcslen

  strlen

  ??2@YAPAXI@Z

  ??3@YAXPAX@Z

  strcpy_s

  strcat_s

  _makepath_s

  strncpy_s

  _splitpath_s

  free

  Exports

  Exports

  UF5GetFunctionDefStrings

  UF5Initialize

  UFEndJob

  UFErrorRecovery

  UFGetFunctionExamples

  UFGetFunctionTemplates

  UFGetVersion

  UFStartJob

  UFTerminate

  Sections

  .text

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 622B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $APPDATA/test/formsend/vcbuild.dll

  .dll regsvr32 windows:5 windows x86 arch:x86

  692b68341529e63ad98e6e2f44d61598

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  f:\binaries.x86ret\bin\i386\VC7\VCPackages\vcbuild.pdb

  Imports

  msvcr80

  _except_handler4_common

  _onexit

  _lock

  __dllonexit

  _unlock

  __clean_type_info_names_internal

  __CppXcptFilter

  _adjust_fdiv

  _amsg_exit

  _initterm_e

  _initterm

  _decode_pointer

  free

  _encoded_null

  _encode_pointer

  _malloc_crt

  _crt_debugger_hook

  rpcrt4

  CStdStubBuffer_IsIIDSupported

  CStdStubBuffer_Disconnect

  CStdStubBuffer_DebugServerRelease

  IUnknown_AddRef_Proxy

  CStdStubBuffer_Connect

  CStdStubBuffer_Invoke

  CStdStubBuffer_QueryInterface

  CStdStubBuffer_DebugServerQueryInterface

  IUnknown_Release_Proxy

  CStdStubBuffer_CountRefs

  NdrOleAllocate

  NdrStubForwardingFunction

  NdrOleFree

  IUnknown_QueryInterface_Proxy

  CStdStubBuffer_AddRef

  NdrDllUnregisterProxy

  NdrDllGetClassObject

  NdrCStdStubBuffer2_Release

  NdrDllCanUnloadNow

  NdrDllRegisterProxy

  NdrCStdStubBuffer_Release

  NdrStubCall2

  oleaut32

  BSTR_UserUnmarshal

  BSTR_UserMarshal

  BSTR_UserSize

  BSTR_UserFree

  kernel32

  InterlockedExchange

  Sleep

  InterlockedCompareExchange

  QueryPerformanceCounter

  GetTickCount

  GetCurrentThreadId

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  DisableThreadLibraryCalls

  Exports

  Exports

  DllCanUnloadNow

  DllGetClassObject

  DllRegisterServer

  DllUnregisterServer

  Sections

  .text

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .orpc

  Size: 512B - Virtual size: 249B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 656B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $APPDATA/test/formsend/x-qtiplot.xml

  .xml
• $TEMP/Heteroclite
• $TEMP/RhetorEnthymeme.dll

  .dll windows:5 windows x86 arch:x86

  3eb017f3888fb33b139ff08304839d46

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  GetProcAddress

  GetModuleHandleA

  GetCurrentThreadId

  DecodePointer

  GetCommandLineA

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  EncodePointer

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  InterlockedIncrement

  GetModuleHandleW

  SetLastError

  GetLastError

  InterlockedDecrement

  HeapFree

  Sleep

  ExitProcess

  SetHandleCount

  GetStdHandle

  InitializeCriticalSectionAndSpinCount

  GetFileType

  GetStartupInfoW

  DeleteCriticalSection

  GetModuleFileNameA

  FreeEnvironmentStringsW

  WideCharToMultiByte

  GetEnvironmentStringsW

  HeapCreate

  HeapDestroy

  QueryPerformanceCounter

  GetTickCount

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  LeaveCriticalSection

  EnterCriticalSection

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  HeapAlloc

  HeapReAlloc

  LoadLibraryW

  WriteFile

  GetModuleFileNameW

  RtlUnwind

  LCMapStringW

  MultiByteToWideChar

  GetStringTypeW

  HeapSize

  IsProcessorFeaturePresent

  Exports

  Exports

  Bibliopegy

  Cineraria

  Foodstuffs

  Parapsychology

  Sections

  .text

  Size: 18KB - Virtual size: 18KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 8KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 10KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $TEMP/idbc/form/41.opends60.dll
• $TEMP/idbc/form/ProcessParametersB.xml
• $TEMP/idbc/form/org.gnome.settings-daemon.plugins.xsettings.gschema.xml

  .xml
• $TEMP/lg/fun/Links/crtowordsit.dll

  .dll windows:4 windows x86 arch:x86

  aceaab6ff909512877330c9aa718c99d

  
  

  Code Sign

  47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  04-12-2003 00:00

  Not After

  03-12-2013 23:59

  Subject

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88

  Certificate

  Issuer

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Not Before

  04-12-2003 00:00

  Not After

  03-12-2008 23:59

  Subject

  CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a

  Certificate

  Issuer

  OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

  Not Before

  16-07-2004 00:00

  Not After

  15-07-2009 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  62:38:83:0d:12:9b:9a:97:ce:d5:b1:d8:76:03:24:5b

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

  Not Before

  24-11-2004 00:00

  Not After

  19-02-2006 23:59

  Subject

  CN=Business Objects Americas,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Business Objects Americas,L=San Jose,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  Signer

  Actual PE Digest

  Digest Algorithm

  PE Digest Matches

  false

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  y:\components\cpp\ufls\crtowords\it\UniRelease\crtowords_it.pdb

  Imports

  kernel32

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  GlobalFree

  WideCharToMultiByte

  GetCurrentProcessId

  GetCurrentThreadId

  GetTickCount

  QueryPerformanceCounter

  DisableThreadLibraryCalls

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  InterlockedCompareExchange

  Sleep

  InterlockedExchange

  GetSystemTimeAsFileTime

  msvcr80

  free

  _decode_pointer

  _initterm

  _initterm_e

  _encoded_null

  _adjust_fdiv

  __CppXcptFilter

  _crt_debugger_hook

  __clean_type_info_names_internal

  _unlock

  __dllonexit

  _lock

  _onexit

  _except_handler4_common

  _malloc_crt

  _encode_pointer

  wcslen

  _fcvt_s

  strlen

  wcscmp

  wcscpy_s

  wcscat_s

  ??3@YAXPAX@Z

  fmod

  floor

  memset

  ??2@YAPAXI@Z

  _amsg_exit

  Exports

  Exports

  TranslateNumberToWords

  TranslateNumberToWordsUnicode

  Sections

  .text

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 608B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $TEMP/lg/fun/Links/model106.xml

  .xml
• $TEMP/trailer/Accessibility.xml
• $TEMP/trailer/CMAccept.exe
• $TEMP/trailer/SoapSudsCode.dll

  .dll windows:4 windows x86 arch:x86

  dae02f32a21e03ce65412f6e56942daa

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  soapsudscode.pdb

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 10KB - Virtual size: 9KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $TEMP/trailer/animations.xml

  .xml
• $TEMP/trailer/model95.xml

  .xml
• $TEMP/trailer/ordercloseactivity.xml
• $TEMP/trailer/prox900.xml

  .xml
• $TEMP/trailer/sbssystemconfigurationinstall.dll

  .dll windows:5 windows x86 arch:x86

  67a93297e14b927bc8a7a8f49c55bfe1

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  f:\clr\bin\i386\bbt\sbs_system.configuration.install.pdb

  Imports

  msvcr70

  _adjust_fdiv

  _initterm

  _onexit

  _except_handler3

  __dllonexit

  malloc

  free

  kernel32

  DisableThreadLibraryCalls

  Sections

  .text

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 36B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 120B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $TEMP/trailer/vcbuildui.dll

  .dll windows:5 windows x86 arch:x86

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  f:\binaries.x86ret\bin\i386\1033\vcbuildui.pdb

  Sections

  .text

  Size: 512B - Virtual size: 99B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 12KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 8B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $TEMP/trailer/x-troff-man.xml

  .xml