AppSetup(1)[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

AppSetup(1).zip
Size

113.2MB
MD5

e942698e0523f048c35425c37080f9ed
SHA1

685a53f3bb83eba6ca13bf804dc211c3a1bdc565
SHA256

e2bae85cda82589d5dda7835c71aef169dda99a4fd27048350906d48db43c348
SHA512

bd409a70625a900374707fc0c7cd635e09e329ef0fbbb55f95740181b40d958e00673075b61d521e84d1cadf9f858a03e57759c9579a7f1d5c6744a3e669596b
SSDEEP

3145728:4BWkfAz2CJyHBWkfPBWkf5z/zpCCCfyOy1BWkfzzlCmyWbdB:tk0hk0kxrwkXHdB

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

Processes:

resource	yara_rule
static1/unpack001/package/Program Files (x86)/ASIO4ALL v2/ASIO4ALL v2 Instruction Manual.pdf	pdf_with_link_action

Files

AppSetup(1).zip
.zip
Resource/Newtonsoft.Json.dll
.dll windows x64

917c52799ed8b97e2927f898c7465e04

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:1c:d3:ee:a4:7e:dd:a7:a0:32:57:3b:01:4d:0a:fd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09-04-2021 00:00

Not After

19-06-2024 23:59

Subject

CN=Mozilla Corporation,OU=Firefox Engineering Operations,O=Mozilla Corporation,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:b4:8a:d7:76:db:ea:55:ec:80:ac:27:20:ed:58:8c:39:43:d4:2e
Signer

Actual PE Digest

0c:b4:8a:d7:76:db:ea:55:ec:80:ac:27:20:ed:58:8c:39:43:d4:2e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Mozilla Corporation,OU=Firefox Engineering Operations,O=Mozilla Corporation,L=Mountain View,ST=California,C=US

19-11-2021 15:28
Valid: true

Chain 1

CN=Mozilla Corporation,OU=Firefox Engineering Operations,O=Mozilla Corporation,L=Mountain View,ST=California,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DisableThreadLibraryCalls
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter

vcruntime140

__C_specific_handler
__std_type_info_destroy_list
memset

api-ms-win-crt-runtime-l1-1-0

_cexit
_configure_narrow_argv
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_seh_filter_dll

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Resource/settings.dll
.dll windows x64

Code Sign

33:00:00:00:be:a4:0f:f5:c9:a5:0e:e1:30:00:00:00:00:00:be
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:843D-37F6-F104,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:cc:b5:5b:42:17:07:60:13:11:00:00:00:00:01:cc
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-09-2017 18:07

Not After

12-09-2018 18:07

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

95:2d:11:73:7e:91:62:03:38:45:d7:82:78:e9:37:5a:80:1b:6f:c4:53:ce:39:60:61:0c:b2:a7:a5:e9:bf:59
Signer

Actual PE Digest

95:2d:11:73:7e:91:62:03:38:45:d7:82:78:e9:37:5a:80:1b:6f:c4:53:ce:39:60:61:0c:b2:a7:a5:e9:bf:59

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

05-10-2022 14:17
Valid: false

74:c2:62:93:02:ab:52:77:98:af:3b:6e:ab:27:e5:44:67:55:9e:4f
Signer

Actual PE Digest

74:c2:62:93:02:ab:52:77:98:af:3b:6e:ab:27:e5:44:67:55:9e:4f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

20-04-2018 14:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

__p__mbcasemap
__p__mbctype
_ismbbalnum
_ismbbalnum_l
_ismbbalpha
_ismbbalpha_l
_ismbbblank
_ismbbblank_l
_ismbbgraph
_ismbbgraph_l
_ismbbkalnum
_ismbbkalnum_l
_ismbbkana
_ismbbkana_l
_ismbbkprint
_ismbbkprint_l
_ismbbkpunct
_ismbbkpunct_l
_ismbblead
_ismbblead_l
_ismbbprint
_ismbbprint_l
_ismbbpunct
_ismbbpunct_l
_ismbbtrail
_ismbbtrail_l
_ismbcalnum
_ismbcalnum_l
_ismbcalpha
_ismbcalpha_l
_ismbcblank
_ismbcblank_l
_ismbcdigit
_ismbcdigit_l
_ismbcgraph
_ismbcgraph_l
_ismbchira
_ismbchira_l
_ismbckata
_ismbckata_l
_ismbcl0
_ismbcl0_l
_ismbcl1
_ismbcl1_l
_ismbcl2
_ismbcl2_l
_ismbclegal
_ismbclegal_l
_ismbclower
_ismbclower_l
_ismbcprint
_ismbcprint_l
_ismbcpunct
_ismbcpunct_l
_ismbcspace
_ismbcspace_l
_ismbcsymbol
_ismbcsymbol_l
_ismbcupper
_ismbcupper_l
_ismbslead
_ismbslead_l
_ismbstrail
_ismbstrail_l
_mbbtombc
_mbbtombc_l
_mbbtype
_mbbtype_l
_mbcasemap
_mbccpy
_mbccpy_l
_mbccpy_s
_mbccpy_s_l
_mbcjistojms
_mbcjistojms_l
_mbcjmstojis
_mbcjmstojis_l
_mbclen
_mbclen_l
_mbctohira
_mbctohira_l
_mbctokata
_mbctokata_l
_mbctolower
_mbctolower_l
_mbctombb
_mbctombb_l
_mbctoupper
_mbctoupper_l
_mblen_l
_mbsbtype
_mbsbtype_l
_mbscat_s
_mbscat_s_l
_mbschr
_mbschr_l
_mbscmp
_mbscmp_l
_mbscoll
_mbscoll_l
_mbscpy_s
_mbscpy_s_l
_mbscspn
_mbscspn_l
_mbsdec
_mbsdec_l
_mbsdup
_mbsicmp
_mbsicmp_l
_mbsicoll
_mbsicoll_l
_mbsinc
_mbsinc_l
_mbslen
_mbslen_l
_mbslwr
_mbslwr_l
_mbslwr_s
_mbslwr_s_l
_mbsnbcat
_mbsnbcat_l
_mbsnbcat_s
_mbsnbcat_s_l
_mbsnbcmp
_mbsnbcmp_l
_mbsnbcnt
_mbsnbcnt_l
_mbsnbcoll
_mbsnbcoll_l
_mbsnbcpy
_mbsnbcpy_l
_mbsnbcpy_s
_mbsnbcpy_s_l
_mbsnbicmp
_mbsnbicmp_l
_mbsnbicoll
_mbsnbicoll_l
_mbsnbset
_mbsnbset_l
_mbsnbset_s
_mbsnbset_s_l
_mbsncat
_mbsncat_l
_mbsncat_s
_mbsncat_s_l
_mbsnccnt
_mbsnccnt_l
_mbsncmp
_mbsncmp_l
_mbsncoll
_mbsncoll_l
_mbsncpy
_mbsncpy_l
_mbsncpy_s
_mbsncpy_s_l
_mbsnextc
_mbsnextc_l
_mbsnicmp
_mbsnicmp_l
_mbsnicoll
_mbsnicoll_l
_mbsninc
_mbsninc_l
_mbsnlen
_mbsnlen_l
_mbsnset
_mbsnset_l
_mbsnset_s
_mbsnset_s_l
_mbspbrk
_mbspbrk_l
_mbsrchr
_mbsrchr_l
_mbsrev
_mbsrev_l
_mbsset
_mbsset_l
_mbsset_s
_mbsset_s_l
_mbsspn
_mbsspn_l
_mbsspnp
_mbsspnp_l
_mbsstr
_mbsstr_l
_mbstok
_mbstok_l
_mbstok_s
_mbstok_s_l
_mbstowcs_l
_mbstowcs_s_l
_mbstrlen
_mbstrlen_l
_mbstrnlen
_mbstrnlen_l
_mbsupr
_mbsupr_l
_mbsupr_s
_mbsupr_s_l
_mbtowc_l

Sections

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Resource/xNet.dll
.dll windows x64

Code Sign

33:00:00:00:bf:91:6c:fb:7c:1a:24:e0:22:00:00:00:00:00:bf
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:57C8-2D15-1C8B,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:cc:b5:5b:42:17:07:60:13:11:00:00:00:00:01:cc
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-09-2017 18:07

Not After

12-09-2018 18:07

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:4f:c8:5c:1c:8b:f0:7a:a2:4b:52:4e:de:56:92:fe:86:0f:5b:e1:ac:bd:f5:28:88:40:f5:57:cd:2e:c0:67
Signer

Actual PE Digest

45:4f:c8:5c:1c:8b:f0:7a:a2:4b:52:4e:de:56:92:fe:86:0f:5b:e1:ac:bd:f5:28:88:40:f5:57:cd:2e:c0:67

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

05-10-2022 14:17
Valid: false

2d:34:b9:8c:2d:57:f8:ba:77:14:dc:90:d1:f0:dc:24:70:99:c2:8f
Signer

Actual PE Digest

2d:34:b9:8c:2d:57:f8:ba:77:14:dc:90:d1:f0:dc:24:70:99:c2:8f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

20-04-2018 14:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
__stdio_common_vfscanf
__stdio_common_vfwprintf
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwscanf
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_p
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vswprintf_p
__stdio_common_vswprintf_s
__stdio_common_vswscanf
_chsize
_chsize_s
_close
_commit
_creat
_dup
_dup2
_eof
_fclose_nolock
_fcloseall
_fflush_nolock
_fgetc_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filelength
_filelengthi64
_fileno
_flushall
_fputc_nolock
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_ftell_nolock
_ftelli64
_ftelli64_nolock
_fwrite_nolock
_get_fmode
_get_osfhandle
_get_printf_count_output
_get_stream_buffer_pointers
_getc_nolock
_getcwd
_getdcwd
_getmaxstdio
_getw
_getwc_nolock
_getws
_getws_s
_isatty
_kbhit
_locking
_lseek
_lseeki64
_mktemp
_mktemp_s
_open
_open_osfhandle
_pclose
_pipe
_popen
_putc_nolock
_putw
_putwc_nolock
_putws
_read
_rmtmp
_set_fmode
_set_printf_count_output
_setmaxstdio
_setmode
_sopen
_sopen_dispatch
_sopen_s
_tell
_telli64
_tempnam
_ungetc_nolock
_ungetwc_nolock
_wcreat
_wfdopen
_wfopen
_wfopen_s
_wfreopen
_wfreopen_s
_wfsopen
_wmktemp
_wmktemp_s
_wopen
_wpopen
_write
_wsopen
_wsopen_dispatch
_wsopen_s
_wtempnam
_wtmpnam
_wtmpnam_s
clearerr
clearerr_s
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fgetwc
fgetws
fopen
fopen_s
fputc
fputs
fputwc
fputws
fread
fread_s
freopen
freopen_s
fseek
fsetpos
ftell
fwrite
getc
getchar
gets
gets_s
getwc
getwchar
putc
putchar
puts
putwc
putwchar
rewind
setbuf
setvbuf
tmpfile
tmpfile_s
tmpnam
tmpnam_s
ungetc
ungetwc

Sections

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Setup.exe
.exe windows x86

b5af53b96a03972def1a5f287c0c1d5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

CoInitialize

user32

CharUpperBuffW

Exports

Exports

��Ds�s�v��LS@<)��!�͵�c�&��Y�[[��@4{F��K0N�-v$�xkõ}P��09i�ep-t��x>�Q�]Q5D��}��6�u�{fէq>�� Ȇ~ua��/S~�t� ��ʱĀÿ6��w�!�e�u4�`䈩��;-�a�s��R$x�~E��81�s�T�D�I��0��>�R`j��L��x��Tھ�/ɷ�,AH�3r7Ɣ6w;��Z�� 함t�$�b��A>�D��,�� LG��Y}��;�`��6]��NI�Tm��2�߈|U{G�60��Oj�р�/l�o�"!Th2��7T��`͐�7�� bO��x �j��@Q;N�N��%K��ᤲ��y�'O<��C(;hb 򐎖��.%�ˑ��i�g��9C`��C{⵵�8'Qe�Y?9hY<�I|��)%m��f֏l�#_hbs;N�OY'f��rf"�/WT�<��}��%�|��Y�;'��7��Z��Tĭ��R`�.W�S��8�S#��&�(�L��T�7A��X� q��Nơ�k�& ��R��b�)�g_F��x}h'�L�o��IO(t�h�=g7=`H2 �F�w;j.�$ ]�O^��~T��M8��0ͶJ��~XL��?�/�a�a �˦/D��m�wk0ꏌ޶~�r؏Y�۩멄�ջڷ�4m�9l�L��i��8f�~�X�V�G��u��)ˣ+�c?� E�|��d��a�;>�Q�H��e ��z횿ۉ<_8`0��H�b�[�04�H��'�X,��.ԋP��(��y�L�r�]�� Y��r6H��"��*��{�$϶f{�:D��jB�o�0��\�wk��<�J:�h%Z��V��R��O�/"��D�*ptl�ܧf��V�(�El~o��>@��;�=��C��X��RK �cn��љ�o��iΏ��T#�r�,��K?7�S`<rû�b�04�I��qu��]+@z%��i`�x?��k/�BS��>fs �u'${3$��l>�SY��t�f1H�]��X�$u�jG��T3d�A��?��h�2��@�$�`��m��\�t~��b �s'�~ "�>(�@�6� A|'��߼��ԥ8i�Uhە�a�n� 6m�~5&{�j�wFf�G�R�+��D��I��/a�?d5<�X�V��_��*�ؿ�Mu|��>��1�[�,iw��}��3��gwB�A04�Y�+~��O��l�6��3�D��N��g�ph�^;=po��~��Sxm��HN�J2� !H�~��k}.�3��r��TY�rfe� �0�.��tRm�5�W�X\`�8\*��)��s�`�x��Zs��e�zǛA5��9�xk�� TZ��϶۠��e�P�� i&��X��g��^��s&�h��9��Q�3�jjO/�|x��J%2�يwƕ��E�K��?Y��$9��$��2� %��+�|��Lk�`<�4�;�0� �y�q��}��ZƢ��%�� .t.� �A��A�x��('p��=-8z��K��P�0�NqS3tog��a�'�jݿ4Ozp�0�!�Y�l�Lt�`(�''G�5� j�}��fYU�@��-%��y�{�C1v��w�b7F�;�_�4�G� �k!#��6�E|E*ٮ��&�l�"��5�t�B��%�� %�"��<tz��m��q��«,J�b��@��U-^-�&>ԡȰ(��.V=Ɇ��X��0<�a᪳�H�,_�.eDn�:�/��&ͷ��8��1�*oT8��E�4��T �N��k�E=�aշ.�X��v��+�wj�M6d�̦Zٯ��kdi�q �}n�X��~CֆJ��m��I>��grUB)e..T��caaY>��o9�AG��;;E1��s��]6�Aٜ�)/kߘ��9��c�m �e��b��=�j޾� ƶ��m~Ӻl��f��DD1��1~��:_f��K�g��TjmG��V�f�/��ܝ ��ڟVo.�0��7 ��@)��,��j3w��-�j��t��ԎF�m��ߥ�9��DJ��^^�#��4�yZ`�ٓq�k �ry��Fd��]��K��$��D�&p��/I��R ��ŮR��>��b)��Ӻ��má�70��{�$� v�,j^��Bpx6�A��j��t�2�S��C��RD69J)�,�%?'��P!E`NxR��Z��4��j��I1�:�oử�c��߷j��Ls�D*�;b�tM��~��2��7��U�P�aZ�7d@a��g��G��7��#$ژ�& l6��#��~c4��4�:"�>��9X%�w֖Z�<�$i�%*n�w��L�*w�(�� ]T�]Rx��Fc��.�� w�`�l�/��@� u ��^�.��@^��͘�g�DBV��d�S�7�䊡VƗ"�"��ߪE�ZO��dH��1v��:��R��)�d��n&�j�_r.�2��-��h�}E�vëh��m�Q1[ޜ��L�i�~��0)�()�v0>ù*��4A}:\D/�' �q)�$)Γr��K��`��j#��ngz�{�A�M�삼&J��.�Y՘��7�v@�/��R.;h��]F�i*��vO��*��/lo�o�yׯ:��ɬ��{��`T��om`��{d��A�nY��2!V�0w s��[�I�~�m��u K�Z�a�a��ҿw��hh�G�M{}tm��ϋ�4x�>��0�U��EYF�Y�W-��g� �xgO��W��U\lԗ^��*[lܰ��}v��8K�$ڏ�p��7tO?�=

Sections

.text
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.In;
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.KNo
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qOJ
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
package/AppInfo/Launcher/FLstudioPortable.ini
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/Cartridges/Informix.xsl
.xml
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/Cartridges/Sybase.xsl
.xml
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/Cartridges/as80.xsl
.xml
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/Cartridges/as90.xsl
.xml
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/Cartridges/db2v0801.xsl
.xml
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/Cartridges/hive.xsl
.xml
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/Cartridges/msjet.xsl
.xml
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/Cartridges/orcl7.xsl
.xml
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/Cartridges/sql2000.xsl
.xml
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/Cartridges/sql70.xsl
.xml
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/Cartridges/sql90.xsl
.xml
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/Cartridges/sqlpdw.xsl
.xml
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/Cartridges/trdtv2r41.xsl
.xml
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/Resources/1049/msmdsrv.rll
.dll windows x86

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:5f:7a:0c:7a:8b:a2:52:48:97:00:2a:38:97:36:d0:41:07:28:46
Signer

Actual PE Digest

28:5f:7a:0c:7a:8b:a2:52:48:97:00:2a:38:97:36:d0:41:07:28:46

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 139B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/Resources/1049/msmdsrvi.rll
.dll windows x86

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:28:b4:19:dc:9b:4c:3f:1a:a2:df:6a:4d:dd:7b:c6:9f:2c:e0:b0
Signer

Actual PE Digest

4d:28:b4:19:dc:9b:4c:3f:1a:a2:df:6a:4d:dd:7b:c6:9f:2c:e0:b0

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/Resources/1049/msolui110.rll
.dll windows x86

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:80:be:90:ca:b2:aa:81:89:a4:ab:47:30:e9:e4:eb:30:82:24:f6
Signer

Actual PE Digest

d8:80:be:90:ca:b2:aa:81:89:a4:ab:47:30:e9:e4:eb:30:82:24:f6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 223B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/SQLDumper.exe
.exe windows x86

81c720f8641914edcd344a3a79369611

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:ba:af:60:19:77:d5:3b:13:7c:11:2a:46:7a:6d:30:6b:4b:b2:5a
Signer

Actual PE Digest

2d:ba:af:60:19:77:d5:3b:13:7c:11:2a:46:7a:6d:30:6b:4b:b2:5a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

MiniDumpWriteDump
ImageNtHeader

psapi

GetModuleFileNameExW
GetModuleBaseNameA
GetModuleInformation
EnumProcessModules

rpcrt4

UuidCreate
UuidToStringW
UuidFromStringW
RpcStringFreeW

iphlpapi

GetExtendedTcpTable

ws2_32

ntohs

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

OpenProcess
Thread32First
VirtualFreeEx
InitializeCriticalSectionAndSpinCount
Sleep
ReadProcessMemory
FormatMessageW
GetVersionExW
LeaveCriticalSection
GetFileAttributesW
Thread32Next
ReadFile
GetModuleFileNameW
CreateFileW
FlushFileBuffers
GetLastError
GetProcAddress
VirtualAlloc
EnterCriticalSection
VirtualAllocEx
FindClose
OpenThread
SetConsoleCtrlHandler
GetExitCodeThread
CreateEventW
GetSystemInfo
WriteFile
CreateToolhelp32Snapshot
GetCurrentThreadId
CloseHandle
DeleteFileW
GetCurrentProcessId
DebugBreak
WriteProcessMemory
SuspendThread
ResumeThread
CreateThread
VirtualFree
GetModuleHandleW
SleepEx
SetEvent
GetComputerNameW
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
FreeLibrary
VirtualQuery
SetFilePointer
FindFirstFileW
FindNextFileW
GetFileSize
ExitProcess
ExpandEnvironmentStringsW
SetLastError
GetPrivateProfileStringW
lstrlenW
CompareStringW
GetProcessHeap
SetEnvironmentVariableW
HeapReAlloc
GetEnvironmentVariableW
CreateRemoteThread
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSetInformation
InterlockedCompareExchange
DecodePointer
EncodePointer
RaiseException
InterlockedExchange
LocalAlloc
LoadLibraryExA

advapi32

RegOpenKeyW
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
QueryServiceStatusEx
SetServiceStatus
StartServiceW
LookupPrivilegeValueW
RegQueryValueExW
RegisterServiceCtrlHandlerExW
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenProcessToken
CloseServiceHandle

msvcr100

_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__winitenv
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
??2@YAPAXI@Z
exit
_wstrtime_s
_time64
wcsncmp
swscanf_s
??3@YAXPAX@Z
_vsnwprintf
wcsrchr
_wmakepath_s
memset
_wremove
_errno
_wsplitpath_s
wcsnlen
qsort
_wtoi
wcstoul
_gmtime64_s
_wcsicmp
wcschr
_wstrdate_s
_swscanf_s_l
__CxxFrameHandler3
memcpy
_stricmp
wprintf

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/dbghelp.dll
.dll windows x86

fa6b094f828920cf8999743ff0004319

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa
Signer

Actual PE Digest

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_isatty
_write
_lseeki64
??3@YAXPAX@Z
_fileno
_read
__pioinfo
__badioinfo
ferror
wctomb
_snprintf
isleadbyte
mbtowc
_onexit
_lock
__dllonexit
_unlock
_ismbblead
_amsg_exit
_initterm
_XcptFilter
memmove
_iob
__mb_cur_max
strchr
_vsnwprintf
_errno
__CxxFrameHandler
iswspace
calloc
_itoa
_wcsdup
towlower
tolower
_wcslwr
time
_wctime
_ltoa
_strnicmp
_wcsnicmp
_purecall
ctime
malloc
strncmp
isspace
_stricmp
_strlwr
free
wcsrchr
strstr
memcpy
_wcsicmp
qsort
wcschr
wcsstr
wcsncmp
iswxdigit
memset
??2@YAPAXI@Z
iswprint
fflush
fprintf
atol
fclose
__unDName
iswdigit
_CxxThrowException
bsearch
_wfsopen
fread
fseek
wcstol
_wfullpath
_wgetenv
_get_osfhandle
_chsize
_close
_open_osfhandle
ftell
_memicmp
_mbscmp
??1type_info@@UAE@XZ
_wsopen

kernel32

HeapFree
MapViewOfFileEx
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
GetFileType
DeviceIoControl
SetFileAttributesW
CreateFileMappingW
InterlockedIncrement
InterlockedDecrement
LocalFree
FormatMessageW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedExchange
GetThreadSelectorEntry
CreateThread
TerminateThread
VirtualQueryEx
GetPriorityClass
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
GetSystemTimeAsFileTime
Sleep
GetVersion
GetSystemInfo
LoadLibraryExA
InterlockedCompareExchange
DelayLoadFailureHook
ReadProcessMemory
GetProcessHeap
GetFileAttributesA
SetErrorMode
WriteFile
OutputDebugStringA
VirtualFree
OpenProcess
GetCurrentProcessId
GetModuleHandleA
CreateFileMappingA
MapViewOfFile
DuplicateHandle
VirtualAlloc
VirtualProtect
CreateDirectoryA
UnmapViewOfFile
GetCurrentProcess
SetFilePointer
IsDBCSLeadByte
HeapAlloc
HeapReAlloc
GetVersionExA
InitializeCriticalSection
FindClose
SetLastError
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetLastError
TlsSetValue
TlsGetValue
FreeLibrary
LoadLibraryA
TlsAlloc
TlsFree
DeleteCriticalSection
HeapDestroy
HeapCreate
FlushViewOfFile

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
itoldyouso
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/msmdlocal.dll
.dll windows x86

30b9b02c4717da4bc8cc78b0a4bd2e81

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:7f:ff:1d:d6:09:04:46:00:2c:7e:55:1f:f3:01:d8:d5:10:a5:d2
Signer

Actual PE Digest

07:7f:ff:1d:d6:09:04:46:00:2c:7e:55:1f:f3:01:d8:d5:10:a5:d2

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
_Nan
_Inf
?quiet_NaN@?$numeric_limits@N@std@@SANXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ

msvcr100

__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
calloc
_vsnwprintf_l
_resetstkoflw
??0exception@std@@QAE@ABQBDH@Z
strchr
sprintf_s
fread
bsearch
_wcslwr_s
_strlwr_s
strcpy_s
fwprintf_s
_configthreadlocale
_wgetenv
exit
??2@YAPAXI@Z
_vsnprintf_s
_wcsupr
_ui64tow
_ultow_s
memmove_s
towlower
iswalnum
iswlower
iswalpha
wprintf
_CIfmod
_ultoa_s
_snwprintf_s
_CIlog
_CIsqrt
printf
_finite
wcstok
bsearch_s
qsort_s
_CIpow
_CIexp
ceil
vfprintf
??3@YAXPAX@Z
??_V@YAXPAX@Z
fseek
fprintf
_fsopen
getenv
_wcslwr
iswdigit
_ltow
_swscanf_s_l
longjmp
_setjmp3
_wcsnicmp_l
_wtoi64_l
_wfullpath
__pctype_func
_isctype_l
_iswprint_l
_i64tow_s
_i64tow
_wcstoi64
_snprintf_s
strncpy_s
_waccess
_wcsdup
_wsetlocale
_time64
_CIlog10
_CIatan
_CIsin
frexp
ldexp
_wfsopen
_wctime64
srand
rand
_wcsicmp_l
_vsnwprintf
iswspace
_isnan
_itow
_endthreadex
floor
wcsncat_s
setvbuf
_ftelli64
fflush
ferror
fclose
_wfopen
vswprintf_s
vfwprintf
fwprintf
fputwc
__iob_func
_local_unwind4
_vsnwprintf_s
swscanf_s
_wtol
wcsrchr
wcschr
swprintf_s
_wtoi
wcstoul
wcstol
_wcsnicmp
wcstok_s
_errno
qsort
wcscpy_s
_msize
_aligned_msize
_aligned_realloc
_aligned_malloc
_aligned_free
realloc
_beginthreadex
_wsplitpath_s
_wmakepath_s
wcsncmp
wcscat_s
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
memcpy_s
malloc
free
_purecall
_ui64tow_s
_ultow
_itow_s
wcsncpy_s
memmove
memset
_vswprintf_c_l
_wcsicmp
wcsstr
memcpy
wcspbrk
__CxxFrameHandler3
_CxxThrowException
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z

kernel32

GetStartupInfoW
GetUserDefaultUILanguage
EncodePointer
DecodePointer
SetEnvironmentVariableW
CompareStringW
GetPrivateProfileStringW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
Module32NextW
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
SystemTimeToFileTime
GetLocaleInfoW
LocaleNameToLCID
CreateSemaphoreW
CreateDirectoryW
GetFileInformationByHandle
GetFileType
RemoveDirectoryW
SetFilePointer
SetFileTime
CancelIo
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
MoveFileW
MapViewOfFile
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
QueueUserWorkItem
ConvertThreadToFiber
BindIoCompletionCallback
GetThreadLocale
SetThreadLocale
GetFileSize
FlushFileBuffers
WaitForMultipleObjectsEx
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
IsValidLocale
GetSystemDefaultLCID
UnhandledExceptionFilter
IsProcessorFeaturePresent
ExpandEnvironmentStringsW
TlsGetValue
OutputDebugStringA
SetLastError
LeaveCriticalSection
DeleteCriticalSection
SleepEx
DisableThreadLibraryCalls
GetProcAddress
LocalFree
LoadLibraryExA
LocalAlloc
GetLastError
InterlockedExchange
RaiseException
FreeLibrary
MultiByteToWideChar
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetCurrentProcess
TerminateProcess
DebugBreak
SwitchToThread
GetCurrentThreadId
GetTickCount
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
GetCurrentProcessId
TlsAlloc
TlsSetValue
TlsFree
CreateTimerQueueTimer
DeleteTimerQueueTimer
CreateToolhelp32Snapshot
Thread32First
Thread32Next
FindClose
FindFirstFileW
FindNextFileW
GetVolumeInformationW
DuplicateHandle
QueryPerformanceCounter
QueryPerformanceFrequency
GetOverlappedResult
WaitForSingleObjectEx
SetWaitableTimer
InterlockedExchangeAdd
GetSystemInfo
GetSystemDirectoryW
GetComputerNameExW
GetVersionExW
GetLogicalProcessorInformation
VirtualAlloc
VirtualFree
VirtualQuery
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExW
GetProcessAffinityMask
SetThreadAffinityMask
SetThreadIdealProcessor
CreateWaitableTimerW
GetNumaProcessorNode
GetCurrentThread
GetThreadTimes
WaitForMultipleObjects
SetEvent
ResetEvent
HeapCreate
HeapDestroy
HeapCompact
GlobalMemoryStatusEx
CreateMemoryResourceNotification
QueryMemoryResourceNotification
GetModuleHandleA
HeapReAlloc
HeapSize
HeapValidate
VirtualLock
VirtualUnlock
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
GetLongPathNameW
GetLocalTime
GetProcessWorkingSetSize
SetProcessWorkingSetSize
FormatMessageW
IsDebuggerPresent
OutputDebugStringW
SetUnhandledExceptionFilter
TryEnterCriticalSection
AddVectoredExceptionHandler
WideCharToMultiByte
GetSystemTime
GetDiskFreeSpaceW
ReleaseSemaphore
CreateEventW
SetThreadPriority
OpenProcess
ReadFile
ReadFileScatter
WriteFile
WriteFileGather
FindCloseChangeNotification
GetThreadPriority
FindNextChangeNotification
GetFileAttributesExW
CopyFileW
MoveFileExW
GetExitCodeProcess
CreateProcessW
CreateTimerQueue
ChangeTimerQueueTimer
DeleteTimerQueueEx
LoadResource
LockResource
SizeofResource
FindResourceW
CreateFileW
DeleteFileW
GetDiskFreeSpaceExW
GetVolumePathNameW
UnregisterWaitEx
RegisterWaitForSingleObject
OpenThread
GetProcessTimes
PulseEvent
GlobalMemoryStatus
CreateFiber
DeleteFiber
SwitchToFiber
ExitProcess
CreateThread
ResumeThread
LCIDToLocaleName
GetLocaleInfoEx
lstrlenA
lstrlenW
FileTimeToLocalFileTime
GlobalFree
ConvertDefaultLocale
SetConsoleCtrlHandler
CreateHardLinkW
WaitForSingleObject
Sleep
IsDBCSLeadByte
LoadLibraryW
ReadProcessMemory
CreateMutexW
SetHandleInformation
ReleaseMutex
FindFirstChangeNotificationW

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegOpenKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDeriveKey
ImpersonateLoggedOnUser
GetSecurityInfo
GetUserNameW
AddAccessAllowedAceEx
RegOpenKeyW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
OpenProcessToken
InitializeSecurityDescriptor
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
SetThreadToken
OpenThreadToken
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegSetValueExW
CryptGenKey
CryptDestroyKey
CryptSetKeyParam
CryptGetKeyParam
CryptExportKey
CryptImportKey
CryptEncrypt
CryptDecrypt
CopySid
GetLengthSid
AddAccessAllowedAce
AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
InitializeAcl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorSacl
LookupAccountSidW
LookupAccountNameW
ConvertSidToStringSidW
ConvertStringSidToSidW
AccessCheck
AllocateLocallyUniqueId
RevertToSelf
ImpersonateAnonymousToken
MapGenericMask
LogonUserW
LsaNtStatusToWinError
CloseServiceHandle
EnumServicesStatusW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
SetServiceStatus
RegisterServiceCtrlHandlerW

shlwapi

PathCombineW
PathFindExtensionW
PathFindFileNameW
PathRemoveBackslashW
PathRemoveExtensionW
PathRemoveFileSpecW

iphlpapi

GetUnicastIpAddressEntry
GetBestInterfaceEx

userenv

GetProfileType

ncrypt

BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptExportKey
BCryptDestroyKey
NCryptOpenStorageProvider
NCryptGetProperty
NCryptImportKey
NCryptVerifySignature
NCryptFreeObject

Exports

Exports

DmpGetClientExport
MSMDCanUnloadNow
MSMDCancelCommands
MSMDCloseHandle
MSMDGetDBImageSize
MSMDGetDBLastModified
MSMDGetMDXUtils
MSMDInitLocal
MSMDLoadDBImage
MSMDOpenLocal
MSMDOpenRequest
MSMDParseFormulaExpression
MSMDParseGetCubeName
MSMDParseXLFormulaExpression
MSMDReadData
MSMDReadDataEx
MSMDReceiveResponse
MSMDRenameServer
MSMDSaveDBImage
MSMDSendRequest
MSMDStopLocal
MSMDWriteData
MSMDWriteDataEx

Sections

.text
Size: 21.5MB - Virtual size: 21.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.1MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AssertDa
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 402KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/msmgdsrv.dll
.dll windows x86

1f0b9d86d3b09c1459e4f99bc82b614a

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:1f:23:2c:95:00:e6:ea:be:0b:af:6a:9a:2d:3f:ac:3b:5c:68:ee
Signer

Actual PE Digest

67:1f:23:2c:95:00:e6:ea:be:0b:af:6a:9a:2d:3f:ac:3b:5c:68:ee

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:39
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreW
CreateFileW
CreateDirectoryW
DeleteFileW
GetFileSizeEx
GetFileType
RemoveDirectoryW
SetEndOfFile
SetFilePointer
CancelIo
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
MoveFileW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ResumeThread
QueueUserWorkItem
UnregisterWaitEx
RegisterWaitForSingleObject
GetThreadLocale
SetThreadLocale
FlushFileBuffers
GetDiskFreeSpaceExW
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
CloseHandle
QueryPerformanceCounter
GetTickCount
LeaveCriticalSection
FreeLibrary
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
TlsGetValue
LocalFree
GetFileInformationByHandle
InterlockedIncrement
IsProcessorFeaturePresent
UnhandledExceptionFilter
DecodePointer
EncodePointer
Sleep
Module32NextW
PulseEvent
FindResourceW
SizeofResource
LockResource
LoadResource
GetLastError
LoadLibraryExA
LocalAlloc
InterlockedExchange
RaiseException
FindClose
FindFirstFileW
FindNextFileW
SetLastError
QueryPerformanceFrequency
GetOverlappedResult
SleepEx
WaitForSingleObjectEx
SetWaitableTimer
InterlockedExchangeAdd
GetCurrentProcess
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryW
GetVersionExW
GetLogicalProcessorInformation
VirtualAlloc
VirtualFree
VirtualQuery
GetModuleHandleExW
LoadLibraryExW
GetProcessAffinityMask
SetThreadAffinityMask
SetThreadIdealProcessor
CreateWaitableTimerW
GetNumaProcessorNode
InterlockedDecrement
InterlockedCompareExchange
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
TerminateProcess
MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToFileTime
GetCurrentThread
GetThreadTimes
WaitForMultipleObjects
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
TlsAlloc
TlsSetValue
TlsFree
CreateTimerQueueTimer
DeleteTimerQueueTimer
CreateToolhelp32Snapshot
Thread32First
Thread32Next
DebugBreak
SwitchToThread
GetLocaleInfoW
ConvertDefaultLocale
SetEvent
ResetEvent
HeapCreate
HeapDestroy
GlobalMemoryStatusEx
CreateMemoryResourceNotification
HeapReAlloc
HeapSize
HeapValidate
VirtualLock
VirtualUnlock
OutputDebugStringA
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
GetLongPathNameW
GetLocalTime
SetProcessWorkingSetSize
FormatMessageW
IsDebuggerPresent
OutputDebugStringW
SetUnhandledExceptionFilter
TryEnterCriticalSection
WideCharToMultiByte
GetSystemTime
GetDiskFreeSpaceW
ReleaseSemaphore
CreateEventW
SetThreadPriority
ReadFile
ReadFileScatter
WriteFile
GetFileAttributesExW
CopyFileW
MoveFileExW
DeleteTimerQueueEx

msvcp100

?_Lockit_ctor@_Lockit@std@@SAXH@Z
?_Lockit_dtor@_Lockit@std@@SAXH@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ

msvcr100

__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
memmove_s
_wcsicmp_l
bsearch_s
sprintf_s
_vsnwprintf
_CIpow
_CIexp
ceil
vfprintf
fseek
fprintf
_fsopen
getenv
_endthreadex
floor
wcsncat_s
setvbuf
_ftelli64
fflush
ferror
fclose
_wfopen
vswprintf_s
vfwprintf
fwprintf
fputwc
__iob_func
_local_unwind4
_vsnwprintf_s
swscanf_s
_wtol
wcschr
wcsrchr
_wtoi
_msize
_aligned_msize
_except_handler4_common
_aligned_malloc
_aligned_free
realloc
_beginthreadex
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_vswprintf_c_l
_snprintf_s
strncpy_s
calloc
_wsetlocale
_snwprintf_s
_vsnprintf_s
_wcsicmp
wcsstr
malloc
free
_isnan
swprintf_s
_ui64tow
_i64tow
iswspace
_wcsnicmp
wcscpy_s
memcpy_s
_itow_s
_wsplitpath_s
_wmakepath_s
wcsncmp
wcspbrk
_purecall
wcscat_s
wcsncpy_s
memset
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
_CxxThrowException
memmove
memcpy
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3
??3@YAXPAX@Z
??_V@YAXPAX@Z
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
__FrameUnwindFilter
_cexit
__RTDynamicCast
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_aligned_realloc
__clean_type_info_names_internal

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SetThreadToken
OpenThreadToken
ImpersonateLoggedOnUser
OpenProcessToken
InitializeSecurityDescriptor
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RevertToSelf

mscoree

_CorDllMain

Exports

Exports

MSMDCreateAssembly
MSMDCreateManagedConnection
MSMDCreateManagedDSV
MSMDCreateManagedNLP
MSMDCreateTimeDimCalculator
MSMDCreateTimeDimReader
MSMDFileSystemBrowserFileExists
MSMDFileSystemBrowserGetAllowedDirectories
MSMDFileSystemBrowserGetDirectories
MSMDFileSystemBrowserGetFiles
MSMDFileSystemBrowserGetLogicalDrives
MSMDInitModule
MSMDLocalStreamClose
MSMDLocalStreamCloseBase
MSMDLocalStreamFlush
MSMDLocalStreamRead
MSMDLocalStreamSkip
MSMDLocalStreamWrite
MSMDLocalStreamWriteEndOfMessage
MSMDOnServerReady
MSMDResetModule
MSMDSetFeatureSwitches

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 855KB - Virtual size: 854KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.3MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AssertDa
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/msolap110.dll
.dll regsvr32 windows x86

0bce98ee70e0cf58c1e95a5af6536002

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:8d:cb:83:b9:8c:62:a7:7f:bd:22:66:74:4e:84:be:e5:fc:f0:8b
Signer

Actual PE Digest

69:8d:cb:83:b9:8c:62:a7:7f:bd:22:66:74:4e:84:be:e5:fc:f0:8b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr100

_vsnwprintf_l
iswdigit
_wcsicmp_l
_vsnwprintf
sprintf_s
_CIpow
_CIexp
ceil
vfprintf
fseek
fprintf
_fsopen
getenv
floor
wcsncat_s
setvbuf
_ftelli64
fflush
ferror
fclose
vswprintf_s
vfwprintf
fwprintf
fputwc
__iob_func
_local_unwind4
_vsnwprintf_s
wcstol
_wtoi64_l
wcsrchr
_msize
_aligned_msize
_aligned_realloc
_aligned_malloc
_aligned_free
realloc
_endthreadex
_beginthreadex
_snwprintf_s
_wsetlocale
_wcsdup
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
_isnan
_ui64tow
_i64tow
_wmakepath_s
wcspbrk
_itow_s
_snprintf_s
strncpy_s
_vsnprintf_s
_wtol
??3@YAXPAX@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
__clean_type_info_names_internal
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_wcsicmp
wcsncmp
swscanf_s
_vswprintf_c_l
iswspace
_wfopen
_wsplitpath_s
swprintf_s
_wtoi
_ultow
_wcsnicmp
wcschr
memmove
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
??_V@YAXPAX@Z
wcsstr
wcsncpy_s
wcscpy_s
wcscat_s
memmove_s
memcpy_s
_recalloc
malloc
free
calloc
??2@YAPAXI@Z
_purecall
_wfullpath

kernel32

GetModuleFileNameW
GetModuleHandleW
GetProcAddress
FreeLibrary
LoadResource
SizeofResource
FindResourceW
MultiByteToWideChar
OutputDebugStringA
GetCurrentProcessId
TlsGetValue
CreateTimerQueueTimer
DeleteTimerQueueTimer
IsValidCodePage
GetACP
CloseHandle
InterlockedExchange
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetThreadLocale
GetUserDefaultUILanguage
IsDebuggerPresent
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
SleepEx
GetTickCount
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
WideCharToMultiByte
EnterCriticalSection
EncodePointer
DecodePointer
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThreadId
IsProcessorFeaturePresent
lstrlenW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetLastError
RaiseException
CreateSemaphoreW
LoadLibraryExW
GetVolumePathNameW
GetDiskFreeSpaceExW
PulseEvent
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
LockResource
WaitForMultipleObjectsEx
ReadFileScatter
ReleaseSemaphore
GetSystemTime
SetProcessWorkingSetSize
GetLocalTime
GetLongPathNameW
GetFullPathNameW
GetCurrentDirectoryW
GetEnvironmentVariableW
FormatMessageW
VirtualUnlock
VirtualLock
HeapValidate
HeapSize
HeapReAlloc
CreateMemoryResourceNotification
GlobalMemoryStatusEx
HeapDestroy
HeapCreate
FlushFileBuffers
MoveFileExW
MoveFileW
CopyFileW
MapViewOfFileEx
CreateEventW
CancelIo
WriteFile
SetFilePointerEx
SetFilePointer
SetEndOfFile
RemoveDirectoryW
ReadFile
GetFileType
GetFileSizeEx
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceW
DeleteFileW
CreateFileW
CreateDirectoryW
SetThreadLocale
BindIoCompletionCallback
FindClose
RegisterWaitForSingleObject
LocalFree
LoadLibraryExA
LocalAlloc
SetLastError
DebugBreak
SwitchToThread
InterlockedExchangeAdd
GetSystemInfo
VirtualAlloc
VirtualQuery
FindFirstFileW
FindNextFileW
GetOverlappedResult
WaitForSingleObjectEx
SetWaitableTimer
GetSystemDirectoryW
GetComputerNameExW
GetVersionExW
GetLogicalProcessorInformation
VirtualFree
GetModuleHandleExW
GetProcessAffinityMask
SetThreadAffinityMask
SetThreadIdealProcessor
CreateWaitableTimerW
GetNumaProcessorNode
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetLocaleInfoW
ConvertDefaultLocale
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
TlsAlloc
TlsSetValue
TlsFree
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetCurrentThread
GetThreadTimes
WaitForMultipleObjects
UnmapViewOfFile
CreateFileMappingW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SetEvent
ResetEvent
SetThreadPriority
ResumeThread
QueueUserWorkItem
UnregisterWaitEx
CreateTimerQueue
DeleteTimerQueueEx

advapi32

MapGenericMask
AccessCheck
CryptDecrypt
CryptEncrypt
CryptGetKeyParam
CryptSetKeyParam
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
EqualSid
OpenProcessToken
OpenThreadToken
RegQueryValueExW
LookupPrivilegeValueW
RevertToSelf
AdjustTokenPrivileges
GetTokenInformation
SetThreadToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupAccountSidW

msvcp100

?_Orphan_all@_Container_base0@std@@QAEXXZ

shlwapi

PathRemoveFileSpecW
PathRemoveExtensionW
PathFindExtensionW
PathFindFileNameW
PathRemoveBackslashW
PathCombineW

userenv

GetProfileType

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 656KB - Virtual size: 655KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.5MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AssertDa
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/msolui110.dll
.dll regsvr32 windows x86

1297b79f6a02b17ccd62ab546c93a9dc

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:13:7b:1b:22:68:64:91:9a:ad:37:dc:80:ba:06:d7:1f:7d:bb:ca
Signer

Actual PE Digest

fd:13:7b:1b:22:68:64:91:9a:ad:37:dc:80:ba:06:d7:1f:7d:bb:ca

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW

kernel32

GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
MultiByteToWideChar
FindFirstFileW
FindNextFileW
SetLastError
GetCurrentProcess
GetCurrentThreadId
FlushInstructionCache
GlobalAlloc
GlobalFree
lstrcmpW
LockResource
GlobalLock
GetModuleFileNameW
GlobalUnlock
MulDiv
LoadLibraryW
GetUserDefaultLCID
LocalFree
FormatMessageW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
Sleep
InterlockedExchange
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
DecodePointer
EncodePointer
IsProcessorFeaturePresent
HeapFree
HeapAlloc
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InterlockedCompareExchange
FreeLibrary
DisableThreadLibraryCalls
lstrlenW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GlobalHandle
GetProcessHeap

ole32

OleLockRunning
OleUninitialize
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance

oleaut32

LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
GetErrorInfo
RegisterTypeLi
UnRegisterTypeLi
SysAllocStringLen
VariantInit
VariantClear
OleCreateFontIndirect
VariantCopy
SysFreeString

user32

CharNextW
LoadStringW
RegisterWindowMessageW
SendMessageW
DefWindowProcW
MessageBoxW
MapDialogRect
LoadCursorW
GetWindow
GetClassNameW
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
FillRect
GetSysColor
ScreenToClient
ClientToScreen
SetWindowContextHelpId
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
EnableWindow
ReleaseCapture
SetCapture
GetFocus
GetActiveWindow
CallWindowProcW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
SetFocus
UnregisterClassA

gdi32

CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
SelectObject
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt

comdlg32

GetOpenFileNameW

msvcr100

??_V@YAXPAX@Z
__CxxFrameHandler3
_purecall
??2@YAPAXI@Z
free
malloc
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??3@YAXPAX@Z
_wcsupr
_wcsicmp
wcschr
_wcsdup
swprintf_s
_ltow_s
memset
_CxxThrowException
wcsstr
wcsncpy_s
wcscpy_s
wcscat_s
memcpy_s
??_U@YAPAXI@Z
_recalloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/AppInfo/Launcher/Microsoft Analysis Services/AS OLEDB/110/xmsrv.dll
.dll windows x86

4cd6069d05f895d3e3590106a764cc93

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:2e:56:8e:b4:01:eb:c4:30:07:f3:6c:e5:56:96:e5:af:3b:4f:86
Signer

Actual PE Digest

51:2e:56:8e:b4:01:eb:c4:30:07:f3:6c:e5:56:96:e5:af:3b:4f:86

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr100

getenv
__CxxFrameHandler3
fopen
strcat_s
_get_errno
qsort_s
strncat_s
_strnicmp
__iob_func
feof
qsort
strncpy_s
isalnum
_strtoi64
_strtoui64
strtod
strtol
wcstombs
atoi
_wtoi64
_vsnwprintf
memmove_s
strtok_s
tolower
wcsrchr
_strlwr_s
_wcslwr_s
bsearch
fread
_wcsicmp_l
strcpy_s
floor
_CIfmod
_wtoi
_CIpow
fflush
fwprintf
fgets
wprintf_s
fputws
wcstok
_CIsqrt
sprintf_s
printf
_time64
fclose
_wfopen
fgetws
_wgetenv
wcstod
_beginthreadex
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_ungetch
_kbhit
_getch
srand
rand
_stricmp
vprintf
vwprintf
realloc
??0exception@std@@QAE@ABQBDH@Z
strchr
??2@YAPAXI@Z
_wcsicmp
wcsstr
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
malloc
_isnan
swprintf_s
_ui64tow
_i64tow
iswspace
memcpy_s
_ui64tow_s
_ultow
_itow_s
wcsncpy_s
wcsncmp
wcscat_s
fputwc
wcschr
??_V@YAXPAX@Z
_CxxThrowException
memmove
memcpy
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
iswalnum
_CIlog
ceil
wcscpy_s
_set_errno
memset
??3@YAXPAX@Z
_wtof
_purecall

kernel32

Module32NextW
IsDBCSLeadByte
WriteFile
CreateFileW
CreateProcessA
ReadFile
GetFileSizeEx
CreateFileA
FormatMessageW
LocalFree
WideCharToMultiByte
CreateSemaphoreW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
TlsGetValue
DisableThreadLibraryCalls
CloseHandle
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
CreateEventW
GetCurrentThreadId
PulseEvent
WaitForMultipleObjects
EncodePointer
DecodePointer
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
ReleaseSemaphore
CreateThread
GetCurrentDirectoryW
VirtualLock
ResumeThread
WaitForSingleObject
ResetEvent
Thread32Next
Thread32First
CreateToolhelp32Snapshot
DeleteTimerQueueTimer
TlsFree
TlsSetValue
TlsAlloc
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
SystemTimeToFileTime
FileTimeToSystemTime
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetThreadTimes
GetCurrentThread
SetThreadIdealProcessor
SetThreadAffinityMask
GetProcessAffinityMask
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
VirtualFree
GetVersionExW
WaitForSingleObjectEx
GetOverlappedResult
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
GetSystemInfo
InterlockedExchangeAdd
SwitchToThread
SleepEx

oleaut32

SysStringByteLen
SysFreeString
SysAllocStringLen
VarDateFromStr
VarR8FromStr
GetErrorInfo
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocString
VariantClear
VariantChangeTypeEx
VarR8FromCy
VarCyFromR8
VarParseNumFromStr
VarCmp

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

ole32

CoInitializeEx
CoTaskMemFree
CoCreateGuid
StringFromGUID2
IIDFromString
CoUninitialize
CoCreateInstance

Exports

Exports

XMDllCanUnloadNow
XMDllLoad

Sections

.text
Size: 24.1MB - Virtual size: 24.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.2MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AssertDa
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 771KB - Virtual size: 770KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges — копия/Informix.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges — копия/Sybase.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges — копия/as80.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges — копия/as90.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges — копия/db2v0801.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges — копия/hive.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges — копия/msjet.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges — копия/orcl7.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges — копия/sql2000.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges — копия/sql70.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges — копия/sql90.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges — копия/sqlpdw.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges — копия/trdtv2r41.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges/Informix.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges/Sybase.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges/as80.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges/as90.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges/db2v0801.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges/hive.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges/msjet.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges/orcl7.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges/sql2000.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges/sql70.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges/sql90.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges/sqlpdw.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Cartridges/trdtv2r41.xsl
.xml
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Resources — копия/1049/msmdsrv.rll
.dll windows x86

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:5f:7a:0c:7a:8b:a2:52:48:97:00:2a:38:97:36:d0:41:07:28:46
Signer

Actual PE Digest

28:5f:7a:0c:7a:8b:a2:52:48:97:00:2a:38:97:36:d0:41:07:28:46

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 139B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Resources — копия/1049/msmdsrvi.rll
.dll windows x86

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:28:b4:19:dc:9b:4c:3f:1a:a2:df:6a:4d:dd:7b:c6:9f:2c:e0:b0
Signer

Actual PE Digest

4d:28:b4:19:dc:9b:4c:3f:1a:a2:df:6a:4d:dd:7b:c6:9f:2c:e0:b0

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Resources — копия/1049/msolui110.rll
.dll windows x86

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:80:be:90:ca:b2:aa:81:89:a4:ab:47:30:e9:e4:eb:30:82:24:f6
Signer

Actual PE Digest

d8:80:be:90:ca:b2:aa:81:89:a4:ab:47:30:e9:e4:eb:30:82:24:f6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 223B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Resources/1049/msmdsrv.rll
.dll windows x86

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:5f:7a:0c:7a:8b:a2:52:48:97:00:2a:38:97:36:d0:41:07:28:46
Signer

Actual PE Digest

28:5f:7a:0c:7a:8b:a2:52:48:97:00:2a:38:97:36:d0:41:07:28:46

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 139B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Resources/1049/msmdsrvi.rll
.dll windows x86

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:28:b4:19:dc:9b:4c:3f:1a:a2:df:6a:4d:dd:7b:c6:9f:2c:e0:b0
Signer

Actual PE Digest

4d:28:b4:19:dc:9b:4c:3f:1a:a2:df:6a:4d:dd:7b:c6:9f:2c:e0:b0

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/Resources/1049/msolui110.rll
.dll windows x86

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:80:be:90:ca:b2:aa:81:89:a4:ab:47:30:e9:e4:eb:30:82:24:f6
Signer

Actual PE Digest

d8:80:be:90:ca:b2:aa:81:89:a4:ab:47:30:e9:e4:eb:30:82:24:f6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 223B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/SQLDumper — копия.exe
.exe windows x86

81c720f8641914edcd344a3a79369611

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:ba:af:60:19:77:d5:3b:13:7c:11:2a:46:7a:6d:30:6b:4b:b2:5a
Signer

Actual PE Digest

2d:ba:af:60:19:77:d5:3b:13:7c:11:2a:46:7a:6d:30:6b:4b:b2:5a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

MiniDumpWriteDump
ImageNtHeader

psapi

GetModuleFileNameExW
GetModuleBaseNameA
GetModuleInformation
EnumProcessModules

rpcrt4

UuidCreate
UuidToStringW
UuidFromStringW
RpcStringFreeW

iphlpapi

GetExtendedTcpTable

ws2_32

ntohs

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

OpenProcess
Thread32First
VirtualFreeEx
InitializeCriticalSectionAndSpinCount
Sleep
ReadProcessMemory
FormatMessageW
GetVersionExW
LeaveCriticalSection
GetFileAttributesW
Thread32Next
ReadFile
GetModuleFileNameW
CreateFileW
FlushFileBuffers
GetLastError
GetProcAddress
VirtualAlloc
EnterCriticalSection
VirtualAllocEx
FindClose
OpenThread
SetConsoleCtrlHandler
GetExitCodeThread
CreateEventW
GetSystemInfo
WriteFile
CreateToolhelp32Snapshot
GetCurrentThreadId
CloseHandle
DeleteFileW
GetCurrentProcessId
DebugBreak
WriteProcessMemory
SuspendThread
ResumeThread
CreateThread
VirtualFree
GetModuleHandleW
SleepEx
SetEvent
GetComputerNameW
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
FreeLibrary
VirtualQuery
SetFilePointer
FindFirstFileW
FindNextFileW
GetFileSize
ExitProcess
ExpandEnvironmentStringsW
SetLastError
GetPrivateProfileStringW
lstrlenW
CompareStringW
GetProcessHeap
SetEnvironmentVariableW
HeapReAlloc
GetEnvironmentVariableW
CreateRemoteThread
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSetInformation
InterlockedCompareExchange
DecodePointer
EncodePointer
RaiseException
InterlockedExchange
LocalAlloc
LoadLibraryExA

advapi32

RegOpenKeyW
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
QueryServiceStatusEx
SetServiceStatus
StartServiceW
LookupPrivilegeValueW
RegQueryValueExW
RegisterServiceCtrlHandlerExW
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenProcessToken
CloseServiceHandle

msvcr100

_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__winitenv
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
??2@YAPAXI@Z
exit
_wstrtime_s
_time64
wcsncmp
swscanf_s
??3@YAXPAX@Z
_vsnwprintf
wcsrchr
_wmakepath_s
memset
_wremove
_errno
_wsplitpath_s
wcsnlen
qsort
_wtoi
wcstoul
_gmtime64_s
_wcsicmp
wcschr
_wstrdate_s
_swscanf_s_l
__CxxFrameHandler3
memcpy
_stricmp
wprintf

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/SQLDumper.exe
.exe windows x86

81c720f8641914edcd344a3a79369611

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:ba:af:60:19:77:d5:3b:13:7c:11:2a:46:7a:6d:30:6b:4b:b2:5a
Signer

Actual PE Digest

2d:ba:af:60:19:77:d5:3b:13:7c:11:2a:46:7a:6d:30:6b:4b:b2:5a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

MiniDumpWriteDump
ImageNtHeader

psapi

GetModuleFileNameExW
GetModuleBaseNameA
GetModuleInformation
EnumProcessModules

rpcrt4

UuidCreate
UuidToStringW
UuidFromStringW
RpcStringFreeW

iphlpapi

GetExtendedTcpTable

ws2_32

ntohs

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

OpenProcess
Thread32First
VirtualFreeEx
InitializeCriticalSectionAndSpinCount
Sleep
ReadProcessMemory
FormatMessageW
GetVersionExW
LeaveCriticalSection
GetFileAttributesW
Thread32Next
ReadFile
GetModuleFileNameW
CreateFileW
FlushFileBuffers
GetLastError
GetProcAddress
VirtualAlloc
EnterCriticalSection
VirtualAllocEx
FindClose
OpenThread
SetConsoleCtrlHandler
GetExitCodeThread
CreateEventW
GetSystemInfo
WriteFile
CreateToolhelp32Snapshot
GetCurrentThreadId
CloseHandle
DeleteFileW
GetCurrentProcessId
DebugBreak
WriteProcessMemory
SuspendThread
ResumeThread
CreateThread
VirtualFree
GetModuleHandleW
SleepEx
SetEvent
GetComputerNameW
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
FreeLibrary
VirtualQuery
SetFilePointer
FindFirstFileW
FindNextFileW
GetFileSize
ExitProcess
ExpandEnvironmentStringsW
SetLastError
GetPrivateProfileStringW
lstrlenW
CompareStringW
GetProcessHeap
SetEnvironmentVariableW
HeapReAlloc
GetEnvironmentVariableW
CreateRemoteThread
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSetInformation
InterlockedCompareExchange
DecodePointer
EncodePointer
RaiseException
InterlockedExchange
LocalAlloc
LoadLibraryExA

advapi32

RegOpenKeyW
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
QueryServiceStatusEx
SetServiceStatus
StartServiceW
LookupPrivilegeValueW
RegQueryValueExW
RegisterServiceCtrlHandlerExW
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenProcessToken
CloseServiceHandle

msvcr100

_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__winitenv
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
??2@YAPAXI@Z
exit
_wstrtime_s
_time64
wcsncmp
swscanf_s
??3@YAXPAX@Z
_vsnwprintf
wcsrchr
_wmakepath_s
memset
_wremove
_errno
_wsplitpath_s
wcsnlen
qsort
_wtoi
wcstoul
_gmtime64_s
_wcsicmp
wcschr
_wstrdate_s
_swscanf_s_l
__CxxFrameHandler3
memcpy
_stricmp
wprintf

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/dbghelp — копия.dll
.dll windows x86

fa6b094f828920cf8999743ff0004319

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa
Signer

Actual PE Digest

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_isatty
_write
_lseeki64
??3@YAXPAX@Z
_fileno
_read
__pioinfo
__badioinfo
ferror
wctomb
_snprintf
isleadbyte
mbtowc
_onexit
_lock
__dllonexit
_unlock
_ismbblead
_amsg_exit
_initterm
_XcptFilter
memmove
_iob
__mb_cur_max
strchr
_vsnwprintf
_errno
__CxxFrameHandler
iswspace
calloc
_itoa
_wcsdup
towlower
tolower
_wcslwr
time
_wctime
_ltoa
_strnicmp
_wcsnicmp
_purecall
ctime
malloc
strncmp
isspace
_stricmp
_strlwr
free
wcsrchr
strstr
memcpy
_wcsicmp
qsort
wcschr
wcsstr
wcsncmp
iswxdigit
memset
??2@YAPAXI@Z
iswprint
fflush
fprintf
atol
fclose
__unDName
iswdigit
_CxxThrowException
bsearch
_wfsopen
fread
fseek
wcstol
_wfullpath
_wgetenv
_get_osfhandle
_chsize
_close
_open_osfhandle
ftell
_memicmp
_mbscmp
??1type_info@@UAE@XZ
_wsopen

kernel32

HeapFree
MapViewOfFileEx
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
GetFileType
DeviceIoControl
SetFileAttributesW
CreateFileMappingW
InterlockedIncrement
InterlockedDecrement
LocalFree
FormatMessageW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedExchange
GetThreadSelectorEntry
CreateThread
TerminateThread
VirtualQueryEx
GetPriorityClass
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
GetSystemTimeAsFileTime
Sleep
GetVersion
GetSystemInfo
LoadLibraryExA
InterlockedCompareExchange
DelayLoadFailureHook
ReadProcessMemory
GetProcessHeap
GetFileAttributesA
SetErrorMode
WriteFile
OutputDebugStringA
VirtualFree
OpenProcess
GetCurrentProcessId
GetModuleHandleA
CreateFileMappingA
MapViewOfFile
DuplicateHandle
VirtualAlloc
VirtualProtect
CreateDirectoryA
UnmapViewOfFile
GetCurrentProcess
SetFilePointer
IsDBCSLeadByte
HeapAlloc
HeapReAlloc
GetVersionExA
InitializeCriticalSection
FindClose
SetLastError
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetLastError
TlsSetValue
TlsGetValue
FreeLibrary
LoadLibraryA
TlsAlloc
TlsFree
DeleteCriticalSection
HeapDestroy
HeapCreate
FlushViewOfFile

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
itoldyouso
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/dbghelp.dll
.dll windows x86

fa6b094f828920cf8999743ff0004319

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa
Signer

Actual PE Digest

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_isatty
_write
_lseeki64
??3@YAXPAX@Z
_fileno
_read
__pioinfo
__badioinfo
ferror
wctomb
_snprintf
isleadbyte
mbtowc
_onexit
_lock
__dllonexit
_unlock
_ismbblead
_amsg_exit
_initterm
_XcptFilter
memmove
_iob
__mb_cur_max
strchr
_vsnwprintf
_errno
__CxxFrameHandler
iswspace
calloc
_itoa
_wcsdup
towlower
tolower
_wcslwr
time
_wctime
_ltoa
_strnicmp
_wcsnicmp
_purecall
ctime
malloc
strncmp
isspace
_stricmp
_strlwr
free
wcsrchr
strstr
memcpy
_wcsicmp
qsort
wcschr
wcsstr
wcsncmp
iswxdigit
memset
??2@YAPAXI@Z
iswprint
fflush
fprintf
atol
fclose
__unDName
iswdigit
_CxxThrowException
bsearch
_wfsopen
fread
fseek
wcstol
_wfullpath
_wgetenv
_get_osfhandle
_chsize
_close
_open_osfhandle
ftell
_memicmp
_mbscmp
??1type_info@@UAE@XZ
_wsopen

kernel32

HeapFree
MapViewOfFileEx
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
GetFileType
DeviceIoControl
SetFileAttributesW
CreateFileMappingW
InterlockedIncrement
InterlockedDecrement
LocalFree
FormatMessageW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedExchange
GetThreadSelectorEntry
CreateThread
TerminateThread
VirtualQueryEx
GetPriorityClass
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
GetSystemTimeAsFileTime
Sleep
GetVersion
GetSystemInfo
LoadLibraryExA
InterlockedCompareExchange
DelayLoadFailureHook
ReadProcessMemory
GetProcessHeap
GetFileAttributesA
SetErrorMode
WriteFile
OutputDebugStringA
VirtualFree
OpenProcess
GetCurrentProcessId
GetModuleHandleA
CreateFileMappingA
MapViewOfFile
DuplicateHandle
VirtualAlloc
VirtualProtect
CreateDirectoryA
UnmapViewOfFile
GetCurrentProcess
SetFilePointer
IsDBCSLeadByte
HeapAlloc
HeapReAlloc
GetVersionExA
InitializeCriticalSection
FindClose
SetLastError
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetLastError
TlsSetValue
TlsGetValue
FreeLibrary
LoadLibraryA
TlsAlloc
TlsFree
DeleteCriticalSection
HeapDestroy
HeapCreate
FlushViewOfFile

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
itoldyouso
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/msmdlocal — копия.dll
.dll windows x86

30b9b02c4717da4bc8cc78b0a4bd2e81

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:7f:ff:1d:d6:09:04:46:00:2c:7e:55:1f:f3:01:d8:d5:10:a5:d2
Signer

Actual PE Digest

07:7f:ff:1d:d6:09:04:46:00:2c:7e:55:1f:f3:01:d8:d5:10:a5:d2

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
_Nan
_Inf
?quiet_NaN@?$numeric_limits@N@std@@SANXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ

msvcr100

__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
calloc
_vsnwprintf_l
_resetstkoflw
??0exception@std@@QAE@ABQBDH@Z
strchr
sprintf_s
fread
bsearch
_wcslwr_s
_strlwr_s
strcpy_s
fwprintf_s
_configthreadlocale
_wgetenv
exit
??2@YAPAXI@Z
_vsnprintf_s
_wcsupr
_ui64tow
_ultow_s
memmove_s
towlower
iswalnum
iswlower
iswalpha
wprintf
_CIfmod
_ultoa_s
_snwprintf_s
_CIlog
_CIsqrt
printf
_finite
wcstok
bsearch_s
qsort_s
_CIpow
_CIexp
ceil
vfprintf
??3@YAXPAX@Z
??_V@YAXPAX@Z
fseek
fprintf
_fsopen
getenv
_wcslwr
iswdigit
_ltow
_swscanf_s_l
longjmp
_setjmp3
_wcsnicmp_l
_wtoi64_l
_wfullpath
__pctype_func
_isctype_l
_iswprint_l
_i64tow_s
_i64tow
_wcstoi64
_snprintf_s
strncpy_s
_waccess
_wcsdup
_wsetlocale
_time64
_CIlog10
_CIatan
_CIsin
frexp
ldexp
_wfsopen
_wctime64
srand
rand
_wcsicmp_l
_vsnwprintf
iswspace
_isnan
_itow
_endthreadex
floor
wcsncat_s
setvbuf
_ftelli64
fflush
ferror
fclose
_wfopen
vswprintf_s
vfwprintf
fwprintf
fputwc
__iob_func
_local_unwind4
_vsnwprintf_s
swscanf_s
_wtol
wcsrchr
wcschr
swprintf_s
_wtoi
wcstoul
wcstol
_wcsnicmp
wcstok_s
_errno
qsort
wcscpy_s
_msize
_aligned_msize
_aligned_realloc
_aligned_malloc
_aligned_free
realloc
_beginthreadex
_wsplitpath_s
_wmakepath_s
wcsncmp
wcscat_s
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
memcpy_s
malloc
free
_purecall
_ui64tow_s
_ultow
_itow_s
wcsncpy_s
memmove
memset
_vswprintf_c_l
_wcsicmp
wcsstr
memcpy
wcspbrk
__CxxFrameHandler3
_CxxThrowException
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z

kernel32

GetStartupInfoW
GetUserDefaultUILanguage
EncodePointer
DecodePointer
SetEnvironmentVariableW
CompareStringW
GetPrivateProfileStringW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
Module32NextW
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
SystemTimeToFileTime
GetLocaleInfoW
LocaleNameToLCID
CreateSemaphoreW
CreateDirectoryW
GetFileInformationByHandle
GetFileType
RemoveDirectoryW
SetFilePointer
SetFileTime
CancelIo
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
MoveFileW
MapViewOfFile
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
QueueUserWorkItem
ConvertThreadToFiber
BindIoCompletionCallback
GetThreadLocale
SetThreadLocale
GetFileSize
FlushFileBuffers
WaitForMultipleObjectsEx
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
IsValidLocale
GetSystemDefaultLCID
UnhandledExceptionFilter
IsProcessorFeaturePresent
ExpandEnvironmentStringsW
TlsGetValue
OutputDebugStringA
SetLastError
LeaveCriticalSection
DeleteCriticalSection
SleepEx
DisableThreadLibraryCalls
GetProcAddress
LocalFree
LoadLibraryExA
LocalAlloc
GetLastError
InterlockedExchange
RaiseException
FreeLibrary
MultiByteToWideChar
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetCurrentProcess
TerminateProcess
DebugBreak
SwitchToThread
GetCurrentThreadId
GetTickCount
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
GetCurrentProcessId
TlsAlloc
TlsSetValue
TlsFree
CreateTimerQueueTimer
DeleteTimerQueueTimer
CreateToolhelp32Snapshot
Thread32First
Thread32Next
FindClose
FindFirstFileW
FindNextFileW
GetVolumeInformationW
DuplicateHandle
QueryPerformanceCounter
QueryPerformanceFrequency
GetOverlappedResult
WaitForSingleObjectEx
SetWaitableTimer
InterlockedExchangeAdd
GetSystemInfo
GetSystemDirectoryW
GetComputerNameExW
GetVersionExW
GetLogicalProcessorInformation
VirtualAlloc
VirtualFree
VirtualQuery
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExW
GetProcessAffinityMask
SetThreadAffinityMask
SetThreadIdealProcessor
CreateWaitableTimerW
GetNumaProcessorNode
GetCurrentThread
GetThreadTimes
WaitForMultipleObjects
SetEvent
ResetEvent
HeapCreate
HeapDestroy
HeapCompact
GlobalMemoryStatusEx
CreateMemoryResourceNotification
QueryMemoryResourceNotification
GetModuleHandleA
HeapReAlloc
HeapSize
HeapValidate
VirtualLock
VirtualUnlock
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
GetLongPathNameW
GetLocalTime
GetProcessWorkingSetSize
SetProcessWorkingSetSize
FormatMessageW
IsDebuggerPresent
OutputDebugStringW
SetUnhandledExceptionFilter
TryEnterCriticalSection
AddVectoredExceptionHandler
WideCharToMultiByte
GetSystemTime
GetDiskFreeSpaceW
ReleaseSemaphore
CreateEventW
SetThreadPriority
OpenProcess
ReadFile
ReadFileScatter
WriteFile
WriteFileGather
FindCloseChangeNotification
GetThreadPriority
FindNextChangeNotification
GetFileAttributesExW
CopyFileW
MoveFileExW
GetExitCodeProcess
CreateProcessW
CreateTimerQueue
ChangeTimerQueueTimer
DeleteTimerQueueEx
LoadResource
LockResource
SizeofResource
FindResourceW
CreateFileW
DeleteFileW
GetDiskFreeSpaceExW
GetVolumePathNameW
UnregisterWaitEx
RegisterWaitForSingleObject
OpenThread
GetProcessTimes
PulseEvent
GlobalMemoryStatus
CreateFiber
DeleteFiber
SwitchToFiber
ExitProcess
CreateThread
ResumeThread
LCIDToLocaleName
GetLocaleInfoEx
lstrlenA
lstrlenW
FileTimeToLocalFileTime
GlobalFree
ConvertDefaultLocale
SetConsoleCtrlHandler
CreateHardLinkW
WaitForSingleObject
Sleep
IsDBCSLeadByte
LoadLibraryW
ReadProcessMemory
CreateMutexW
SetHandleInformation
ReleaseMutex
FindFirstChangeNotificationW

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegOpenKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDeriveKey
ImpersonateLoggedOnUser
GetSecurityInfo
GetUserNameW
AddAccessAllowedAceEx
RegOpenKeyW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
OpenProcessToken
InitializeSecurityDescriptor
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
SetThreadToken
OpenThreadToken
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegSetValueExW
CryptGenKey
CryptDestroyKey
CryptSetKeyParam
CryptGetKeyParam
CryptExportKey
CryptImportKey
CryptEncrypt
CryptDecrypt
CopySid
GetLengthSid
AddAccessAllowedAce
AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
InitializeAcl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorSacl
LookupAccountSidW
LookupAccountNameW
ConvertSidToStringSidW
ConvertStringSidToSidW
AccessCheck
AllocateLocallyUniqueId
RevertToSelf
ImpersonateAnonymousToken
MapGenericMask
LogonUserW
LsaNtStatusToWinError
CloseServiceHandle
EnumServicesStatusW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
SetServiceStatus
RegisterServiceCtrlHandlerW

shlwapi

PathCombineW
PathFindExtensionW
PathFindFileNameW
PathRemoveBackslashW
PathRemoveExtensionW
PathRemoveFileSpecW

iphlpapi

GetUnicastIpAddressEntry
GetBestInterfaceEx

userenv

GetProfileType

ncrypt

BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptExportKey
BCryptDestroyKey
NCryptOpenStorageProvider
NCryptGetProperty
NCryptImportKey
NCryptVerifySignature
NCryptFreeObject

Exports

Exports

DmpGetClientExport
MSMDCanUnloadNow
MSMDCancelCommands
MSMDCloseHandle
MSMDGetDBImageSize
MSMDGetDBLastModified
MSMDGetMDXUtils
MSMDInitLocal
MSMDLoadDBImage
MSMDOpenLocal
MSMDOpenRequest
MSMDParseFormulaExpression
MSMDParseGetCubeName
MSMDParseXLFormulaExpression
MSMDReadData
MSMDReadDataEx
MSMDReceiveResponse
MSMDRenameServer
MSMDSaveDBImage
MSMDSendRequest
MSMDStopLocal
MSMDWriteData
MSMDWriteDataEx

Sections

.text
Size: 21.5MB - Virtual size: 21.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.1MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AssertDa
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 402KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/msmdlocal.dll
.dll windows x86

30b9b02c4717da4bc8cc78b0a4bd2e81

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:7f:ff:1d:d6:09:04:46:00:2c:7e:55:1f:f3:01:d8:d5:10:a5:d2
Signer

Actual PE Digest

07:7f:ff:1d:d6:09:04:46:00:2c:7e:55:1f:f3:01:d8:d5:10:a5:d2

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
_Nan
_Inf
?quiet_NaN@?$numeric_limits@N@std@@SANXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ

msvcr100

__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
calloc
_vsnwprintf_l
_resetstkoflw
??0exception@std@@QAE@ABQBDH@Z
strchr
sprintf_s
fread
bsearch
_wcslwr_s
_strlwr_s
strcpy_s
fwprintf_s
_configthreadlocale
_wgetenv
exit
??2@YAPAXI@Z
_vsnprintf_s
_wcsupr
_ui64tow
_ultow_s
memmove_s
towlower
iswalnum
iswlower
iswalpha
wprintf
_CIfmod
_ultoa_s
_snwprintf_s
_CIlog
_CIsqrt
printf
_finite
wcstok
bsearch_s
qsort_s
_CIpow
_CIexp
ceil
vfprintf
??3@YAXPAX@Z
??_V@YAXPAX@Z
fseek
fprintf
_fsopen
getenv
_wcslwr
iswdigit
_ltow
_swscanf_s_l
longjmp
_setjmp3
_wcsnicmp_l
_wtoi64_l
_wfullpath
__pctype_func
_isctype_l
_iswprint_l
_i64tow_s
_i64tow
_wcstoi64
_snprintf_s
strncpy_s
_waccess
_wcsdup
_wsetlocale
_time64
_CIlog10
_CIatan
_CIsin
frexp
ldexp
_wfsopen
_wctime64
srand
rand
_wcsicmp_l
_vsnwprintf
iswspace
_isnan
_itow
_endthreadex
floor
wcsncat_s
setvbuf
_ftelli64
fflush
ferror
fclose
_wfopen
vswprintf_s
vfwprintf
fwprintf
fputwc
__iob_func
_local_unwind4
_vsnwprintf_s
swscanf_s
_wtol
wcsrchr
wcschr
swprintf_s
_wtoi
wcstoul
wcstol
_wcsnicmp
wcstok_s
_errno
qsort
wcscpy_s
_msize
_aligned_msize
_aligned_realloc
_aligned_malloc
_aligned_free
realloc
_beginthreadex
_wsplitpath_s
_wmakepath_s
wcsncmp
wcscat_s
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
memcpy_s
malloc
free
_purecall
_ui64tow_s
_ultow
_itow_s
wcsncpy_s
memmove
memset
_vswprintf_c_l
_wcsicmp
wcsstr
memcpy
wcspbrk
__CxxFrameHandler3
_CxxThrowException
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z

kernel32

GetStartupInfoW
GetUserDefaultUILanguage
EncodePointer
DecodePointer
SetEnvironmentVariableW
CompareStringW
GetPrivateProfileStringW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
Module32NextW
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
SystemTimeToFileTime
GetLocaleInfoW
LocaleNameToLCID
CreateSemaphoreW
CreateDirectoryW
GetFileInformationByHandle
GetFileType
RemoveDirectoryW
SetFilePointer
SetFileTime
CancelIo
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
MoveFileW
MapViewOfFile
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
QueueUserWorkItem
ConvertThreadToFiber
BindIoCompletionCallback
GetThreadLocale
SetThreadLocale
GetFileSize
FlushFileBuffers
WaitForMultipleObjectsEx
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
IsValidLocale
GetSystemDefaultLCID
UnhandledExceptionFilter
IsProcessorFeaturePresent
ExpandEnvironmentStringsW
TlsGetValue
OutputDebugStringA
SetLastError
LeaveCriticalSection
DeleteCriticalSection
SleepEx
DisableThreadLibraryCalls
GetProcAddress
LocalFree
LoadLibraryExA
LocalAlloc
GetLastError
InterlockedExchange
RaiseException
FreeLibrary
MultiByteToWideChar
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetCurrentProcess
TerminateProcess
DebugBreak
SwitchToThread
GetCurrentThreadId
GetTickCount
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
GetCurrentProcessId
TlsAlloc
TlsSetValue
TlsFree
CreateTimerQueueTimer
DeleteTimerQueueTimer
CreateToolhelp32Snapshot
Thread32First
Thread32Next
FindClose
FindFirstFileW
FindNextFileW
GetVolumeInformationW
DuplicateHandle
QueryPerformanceCounter
QueryPerformanceFrequency
GetOverlappedResult
WaitForSingleObjectEx
SetWaitableTimer
InterlockedExchangeAdd
GetSystemInfo
GetSystemDirectoryW
GetComputerNameExW
GetVersionExW
GetLogicalProcessorInformation
VirtualAlloc
VirtualFree
VirtualQuery
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExW
GetProcessAffinityMask
SetThreadAffinityMask
SetThreadIdealProcessor
CreateWaitableTimerW
GetNumaProcessorNode
GetCurrentThread
GetThreadTimes
WaitForMultipleObjects
SetEvent
ResetEvent
HeapCreate
HeapDestroy
HeapCompact
GlobalMemoryStatusEx
CreateMemoryResourceNotification
QueryMemoryResourceNotification
GetModuleHandleA
HeapReAlloc
HeapSize
HeapValidate
VirtualLock
VirtualUnlock
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
GetLongPathNameW
GetLocalTime
GetProcessWorkingSetSize
SetProcessWorkingSetSize
FormatMessageW
IsDebuggerPresent
OutputDebugStringW
SetUnhandledExceptionFilter
TryEnterCriticalSection
AddVectoredExceptionHandler
WideCharToMultiByte
GetSystemTime
GetDiskFreeSpaceW
ReleaseSemaphore
CreateEventW
SetThreadPriority
OpenProcess
ReadFile
ReadFileScatter
WriteFile
WriteFileGather
FindCloseChangeNotification
GetThreadPriority
FindNextChangeNotification
GetFileAttributesExW
CopyFileW
MoveFileExW
GetExitCodeProcess
CreateProcessW
CreateTimerQueue
ChangeTimerQueueTimer
DeleteTimerQueueEx
LoadResource
LockResource
SizeofResource
FindResourceW
CreateFileW
DeleteFileW
GetDiskFreeSpaceExW
GetVolumePathNameW
UnregisterWaitEx
RegisterWaitForSingleObject
OpenThread
GetProcessTimes
PulseEvent
GlobalMemoryStatus
CreateFiber
DeleteFiber
SwitchToFiber
ExitProcess
CreateThread
ResumeThread
LCIDToLocaleName
GetLocaleInfoEx
lstrlenA
lstrlenW
FileTimeToLocalFileTime
GlobalFree
ConvertDefaultLocale
SetConsoleCtrlHandler
CreateHardLinkW
WaitForSingleObject
Sleep
IsDBCSLeadByte
LoadLibraryW
ReadProcessMemory
CreateMutexW
SetHandleInformation
ReleaseMutex
FindFirstChangeNotificationW

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegOpenKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDeriveKey
ImpersonateLoggedOnUser
GetSecurityInfo
GetUserNameW
AddAccessAllowedAceEx
RegOpenKeyW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
OpenProcessToken
InitializeSecurityDescriptor
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
SetThreadToken
OpenThreadToken
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegSetValueExW
CryptGenKey
CryptDestroyKey
CryptSetKeyParam
CryptGetKeyParam
CryptExportKey
CryptImportKey
CryptEncrypt
CryptDecrypt
CopySid
GetLengthSid
AddAccessAllowedAce
AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
InitializeAcl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorSacl
LookupAccountSidW
LookupAccountNameW
ConvertSidToStringSidW
ConvertStringSidToSidW
AccessCheck
AllocateLocallyUniqueId
RevertToSelf
ImpersonateAnonymousToken
MapGenericMask
LogonUserW
LsaNtStatusToWinError
CloseServiceHandle
EnumServicesStatusW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
SetServiceStatus
RegisterServiceCtrlHandlerW

shlwapi

PathCombineW
PathFindExtensionW
PathFindFileNameW
PathRemoveBackslashW
PathRemoveExtensionW
PathRemoveFileSpecW

iphlpapi

GetUnicastIpAddressEntry
GetBestInterfaceEx

userenv

GetProfileType

ncrypt

BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptExportKey
BCryptDestroyKey
NCryptOpenStorageProvider
NCryptGetProperty
NCryptImportKey
NCryptVerifySignature
NCryptFreeObject

Exports

Exports

DmpGetClientExport
MSMDCanUnloadNow
MSMDCancelCommands
MSMDCloseHandle
MSMDGetDBImageSize
MSMDGetDBLastModified
MSMDGetMDXUtils
MSMDInitLocal
MSMDLoadDBImage
MSMDOpenLocal
MSMDOpenRequest
MSMDParseFormulaExpression
MSMDParseGetCubeName
MSMDParseXLFormulaExpression
MSMDReadData
MSMDReadDataEx
MSMDReceiveResponse
MSMDRenameServer
MSMDSaveDBImage
MSMDSendRequest
MSMDStopLocal
MSMDWriteData
MSMDWriteDataEx

Sections

.text
Size: 21.5MB - Virtual size: 21.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.1MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AssertDa
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 402KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/msmgdsrv — копия.dll
.dll windows x86

1f0b9d86d3b09c1459e4f99bc82b614a

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:1f:23:2c:95:00:e6:ea:be:0b:af:6a:9a:2d:3f:ac:3b:5c:68:ee
Signer

Actual PE Digest

67:1f:23:2c:95:00:e6:ea:be:0b:af:6a:9a:2d:3f:ac:3b:5c:68:ee

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:39
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreW
CreateFileW
CreateDirectoryW
DeleteFileW
GetFileSizeEx
GetFileType
RemoveDirectoryW
SetEndOfFile
SetFilePointer
CancelIo
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
MoveFileW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ResumeThread
QueueUserWorkItem
UnregisterWaitEx
RegisterWaitForSingleObject
GetThreadLocale
SetThreadLocale
FlushFileBuffers
GetDiskFreeSpaceExW
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
CloseHandle
QueryPerformanceCounter
GetTickCount
LeaveCriticalSection
FreeLibrary
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
TlsGetValue
LocalFree
GetFileInformationByHandle
InterlockedIncrement
IsProcessorFeaturePresent
UnhandledExceptionFilter
DecodePointer
EncodePointer
Sleep
Module32NextW
PulseEvent
FindResourceW
SizeofResource
LockResource
LoadResource
GetLastError
LoadLibraryExA
LocalAlloc
InterlockedExchange
RaiseException
FindClose
FindFirstFileW
FindNextFileW
SetLastError
QueryPerformanceFrequency
GetOverlappedResult
SleepEx
WaitForSingleObjectEx
SetWaitableTimer
InterlockedExchangeAdd
GetCurrentProcess
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryW
GetVersionExW
GetLogicalProcessorInformation
VirtualAlloc
VirtualFree
VirtualQuery
GetModuleHandleExW
LoadLibraryExW
GetProcessAffinityMask
SetThreadAffinityMask
SetThreadIdealProcessor
CreateWaitableTimerW
GetNumaProcessorNode
InterlockedDecrement
InterlockedCompareExchange
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
TerminateProcess
MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToFileTime
GetCurrentThread
GetThreadTimes
WaitForMultipleObjects
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
TlsAlloc
TlsSetValue
TlsFree
CreateTimerQueueTimer
DeleteTimerQueueTimer
CreateToolhelp32Snapshot
Thread32First
Thread32Next
DebugBreak
SwitchToThread
GetLocaleInfoW
ConvertDefaultLocale
SetEvent
ResetEvent
HeapCreate
HeapDestroy
GlobalMemoryStatusEx
CreateMemoryResourceNotification
HeapReAlloc
HeapSize
HeapValidate
VirtualLock
VirtualUnlock
OutputDebugStringA
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
GetLongPathNameW
GetLocalTime
SetProcessWorkingSetSize
FormatMessageW
IsDebuggerPresent
OutputDebugStringW
SetUnhandledExceptionFilter
TryEnterCriticalSection
WideCharToMultiByte
GetSystemTime
GetDiskFreeSpaceW
ReleaseSemaphore
CreateEventW
SetThreadPriority
ReadFile
ReadFileScatter
WriteFile
GetFileAttributesExW
CopyFileW
MoveFileExW
DeleteTimerQueueEx

msvcp100

?_Lockit_ctor@_Lockit@std@@SAXH@Z
?_Lockit_dtor@_Lockit@std@@SAXH@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ

msvcr100

__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
memmove_s
_wcsicmp_l
bsearch_s
sprintf_s
_vsnwprintf
_CIpow
_CIexp
ceil
vfprintf
fseek
fprintf
_fsopen
getenv
_endthreadex
floor
wcsncat_s
setvbuf
_ftelli64
fflush
ferror
fclose
_wfopen
vswprintf_s
vfwprintf
fwprintf
fputwc
__iob_func
_local_unwind4
_vsnwprintf_s
swscanf_s
_wtol
wcschr
wcsrchr
_wtoi
_msize
_aligned_msize
_except_handler4_common
_aligned_malloc
_aligned_free
realloc
_beginthreadex
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_vswprintf_c_l
_snprintf_s
strncpy_s
calloc
_wsetlocale
_snwprintf_s
_vsnprintf_s
_wcsicmp
wcsstr
malloc
free
_isnan
swprintf_s
_ui64tow
_i64tow
iswspace
_wcsnicmp
wcscpy_s
memcpy_s
_itow_s
_wsplitpath_s
_wmakepath_s
wcsncmp
wcspbrk
_purecall
wcscat_s
wcsncpy_s
memset
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
_CxxThrowException
memmove
memcpy
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3
??3@YAXPAX@Z
??_V@YAXPAX@Z
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
__FrameUnwindFilter
_cexit
__RTDynamicCast
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_aligned_realloc
__clean_type_info_names_internal

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SetThreadToken
OpenThreadToken
ImpersonateLoggedOnUser
OpenProcessToken
InitializeSecurityDescriptor
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RevertToSelf

mscoree

_CorDllMain

Exports

Exports

MSMDCreateAssembly
MSMDCreateManagedConnection
MSMDCreateManagedDSV
MSMDCreateManagedNLP
MSMDCreateTimeDimCalculator
MSMDCreateTimeDimReader
MSMDFileSystemBrowserFileExists
MSMDFileSystemBrowserGetAllowedDirectories
MSMDFileSystemBrowserGetDirectories
MSMDFileSystemBrowserGetFiles
MSMDFileSystemBrowserGetLogicalDrives
MSMDInitModule
MSMDLocalStreamClose
MSMDLocalStreamCloseBase
MSMDLocalStreamFlush
MSMDLocalStreamRead
MSMDLocalStreamSkip
MSMDLocalStreamWrite
MSMDLocalStreamWriteEndOfMessage
MSMDOnServerReady
MSMDResetModule
MSMDSetFeatureSwitches

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 855KB - Virtual size: 854KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.3MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AssertDa
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/msmgdsrv.dll
.dll windows x86

1f0b9d86d3b09c1459e4f99bc82b614a

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:1f:23:2c:95:00:e6:ea:be:0b:af:6a:9a:2d:3f:ac:3b:5c:68:ee
Signer

Actual PE Digest

67:1f:23:2c:95:00:e6:ea:be:0b:af:6a:9a:2d:3f:ac:3b:5c:68:ee

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:39
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreW
CreateFileW
CreateDirectoryW
DeleteFileW
GetFileSizeEx
GetFileType
RemoveDirectoryW
SetEndOfFile
SetFilePointer
CancelIo
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
MoveFileW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ResumeThread
QueueUserWorkItem
UnregisterWaitEx
RegisterWaitForSingleObject
GetThreadLocale
SetThreadLocale
FlushFileBuffers
GetDiskFreeSpaceExW
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
CloseHandle
QueryPerformanceCounter
GetTickCount
LeaveCriticalSection
FreeLibrary
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
TlsGetValue
LocalFree
GetFileInformationByHandle
InterlockedIncrement
IsProcessorFeaturePresent
UnhandledExceptionFilter
DecodePointer
EncodePointer
Sleep
Module32NextW
PulseEvent
FindResourceW
SizeofResource
LockResource
LoadResource
GetLastError
LoadLibraryExA
LocalAlloc
InterlockedExchange
RaiseException
FindClose
FindFirstFileW
FindNextFileW
SetLastError
QueryPerformanceFrequency
GetOverlappedResult
SleepEx
WaitForSingleObjectEx
SetWaitableTimer
InterlockedExchangeAdd
GetCurrentProcess
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryW
GetVersionExW
GetLogicalProcessorInformation
VirtualAlloc
VirtualFree
VirtualQuery
GetModuleHandleExW
LoadLibraryExW
GetProcessAffinityMask
SetThreadAffinityMask
SetThreadIdealProcessor
CreateWaitableTimerW
GetNumaProcessorNode
InterlockedDecrement
InterlockedCompareExchange
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
TerminateProcess
MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToFileTime
GetCurrentThread
GetThreadTimes
WaitForMultipleObjects
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
TlsAlloc
TlsSetValue
TlsFree
CreateTimerQueueTimer
DeleteTimerQueueTimer
CreateToolhelp32Snapshot
Thread32First
Thread32Next
DebugBreak
SwitchToThread
GetLocaleInfoW
ConvertDefaultLocale
SetEvent
ResetEvent
HeapCreate
HeapDestroy
GlobalMemoryStatusEx
CreateMemoryResourceNotification
HeapReAlloc
HeapSize
HeapValidate
VirtualLock
VirtualUnlock
OutputDebugStringA
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
GetLongPathNameW
GetLocalTime
SetProcessWorkingSetSize
FormatMessageW
IsDebuggerPresent
OutputDebugStringW
SetUnhandledExceptionFilter
TryEnterCriticalSection
WideCharToMultiByte
GetSystemTime
GetDiskFreeSpaceW
ReleaseSemaphore
CreateEventW
SetThreadPriority
ReadFile
ReadFileScatter
WriteFile
GetFileAttributesExW
CopyFileW
MoveFileExW
DeleteTimerQueueEx

msvcp100

?_Lockit_ctor@_Lockit@std@@SAXH@Z
?_Lockit_dtor@_Lockit@std@@SAXH@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ

msvcr100

__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
memmove_s
_wcsicmp_l
bsearch_s
sprintf_s
_vsnwprintf
_CIpow
_CIexp
ceil
vfprintf
fseek
fprintf
_fsopen
getenv
_endthreadex
floor
wcsncat_s
setvbuf
_ftelli64
fflush
ferror
fclose
_wfopen
vswprintf_s
vfwprintf
fwprintf
fputwc
__iob_func
_local_unwind4
_vsnwprintf_s
swscanf_s
_wtol
wcschr
wcsrchr
_wtoi
_msize
_aligned_msize
_except_handler4_common
_aligned_malloc
_aligned_free
realloc
_beginthreadex
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_vswprintf_c_l
_snprintf_s
strncpy_s
calloc
_wsetlocale
_snwprintf_s
_vsnprintf_s
_wcsicmp
wcsstr
malloc
free
_isnan
swprintf_s
_ui64tow
_i64tow
iswspace
_wcsnicmp
wcscpy_s
memcpy_s
_itow_s
_wsplitpath_s
_wmakepath_s
wcsncmp
wcspbrk
_purecall
wcscat_s
wcsncpy_s
memset
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
_CxxThrowException
memmove
memcpy
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3
??3@YAXPAX@Z
??_V@YAXPAX@Z
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
__FrameUnwindFilter
_cexit
__RTDynamicCast
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_aligned_realloc
__clean_type_info_names_internal

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SetThreadToken
OpenThreadToken
ImpersonateLoggedOnUser
OpenProcessToken
InitializeSecurityDescriptor
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RevertToSelf

mscoree

_CorDllMain

Exports

Exports

MSMDCreateAssembly
MSMDCreateManagedConnection
MSMDCreateManagedDSV
MSMDCreateManagedNLP
MSMDCreateTimeDimCalculator
MSMDCreateTimeDimReader
MSMDFileSystemBrowserFileExists
MSMDFileSystemBrowserGetAllowedDirectories
MSMDFileSystemBrowserGetDirectories
MSMDFileSystemBrowserGetFiles
MSMDFileSystemBrowserGetLogicalDrives
MSMDInitModule
MSMDLocalStreamClose
MSMDLocalStreamCloseBase
MSMDLocalStreamFlush
MSMDLocalStreamRead
MSMDLocalStreamSkip
MSMDLocalStreamWrite
MSMDLocalStreamWriteEndOfMessage
MSMDOnServerReady
MSMDResetModule
MSMDSetFeatureSwitches

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 855KB - Virtual size: 854KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.3MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AssertDa
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/msolap110 — копия.dll
.dll regsvr32 windows x86

0bce98ee70e0cf58c1e95a5af6536002

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:8d:cb:83:b9:8c:62:a7:7f:bd:22:66:74:4e:84:be:e5:fc:f0:8b
Signer

Actual PE Digest

69:8d:cb:83:b9:8c:62:a7:7f:bd:22:66:74:4e:84:be:e5:fc:f0:8b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr100

_vsnwprintf_l
iswdigit
_wcsicmp_l
_vsnwprintf
sprintf_s
_CIpow
_CIexp
ceil
vfprintf
fseek
fprintf
_fsopen
getenv
floor
wcsncat_s
setvbuf
_ftelli64
fflush
ferror
fclose
vswprintf_s
vfwprintf
fwprintf
fputwc
__iob_func
_local_unwind4
_vsnwprintf_s
wcstol
_wtoi64_l
wcsrchr
_msize
_aligned_msize
_aligned_realloc
_aligned_malloc
_aligned_free
realloc
_endthreadex
_beginthreadex
_snwprintf_s
_wsetlocale
_wcsdup
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
_isnan
_ui64tow
_i64tow
_wmakepath_s
wcspbrk
_itow_s
_snprintf_s
strncpy_s
_vsnprintf_s
_wtol
??3@YAXPAX@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
__clean_type_info_names_internal
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_wcsicmp
wcsncmp
swscanf_s
_vswprintf_c_l
iswspace
_wfopen
_wsplitpath_s
swprintf_s
_wtoi
_ultow
_wcsnicmp
wcschr
memmove
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
??_V@YAXPAX@Z
wcsstr
wcsncpy_s
wcscpy_s
wcscat_s
memmove_s
memcpy_s
_recalloc
malloc
free
calloc
??2@YAPAXI@Z
_purecall
_wfullpath

kernel32

GetModuleFileNameW
GetModuleHandleW
GetProcAddress
FreeLibrary
LoadResource
SizeofResource
FindResourceW
MultiByteToWideChar
OutputDebugStringA
GetCurrentProcessId
TlsGetValue
CreateTimerQueueTimer
DeleteTimerQueueTimer
IsValidCodePage
GetACP
CloseHandle
InterlockedExchange
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetThreadLocale
GetUserDefaultUILanguage
IsDebuggerPresent
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
SleepEx
GetTickCount
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
WideCharToMultiByte
EnterCriticalSection
EncodePointer
DecodePointer
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThreadId
IsProcessorFeaturePresent
lstrlenW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetLastError
RaiseException
CreateSemaphoreW
LoadLibraryExW
GetVolumePathNameW
GetDiskFreeSpaceExW
PulseEvent
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
LockResource
WaitForMultipleObjectsEx
ReadFileScatter
ReleaseSemaphore
GetSystemTime
SetProcessWorkingSetSize
GetLocalTime
GetLongPathNameW
GetFullPathNameW
GetCurrentDirectoryW
GetEnvironmentVariableW
FormatMessageW
VirtualUnlock
VirtualLock
HeapValidate
HeapSize
HeapReAlloc
CreateMemoryResourceNotification
GlobalMemoryStatusEx
HeapDestroy
HeapCreate
FlushFileBuffers
MoveFileExW
MoveFileW
CopyFileW
MapViewOfFileEx
CreateEventW
CancelIo
WriteFile
SetFilePointerEx
SetFilePointer
SetEndOfFile
RemoveDirectoryW
ReadFile
GetFileType
GetFileSizeEx
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceW
DeleteFileW
CreateFileW
CreateDirectoryW
SetThreadLocale
BindIoCompletionCallback
FindClose
RegisterWaitForSingleObject
LocalFree
LoadLibraryExA
LocalAlloc
SetLastError
DebugBreak
SwitchToThread
InterlockedExchangeAdd
GetSystemInfo
VirtualAlloc
VirtualQuery
FindFirstFileW
FindNextFileW
GetOverlappedResult
WaitForSingleObjectEx
SetWaitableTimer
GetSystemDirectoryW
GetComputerNameExW
GetVersionExW
GetLogicalProcessorInformation
VirtualFree
GetModuleHandleExW
GetProcessAffinityMask
SetThreadAffinityMask
SetThreadIdealProcessor
CreateWaitableTimerW
GetNumaProcessorNode
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetLocaleInfoW
ConvertDefaultLocale
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
TlsAlloc
TlsSetValue
TlsFree
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetCurrentThread
GetThreadTimes
WaitForMultipleObjects
UnmapViewOfFile
CreateFileMappingW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SetEvent
ResetEvent
SetThreadPriority
ResumeThread
QueueUserWorkItem
UnregisterWaitEx
CreateTimerQueue
DeleteTimerQueueEx

advapi32

MapGenericMask
AccessCheck
CryptDecrypt
CryptEncrypt
CryptGetKeyParam
CryptSetKeyParam
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
EqualSid
OpenProcessToken
OpenThreadToken
RegQueryValueExW
LookupPrivilegeValueW
RevertToSelf
AdjustTokenPrivileges
GetTokenInformation
SetThreadToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupAccountSidW

msvcp100

?_Orphan_all@_Container_base0@std@@QAEXXZ

shlwapi

PathRemoveFileSpecW
PathRemoveExtensionW
PathFindExtensionW
PathFindFileNameW
PathRemoveBackslashW
PathCombineW

userenv

GetProfileType

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 656KB - Virtual size: 655KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.5MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AssertDa
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/msolap110.dll
.dll regsvr32 windows x86

0bce98ee70e0cf58c1e95a5af6536002

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:8d:cb:83:b9:8c:62:a7:7f:bd:22:66:74:4e:84:be:e5:fc:f0:8b
Signer

Actual PE Digest

69:8d:cb:83:b9:8c:62:a7:7f:bd:22:66:74:4e:84:be:e5:fc:f0:8b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr100

_vsnwprintf_l
iswdigit
_wcsicmp_l
_vsnwprintf
sprintf_s
_CIpow
_CIexp
ceil
vfprintf
fseek
fprintf
_fsopen
getenv
floor
wcsncat_s
setvbuf
_ftelli64
fflush
ferror
fclose
vswprintf_s
vfwprintf
fwprintf
fputwc
__iob_func
_local_unwind4
_vsnwprintf_s
wcstol
_wtoi64_l
wcsrchr
_msize
_aligned_msize
_aligned_realloc
_aligned_malloc
_aligned_free
realloc
_endthreadex
_beginthreadex
_snwprintf_s
_wsetlocale
_wcsdup
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
_isnan
_ui64tow
_i64tow
_wmakepath_s
wcspbrk
_itow_s
_snprintf_s
strncpy_s
_vsnprintf_s
_wtol
??3@YAXPAX@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
__clean_type_info_names_internal
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_wcsicmp
wcsncmp
swscanf_s
_vswprintf_c_l
iswspace
_wfopen
_wsplitpath_s
swprintf_s
_wtoi
_ultow
_wcsnicmp
wcschr
memmove
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
??_V@YAXPAX@Z
wcsstr
wcsncpy_s
wcscpy_s
wcscat_s
memmove_s
memcpy_s
_recalloc
malloc
free
calloc
??2@YAPAXI@Z
_purecall
_wfullpath

kernel32

GetModuleFileNameW
GetModuleHandleW
GetProcAddress
FreeLibrary
LoadResource
SizeofResource
FindResourceW
MultiByteToWideChar
OutputDebugStringA
GetCurrentProcessId
TlsGetValue
CreateTimerQueueTimer
DeleteTimerQueueTimer
IsValidCodePage
GetACP
CloseHandle
InterlockedExchange
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetThreadLocale
GetUserDefaultUILanguage
IsDebuggerPresent
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
SleepEx
GetTickCount
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
WideCharToMultiByte
EnterCriticalSection
EncodePointer
DecodePointer
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThreadId
IsProcessorFeaturePresent
lstrlenW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetLastError
RaiseException
CreateSemaphoreW
LoadLibraryExW
GetVolumePathNameW
GetDiskFreeSpaceExW
PulseEvent
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
LockResource
WaitForMultipleObjectsEx
ReadFileScatter
ReleaseSemaphore
GetSystemTime
SetProcessWorkingSetSize
GetLocalTime
GetLongPathNameW
GetFullPathNameW
GetCurrentDirectoryW
GetEnvironmentVariableW
FormatMessageW
VirtualUnlock
VirtualLock
HeapValidate
HeapSize
HeapReAlloc
CreateMemoryResourceNotification
GlobalMemoryStatusEx
HeapDestroy
HeapCreate
FlushFileBuffers
MoveFileExW
MoveFileW
CopyFileW
MapViewOfFileEx
CreateEventW
CancelIo
WriteFile
SetFilePointerEx
SetFilePointer
SetEndOfFile
RemoveDirectoryW
ReadFile
GetFileType
GetFileSizeEx
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceW
DeleteFileW
CreateFileW
CreateDirectoryW
SetThreadLocale
BindIoCompletionCallback
FindClose
RegisterWaitForSingleObject
LocalFree
LoadLibraryExA
LocalAlloc
SetLastError
DebugBreak
SwitchToThread
InterlockedExchangeAdd
GetSystemInfo
VirtualAlloc
VirtualQuery
FindFirstFileW
FindNextFileW
GetOverlappedResult
WaitForSingleObjectEx
SetWaitableTimer
GetSystemDirectoryW
GetComputerNameExW
GetVersionExW
GetLogicalProcessorInformation
VirtualFree
GetModuleHandleExW
GetProcessAffinityMask
SetThreadAffinityMask
SetThreadIdealProcessor
CreateWaitableTimerW
GetNumaProcessorNode
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetLocaleInfoW
ConvertDefaultLocale
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
TlsAlloc
TlsSetValue
TlsFree
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetCurrentThread
GetThreadTimes
WaitForMultipleObjects
UnmapViewOfFile
CreateFileMappingW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SetEvent
ResetEvent
SetThreadPriority
ResumeThread
QueueUserWorkItem
UnregisterWaitEx
CreateTimerQueue
DeleteTimerQueueEx

advapi32

MapGenericMask
AccessCheck
CryptDecrypt
CryptEncrypt
CryptGetKeyParam
CryptSetKeyParam
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
EqualSid
OpenProcessToken
OpenThreadToken
RegQueryValueExW
LookupPrivilegeValueW
RevertToSelf
AdjustTokenPrivileges
GetTokenInformation
SetThreadToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupAccountSidW

msvcp100

?_Orphan_all@_Container_base0@std@@QAEXXZ

shlwapi

PathRemoveFileSpecW
PathRemoveExtensionW
PathFindExtensionW
PathFindFileNameW
PathRemoveBackslashW
PathCombineW

userenv

GetProfileType

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 656KB - Virtual size: 655KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.5MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AssertDa
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/msolui110 — копия.dll
.dll regsvr32 windows x86

1297b79f6a02b17ccd62ab546c93a9dc

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:13:7b:1b:22:68:64:91:9a:ad:37:dc:80:ba:06:d7:1f:7d:bb:ca
Signer

Actual PE Digest

fd:13:7b:1b:22:68:64:91:9a:ad:37:dc:80:ba:06:d7:1f:7d:bb:ca

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW

kernel32

GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
MultiByteToWideChar
FindFirstFileW
FindNextFileW
SetLastError
GetCurrentProcess
GetCurrentThreadId
FlushInstructionCache
GlobalAlloc
GlobalFree
lstrcmpW
LockResource
GlobalLock
GetModuleFileNameW
GlobalUnlock
MulDiv
LoadLibraryW
GetUserDefaultLCID
LocalFree
FormatMessageW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
Sleep
InterlockedExchange
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
DecodePointer
EncodePointer
IsProcessorFeaturePresent
HeapFree
HeapAlloc
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InterlockedCompareExchange
FreeLibrary
DisableThreadLibraryCalls
lstrlenW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GlobalHandle
GetProcessHeap

ole32

OleLockRunning
OleUninitialize
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance

oleaut32

LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
GetErrorInfo
RegisterTypeLi
UnRegisterTypeLi
SysAllocStringLen
VariantInit
VariantClear
OleCreateFontIndirect
VariantCopy
SysFreeString

user32

CharNextW
LoadStringW
RegisterWindowMessageW
SendMessageW
DefWindowProcW
MessageBoxW
MapDialogRect
LoadCursorW
GetWindow
GetClassNameW
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
FillRect
GetSysColor
ScreenToClient
ClientToScreen
SetWindowContextHelpId
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
EnableWindow
ReleaseCapture
SetCapture
GetFocus
GetActiveWindow
CallWindowProcW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
SetFocus
UnregisterClassA

gdi32

CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
SelectObject
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt

comdlg32

GetOpenFileNameW

msvcr100

??_V@YAXPAX@Z
__CxxFrameHandler3
_purecall
??2@YAPAXI@Z
free
malloc
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??3@YAXPAX@Z
_wcsupr
_wcsicmp
wcschr
_wcsdup
swprintf_s
_ltow_s
memset
_CxxThrowException
wcsstr
wcsncpy_s
wcscpy_s
wcscat_s
memcpy_s
??_U@YAPAXI@Z
_recalloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/msolui110.dll
.dll regsvr32 windows x86

1297b79f6a02b17ccd62ab546c93a9dc

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:13:7b:1b:22:68:64:91:9a:ad:37:dc:80:ba:06:d7:1f:7d:bb:ca
Signer

Actual PE Digest

fd:13:7b:1b:22:68:64:91:9a:ad:37:dc:80:ba:06:d7:1f:7d:bb:ca

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW

kernel32

GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
MultiByteToWideChar
FindFirstFileW
FindNextFileW
SetLastError
GetCurrentProcess
GetCurrentThreadId
FlushInstructionCache
GlobalAlloc
GlobalFree
lstrcmpW
LockResource
GlobalLock
GetModuleFileNameW
GlobalUnlock
MulDiv
LoadLibraryW
GetUserDefaultLCID
LocalFree
FormatMessageW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
Sleep
InterlockedExchange
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
DecodePointer
EncodePointer
IsProcessorFeaturePresent
HeapFree
HeapAlloc
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InterlockedCompareExchange
FreeLibrary
DisableThreadLibraryCalls
lstrlenW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GlobalHandle
GetProcessHeap

ole32

OleLockRunning
OleUninitialize
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance

oleaut32

LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
GetErrorInfo
RegisterTypeLi
UnRegisterTypeLi
SysAllocStringLen
VariantInit
VariantClear
OleCreateFontIndirect
VariantCopy
SysFreeString

user32

CharNextW
LoadStringW
RegisterWindowMessageW
SendMessageW
DefWindowProcW
MessageBoxW
MapDialogRect
LoadCursorW
GetWindow
GetClassNameW
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
FillRect
GetSysColor
ScreenToClient
ClientToScreen
SetWindowContextHelpId
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
EnableWindow
ReleaseCapture
SetCapture
GetFocus
GetActiveWindow
CallWindowProcW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
SetFocus
UnregisterClassA

gdi32

CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
SelectObject
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt

comdlg32

GetOpenFileNameW

msvcr100

??_V@YAXPAX@Z
__CxxFrameHandler3
_purecall
??2@YAPAXI@Z
free
malloc
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??3@YAXPAX@Z
_wcsupr
_wcsicmp
wcschr
_wcsdup
swprintf_s
_ltow_s
memset
_CxxThrowException
wcsstr
wcsncpy_s
wcscpy_s
wcscat_s
memcpy_s
??_U@YAPAXI@Z
_recalloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/xmsrv — копия.dll
.dll windows x86

4cd6069d05f895d3e3590106a764cc93

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:2e:56:8e:b4:01:eb:c4:30:07:f3:6c:e5:56:96:e5:af:3b:4f:86
Signer

Actual PE Digest

51:2e:56:8e:b4:01:eb:c4:30:07:f3:6c:e5:56:96:e5:af:3b:4f:86

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr100

getenv
__CxxFrameHandler3
fopen
strcat_s
_get_errno
qsort_s
strncat_s
_strnicmp
__iob_func
feof
qsort
strncpy_s
isalnum
_strtoi64
_strtoui64
strtod
strtol
wcstombs
atoi
_wtoi64
_vsnwprintf
memmove_s
strtok_s
tolower
wcsrchr
_strlwr_s
_wcslwr_s
bsearch
fread
_wcsicmp_l
strcpy_s
floor
_CIfmod
_wtoi
_CIpow
fflush
fwprintf
fgets
wprintf_s
fputws
wcstok
_CIsqrt
sprintf_s
printf
_time64
fclose
_wfopen
fgetws
_wgetenv
wcstod
_beginthreadex
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_ungetch
_kbhit
_getch
srand
rand
_stricmp
vprintf
vwprintf
realloc
??0exception@std@@QAE@ABQBDH@Z
strchr
??2@YAPAXI@Z
_wcsicmp
wcsstr
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
malloc
_isnan
swprintf_s
_ui64tow
_i64tow
iswspace
memcpy_s
_ui64tow_s
_ultow
_itow_s
wcsncpy_s
wcsncmp
wcscat_s
fputwc
wcschr
??_V@YAXPAX@Z
_CxxThrowException
memmove
memcpy
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
iswalnum
_CIlog
ceil
wcscpy_s
_set_errno
memset
??3@YAXPAX@Z
_wtof
_purecall

kernel32

Module32NextW
IsDBCSLeadByte
WriteFile
CreateFileW
CreateProcessA
ReadFile
GetFileSizeEx
CreateFileA
FormatMessageW
LocalFree
WideCharToMultiByte
CreateSemaphoreW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
TlsGetValue
DisableThreadLibraryCalls
CloseHandle
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
CreateEventW
GetCurrentThreadId
PulseEvent
WaitForMultipleObjects
EncodePointer
DecodePointer
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
ReleaseSemaphore
CreateThread
GetCurrentDirectoryW
VirtualLock
ResumeThread
WaitForSingleObject
ResetEvent
Thread32Next
Thread32First
CreateToolhelp32Snapshot
DeleteTimerQueueTimer
TlsFree
TlsSetValue
TlsAlloc
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
SystemTimeToFileTime
FileTimeToSystemTime
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetThreadTimes
GetCurrentThread
SetThreadIdealProcessor
SetThreadAffinityMask
GetProcessAffinityMask
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
VirtualFree
GetVersionExW
WaitForSingleObjectEx
GetOverlappedResult
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
GetSystemInfo
InterlockedExchangeAdd
SwitchToThread
SleepEx

oleaut32

SysStringByteLen
SysFreeString
SysAllocStringLen
VarDateFromStr
VarR8FromStr
GetErrorInfo
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocString
VariantClear
VariantChangeTypeEx
VarR8FromCy
VarCyFromR8
VarParseNumFromStr
VarCmp

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

ole32

CoInitializeEx
CoTaskMemFree
CoCreateGuid
StringFromGUID2
IIDFromString
CoUninitialize
CoCreateInstance

Exports

Exports

XMDllCanUnloadNow
XMDllLoad

Sections

.text
Size: 24.1MB - Virtual size: 24.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.2MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AssertDa
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 771KB - Virtual size: 770KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/AppInfo/Microsoft Analysis Services/AS OLEDB/110/xmsrv.dll
.dll windows x86

4cd6069d05f895d3e3590106a764cc93

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:2e:56:8e:b4:01:eb:c4:30:07:f3:6c:e5:56:96:e5:af:3b:4f:86
Signer

Actual PE Digest

51:2e:56:8e:b4:01:eb:c4:30:07:f3:6c:e5:56:96:e5:af:3b:4f:86

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr100

getenv
__CxxFrameHandler3
fopen
strcat_s
_get_errno
qsort_s
strncat_s
_strnicmp
__iob_func
feof
qsort
strncpy_s
isalnum
_strtoi64
_strtoui64
strtod
strtol
wcstombs
atoi
_wtoi64
_vsnwprintf
memmove_s
strtok_s
tolower
wcsrchr
_strlwr_s
_wcslwr_s
bsearch
fread
_wcsicmp_l
strcpy_s
floor
_CIfmod
_wtoi
_CIpow
fflush
fwprintf
fgets
wprintf_s
fputws
wcstok
_CIsqrt
sprintf_s
printf
_time64
fclose
_wfopen
fgetws
_wgetenv
wcstod
_beginthreadex
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_ungetch
_kbhit
_getch
srand
rand
_stricmp
vprintf
vwprintf
realloc
??0exception@std@@QAE@ABQBDH@Z
strchr
??2@YAPAXI@Z
_wcsicmp
wcsstr
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
malloc
_isnan
swprintf_s
_ui64tow
_i64tow
iswspace
memcpy_s
_ui64tow_s
_ultow
_itow_s
wcsncpy_s
wcsncmp
wcscat_s
fputwc
wcschr
??_V@YAXPAX@Z
_CxxThrowException
memmove
memcpy
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
iswalnum
_CIlog
ceil
wcscpy_s
_set_errno
memset
??3@YAXPAX@Z
_wtof
_purecall

kernel32

Module32NextW
IsDBCSLeadByte
WriteFile
CreateFileW
CreateProcessA
ReadFile
GetFileSizeEx
CreateFileA
FormatMessageW
LocalFree
WideCharToMultiByte
CreateSemaphoreW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
TlsGetValue
DisableThreadLibraryCalls
CloseHandle
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
CreateEventW
GetCurrentThreadId
PulseEvent
WaitForMultipleObjects
EncodePointer
DecodePointer
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
ReleaseSemaphore
CreateThread
GetCurrentDirectoryW
VirtualLock
ResumeThread
WaitForSingleObject
ResetEvent
Thread32Next
Thread32First
CreateToolhelp32Snapshot
DeleteTimerQueueTimer
TlsFree
TlsSetValue
TlsAlloc
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
SystemTimeToFileTime
FileTimeToSystemTime
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetThreadTimes
GetCurrentThread
SetThreadIdealProcessor
SetThreadAffinityMask
GetProcessAffinityMask
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
VirtualFree
GetVersionExW
WaitForSingleObjectEx
GetOverlappedResult
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
GetSystemInfo
InterlockedExchangeAdd
SwitchToThread
SleepEx

oleaut32

SysStringByteLen
SysFreeString
SysAllocStringLen
VarDateFromStr
VarR8FromStr
GetErrorInfo
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocString
VariantClear
VariantChangeTypeEx
VarR8FromCy
VarCyFromR8
VarParseNumFromStr
VarCmp

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

ole32

CoInitializeEx
CoTaskMemFree
CoCreateGuid
StringFromGUID2
IIDFromString
CoUninitialize
CoCreateInstance

Exports

Exports

XMDllCanUnloadNow
XMDllLoad

Sections

.text
Size: 24.1MB - Virtual size: 24.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.2MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AssertDa
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 771KB - Virtual size: 770KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/CompatProvider.dll
.dll regsvr32 windows x64

d7ae07202a5ac5d9e427f377980f333b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

_wcsnicmp
??0exception@@QEAA@XZ
wcschr
_purecall
vswprintf_s
_vscwprintf
??0exception@@QEAA@AEBV0@@Z
_vsnwprintf
wcsrchr
_wcsicmp
?what@exception@@UEBAPEBDXZ
memset
__C_specific_handler
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
_XcptFilter
_amsg_exit
wcsncpy_s
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
__RTDynamicCast
memcmp
__CxxFrameHandler3
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
memmove_s
memcpy_s
malloc
wcscat_s
free
wcscpy_s
??1type_info@@UEAA@XZ
memcpy

ntdll

RtlFreeHeap
RtlNtStatusToDosError
NtSetInformationFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAllocateHeap

kernel32

ExpandEnvironmentStringsW
MapViewOfFile
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
SetThreadUILanguage
GetVersionExW
SetEnvironmentVariableW
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
CompareStringW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
FormatMessageW
LocalFree
CreateFileW
CloseHandle
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
GetNativeSystemInfo
GetFileAttributesW
ReadFile
SetFilePointer
FreeLibrary
GetStartupInfoW
GetExitCodeProcess
CreateProcessW
GetCurrentDirectoryW
WaitForSingleObject
SetFileAttributesW
FindNextFileW
UnmapViewOfFile
SetLastError
CreateFileMappingW
FindFirstFileW
DeviceIoControl
FindClose
SearchPathW

advapi32

OpenProcessToken
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
LookupPrivilegeValueW

user32

CharLowerBuffW
LoadStringW
CharNextW

ole32

StringFromGUID2
CoTaskMemFree
CoCreateGuid
StringFromCLSID
ProgIDFromCLSID
CoCreateInstance

oleaut32

LoadRegTypeLi
SysFreeString
RegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
VarBstrCat
SetErrorInfo
CreateErrorInfo
VariantClear
SysAllocStringLen

version

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/DismCore.dll
.dll regsvr32 windows x64

298860fdb9cb4e7d7cb65f8079d6a0b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

fclose
wcstok_s
swscanf_s
fgetws
_wfopen
feof
iswctype
strrchr
_vsnprintf
towlower
_wcsnicmp
_wtoi
vsprintf_s
_vscprintf
rand
_vsnwprintf
wcsstr
memcmp
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
__CxxFrameHandler3
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
__C_specific_handler
memset
wcscat_s
wcsncpy_s
calloc
_purecall
malloc
_resetstkoflw
wcscpy_s
vswprintf_s
_vscwprintf
wcschr
wcsrchr
_wcsicmp
memmove_s
memcpy_s
free
memcpy

api-ms-win-downlevel-kernel32-l1-1-0

GetModuleFileNameW
GetModuleHandleW
CopyFileExW
TlsGetValue
GetFileSize
CreateEventW
ExitProcess
CreateFileMappingW
SetLastError
GetVersionExW
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceExW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
RaiseException
UnmapViewOfFile
GetProcAddress
LoadLibraryExW
TerminateProcess
WaitForSingleObject
SetEvent
MapViewOfFile
SearchPathW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetVersion
FreeLibrary
DuplicateHandle
CompareStringW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
TlsFree
GetModuleHandleExW
GetCurrentDirectoryW
GetTempPathW
VirtualQuery
MultiByteToWideChar
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateFileW
SetThreadUILanguage
GetLastError
GetDriveTypeW
SetFileAttributesW
FindNextFileW
DeviceIoControl
FindClose
FindFirstFileW
IsDebuggerPresent
FlushFileBuffers
GetFileSizeEx
DeleteFileA
DebugBreak
DeleteFileW
ReleaseMutex
CreateMutexA
FormatMessageA
LoadLibraryExA
GetModuleFileNameA
TlsSetValue
GetLocalTime
TlsAlloc
WriteFile
ExpandEnvironmentStringsA
CreateMutexW
CreateFileA
GetTempFileNameW
GetFullPathNameW
GetCurrentThread
GetWindowsDirectoryW
DeleteProcThreadAttributeList
SetFilePointer
CreateDirectoryW
GetFileInformationByHandle
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
MoveFileExW
GetSystemDirectoryW
FormatMessageW
CreateProcessW
UpdateProcThreadAttribute
GetEnvironmentStringsW
GetSystemWindowsDirectoryW
GetNativeSystemInfo
GetSystemInfo
GetExitCodeProcess
FreeEnvironmentStringsW
InitializeProcThreadAttributeList
ReadFile
GetFileAttributesW

api-ms-win-downlevel-ole32-l1-1-1

CoRegisterClassObject
CoSetProxyBlanket
CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoRegisterPSClsid
CoRevokeClassObject
CoCreateInstance
StringFromGUID2
SetErrorInfo
GetErrorInfo
ProgIDFromCLSID
CreateErrorInfo

api-ms-win-downlevel-user32-l1-1-1

LoadStringW
CharNextW

api-ms-win-downlevel-advapi32-l1-1-1

OpenProcessToken
GetTokenInformation
EqualSid
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
InitializeAcl
AddAccessAllowedAce
GetLengthSid
RegOpenKeyExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegQueryInfoKeyW
OpenThreadToken
RegCloseKey

api-ms-win-downlevel-kernel32-l2-1-0

LocalFree
CreateFileMappingA

ntdll

RtlNtStatusToDosError
RtlFreeHeap
RtlAllocateHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtSetInformationFile

oleaut32

VariantClear
SysStringLen
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
SysAllocStringLen
LoadTypeLibEx
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantInit

api-ms-win-downlevel-advapi32-l2-1-1

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-downlevel-advapi32-l4-1-0

LookupPrivilegeValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/DismCorePS.dll
.dll regsvr32 windows x64

bdc025567322c4f7466984d41a35515e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

malloc
_initterm
__C_specific_handler
free
_amsg_exit
_XcptFilter
memcmp

oleaut32

BSTR_UserMarshal
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserSize64
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserSize
BSTR_UserSize64
BSTR_UserFree64
BSTR_UserUnmarshal64
BSTR_UserMarshal64

rpcrt4

CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
NdrStubCall3
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
NdrOleFree
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllUnregisterProxy
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrOleAllocate
CStdStubBuffer_CountRefs

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-libraryloader-l1-1-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetDismInterfaces
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/Program Files (x86)/ASIO4ALL v2/ASIO4ALL Web Site.url
.url
package/Program Files (x86)/ASIO4ALL v2/ASIO4ALL v2 Instruction Manual.pdf
.pdf
package/Program Files (x86)/ASIO4ALL v2/a4apanel.exe
.exe windows x86

9ca62f5da2a0b14971416bb381a438f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

ole32

CoInitialize
CoCreateInstance

Sections

.text
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
package/Program Files (x86)/ASIO4ALL v2/a4apanel64.exe
.exe windows x64

9ca62f5da2a0b14971416bb381a438f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ExitProcess

ole32

CoInitialize
CoCreateInstance

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 218B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
package/Program Files (x86)/ASIO4ALL v2/asio4all.dll
.dll regsvr32 windows x86

1910aa462df16700a00a0ff7b2051c13

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetCurrentProcess
GetModuleFileNameA
WideCharToMultiByte
TerminateThread
GetVersion
CreateFileA
DeviceIoControl
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcessHeap
HeapWalk
GetCurrentThreadId
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
GetModuleHandleA
VirtualAlloc
VirtualFree
VirtualLock
VirtualUnlock
CreateThread
SetThreadPriority
GetCurrentThread
WaitForSingleObject
WaitForMultipleObjects
CreateEventA
SetEvent
ResetEvent

ksuser

KsCreatePin

setupapi

SetupDiEnumDeviceInterfaces
SetupDiOpenDeviceInterfaceRegKey
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceAlias
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod
midiOutOpen
midiOutGetDevCapsA
midiOutClose
midiOutGetNumDevs
midiOutGetID

gdi32

DeleteObject
CreateSolidBrush
SetBkColor
SetTextColor

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

user32

ShowWindow
LoadBitmapA
MessageBoxA
SetTimer
KillTimer
LoadStringA
SetFocus
CreateWindowExA
DestroyWindow
UnregisterClassA
DefWindowProcA
SendMessageA
PostMessageA
MoveWindow
GetWindowRect
ScreenToClient
GetCursorPos
SetWindowPos
MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
PostThreadMessageA
DialogBoxParamA
GetFocus
LoadIconA
SendDlgItemMessageA
GetDlgItem
EndDialog
RegisterClassExA
SetForegroundWindow

comctl32

ImageList_AddIcon
ImageList_Create

shell32

DllGetVersion
Shell_NotifyIconA
ShellExecuteA

advapi32

RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegFlushKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RWDEFCloseDevice
RWDEFDriveAudio
RWDEFGetDeviceInfo
RWDEFGetDeviceNameAndVersion
RWDEFGetEventBusInfo
RWDEFGetEventChannelInfo
RWDEFGetEventControllerInfo
RWDEFGetEventInfo
RWDEFGetEventNoteInfo
RWDEFIdle
RWDEFIsCloseOK
RWDEFIsPanelAppLaunched
RWDEFLaunchPanelApp
RWDEFOpenDevice
RWDEFQuitPanelApp
RWDEFSetAudioInfo

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/Program Files (x86)/ASIO4ALL v2/asio4all64.dll
.dll regsvr32 windows x64

2882bd11539d66167a5dab6442f9fb19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
GetModuleFileNameA
WideCharToMultiByte
TerminateThread
GetVersion
CreateFileA
DeviceIoControl
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcessHeap
HeapWalk
GetCurrentThreadId
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
GetModuleHandleA
VirtualAlloc
VirtualFree
VirtualLock
VirtualUnlock
CreateThread
SetThreadPriority
GetCurrentThread
WaitForSingleObject
WaitForMultipleObjects
CreateEventA
SetEvent
ResetEvent

ksuser

KsCreatePin

setupapi

SetupDiEnumDeviceInterfaces
SetupDiOpenDeviceInterfaceRegKey
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceAlias
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod
midiOutOpen
midiOutGetDevCapsA
midiOutClose
midiOutGetNumDevs
midiOutGetID

gdi32

DeleteObject
CreateSolidBrush
SetBkColor
SetTextColor

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

user32

ShowWindow
LoadBitmapA
MessageBoxA
SetTimer
KillTimer
LoadStringA
SetFocus
CreateWindowExA
DestroyWindow
UnregisterClassA
DefWindowProcA
SendMessageA
PostMessageA
MoveWindow
GetWindowRect
ScreenToClient
GetCursorPos
SetWindowPos
GetMessageA
DispatchMessageA
PostQuitMessage
PostThreadMessageA
DialogBoxParamA
GetFocus
LoadIconA
SendDlgItemMessageA
GetDlgItem
EndDialog
RegisterClassExA
SetForegroundWindow

comctl32

ImageList_AddIcon
ImageList_Create

shell32

DllGetVersion
Shell_NotifyIconA
ShellExecuteA

advapi32

RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegFlushKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/Program Files (x86)/Common Files/Propellerhead Software/ReWire/ReWire.dll
.dll windows x86

6f8f73d3790535c61959ecb492d51c4f

Code Sign

2b:32:50:47:a6:10:0e:8d:f6:fc:89:1f:0d:c6:75:7a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-05-2013 00:00

Not After

17-05-2015 23:59

Subject

CN=Image Line,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Image Line,L=sint-martens-latem,ST=ovl,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f7:e6:36:49:13:4a:fb:72:08:ad:c7:ff:f9:0a:97:78:ed:8a:fc:3e
Signer

Actual PE Digest

f7:e6:36:49:13:4a:fb:72:08:ad:c7:ff:f9:0a:97:78:ed:8a:fc:3e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Image Line,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Image Line,L=sint-martens-latem,ST=ovl,C=BE

05-10-2022 14:17
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

Sleep
CreateFileA
GetCurrentProcess
GetCurrentProcessId
InterlockedExchangeAdd
InterlockedCompareExchange
CreateMutexW
WaitForSingleObject
GetLastError
ReleaseMutex
CreateEventW
SetEvent
TerminateThread
SetThreadIdealProcessor
SetThreadAffinityMask
GetProcessAffinityMask
GetCurrentThread
ResumeThread
SetThreadPriority
CreateThread
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetACP
SetErrorMode
GetFileAttributesW
GetLongPathNameW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
GetTempPathW
GetWindowsDirectoryW
MoveFileExW
GetTempFileNameW
CreateDirectoryW
GetTickCount
SetFileTime
GetFileTime
CreateFileW
DeleteFileW
SetFileAttributesW
OpenProcess
FindClose
FindFirstFileW
GetLogicalDriveStringsW
FindNextFileW
ReadFile
WriteFile
RemoveDirectoryW
GetModuleFileNameW
GetCurrentThreadId
GetSystemTimeAsFileTime
FreeLibrary
GetProcAddress
LoadLibraryW
SearchPathW
DisableThreadLibraryCalls
SetDllDirectoryW
GetDllDirectoryW
GetFullPathNameW
GetSystemInfo
GetVersionExW
FindResourceW
LoadLibraryExW
SizeofResource
LockResource
LoadResource
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetThreadPriority
OpenMutexA
CreateMutexA
UnmapViewOfFile
OpenFileMappingA
MapViewOfFile
CreateFileMappingA
SetEnvironmentVariableA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoW
GetProcessTimes
CloseHandle
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetFileSize
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocaleInfoA
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
GetModuleHandleW
ExitProcess
GetTimeFormatA
GetDateFormatA
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
CompareStringA
SetLastError
HeapSize
HeapAlloc
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
VirtualAlloc
HeapReAlloc
GetOEMCP
IsValidCodePage
SetConsoleCtrlHandler
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA

user32

CharLowerBuffW
CharUpperBuffW
wsprintfW

advapi32

RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyA
RegOpenKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExW
RegOpenKeyExA

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

Exports

Exports

RWDCloseImp
RWDComBytesAvailableImp
RWDComCheckConnectionImp
RWDComCreateImp
RWDComDestroyImp
RWDComDoesMessageFitImp
RWDComReadImp
RWDComSendImp
RWDIsCloseOKImp
RWDOpenImp
RWIsReWireMixerAppRunningImp
RWM2CloseDeviceImp
RWM2CloseImp
RWM2DriveAudioImp
RWM2GetControllerInfoImp
RWM2GetDeviceCountImp
RWM2GetDeviceInfoByHandleImp
RWM2GetDeviceInfoImp
RWM2GetEventBusInfoImp
RWM2GetEventChannelInfoImp
RWM2GetEventInfoImp
RWM2GetNoteInfoImp
RWM2IdleImp
RWM2IsCloseDeviceOKImp
RWM2IsCloseOKImp
RWM2IsPanelAppLaunchedImp
RWM2LaunchPanelAppImp
RWM2OpenDeviceImp
RWM2OpenImp
RWM2QuitPanelAppImp
RWM2SetAudioInfoImp
RWMCloseDeviceImp
RWMCloseImp
RWMDriveAudioImp
RWMGetDeviceCountImp
RWMGetDeviceInfoByHandleImp
RWMGetDeviceInfoImp
RWMIdleImp
RWMIsCloseDeviceOKImp
RWMIsCloseOKImp
RWMOpenDeviceImp
RWMOpenImp
RWPCloseImp
RWPComBytesAvailableImp
RWPComCheckConnectionImp
RWPComConnectImp
RWPComDisconnectImp
RWPComDoesMessageFitImp
RWPComReadImp
RWPComSendImp
RWPIsCloseOKImp
RWPLoadDeviceImp
RWPOpenImp
RWPRegisterDeviceImp
RWPRegisterReWireDeviceImp
RWPUnloadDeviceImp
RWPUnregisterDeviceImp
RWPUnregisterReWireDeviceImp
TopHatCloseDeviceImp
TopHatCloseImp
TopHatDriveAudioImp
TopHatGetDeviceCountImp
TopHatGetDeviceInfoImp
TopHatIdleImp
TopHatIsCloseDeviceOKImp
TopHatIsCloseOKImp
TopHatOpenDeviceImp
TopHatOpenImp

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/Cartridges/Informix.xsl
.xml
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/Cartridges/Sybase.xsl
.xml
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/Cartridges/as80.xsl
.xml
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/Cartridges/as90.xsl
.xml
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/Cartridges/db2v0801.xsl
.xml
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/Cartridges/hive.xsl
.xml
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/Cartridges/msjet.xsl
.xml
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/Cartridges/orcl7.xsl
.xml
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/Cartridges/sql2000.xsl
.xml
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/Cartridges/sql70.xsl
.xml
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/Cartridges/sql90.xsl
.xml
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/Cartridges/sqlpdw.xsl
.xml
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/Cartridges/trdtv2r41.xsl
.xml
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/Resources/1049/msmdsrv.rll
.dll windows x86

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:5f:7a:0c:7a:8b:a2:52:48:97:00:2a:38:97:36:d0:41:07:28:46
Signer

Actual PE Digest

28:5f:7a:0c:7a:8b:a2:52:48:97:00:2a:38:97:36:d0:41:07:28:46

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 139B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/Resources/1049/msmdsrvi.rll
.dll windows x86

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:28:b4:19:dc:9b:4c:3f:1a:a2:df:6a:4d:dd:7b:c6:9f:2c:e0:b0
Signer

Actual PE Digest

4d:28:b4:19:dc:9b:4c:3f:1a:a2:df:6a:4d:dd:7b:c6:9f:2c:e0:b0

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/Resources/1049/msolui110.rll
.dll windows x86

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:80:be:90:ca:b2:aa:81:89:a4:ab:47:30:e9:e4:eb:30:82:24:f6
Signer

Actual PE Digest

d8:80:be:90:ca:b2:aa:81:89:a4:ab:47:30:e9:e4:eb:30:82:24:f6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 223B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/SQLDumper.exe
.exe windows x86

81c720f8641914edcd344a3a79369611

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:ba:af:60:19:77:d5:3b:13:7c:11:2a:46:7a:6d:30:6b:4b:b2:5a
Signer

Actual PE Digest

2d:ba:af:60:19:77:d5:3b:13:7c:11:2a:46:7a:6d:30:6b:4b:b2:5a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

MiniDumpWriteDump
ImageNtHeader

psapi

GetModuleFileNameExW
GetModuleBaseNameA
GetModuleInformation
EnumProcessModules

rpcrt4

UuidCreate
UuidToStringW
UuidFromStringW
RpcStringFreeW

iphlpapi

GetExtendedTcpTable

ws2_32

ntohs

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

OpenProcess
Thread32First
VirtualFreeEx
InitializeCriticalSectionAndSpinCount
Sleep
ReadProcessMemory
FormatMessageW
GetVersionExW
LeaveCriticalSection
GetFileAttributesW
Thread32Next
ReadFile
GetModuleFileNameW
CreateFileW
FlushFileBuffers
GetLastError
GetProcAddress
VirtualAlloc
EnterCriticalSection
VirtualAllocEx
FindClose
OpenThread
SetConsoleCtrlHandler
GetExitCodeThread
CreateEventW
GetSystemInfo
WriteFile
CreateToolhelp32Snapshot
GetCurrentThreadId
CloseHandle
DeleteFileW
GetCurrentProcessId
DebugBreak
WriteProcessMemory
SuspendThread
ResumeThread
CreateThread
VirtualFree
GetModuleHandleW
SleepEx
SetEvent
GetComputerNameW
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
FreeLibrary
VirtualQuery
SetFilePointer
FindFirstFileW
FindNextFileW
GetFileSize
ExitProcess
ExpandEnvironmentStringsW
SetLastError
GetPrivateProfileStringW
lstrlenW
CompareStringW
GetProcessHeap
SetEnvironmentVariableW
HeapReAlloc
GetEnvironmentVariableW
CreateRemoteThread
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSetInformation
InterlockedCompareExchange
DecodePointer
EncodePointer
RaiseException
InterlockedExchange
LocalAlloc
LoadLibraryExA

advapi32

RegOpenKeyW
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
QueryServiceStatusEx
SetServiceStatus
StartServiceW
LookupPrivilegeValueW
RegQueryValueExW
RegisterServiceCtrlHandlerExW
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenProcessToken
CloseServiceHandle

msvcr100

_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__winitenv
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
??2@YAPAXI@Z
exit
_wstrtime_s
_time64
wcsncmp
swscanf_s
??3@YAXPAX@Z
_vsnwprintf
wcsrchr
_wmakepath_s
memset
_wremove
_errno
_wsplitpath_s
wcsnlen
qsort
_wtoi
wcstoul
_gmtime64_s
_wcsicmp
wcschr
_wstrdate_s
_swscanf_s_l
__CxxFrameHandler3
memcpy
_stricmp
wprintf

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/dbghelp.dll
.dll windows x86

fa6b094f828920cf8999743ff0004319

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa
Signer

Actual PE Digest

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_isatty
_write
_lseeki64
??3@YAXPAX@Z
_fileno
_read
__pioinfo
__badioinfo
ferror
wctomb
_snprintf
isleadbyte
mbtowc
_onexit
_lock
__dllonexit
_unlock
_ismbblead
_amsg_exit
_initterm
_XcptFilter
memmove
_iob
__mb_cur_max
strchr
_vsnwprintf
_errno
__CxxFrameHandler
iswspace
calloc
_itoa
_wcsdup
towlower
tolower
_wcslwr
time
_wctime
_ltoa
_strnicmp
_wcsnicmp
_purecall
ctime
malloc
strncmp
isspace
_stricmp
_strlwr
free
wcsrchr
strstr
memcpy
_wcsicmp
qsort
wcschr
wcsstr
wcsncmp
iswxdigit
memset
??2@YAPAXI@Z
iswprint
fflush
fprintf
atol
fclose
__unDName
iswdigit
_CxxThrowException
bsearch
_wfsopen
fread
fseek
wcstol
_wfullpath
_wgetenv
_get_osfhandle
_chsize
_close
_open_osfhandle
ftell
_memicmp
_mbscmp
??1type_info@@UAE@XZ
_wsopen

kernel32

HeapFree
MapViewOfFileEx
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
GetFileType
DeviceIoControl
SetFileAttributesW
CreateFileMappingW
InterlockedIncrement
InterlockedDecrement
LocalFree
FormatMessageW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedExchange
GetThreadSelectorEntry
CreateThread
TerminateThread
VirtualQueryEx
GetPriorityClass
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
GetSystemTimeAsFileTime
Sleep
GetVersion
GetSystemInfo
LoadLibraryExA
InterlockedCompareExchange
DelayLoadFailureHook
ReadProcessMemory
GetProcessHeap
GetFileAttributesA
SetErrorMode
WriteFile
OutputDebugStringA
VirtualFree
OpenProcess
GetCurrentProcessId
GetModuleHandleA
CreateFileMappingA
MapViewOfFile
DuplicateHandle
VirtualAlloc
VirtualProtect
CreateDirectoryA
UnmapViewOfFile
GetCurrentProcess
SetFilePointer
IsDBCSLeadByte
HeapAlloc
HeapReAlloc
GetVersionExA
InitializeCriticalSection
FindClose
SetLastError
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetLastError
TlsSetValue
TlsGetValue
FreeLibrary
LoadLibraryA
TlsAlloc
TlsFree
DeleteCriticalSection
HeapDestroy
HeapCreate
FlushViewOfFile

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
itoldyouso
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/msmdlocal.dll
.dll windows x86

30b9b02c4717da4bc8cc78b0a4bd2e81

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:7f:ff:1d:d6:09:04:46:00:2c:7e:55:1f:f3:01:d8:d5:10:a5:d2
Signer

Actual PE Digest

07:7f:ff:1d:d6:09:04:46:00:2c:7e:55:1f:f3:01:d8:d5:10:a5:d2

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
_Nan
_Inf
?quiet_NaN@?$numeric_limits@N@std@@SANXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ

msvcr100

__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
calloc
_vsnwprintf_l
_resetstkoflw
??0exception@std@@QAE@ABQBDH@Z
strchr
sprintf_s
fread
bsearch
_wcslwr_s
_strlwr_s
strcpy_s
fwprintf_s
_configthreadlocale
_wgetenv
exit
??2@YAPAXI@Z
_vsnprintf_s
_wcsupr
_ui64tow
_ultow_s
memmove_s
towlower
iswalnum
iswlower
iswalpha
wprintf
_CIfmod
_ultoa_s
_snwprintf_s
_CIlog
_CIsqrt
printf
_finite
wcstok
bsearch_s
qsort_s
_CIpow
_CIexp
ceil
vfprintf
??3@YAXPAX@Z
??_V@YAXPAX@Z
fseek
fprintf
_fsopen
getenv
_wcslwr
iswdigit
_ltow
_swscanf_s_l
longjmp
_setjmp3
_wcsnicmp_l
_wtoi64_l
_wfullpath
__pctype_func
_isctype_l
_iswprint_l
_i64tow_s
_i64tow
_wcstoi64
_snprintf_s
strncpy_s
_waccess
_wcsdup
_wsetlocale
_time64
_CIlog10
_CIatan
_CIsin
frexp
ldexp
_wfsopen
_wctime64
srand
rand
_wcsicmp_l
_vsnwprintf
iswspace
_isnan
_itow
_endthreadex
floor
wcsncat_s
setvbuf
_ftelli64
fflush
ferror
fclose
_wfopen
vswprintf_s
vfwprintf
fwprintf
fputwc
__iob_func
_local_unwind4
_vsnwprintf_s
swscanf_s
_wtol
wcsrchr
wcschr
swprintf_s
_wtoi
wcstoul
wcstol
_wcsnicmp
wcstok_s
_errno
qsort
wcscpy_s
_msize
_aligned_msize
_aligned_realloc
_aligned_malloc
_aligned_free
realloc
_beginthreadex
_wsplitpath_s
_wmakepath_s
wcsncmp
wcscat_s
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
memcpy_s
malloc
free
_purecall
_ui64tow_s
_ultow
_itow_s
wcsncpy_s
memmove
memset
_vswprintf_c_l
_wcsicmp
wcsstr
memcpy
wcspbrk
__CxxFrameHandler3
_CxxThrowException
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z

kernel32

GetStartupInfoW
GetUserDefaultUILanguage
EncodePointer
DecodePointer
SetEnvironmentVariableW
CompareStringW
GetPrivateProfileStringW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
Module32NextW
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
SystemTimeToFileTime
GetLocaleInfoW
LocaleNameToLCID
CreateSemaphoreW
CreateDirectoryW
GetFileInformationByHandle
GetFileType
RemoveDirectoryW
SetFilePointer
SetFileTime
CancelIo
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
MoveFileW
MapViewOfFile
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
QueueUserWorkItem
ConvertThreadToFiber
BindIoCompletionCallback
GetThreadLocale
SetThreadLocale
GetFileSize
FlushFileBuffers
WaitForMultipleObjectsEx
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
IsValidLocale
GetSystemDefaultLCID
UnhandledExceptionFilter
IsProcessorFeaturePresent
ExpandEnvironmentStringsW
TlsGetValue
OutputDebugStringA
SetLastError
LeaveCriticalSection
DeleteCriticalSection
SleepEx
DisableThreadLibraryCalls
GetProcAddress
LocalFree
LoadLibraryExA
LocalAlloc
GetLastError
InterlockedExchange
RaiseException
FreeLibrary
MultiByteToWideChar
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetCurrentProcess
TerminateProcess
DebugBreak
SwitchToThread
GetCurrentThreadId
GetTickCount
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
GetCurrentProcessId
TlsAlloc
TlsSetValue
TlsFree
CreateTimerQueueTimer
DeleteTimerQueueTimer
CreateToolhelp32Snapshot
Thread32First
Thread32Next
FindClose
FindFirstFileW
FindNextFileW
GetVolumeInformationW
DuplicateHandle
QueryPerformanceCounter
QueryPerformanceFrequency
GetOverlappedResult
WaitForSingleObjectEx
SetWaitableTimer
InterlockedExchangeAdd
GetSystemInfo
GetSystemDirectoryW
GetComputerNameExW
GetVersionExW
GetLogicalProcessorInformation
VirtualAlloc
VirtualFree
VirtualQuery
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExW
GetProcessAffinityMask
SetThreadAffinityMask
SetThreadIdealProcessor
CreateWaitableTimerW
GetNumaProcessorNode
GetCurrentThread
GetThreadTimes
WaitForMultipleObjects
SetEvent
ResetEvent
HeapCreate
HeapDestroy
HeapCompact
GlobalMemoryStatusEx
CreateMemoryResourceNotification
QueryMemoryResourceNotification
GetModuleHandleA
HeapReAlloc
HeapSize
HeapValidate
VirtualLock
VirtualUnlock
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
GetLongPathNameW
GetLocalTime
GetProcessWorkingSetSize
SetProcessWorkingSetSize
FormatMessageW
IsDebuggerPresent
OutputDebugStringW
SetUnhandledExceptionFilter
TryEnterCriticalSection
AddVectoredExceptionHandler
WideCharToMultiByte
GetSystemTime
GetDiskFreeSpaceW
ReleaseSemaphore
CreateEventW
SetThreadPriority
OpenProcess
ReadFile
ReadFileScatter
WriteFile
WriteFileGather
FindCloseChangeNotification
GetThreadPriority
FindNextChangeNotification
GetFileAttributesExW
CopyFileW
MoveFileExW
GetExitCodeProcess
CreateProcessW
CreateTimerQueue
ChangeTimerQueueTimer
DeleteTimerQueueEx
LoadResource
LockResource
SizeofResource
FindResourceW
CreateFileW
DeleteFileW
GetDiskFreeSpaceExW
GetVolumePathNameW
UnregisterWaitEx
RegisterWaitForSingleObject
OpenThread
GetProcessTimes
PulseEvent
GlobalMemoryStatus
CreateFiber
DeleteFiber
SwitchToFiber
ExitProcess
CreateThread
ResumeThread
LCIDToLocaleName
GetLocaleInfoEx
lstrlenA
lstrlenW
FileTimeToLocalFileTime
GlobalFree
ConvertDefaultLocale
SetConsoleCtrlHandler
CreateHardLinkW
WaitForSingleObject
Sleep
IsDBCSLeadByte
LoadLibraryW
ReadProcessMemory
CreateMutexW
SetHandleInformation
ReleaseMutex
FindFirstChangeNotificationW

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegOpenKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDeriveKey
ImpersonateLoggedOnUser
GetSecurityInfo
GetUserNameW
AddAccessAllowedAceEx
RegOpenKeyW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
OpenProcessToken
InitializeSecurityDescriptor
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
SetThreadToken
OpenThreadToken
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegSetValueExW
CryptGenKey
CryptDestroyKey
CryptSetKeyParam
CryptGetKeyParam
CryptExportKey
CryptImportKey
CryptEncrypt
CryptDecrypt
CopySid
GetLengthSid
AddAccessAllowedAce
AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
InitializeAcl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorSacl
LookupAccountSidW
LookupAccountNameW
ConvertSidToStringSidW
ConvertStringSidToSidW
AccessCheck
AllocateLocallyUniqueId
RevertToSelf
ImpersonateAnonymousToken
MapGenericMask
LogonUserW
LsaNtStatusToWinError
CloseServiceHandle
EnumServicesStatusW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
SetServiceStatus
RegisterServiceCtrlHandlerW

shlwapi

PathCombineW
PathFindExtensionW
PathFindFileNameW
PathRemoveBackslashW
PathRemoveExtensionW
PathRemoveFileSpecW

iphlpapi

GetUnicastIpAddressEntry
GetBestInterfaceEx

userenv

GetProfileType

ncrypt

BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptExportKey
BCryptDestroyKey
NCryptOpenStorageProvider
NCryptGetProperty
NCryptImportKey
NCryptVerifySignature
NCryptFreeObject

Exports

Exports

DmpGetClientExport
MSMDCanUnloadNow
MSMDCancelCommands
MSMDCloseHandle
MSMDGetDBImageSize
MSMDGetDBLastModified
MSMDGetMDXUtils
MSMDInitLocal
MSMDLoadDBImage
MSMDOpenLocal
MSMDOpenRequest
MSMDParseFormulaExpression
MSMDParseGetCubeName
MSMDParseXLFormulaExpression
MSMDReadData
MSMDReadDataEx
MSMDReceiveResponse
MSMDRenameServer
MSMDSaveDBImage
MSMDSendRequest
MSMDStopLocal
MSMDWriteData
MSMDWriteDataEx

Sections

.text
Size: 21.5MB - Virtual size: 21.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.1MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AssertDa
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 402KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/msmgdsrv.dll
.dll windows x86

1f0b9d86d3b09c1459e4f99bc82b614a

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:1f:23:2c:95:00:e6:ea:be:0b:af:6a:9a:2d:3f:ac:3b:5c:68:ee
Signer

Actual PE Digest

67:1f:23:2c:95:00:e6:ea:be:0b:af:6a:9a:2d:3f:ac:3b:5c:68:ee

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:39
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreW
CreateFileW
CreateDirectoryW
DeleteFileW
GetFileSizeEx
GetFileType
RemoveDirectoryW
SetEndOfFile
SetFilePointer
CancelIo
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
MoveFileW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ResumeThread
QueueUserWorkItem
UnregisterWaitEx
RegisterWaitForSingleObject
GetThreadLocale
SetThreadLocale
FlushFileBuffers
GetDiskFreeSpaceExW
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
CloseHandle
QueryPerformanceCounter
GetTickCount
LeaveCriticalSection
FreeLibrary
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
TlsGetValue
LocalFree
GetFileInformationByHandle
InterlockedIncrement
IsProcessorFeaturePresent
UnhandledExceptionFilter
DecodePointer
EncodePointer
Sleep
Module32NextW
PulseEvent
FindResourceW
SizeofResource
LockResource
LoadResource
GetLastError
LoadLibraryExA
LocalAlloc
InterlockedExchange
RaiseException
FindClose
FindFirstFileW
FindNextFileW
SetLastError
QueryPerformanceFrequency
GetOverlappedResult
SleepEx
WaitForSingleObjectEx
SetWaitableTimer
InterlockedExchangeAdd
GetCurrentProcess
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryW
GetVersionExW
GetLogicalProcessorInformation
VirtualAlloc
VirtualFree
VirtualQuery
GetModuleHandleExW
LoadLibraryExW
GetProcessAffinityMask
SetThreadAffinityMask
SetThreadIdealProcessor
CreateWaitableTimerW
GetNumaProcessorNode
InterlockedDecrement
InterlockedCompareExchange
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
TerminateProcess
MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToFileTime
GetCurrentThread
GetThreadTimes
WaitForMultipleObjects
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
TlsAlloc
TlsSetValue
TlsFree
CreateTimerQueueTimer
DeleteTimerQueueTimer
CreateToolhelp32Snapshot
Thread32First
Thread32Next
DebugBreak
SwitchToThread
GetLocaleInfoW
ConvertDefaultLocale
SetEvent
ResetEvent
HeapCreate
HeapDestroy
GlobalMemoryStatusEx
CreateMemoryResourceNotification
HeapReAlloc
HeapSize
HeapValidate
VirtualLock
VirtualUnlock
OutputDebugStringA
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
GetLongPathNameW
GetLocalTime
SetProcessWorkingSetSize
FormatMessageW
IsDebuggerPresent
OutputDebugStringW
SetUnhandledExceptionFilter
TryEnterCriticalSection
WideCharToMultiByte
GetSystemTime
GetDiskFreeSpaceW
ReleaseSemaphore
CreateEventW
SetThreadPriority
ReadFile
ReadFileScatter
WriteFile
GetFileAttributesExW
CopyFileW
MoveFileExW
DeleteTimerQueueEx

msvcp100

?_Lockit_ctor@_Lockit@std@@SAXH@Z
?_Lockit_dtor@_Lockit@std@@SAXH@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ

msvcr100

__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
memmove_s
_wcsicmp_l
bsearch_s
sprintf_s
_vsnwprintf
_CIpow
_CIexp
ceil
vfprintf
fseek
fprintf
_fsopen
getenv
_endthreadex
floor
wcsncat_s
setvbuf
_ftelli64
fflush
ferror
fclose
_wfopen
vswprintf_s
vfwprintf
fwprintf
fputwc
__iob_func
_local_unwind4
_vsnwprintf_s
swscanf_s
_wtol
wcschr
wcsrchr
_wtoi
_msize
_aligned_msize
_except_handler4_common
_aligned_malloc
_aligned_free
realloc
_beginthreadex
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_vswprintf_c_l
_snprintf_s
strncpy_s
calloc
_wsetlocale
_snwprintf_s
_vsnprintf_s
_wcsicmp
wcsstr
malloc
free
_isnan
swprintf_s
_ui64tow
_i64tow
iswspace
_wcsnicmp
wcscpy_s
memcpy_s
_itow_s
_wsplitpath_s
_wmakepath_s
wcsncmp
wcspbrk
_purecall
wcscat_s
wcsncpy_s
memset
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
_CxxThrowException
memmove
memcpy
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3
??3@YAXPAX@Z
??_V@YAXPAX@Z
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
__FrameUnwindFilter
_cexit
__RTDynamicCast
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_aligned_realloc
__clean_type_info_names_internal

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SetThreadToken
OpenThreadToken
ImpersonateLoggedOnUser
OpenProcessToken
InitializeSecurityDescriptor
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RevertToSelf

mscoree

_CorDllMain

Exports

Exports

MSMDCreateAssembly
MSMDCreateManagedConnection
MSMDCreateManagedDSV
MSMDCreateManagedNLP
MSMDCreateTimeDimCalculator
MSMDCreateTimeDimReader
MSMDFileSystemBrowserFileExists
MSMDFileSystemBrowserGetAllowedDirectories
MSMDFileSystemBrowserGetDirectories
MSMDFileSystemBrowserGetFiles
MSMDFileSystemBrowserGetLogicalDrives
MSMDInitModule
MSMDLocalStreamClose
MSMDLocalStreamCloseBase
MSMDLocalStreamFlush
MSMDLocalStreamRead
MSMDLocalStreamSkip
MSMDLocalStreamWrite
MSMDLocalStreamWriteEndOfMessage
MSMDOnServerReady
MSMDResetModule
MSMDSetFeatureSwitches

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 855KB - Virtual size: 854KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.3MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AssertDa
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/msolap110.dll
.dll regsvr32 windows x86

0bce98ee70e0cf58c1e95a5af6536002

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:8d:cb:83:b9:8c:62:a7:7f:bd:22:66:74:4e:84:be:e5:fc:f0:8b
Signer

Actual PE Digest

69:8d:cb:83:b9:8c:62:a7:7f:bd:22:66:74:4e:84:be:e5:fc:f0:8b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr100

_vsnwprintf_l
iswdigit
_wcsicmp_l
_vsnwprintf
sprintf_s
_CIpow
_CIexp
ceil
vfprintf
fseek
fprintf
_fsopen
getenv
floor
wcsncat_s
setvbuf
_ftelli64
fflush
ferror
fclose
vswprintf_s
vfwprintf
fwprintf
fputwc
__iob_func
_local_unwind4
_vsnwprintf_s
wcstol
_wtoi64_l
wcsrchr
_msize
_aligned_msize
_aligned_realloc
_aligned_malloc
_aligned_free
realloc
_endthreadex
_beginthreadex
_snwprintf_s
_wsetlocale
_wcsdup
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
_isnan
_ui64tow
_i64tow
_wmakepath_s
wcspbrk
_itow_s
_snprintf_s
strncpy_s
_vsnprintf_s
_wtol
??3@YAXPAX@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
__clean_type_info_names_internal
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_wcsicmp
wcsncmp
swscanf_s
_vswprintf_c_l
iswspace
_wfopen
_wsplitpath_s
swprintf_s
_wtoi
_ultow
_wcsnicmp
wcschr
memmove
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
??_V@YAXPAX@Z
wcsstr
wcsncpy_s
wcscpy_s
wcscat_s
memmove_s
memcpy_s
_recalloc
malloc
free
calloc
??2@YAPAXI@Z
_purecall
_wfullpath

kernel32

GetModuleFileNameW
GetModuleHandleW
GetProcAddress
FreeLibrary
LoadResource
SizeofResource
FindResourceW
MultiByteToWideChar
OutputDebugStringA
GetCurrentProcessId
TlsGetValue
CreateTimerQueueTimer
DeleteTimerQueueTimer
IsValidCodePage
GetACP
CloseHandle
InterlockedExchange
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetThreadLocale
GetUserDefaultUILanguage
IsDebuggerPresent
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
SleepEx
GetTickCount
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
WideCharToMultiByte
EnterCriticalSection
EncodePointer
DecodePointer
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThreadId
IsProcessorFeaturePresent
lstrlenW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetLastError
RaiseException
CreateSemaphoreW
LoadLibraryExW
GetVolumePathNameW
GetDiskFreeSpaceExW
PulseEvent
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
LockResource
WaitForMultipleObjectsEx
ReadFileScatter
ReleaseSemaphore
GetSystemTime
SetProcessWorkingSetSize
GetLocalTime
GetLongPathNameW
GetFullPathNameW
GetCurrentDirectoryW
GetEnvironmentVariableW
FormatMessageW
VirtualUnlock
VirtualLock
HeapValidate
HeapSize
HeapReAlloc
CreateMemoryResourceNotification
GlobalMemoryStatusEx
HeapDestroy
HeapCreate
FlushFileBuffers
MoveFileExW
MoveFileW
CopyFileW
MapViewOfFileEx
CreateEventW
CancelIo
WriteFile
SetFilePointerEx
SetFilePointer
SetEndOfFile
RemoveDirectoryW
ReadFile
GetFileType
GetFileSizeEx
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceW
DeleteFileW
CreateFileW
CreateDirectoryW
SetThreadLocale
BindIoCompletionCallback
FindClose
RegisterWaitForSingleObject
LocalFree
LoadLibraryExA
LocalAlloc
SetLastError
DebugBreak
SwitchToThread
InterlockedExchangeAdd
GetSystemInfo
VirtualAlloc
VirtualQuery
FindFirstFileW
FindNextFileW
GetOverlappedResult
WaitForSingleObjectEx
SetWaitableTimer
GetSystemDirectoryW
GetComputerNameExW
GetVersionExW
GetLogicalProcessorInformation
VirtualFree
GetModuleHandleExW
GetProcessAffinityMask
SetThreadAffinityMask
SetThreadIdealProcessor
CreateWaitableTimerW
GetNumaProcessorNode
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetLocaleInfoW
ConvertDefaultLocale
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
TlsAlloc
TlsSetValue
TlsFree
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetCurrentThread
GetThreadTimes
WaitForMultipleObjects
UnmapViewOfFile
CreateFileMappingW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SetEvent
ResetEvent
SetThreadPriority
ResumeThread
QueueUserWorkItem
UnregisterWaitEx
CreateTimerQueue
DeleteTimerQueueEx

advapi32

MapGenericMask
AccessCheck
CryptDecrypt
CryptEncrypt
CryptGetKeyParam
CryptSetKeyParam
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
EqualSid
OpenProcessToken
OpenThreadToken
RegQueryValueExW
LookupPrivilegeValueW
RevertToSelf
AdjustTokenPrivileges
GetTokenInformation
SetThreadToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupAccountSidW

msvcp100

?_Orphan_all@_Container_base0@std@@QAEXXZ

shlwapi

PathRemoveFileSpecW
PathRemoveExtensionW
PathFindExtensionW
PathFindFileNameW
PathRemoveBackslashW
PathCombineW

userenv

GetProfileType

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 656KB - Virtual size: 655KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.5MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AssertDa
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/msolui110.dll
.dll regsvr32 windows x86

1297b79f6a02b17ccd62ab546c93a9dc

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:13:7b:1b:22:68:64:91:9a:ad:37:dc:80:ba:06:d7:1f:7d:bb:ca
Signer

Actual PE Digest

fd:13:7b:1b:22:68:64:91:9a:ad:37:dc:80:ba:06:d7:1f:7d:bb:ca

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW

kernel32

GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
MultiByteToWideChar
FindFirstFileW
FindNextFileW
SetLastError
GetCurrentProcess
GetCurrentThreadId
FlushInstructionCache
GlobalAlloc
GlobalFree
lstrcmpW
LockResource
GlobalLock
GetModuleFileNameW
GlobalUnlock
MulDiv
LoadLibraryW
GetUserDefaultLCID
LocalFree
FormatMessageW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
Sleep
InterlockedExchange
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
DecodePointer
EncodePointer
IsProcessorFeaturePresent
HeapFree
HeapAlloc
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InterlockedCompareExchange
FreeLibrary
DisableThreadLibraryCalls
lstrlenW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GlobalHandle
GetProcessHeap

ole32

OleLockRunning
OleUninitialize
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance

oleaut32

LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
GetErrorInfo
RegisterTypeLi
UnRegisterTypeLi
SysAllocStringLen
VariantInit
VariantClear
OleCreateFontIndirect
VariantCopy
SysFreeString

user32

CharNextW
LoadStringW
RegisterWindowMessageW
SendMessageW
DefWindowProcW
MessageBoxW
MapDialogRect
LoadCursorW
GetWindow
GetClassNameW
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
FillRect
GetSysColor
ScreenToClient
ClientToScreen
SetWindowContextHelpId
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
EnableWindow
ReleaseCapture
SetCapture
GetFocus
GetActiveWindow
CallWindowProcW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
SetFocus
UnregisterClassA

gdi32

CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
SelectObject
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt

comdlg32

GetOpenFileNameW

msvcr100

??_V@YAXPAX@Z
__CxxFrameHandler3
_purecall
??2@YAPAXI@Z
free
malloc
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??3@YAXPAX@Z
_wcsupr
_wcsicmp
wcschr
_wcsdup
swprintf_s
_ltow_s
memset
_CxxThrowException
wcsstr
wcsncpy_s
wcscpy_s
wcscat_s
memcpy_s
??_U@YAPAXI@Z
_recalloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/Program Files (x86)/Microsoft Analysis Services/AS OLEDB/110/xmsrv.dll
.dll windows x86

4cd6069d05f895d3e3590106a764cc93

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:2e:56:8e:b4:01:eb:c4:30:07:f3:6c:e5:56:96:e5:af:3b:4f:86
Signer

Actual PE Digest

51:2e:56:8e:b4:01:eb:c4:30:07:f3:6c:e5:56:96:e5:af:3b:4f:86

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr100

getenv
__CxxFrameHandler3
fopen
strcat_s
_get_errno
qsort_s
strncat_s
_strnicmp
__iob_func
feof
qsort
strncpy_s
isalnum
_strtoi64
_strtoui64
strtod
strtol
wcstombs
atoi
_wtoi64
_vsnwprintf
memmove_s
strtok_s
tolower
wcsrchr
_strlwr_s
_wcslwr_s
bsearch
fread
_wcsicmp_l
strcpy_s
floor
_CIfmod
_wtoi
_CIpow
fflush
fwprintf
fgets
wprintf_s
fputws
wcstok
_CIsqrt
sprintf_s
printf
_time64
fclose
_wfopen
fgetws
_wgetenv
wcstod
_beginthreadex
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_ungetch
_kbhit
_getch
srand
rand
_stricmp
vprintf
vwprintf
realloc
??0exception@std@@QAE@ABQBDH@Z
strchr
??2@YAPAXI@Z
_wcsicmp
wcsstr
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
malloc
_isnan
swprintf_s
_ui64tow
_i64tow
iswspace
memcpy_s
_ui64tow_s
_ultow
_itow_s
wcsncpy_s
wcsncmp
wcscat_s
fputwc
wcschr
??_V@YAXPAX@Z
_CxxThrowException
memmove
memcpy
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
iswalnum
_CIlog
ceil
wcscpy_s
_set_errno
memset
??3@YAXPAX@Z
_wtof
_purecall

kernel32

Module32NextW
IsDBCSLeadByte
WriteFile
CreateFileW
CreateProcessA
ReadFile
GetFileSizeEx
CreateFileA
FormatMessageW
LocalFree
WideCharToMultiByte
CreateSemaphoreW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
TlsGetValue
DisableThreadLibraryCalls
CloseHandle
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
CreateEventW
GetCurrentThreadId
PulseEvent
WaitForMultipleObjects
EncodePointer
DecodePointer
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
ReleaseSemaphore
CreateThread
GetCurrentDirectoryW
VirtualLock
ResumeThread
WaitForSingleObject
ResetEvent
Thread32Next
Thread32First
CreateToolhelp32Snapshot
DeleteTimerQueueTimer
TlsFree
TlsSetValue
TlsAlloc
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
SystemTimeToFileTime
FileTimeToSystemTime
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetThreadTimes
GetCurrentThread
SetThreadIdealProcessor
SetThreadAffinityMask
GetProcessAffinityMask
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
VirtualFree
GetVersionExW
WaitForSingleObjectEx
GetOverlappedResult
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
GetSystemInfo
InterlockedExchangeAdd
SwitchToThread
SleepEx

oleaut32

SysStringByteLen
SysFreeString
SysAllocStringLen
VarDateFromStr
VarR8FromStr
GetErrorInfo
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocString
VariantClear
VariantChangeTypeEx
VarR8FromCy
VarCyFromR8
VarParseNumFromStr
VarCmp

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

ole32

CoInitializeEx
CoTaskMemFree
CoCreateGuid
StringFromGUID2
IIDFromString
CoUninitialize
CoCreateInstance

Exports

Exports

XMDllCanUnloadNow
XMDllLoad

Sections

.text
Size: 24.1MB - Virtual size: 24.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.2MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AssertDa
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 771KB - Virtual size: 770KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
package/Program Files (x86)/VstPlugins/FL Studio VSTi (Multi).dll
.dll windows x86

96b0ca9f1cd9dd5fb9784754c7081df2

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:f0:b5:64:c9:6b:3a:d7:b5:95:35:1d:97:1f:b6:03
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-07-2020 00:00

Not After

12-07-2023 12:00

Subject

CN=Image Line,O=Image Line,L=Gent,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:09:8d:b6:29:83:54:72:f4:4c:16:e4:57:88:36:50:3b:21:17:5d:4f:f1:62:b1:8b:0f:7b:2a:fd:9d:01:48
Signer

Actual PE Digest

d0:09:8d:b6:29:83:54:72:f4:4c:16:e4:57:88:36:50:3b:21:17:5d:4f:f1:62:b1:8b:0f:7b:2a:fd:9d:01:48

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Image Line,O=Image Line,L=Gent,C=BE

25-03-2021 09:50
Valid: true

Chain 1

CN=Image Line,O=Image Line,L=Gent,C=BE

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyW
RegFlushKey
RegEnumValueW
RegCreateKeyExW
RegCloseKey

user32

CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
WindowFromPoint
WaitMessage
ValidateRgn
ValidateRect
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageW
OpenClipboard
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LockWindowUpdate
LoadStringW
LoadKeyboardLayoutW
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
InvalidateRgn
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRgn
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameW
GetClipboardData
GetClipCursor
GetClientRect
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumDisplaySettingsW
EnumClipboardFormats
EnumChildWindows
EndPaint
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DeferWindowPos
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIconIndirect
CreateIconFromResource
CreateIcon
CountClipboardFormats
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharToOemBuffW
CharNextExA
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
BeginDeferWindowPos
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
SetCurrentDirectoryW
GetCurrentDirectoryW
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
UnmapViewOfFile
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetVolumeLabelW
SetThreadPriority
SetThreadLocale
SetLastError
SetFileTime
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
SetDllDirectoryW
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringW
MultiByteToWideChar
MulDiv
MapViewOfFile
LockResource
LocalFree
LocalFileTimeToFileTime
LoadResource
LoadLibraryW
LeaveCriticalSection
LCMapStringW
IsValidLocale
InitializeCriticalSection
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVolumeInformationW
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetTempFileNameW
GetSystemInfo
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoW
EnterCriticalSection
DosDateTimeToFileTime
DeleteTimerQueueTimer
DeleteFileW
DeleteCriticalSection
DeleteAtom
CreateTimerQueueTimer
CreateThread
CreateFileMappingW
CreateFileW
CreateEventW
CopyFileW
CompareStringW
CloseHandle
ChangeTimerQueueTimer
Sleep

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetRectRgn
SetROP2
SetPixelV
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RectInRegion
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
OffsetRgn
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStretchBltMode
GetStockObject
GetRgnBox
GetRegionData
GetRandomRgn
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtSelectClipRgn
ExtFloodFill
ExcludeClipRect
EqualRgn
EnumFontFamiliesExW
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
ArcTo
Arc
AngleArc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetOpenEnumW
WNetGetUniversalNameW
WNetEnumResourceW
WNetCloseEnum

netapi32

NetWkstaGetInfo

ole32

CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
ReleaseStgMedium
OleUninitialize
OleInitialize
StgCreateDocfileOnILockBytes
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

msvcrt

memset
memcpy

shell32

SHFileOperationW
Shell_NotifyIconW
SHAppBarMessage
DragQueryPoint
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetFolderPathW
SHGetPathFromIDListW
SHGetMalloc
SHGetDesktopFolder

winmm

timeGetTime
timeGetDevCaps
timeEndPeriod
timeBeginPeriod

msacm32

acmMetrics

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
main

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 34KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
package/Program Files (x86)/VstPlugins/FL Studio VSTi.dll
.dll windows x86

96b0ca9f1cd9dd5fb9784754c7081df2

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:f0:b5:64:c9:6b:3a:d7:b5:95:35:1d:97:1f:b6:03
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-07-2020 00:00

Not After

12-07-2023 12:00

Subject

CN=Image Line,O=Image Line,L=Gent,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:d1:29:b6:03:c8:8d:7c:ee:d2:4d:10:e8:cf:fd:0a:4c:69:5a:98:6a:de:b9:f1:55:73:db:c3:1c:e4:c9:52
Signer

Actual PE Digest

a6:d1:29:b6:03:c8:8d:7c:ee:d2:4d:10:e8:cf:fd:0a:4c:69:5a:98:6a:de:b9:f1:55:73:db:c3:1c:e4:c9:52

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Image Line,O=Image Line,L=Gent,C=BE

25-03-2021 09:50
Valid: true

Chain 1

CN=Image Line,O=Image Line,L=Gent,C=BE

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyW
RegFlushKey
RegEnumValueW
RegCreateKeyExW
RegCloseKey

user32

CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
WindowFromPoint
WaitMessage
ValidateRgn
ValidateRect
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageW
OpenClipboard
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LockWindowUpdate
LoadStringW
LoadKeyboardLayoutW
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
InvalidateRgn
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRgn
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameW
GetClipboardData
GetClipCursor
GetClientRect
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumDisplaySettingsW
EnumClipboardFormats
EnumChildWindows
EndPaint
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DeferWindowPos
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIconIndirect
CreateIconFromResource
CreateIcon
CountClipboardFormats
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharToOemBuffW
CharNextExA
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
BeginDeferWindowPos
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
SetCurrentDirectoryW
GetCurrentDirectoryW
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
UnmapViewOfFile
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetVolumeLabelW
SetThreadPriority
SetThreadLocale
SetLastError
SetFileTime
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
SetDllDirectoryW
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringW
MultiByteToWideChar
MulDiv
MapViewOfFile
LockResource
LocalFree
LocalFileTimeToFileTime
LoadResource
LoadLibraryW
LeaveCriticalSection
LCMapStringW
IsValidLocale
InitializeCriticalSection
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVolumeInformationW
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetTempFileNameW
GetSystemInfo
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoW
EnterCriticalSection
DosDateTimeToFileTime
DeleteTimerQueueTimer
DeleteFileW
DeleteCriticalSection
DeleteAtom
CreateTimerQueueTimer
CreateThread
CreateFileMappingW
CreateFileW
CreateEventW
CopyFileW
CompareStringW
CloseHandle
ChangeTimerQueueTimer
Sleep

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetRectRgn
SetROP2
SetPixelV
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RectInRegion
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
OffsetRgn
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStretchBltMode
GetStockObject
GetRgnBox
GetRegionData
GetRandomRgn
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtSelectClipRgn
ExtFloodFill
ExcludeClipRect
EqualRgn
EnumFontFamiliesExW
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
ArcTo
Arc
AngleArc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetOpenEnumW
WNetGetUniversalNameW
WNetEnumResourceW
WNetCloseEnum

netapi32

NetWkstaGetInfo

ole32

CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
ReleaseStgMedium
OleUninitialize
OleInitialize
StgCreateDocfileOnILockBytes
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

msvcrt

memset
memcpy

shell32

SHFileOperationW
Shell_NotifyIconW
SHAppBarMessage
DragQueryPoint
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetFolderPathW
SHGetPathFromIDListW
SHGetMalloc
SHGetDesktopFolder

winmm

timeGetTime
timeGetDevCaps
timeEndPeriod
timeBeginPeriod

msacm32

acmMetrics

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
main

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 34KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
product/AssocProvider.dll
.dll regsvr32 windows x64

1ef9bcaa9eff92e75949db71e6c06ed4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

_purecall
vswprintf_s
_vscwprintf
?what@exception@@UEBAPEBDXZ
memset
__C_specific_handler
memmove_s
malloc
_vsnwprintf
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
memcpy_s
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
wcsncpy_s
__CxxFrameHandler3
memcmp
??0exception@@QEAA@XZ
wcscat_s
free
wcscpy_s
__RTDynamicCast

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

FreeLibrary
SetLastError
CreateFileMappingW
SearchPathW
MapViewOfFile
UnmapViewOfFile
GetVersionExW
LocalFree
LockResource
LoadResource
FindResourceExW
FormatMessageW
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetProcessHeap
HeapSize
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
SetThreadUILanguage
MultiByteToWideChar
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
CreateFileW
GetFileSizeEx
ReadFile
CloseHandle
CopyFileW
DeleteFileW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey

user32

UnregisterClassA
CharLowerBuffW
LoadStringW
CharNextW

ole32

CoCreateInstance
CoTaskMemFree
ProgIDFromCLSID
StringFromGUID2

oleaut32

RegisterTypeLi
SysStringLen
LoadRegTypeLi
CreateErrorInfo
SetErrorInfo
GetErrorInfo
SysAllocStringLen
VariantClear
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString

shell32

SHCreateAssociationRegistration

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
product/CbsProvider.dll
.dll regsvr32 windows x64

926c4573ef6bf55a15956419b473b46d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

__CxxFrameHandler3
_XcptFilter
_CxxThrowException
_callnewh
_amsg_exit
__C_specific_handler
memset
_wtoi64
??0exception@@QEAA@XZ
iswdigit
malloc
calloc
??0exception@@QEAA@AEBQEBD@Z
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
??1exception@@UEAA@XZ
_onexit
??1type_info@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
wcsncpy_s
_vsnwprintf
memcmp
memcpy
memmove
??0exception@@QEAA@AEBV0@@Z
memmove_s
memcpy_s
_purecall
vswprintf_s
_vscwprintf
wcschr
_wtoi
_ultow_s
_wcsicmp
wcscat_s
free
wcscpy_s
_wcsnicmp
wcstoul
iswspace
wcsrchr
??0exception@@QEAA@AEBQEBDH@Z
wcsstr
__RTDynamicCast

api-ms-win-core-libraryloader-l1-1-0

LoadResource
GetModuleFileNameW
GetProcAddress
FreeLibrary
SizeofResource
DisableThreadLibraryCalls
LoadLibraryExW
GetModuleHandleExW
FindResourceExW
GetModuleHandleW
LockResource

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale
FormatMessageW
SetThreadUILanguage

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetEvent
DeleteCriticalSection
CreateEventW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
RaiseException
SetLastError
UnhandledExceptionFilter

api-ms-win-core-string-l2-1-0

CharLowerBuffW
CharNextW

api-ms-win-core-registry-l1-1-0

RegFlushKey
RegEnumKeyExW
RegQueryValueExW
RegUnLoadKeyW
RegCreateKeyExW
RegDeleteKeyExW
RegLoadKeyW
RegSetKeySecurity
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegSetValueExW
RegEnumValueW

api-ms-win-core-com-l1-1-0

CoCreateGuid
StringFromCLSID
StringFromGUID2
CoGetMalloc
ProgIDFromCLSID
CoCreateInstance
CoTaskMemFree

api-ms-win-core-stringloader-l1-1-1

LoadStringW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar

api-ms-win-core-debug-l1-1-0

OutputDebugStringW

api-ms-win-core-file-l1-1-0

GetFileInformationByHandle
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
FindNextFileW
GetFullPathNameW
ReadFile
CreateFileW
SetFilePointer
GetFileSize
FindClose
FileTimeToLocalFileTime
GetDiskFreeSpaceExW
DeleteFileW
FindFirstFileW

api-ms-win-core-heap-l1-1-0

HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcessHeap

api-ms-win-core-processsecurity-l1-1-0

OpenProcessToken

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
IsValidSid
GetTokenInformation
CopySid
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AddAccessAllowedAceEx
SetSecurityDescriptorDacl

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-kernel32-legacy-l1-1-0

LoadLibraryW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
SearchPathW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

oleaut32

VarBstrCat
SysAllocStringByteLen
SetErrorInfo
UnRegisterTypeLi
CreateErrorInfo
SysAllocStringLen
VarBstrCmp
LoadRegTypeLi
VariantClear
GetErrorInfo
LoadTypeLi
SysAllocString
SysStringLen
RegisterTypeLi
SysFreeString
SysStringByteLen

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

ntdll

RtlNtStatusToDosError
RtlFreeHeap
RtlAllocateHeap
RtlGetVersion
RtlEnterCriticalSection
RtlReAllocateHeap
RtlDeleteCriticalSection
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlRaiseStatus
NtYieldExecution
NtSetInformationFile

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 727KB - Virtual size: 726KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

917c52799ed8b97e2927f898c7465e04

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:1c:d3:ee:a4:7e:dd:a7:a0:32:57:3b:01:4d:0a:fdCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0c:b4:8a:d7:76:db:ea:55:ec:80:ac:27:20:ed:58:8c:39:43:d4:2eSigner

Signature Validations

Verification

19-11-2021 15:28 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 188B

.pdata Size: 512B - Virtual size: 360B

.00cfg Size: 512B - Virtual size: 16B

.rsrc Size: 1024B - Virtual size: 896B

.reloc Size: 512B - Virtual size: 28B

Code Sign

33:00:00:00:be:a4:0f:f5:c9:a5:0e:e1:30:00:00:00:00:00:beCertificate

Extended Key Usages

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:01:cc:b5:5b:42:17:07:60:13:11:00:00:00:00:01:ccCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

95:2d:11:73:7e:91:62:03:38:45:d7:82:78:e9:37:5a:80:1b:6f:c4:53:ce:39:60:61:0c:b2:a7:a5:e9:bf:59Signer

Signature Validations

Verification

05-10-2022 14:17 Valid: false

74:c2:62:93:02:ab:52:77:98:af:3b:6e:ab:27:e5:44:67:55:9e:4fSigner

Signature Validations

Verification

20-04-2018 14:37 Valid: false

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.rdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 1008B

Code Sign

33:00:00:00:bf:91:6c:fb:7c:1a:24:e0:22:00:00:00:00:00:bfCertificate

Extended Key Usages

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:1c:d3:ee:a4:7e:dd:a7:a0:32:57:3b:01:4d:0a:fd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0c:b4:8a:d7:76:db:ea:55:ec:80:ac:27:20:ed:58:8c:39:43:d4:2e
Signer

19-11-2021 15:28
Valid: true

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 188B

.pdata
Size: 512B - Virtual size: 360B

.00cfg
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 896B

.reloc
Size: 512B - Virtual size: 28B

33:00:00:00:be:a4:0f:f5:c9:a5:0e:e1:30:00:00:00:00:00:be
Certificate

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:01:cc:b5:5b:42:17:07:60:13:11:00:00:00:00:01:cc
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

95:2d:11:73:7e:91:62:03:38:45:d7:82:78:e9:37:5a:80:1b:6f:c4:53:ce:39:60:61:0c:b2:a7:a5:e9:bf:59
Signer

05-10-2022 14:17
Valid: false

74:c2:62:93:02:ab:52:77:98:af:3b:6e:ab:27:e5:44:67:55:9e:4f
Signer

20-04-2018 14:37
Valid: false

.rdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 1008B

33:00:00:00:bf:91:6c:fb:7c:1a:24:e0:22:00:00:00:00:00:bf
Certificate

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:01:cc:b5:5b:42:17:07:60:13:11:00:00:00:00:01:cc
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

45:4f:c8:5c:1c:8b:f0:7a:a2:4b:52:4e:de:56:92:fe:86:0f:5b:e1:ac:bd:f5:28:88:40:f5:57:cd:2e:c0:67
Signer

05-10-2022 14:17
Valid: false

2d:34:b9:8c:2d:57:f8:ba:77:14:dc:90:d1:f0:dc:24:70:99:c2:8f
Signer

20-04-2018 14:37
Valid: false

.rdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 1008B

.text
Size: - Virtual size: 44KB

.rdata
Size: - Virtual size: 8KB

.data
Size: - Virtual size: 1KB

.CRT
Size: - Virtual size: 4B

.In;
Size: - Virtual size: 3.5MB

.KNo
Size: 1024B - Virtual size: 864B

.qOJ
Size: 6.2MB - Virtual size: 6.2MB

.rsrc
Size: 428KB - Virtual size: 427KB

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

28:5f:7a:0c:7a:8b:a2:52:48:97:00:2a:38:97:36:d0:41:07:28:46
Signer

31-07-2015 13:38
Valid: false

.rdata
Size: 512B - Virtual size: 139B

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate