def4eedf431365964596deaf6c92365d9cf7952baa5eda5867b4e7614fd8a8dd

Sharing

Copy URL

Twitter E-mail

General

Target

def4eedf431365964596deaf6c92365d9cf7952baa5eda5867b4e7614fd8a8dd
Size

679KB
MD5

38ca431f71512663b99a799c1f4d3d38
SHA1

8609469cd8c2a3836c461918f1e3145ec1fe95e3
SHA256

def4eedf431365964596deaf6c92365d9cf7952baa5eda5867b4e7614fd8a8dd
SHA512

7e55045792935ee560680616fa9cc2240b2ac813b652ffa6485e5da64ba9f95fc5e8211bbfc1c37225ef18bb6b79e660766488b7c87a0c46e3a80acbd0415107
SSDEEP

12288:QBZpxv4FOkZ5K/IymDHhmcmsC02r5z+IFpHJhmH+ceYwQ82baLOEeCcPH7lsz/:aZpxvwODIyumsC0s5BFp9cexT+iGbP7C

Score

N/A

Malware Config

Signatures

Files

def4eedf431365964596deaf6c92365d9cf7952baa5eda5867b4e7614fd8a8dd
.zip
Lang/1028.dll
.dll windows x86

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset

kernel32

HeapCreate
HeapDestroy
GetModuleHandleA

Exports

Exports

dummy

Sections

.code
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lang/1036.dll
.dll windows x86

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset

kernel32

HeapCreate
HeapDestroy
GetModuleHandleA

Exports

Exports

dummy

Sections

.code
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lang/1042.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Lang/1046.dll
.dll windows x86

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset

kernel32

HeapCreate
HeapDestroy
GetModuleHandleA

Exports

Exports

dummy

Sections

.code
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lang/1049.dll
.dll windows x64

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset

kernel32

HeapCreate
HeapDestroy
GetModuleHandleA

Exports

Exports

dummy

Sections

.code
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lang/1058.dll
.dll windows x86

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset

kernel32

HeapCreate
HeapDestroy
GetModuleHandleA

Exports

Exports

dummy

Sections

.code
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lang/2052.dll
.dll windows x86

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset

kernel32

HeapCreate
HeapDestroy
GetModuleHandleA

Exports

Exports

dummy

Sections

.code
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lang/2058.dll
.dll windows x86

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset

kernel32

HeapCreate
HeapDestroy
GetModuleHandleA

Exports

Exports

dummy

Sections

.code
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/WimBootCompress.ini
Tools/Win7USBBoot.ini
Tools/WinNTSetup_iso.cmd
Tools/diskpart/Disk0_bios.txt
Tools/diskpart/Disk0_uefi.txt
.vbs
Tools/diskpart/XP_legacy/Disk0_bios.txt
Tools/diskpart/enabled=0
Tools/imdisk/cpl/amd64/imdisk.cpl
.dll windows x64

40051881d04ec370e5fe93d8977de786

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:42:a1:2c:75:7c:ec:88:72:b6:e2:03:ec:d4:ea:64:91
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

17/01/2013, 15:30

Not After

18/03/2016, 12:43

Subject

CN=Lagerkvist Teknisk Radgivning i Boras HB,O=Lagerkvist Teknisk Radgivning i Boras HB,ST=-,C=SE,1.2.840.113549.1.9.1=#0c10696e666f406c74722d646174612e7365

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ce:60:89:dd:7f:a3:17:ee:f9:5a:01:61:36:d8:51:67:7d:44:82:29
Signer

Actual PE Digest

ce:60:89:dd:7f:a3:17:ee:f9:5a:01:61:36:d8:51:67:7d:44:82:29

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Lagerkvist Teknisk Radgivning i Boras HB,O=Lagerkvist Teknisk Radgivning i Boras HB,ST=-,C=SE,1.2.840.113549.1.9.1=#0c10696e666f406c74722d646174612e7365

14/12/2015, 23:19
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_XcptFilter
??2@YAPEAX_K@Z
_initterm
towupper
wcstod
??3@YAXPEAX@Z
_beginthreadex
wcsncat
wcstoul
malloc
free
wcsncmp
wcsrchr
_amsg_exit
__C_specific_handler
memcpy
memset
wcschr
wcsncpy
_snwprintf
_wcsicmp
wcstok

kernel32

MultiByteToWideChar
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetVolumeInformationW
DeleteFileW
WaitForMultipleObjects
QueryDosDeviceW
GetTickCount
SetEvent
WaitForSingleObject
HeapReAlloc
GetWindowsDirectoryW
SetCurrentDirectoryW
GetDriveTypeA
LocalFree
CloseHandle
DeviceIoControl
CreateEventW
LocalAlloc
DefineDosDeviceW
VirtualAlloc
SetLastError
GetLastError
FlushFileBuffers
CreateFileW
ReadFile
FormatMessageW
Sleep
WriteFile
WaitNamedPipeW
GetProcessHeap
VirtualFree
GetLogicalDrives
HeapFree
HeapAlloc
SetEndOfFile
SetFilePointer
GetFileSize

advapi32

StartServiceW
OpenSCManagerW
OpenServiceW
RegCreateKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
QueryServiceStatus
CloseServiceHandle
SetSecurityDescriptorDacl
RegDeleteKeyW
InitializeSecurityDescriptor
RegOpenKeyW
RegQueryValueExW

user32

SetWindowTextW
GetPropW
CheckDlgButton
GetWindowTextLengthW
GetDlgItemInt
TrackPopupMenu
PostMessageW
GetSubMenu
GetParent
SetFocus
SetDlgItemInt
GetMenu
LoadIconW
GetAsyncKeyState
SetClassLongPtrW
EnableMenuItem
EndDialog
SendDlgItemMessageW
DispatchMessageW
IsDlgButtonChecked
DrawMenuBar
GetSystemMetrics
GetDlgItemTextW
SetDlgItemTextW
SendMessageW
MapWindowPoints
EnableWindow
DestroyWindow
DialogBoxParamW
CreateDialogParamW
RemovePropW
SetPropW
TranslateMessage
IsDialogMessageW
PeekMessageW
GetDlgItem
ShowWindow
SendMessageTimeoutW
MessageBoxW

shell32

SHFormatDrive
ShellExecuteW
SHChangeNotify

comctl32

ImageList_Create
ImageList_ReplaceIcon

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ntdll

RtlInitUnicodeString
RtlFreeUnicodeString
RtlNtStatusToDosError
NtClose
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlCreateUnicodeString

Exports

Exports

CPlApplet
ImDiskAdjustImageFileSize
ImDiskAllocPrintF
ImDiskBuildMBR
ImDiskChangeFlags
ImDiskCheckDriverVersion
ImDiskConvertCHSToLBA
ImDiskConvertLBAToCHS
ImDiskCreateDevice
ImDiskCreateDeviceEx
ImDiskCreateMountPoint
ImDiskExtendDevice
ImDiskFindFreeDriveLetter
ImDiskFlushWindowMessages
ImDiskForceRemoveDevice
ImDiskGetAPIFlags
ImDiskGetDeviceList
ImDiskGetDeviceListEx
ImDiskGetFormattedGeometry
ImDiskGetFormattedGeometryIndirect
ImDiskGetOffsetByFileExt
ImDiskGetPartitionInfoIndirect
ImDiskGetPartitionInformation
ImDiskGetPartitionTypeName
ImDiskGetRegistryAutoLoadDevices
ImDiskGetVersion
ImDiskGetVolumeSize
ImDiskImageContainsISOFS
ImDiskImageContainsISOFSIndirect
ImDiskMsgBoxPrintF
ImDiskNativePathToWin32
ImDiskNotifyRemovePending
ImDiskNotifyShellDriveLetter
ImDiskOpenDeviceByMountPoint
ImDiskOpenDeviceByName
ImDiskOpenDeviceByNumber
ImDiskOpenRefreshEvent
ImDiskQueryDevice
ImDiskReadFileHandle
ImDiskRemoveDevice
ImDiskRemoveMountPoint
ImDiskRemoveRegistrySettings
ImDiskSaveImageFile
ImDiskSaveImageFileInteractive
ImDiskSaveRegistrySettings
ImDiskSetAPIFlags
ImDiskStartService
RunDLL_MountFile
RunDLL_MountFileW
RunDLL_RemoveDevice
RunDLL_SaveImageFile

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/imdisk/cpl/i386/imdisk.cpl
.dll windows x86

11ae789ff7d8256c13b396cf3aae82a4

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:42:a1:2c:75:7c:ec:88:72:b6:e2:03:ec:d4:ea:64:91
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

17/01/2013, 15:30

Not After

18/03/2016, 12:43

Subject

CN=Lagerkvist Teknisk Radgivning i Boras HB,O=Lagerkvist Teknisk Radgivning i Boras HB,ST=-,C=SE,1.2.840.113549.1.9.1=#0c10696e666f406c74722d646174612e7365

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:ce:e9:14:39:32:1f:3c:50:00:b2:d3:48:78:78:80:cc:6e:43:2b
Signer

Actual PE Digest

7d:ce:e9:14:39:32:1f:3c:50:00:b2:d3:48:78:78:80:cc:6e:43:2b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Lagerkvist Teknisk Radgivning i Boras HB,O=Lagerkvist Teknisk Radgivning i Boras HB,ST=-,C=SE,1.2.840.113549.1.9.1=#0c10696e666f406c74722d646174612e7365

14/12/2015, 23:18
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??2@YAPAXI@Z
_beginthreadex
wcsncat
??3@YAXPAX@Z
wcstoul
towupper
wcstok
malloc
free
memcpy
wcsncmp
wcschr
memset
wcsncpy
wcsrchr
_wcsicmp
_snwprintf
wcstod

kernel32

WaitForMultipleObjects
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
SetEvent
WaitForSingleObject
GetTickCount
DeleteFileW
GetVolumeInformationW
HeapReAlloc
QueryDosDeviceW
GetDriveTypeA
GetWindowsDirectoryW
SetCurrentDirectoryW
MultiByteToWideChar
VirtualAlloc
WriteFile
VirtualFree
WaitNamedPipeW
Sleep
LocalAlloc
CreateEventW
GetFileSize
SetEndOfFile
FlushFileBuffers
GetLogicalDrives
GetVersion
DefineDosDeviceW
CreateFileW
GetProcessHeap
HeapAlloc
DeviceIoControl
CloseHandle
HeapFree
SetLastError
SetFilePointer
FormatMessageW
LocalFree
GetLastError
ReadFile

advapi32

RegCloseKey
StartServiceW
CloseServiceHandle
OpenServiceW
RegOpenKeyW
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
QueryServiceStatus
RegDeleteValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteKeyW
OpenSCManagerW

user32

DispatchMessageW
IsDialogMessageW
GetDlgItemInt
GetMenu
EnableMenuItem
DrawMenuBar
MapWindowPoints
GetSubMenu
TrackPopupMenu
GetAsyncKeyState
LoadIconW
SetClassLongW
GetSystemMetrics
SendMessageW
PostMessageW
GetParent
GetWindowTextLengthW
EnableWindow
TranslateMessage
SetDlgItemInt
SendDlgItemMessageW
CheckDlgButton
SetFocus
IsDlgButtonChecked
EndDialog
SetDlgItemTextW
GetDlgItemTextW
CreateDialogParamW
DestroyWindow
DialogBoxParamW
SetWindowTextW
SendMessageTimeoutW
MessageBoxW
GetPropW
ShowWindow
SetPropW
GetDlgItem
RemovePropW
PeekMessageW

shell32

SHFormatDrive
ShellExecuteW
SHChangeNotify

comctl32

ImageList_Create
ImageList_ReplaceIcon

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ntdll

NtOpenFile
RtlInitUnicodeString
NtClose
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
RtlCreateUnicodeString
RtlNtStatusToDosError

Exports

Exports

CPlApplet
ImDiskAdjustImageFileSize
ImDiskAllocPrintF
ImDiskBuildMBR
ImDiskChangeFlags
ImDiskCheckDriverVersion
ImDiskConvertCHSToLBA
ImDiskConvertLBAToCHS
ImDiskCreateDevice
ImDiskCreateDeviceEx
ImDiskCreateMountPoint
ImDiskExtendDevice
ImDiskFindFreeDriveLetter
ImDiskFlushWindowMessages
ImDiskForceRemoveDevice
ImDiskGetAPIFlags
ImDiskGetDeviceList
ImDiskGetDeviceListEx
ImDiskGetFormattedGeometry
ImDiskGetFormattedGeometryIndirect
ImDiskGetOffsetByFileExt
ImDiskGetPartitionInfoIndirect
ImDiskGetPartitionInformation
ImDiskGetPartitionTypeName
ImDiskGetRegistryAutoLoadDevices
ImDiskGetVersion
ImDiskGetVolumeSize
ImDiskImageContainsISOFS
ImDiskImageContainsISOFSIndirect
ImDiskMsgBoxPrintF
ImDiskNativePathToWin32
ImDiskNotifyRemovePending
ImDiskNotifyShellDriveLetter
ImDiskOpenDeviceByMountPoint
ImDiskOpenDeviceByName
ImDiskOpenDeviceByNumber
ImDiskOpenRefreshEvent
ImDiskQueryDevice
ImDiskReadFileHandle
ImDiskRemoveDevice
ImDiskRemoveMountPoint
ImDiskRemoveRegistrySettings
ImDiskSaveImageFile
ImDiskSaveImageFileInteractive
ImDiskSaveRegistrySettings
ImDiskSetAPIFlags
ImDiskStartService
RunDLL_MountFile
RunDLL_MountFileW
RunDLL_RemoveDevice
RunDLL_SaveImageFile
_CPlApplet@16
_ImDiskAdjustImageFileSize@8
_ImDiskBuildMBR@20
_ImDiskChangeFlags@20
_ImDiskCheckDriverVersion@4
_ImDiskConvertCHSToLBA@8
_ImDiskConvertLBAToCHS@8
_ImDiskCreateDevice@28
_ImDiskCreateDeviceEx@32
_ImDiskCreateMountPoint@8
_ImDiskExtendDevice@12
_ImDiskFindFreeDriveLetter@0
_ImDiskFlushWindowMessages@4
_ImDiskForceRemoveDevice@8
_ImDiskGetAPIFlags@0
_ImDiskGetDeviceList@0
_ImDiskGetDeviceListEx@8
_ImDiskGetFormattedGeometry@12
_ImDiskGetFormattedGeometryIndirect@16
_ImDiskGetOffsetByFileExt@8
_ImDiskGetPartitionInfoIndirect@20
_ImDiskGetPartitionInformation@16
_ImDiskGetPartitionTypeName@12
_ImDiskGetRegistryAutoLoadDevices@4
_ImDiskGetVersion@8
_ImDiskGetVolumeSize@8
_ImDiskImageContainsISOFS@8
_ImDiskImageContainsISOFSIndirect@12
_ImDiskNativePathToWin32@4
_ImDiskNotifyRemovePending@8
_ImDiskNotifyShellDriveLetter@8
_ImDiskOpenDeviceByMountPoint@8
_ImDiskOpenDeviceByName@8
_ImDiskOpenDeviceByNumber@8
_ImDiskOpenRefreshEvent@4
_ImDiskQueryDevice@12
_ImDiskReadFileHandle@24
_ImDiskRemoveDevice@12
_ImDiskRemoveMountPoint@4
_ImDiskRemoveRegistrySettings@4
_ImDiskSaveImageFile@16
_ImDiskSaveImageFileInteractive@16
_ImDiskSaveRegistrySettings@4
_ImDiskSetAPIFlags@8
_ImDiskStartService@4
_RunDLL_MountFile@16
_RunDLL_MountFileW@16
_RunDLL_RemoveDevice@16
_RunDLL_SaveImageFile@16

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/imdisk/sys/amd64/imdisk.sys
.exe windows x64

ca1b7a99c1db8c685051151b20cecfd0

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:42:a1:2c:75:7c:ec:88:72:b6:e2:03:ec:d4:ea:64:91
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

17/01/2013, 15:30

Not After

18/03/2016, 12:43

Subject

CN=Lagerkvist Teknisk Radgivning i Boras HB,O=Lagerkvist Teknisk Radgivning i Boras HB,ST=-,C=SE,1.2.840.113549.1.9.1=#0c10696e666f406c74722d646174612e7365

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5c:42:5e:bf:54:48:19:7c:ad:73:70:15:5e:09:9d:b5:dd:f6:67:8b
Signer

Actual PE Digest

5c:42:5e:bf:54:48:19:7c:ad:73:70:15:5e:09:9d:b5:dd:f6:67:8b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Lagerkvist Teknisk Radgivning i Boras HB,O=Lagerkvist Teknisk Radgivning i Boras HB,ST=-,C=SE,1.2.840.113549.1.9.1=#0c10696e666f406c74722d646174612e7365

14/12/2015, 23:20
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ZwCreateEvent
IoDeleteSymbolicLink
ExFreePoolWithTag
_snwprintf
RtlSetDaclSecurityDescriptor
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
RtlAppendUnicodeToString
KeInitializeEvent
KeDelayExecutionThread
PsCreateSystemThread
ZwQueryValueKey
IoCreateUnprotectedSymbolicLink
ExEventObjectType
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
RtlCopyUnicodeString
ObfDereferenceObject
IoCreateDevice
ObReferenceObjectByPointer
DbgPrint
RtlCreateSecurityDescriptor
KePulseEvent
ZwOpenKey
KeClearEvent
KeReadStateEvent
IoBuildSynchronousFsdRequest
ZwReadFile
IoGetRelatedDeviceObject
IoCancelIrp
KeWaitForMultipleObjects
IofCallDriver
ZwFsControlFile
KeReleaseInStackQueuedSpinLock
_wcsnicmp
ZwMapViewOfSection
KeAcquireInStackQueuedSpinLock
ZwSetInformationFile
SeCreateClientSecurity
IoFileObjectType
ZwWaitForSingleObject
ZwCreateFile
SeImpersonateClient
ZwFreeVirtualMemory
RtlAppendUnicodeStringToString
ZwDeviceIoControlFile
ZwQueryInformationFile
ZwOpenSection
SeTokenType
ZwAllocateVirtualMemory
IoBuildDeviceIoControlRequest
NtWriteFile
KeSetPriorityThread
NtFsControlFile
MmMapLockedPagesSpecifyCache
PsTerminateSystemThread
IofCompleteRequest
NtReadFile
SeSinglePrivilegeCheck
IoFreeMdl
IoFreeIrp
IoAllocateIrp
MmUnlockPages
ZwOpenEvent
ZwUnmapViewOfSection
KeBugCheckEx

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/imdisk/sys/i386/imdisk.sys
.exe windows x86

0f7dd87f79d112f5be926ddd046011c3

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:42:a1:2c:75:7c:ec:88:72:b6:e2:03:ec:d4:ea:64:91
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

17/01/2013, 15:30

Not After

18/03/2016, 12:43

Subject

CN=Lagerkvist Teknisk Radgivning i Boras HB,O=Lagerkvist Teknisk Radgivning i Boras HB,ST=-,C=SE,1.2.840.113549.1.9.1=#0c10696e666f406c74722d646174612e7365

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:77:53:04:63:95:90:dd:ac:20:ee:b4:60:4a:3c:60:4d:94:46:a9
Signer

Actual PE Digest

44:77:53:04:63:95:90:dd:ac:20:ee:b4:60:4a:3c:60:4d:94:46:a9

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Lagerkvist Teknisk Radgivning i Boras HB,O=Lagerkvist Teknisk Radgivning i Boras HB,ST=-,C=SE,1.2.840.113549.1.9.1=#0c10696e666f406c74722d646174612e7365

14/12/2015, 23:19
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsCreateSystemThread
ZwQueryValueKey
RtlInitUnicodeString
_snwprintf
KeDelayExecutionThread
memcpy
IoCreateUnprotectedSymbolicLink
IoDeleteSymbolicLink
KeSetEvent
KeWaitForSingleObject
KeInitializeEvent
ObReferenceObjectByPointer
IoDeleteDevice
ObfDereferenceObject
KePulseEvent
DbgPrint
ObReferenceObjectByHandle
ExEventObjectType
ZwCreateEvent
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
IoCreateDevice
ZwOpenKey
RtlAppendUnicodeToString
RtlCopyUnicodeString
ZwReadFile
IoCancelIrp
KeReadStateEvent
KeWaitForMultipleObjects
IofCallDriver
KeClearEvent
IoBuildSynchronousFsdRequest
IoGetRelatedDeviceObject
ZwWaitForSingleObject
ZwClose
ZwQueryInformationFile
KeGetCurrentThread
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
IoFileObjectType
ZwMapViewOfSection
ZwSetInformationFile
ZwFsControlFile
ZwCreateFile
ZwOpenSection
RtlAppendUnicodeStringToString
SeTokenType
SeImpersonateClient
SeCreateClientSecurity
_wcsnicmp
MmMapLockedPages
NtReadFile
NtWriteFile
NtFsControlFile
IoBuildDeviceIoControlRequest
IofCompleteRequest
ExfInterlockedRemoveHeadList
PsTerminateSystemThread
KeSetPriorityThread
ExfInterlockedInsertTailList
SeSinglePrivilegeCheck
IoFreeIrp
MmUnlockPages
IoFreeMdl
memmove
IoAllocateIrp
ZwUnmapViewOfSection
ZwOpenEvent
ExFreePool
memset
ZwDeviceIoControlFile
ExAllocatePoolWithTag

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 746B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/x64/DISM/ReadMe.txt
Tools/x64/MSSTMake.exe
.exe windows x64

6929a6376371544b1e02fafed262c6a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileSize
lstrcmpA
MoveFileExA
lstrcpynA
ExpandEnvironmentStringsA
GetFileAttributesA
CreateDirectoryA
SetCurrentDirectoryA
FindFirstFileA
GetLastError
SetLastError
RemoveDirectoryA
CopyFileA
SetFileAttributesA
FindClose
FindNextFileA
GetCurrentDirectoryA
CloseHandle
DeleteFileA
lstrcpyA
SetFilePointer
CreateFileA
WritePrivateProfileStructA
MapViewOfFile
UnmapViewOfFile
SetConsoleTextAttribute
WritePrivateProfileSectionA
WriteFile
GetPrivateProfileIntA
WideCharToMultiByte
Sleep
ReadFile
lstrcatA
GetStdHandle
GetPrivateProfileStringA
GetLocalTime
WriteConsoleA
CreateFileMappingA
GetConsoleScreenBufferInfo
WritePrivateProfileStringA
GetPrivateProfileStructA
LoadLibraryW
lstrlenA
GetFullPathNameA
HeapSize
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
GetVersion
HeapSetInformation
DeleteCriticalSection
GetStartupInfoW
HeapReAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
RtlUnwindEx
GetModuleFileNameW
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsSetValue
FlsFree
GetCurrentThreadId
FlsAlloc
DecodePointer
HeapFree
HeapAlloc
LCMapStringW
MultiByteToWideChar
RaiseException
RtlPcToFileHeader
GetProcAddress
GetModuleHandleW
ExitProcess

user32

CharNextA
CharUpperA

advapi32

IsTextUnicode

shlwapi

wnsprintfA
PathCombineA
PathSearchAndQualifyA
PathAddBackslashA
PathIsRelativeA
PathAppendA
PathIsDirectoryA

setupapi

SetupFindNextLine
SetupGetLineCountA
SetupDiGetActualSectionToInstallExA
SetupOpenInfFileA
SetupGetLineTextA
SetupGetFileCompressionInfoExA
SetupGetLineByIndexA
SetupGetSourceFileLocationA
SetupDecompressOrCopyFileA
SetupFindNextMatchLineA
SetupCloseInfFile
SetupGetFieldCount
SetupFindFirstLineA
SetupGetStringFieldA
SetupEnumInfSectionsA
SetupGetIntField

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/x64/diskcopy.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

Dummy

Sections

.text
Size: 16B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/x64/offreg.dll
.dll windows x64

c355194d28724bc46eb5b11246f55848

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_wcsicmp
_aligned_free
_aligned_malloc
_wcsnicmp
memmove
memset
memcpy
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
memcmp

kernel32

FreeLibrary
LeaveCriticalSection
GetLastError
GetProcAddress
EnterCriticalSection
LoadLibraryExA
DeleteCriticalSection
TlsGetValue
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsFree
WriteFile
ReadFile
CreateFileW
FlushFileBuffers
GetFileSizeEx
CloseHandle
RtlVirtualUnwind
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
TlsSetValue

advapi32

InitializeSid
DestroyPrivateObjectSecurity
IsValidSecurityDescriptor
SetSecurityDescriptorGroup
GetSecurityDescriptorControl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
MakeSelfRelativeSD
GetSidSubAuthority
SetPrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
GetAce
InitializeAcl
AddAccessAllowedAce
IsValidSid
GetLengthSid
GetSecurityDescriptorLength
GetSidLengthRequired

ntdll

RtlUpcaseUnicodeChar

Exports

Exports

ORCloseHive
ORCloseKey
ORCreateHive
ORCreateKey
ORDeleteKey
ORDeleteValue
OREnumKey
OREnumValue
ORGetKeySecurity
ORGetValue
ORGetVersion
ORGetVirtualFlags
OROpenHive
OROpenHiveByHandle
OROpenKey
ORQueryInfoKey
ORSaveHive
ORSetKeySecurity
ORSetValue
ORSetVirtualFlags

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/x64/wimlib/ReadMe.txt
Tools/x86/DISM/ReadMe.txt
Tools/x86/MSSTMake.exe
.exe windows x86

48a058d36054eaa7198119524bd92efd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
lstrcmpA
MoveFileExA
lstrcpynA
ExpandEnvironmentStringsA
GetFileAttributesA
CreateDirectoryA
SetCurrentDirectoryA
FindFirstFileA
GetLastError
SetLastError
RemoveDirectoryA
CopyFileA
SetFileAttributesA
FindClose
FindNextFileA
GetCurrentDirectoryA
CloseHandle
DeleteFileA
lstrcpyA
SetFilePointer
CreateFileA
WritePrivateProfileStructA
MapViewOfFile
UnmapViewOfFile
SetConsoleTextAttribute
WritePrivateProfileSectionA
WriteFile
GetPrivateProfileIntA
WideCharToMultiByte
Sleep
ReadFile
lstrcatA
GetStdHandle
GetPrivateProfileStringA
GetLocalTime
WriteConsoleA
CreateFileMappingA
GetConsoleScreenBufferInfo
WritePrivateProfileStringA
GetPrivateProfileStructA
RtlUnwind
LoadLibraryW
lstrlenA
GetFullPathNameA
HeapSize
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
DeleteCriticalSection
GetStartupInfoW
HeapReAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
GetCommandLineA
HeapSetInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
GetModuleHandleW
GetCurrentThreadId
GetProcAddress
HeapFree
HeapAlloc
LCMapStringW
MultiByteToWideChar
RaiseException

user32

CharNextA
CharUpperA

advapi32

IsTextUnicode

shlwapi

wnsprintfA
PathCombineA
PathSearchAndQualifyA
PathAddBackslashA
PathIsRelativeA
PathAppendA
PathIsDirectoryA

setupapi

SetupFindNextLine
SetupGetLineCountA
SetupDiGetActualSectionToInstallExA
SetupOpenInfFileA
SetupGetLineTextA
SetupGetFileCompressionInfoExA
SetupGetLineByIndexA
SetupGetSourceFileLocationA
SetupDecompressOrCopyFileA
SetupFindNextMatchLineA
SetupCloseInfFile
SetupGetFieldCount
SetupFindFirstLineA
SetupGetStringFieldA
SetupEnumInfSectionsA
SetupGetIntField

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/x86/diskcopy.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

Dummy

Sections

.text
Size: 16B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/x86/offreg.dll
.dll windows x86

1e7a761a7efaf7f688db0627337c77b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wcsicmp
_aligned_free
_aligned_malloc
_wcsnicmp
memmove
memset
memcpy
_initterm
malloc
free
_amsg_exit
_XcptFilter
memcmp

kernel32

FreeLibrary
LeaveCriticalSection
GetLastError
GetProcAddress
EnterCriticalSection
LoadLibraryExA
DeleteCriticalSection
TlsGetValue
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsFree
WriteFile
ReadFile
CreateFileW
FlushFileBuffers
GetFileSizeEx
CloseHandle
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
Sleep
RtlUnwind
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
TlsSetValue

advapi32

InitializeSid
DestroyPrivateObjectSecurity
IsValidSecurityDescriptor
SetSecurityDescriptorGroup
GetSecurityDescriptorControl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
MakeSelfRelativeSD
GetSidSubAuthority
SetPrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
GetAce
InitializeAcl
AddAccessAllowedAce
IsValidSid
GetLengthSid
GetSecurityDescriptorLength
GetSidLengthRequired

ntdll

RtlUpcaseUnicodeChar

Exports

Exports

ORCloseHive
ORCloseKey
ORCreateHive
ORCreateKey
ORDeleteKey
ORDeleteValue
OREnumKey
OREnumValue
ORGetKeySecurity
ORGetValue
ORGetVersion
ORGetVirtualFlags
OROpenHive
OROpenHiveByHandle
OROpenKey
ORQueryInfoKey
ORSaveHive
ORSetKeySecurity
ORSetValue
ORSetVirtualFlags

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/x86/wimlib/ReadMe.txt
WinNTSetup_x64.exe
.exe windows x64

41df8752f3164aebec633e1fe7ab00a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
memcmp
_gmtime64
wcscpy
wcstol
_wcsicmp
_wcsnicmp
_mktime64
__wgetmainargs
wcsstr
_snwprintf
wcslen
ceil
_strnicmp
wcscmp
free
calloc
memcpy
malloc
strrchr
wcsrchr
wcsncmp
_stricmp
wcsncpy
_wcsdup
setlocale
swscanf
memmove
wcscat
fmod
fabs
floor
sprintf
strcmp
tolower
_vsnwprintf

kernel32

GetModuleHandleW
HeapCreate
GetTempPathW
GetLongPathNameW
GetModuleFileNameW
GetUserDefaultLCID
LoadLibraryExW
GetProcAddress
HeapDestroy
ExitProcess
LoadLibraryW
FreeLibrary
CopyFileW
DeleteFileW
CreateFileW
WriteFile
CloseHandle
BeginUpdateResourceW
EnumResourceNamesW
UpdateResourceW
EndUpdateResourceW
ReadFile
DeviceIoControl
FormatMessageW
LocalFree
QueryDosDeviceW
MoveFileW
GetConsoleWindow
GetEnvironmentVariableW
GetLogicalDriveStringsW
GetDriveTypeW
GetDateFormatW
GetTimeFormatW
GetFileAttributesW
SetFileAttributesW
SetEnvironmentVariableW
SetDllDirectoryW
GetCommandLineW
AttachConsole
GetStdHandle
GetWindowsDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetDiskFreeSpaceExW
FindResourceExW
SizeofResource
LoadResource
LockResource
FreeResource
GetLocalTime
GetLastError
GetCurrentThreadId
WritePrivateProfileStringW
Sleep
QueryPerformanceCounter
QueryPerformanceFrequency
GetTempFileNameW
GetVolumePathNamesForVolumeNameW
DefineDosDeviceW
GetVolumeInformationW
GetPrivateProfileSectionW
OpenProcess
ReadProcessMemory
VirtualProtect
GetLogicalDrives
SetErrorMode
RemoveDirectoryW
FindResourceW
SetCurrentDirectoryW
GetCurrentProcessId
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetFilePointerEx
SetEndOfFile
SetFileValidData
WriteConsoleW
GetPrivateProfileStringW
WritePrivateProfileSectionW
FlushFileBuffers
GetNativeSystemInfo
GetFirmwareEnvironmentVariableW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetFileSize
lstrlenA
GlobalMemoryStatusEx
CreateDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentDirectoryW
GetFileSizeEx
MultiByteToWideChar
SetFilePointer
WideCharToMultiByte
RtlMoveMemory
DosDateTimeToFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetConsoleScreenBufferInfo
GetFullPathNameW
GetShortPathNameW
GetVolumeNameForVolumeMountPointW
SetConsoleCursorPosition
SetVolumeLabelW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateThread
GetCurrentProcess
DuplicateHandle
CreatePipe
HeapAlloc
CreateProcessW
HeapFree
PeekNamedPipe
GetExitCodeProcess
TlsAlloc
TlsSetValue
GetTickCount
TlsGetValue
HeapReAlloc
LoadLibraryA
SetLastError
HeapSize
MulDiv
TlsFree
DeleteCriticalSection
GetCurrentThread
CreateSemaphoreA
ReleaseSemaphore
WaitForMultipleObjects

user32

GetForegroundWindow
SetForegroundWindow
keybd_event
SendMessageW
SetFocus
GetWindowRect
SetWindowPos
LoadIconW
KillTimer
FindWindowW
EnumChildWindows
GetDC
ReleaseDC
SetWindowsHookExW
MessageBoxW
UnhookWindowsHookEx
GetWindowLongPtrW
SetWindowLongPtrW
GetPropW
RemovePropW
LoadCursorW
SetCursor
CallWindowProcW
DrawIconEx
DestroyIcon
LoadStringW
GetSysColor
InsertMenuW
LoadImageW
CreateWindowExW
SetPropW
GetClassNameW
FillRect
MessageBoxIndirectW
CheckMenuItem
SystemParametersInfoW
GetWindowPlacement
GetWindowThreadProcessId
SetMenuItemInfoW
GetDoubleClickTime
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetSystemMenu
CreatePopupMenu
AppendMenuW
CallNextHookEx
GetMessagePos
WindowFromPoint
TrackPopupMenu
SetTimer
PostMessageW
SetWindowTextW
GetActiveWindow
CharLowerW
CharUpperW
DestroyWindow
GetWindowTextLengthW
GetWindowTextW
EnableWindow
GetWindow
GetParent
ShowWindow
GetClientRect
IsWindowVisible
ScreenToClient
IntersectRect
ValidateRect
InvalidateRect
GetUpdateRect
DefWindowProcW
MapWindowPoints
RedrawWindow
RegisterClassExW
SetClassLongPtrW
GetIconInfo
IsWindowEnabled
DrawStateW
GetFocus
GetSysColorBrush
FrameRect
DrawFocusRect
GetSystemMetrics
UpdateWindow
ReleaseCapture
BeginPaint
EndPaint
SetCapture
SetScrollPos
InflateRect
GetWindowDC
SetRect
DrawTextW
GetWindowLongW
MoveWindow
GetScrollPos
DrawFrameControl
SetActiveWindow
DestroyAcceleratorTable
CreateAcceleratorTableW
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
IsZoomed
IsIconic
RegisterClassW
AdjustWindowRectEx
UnregisterClassW
GetMenu
DefFrameProcW
GetKeyState
IsChild
RegisterWindowMessageW

gdi32

GetDeviceCaps
CreateCompatibleDC
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateSolidBrush
AddFontResourceW
CreateFontIndirectW
GetStockObject
SetBkMode
DeleteObject
CreateBrushIndirect
CreateRectRgn
SelectClipRgn
GetObjectW
GetObjectType
BitBlt
SetTextColor
SetBkColor
GetTextExtentPoint32W
ExcludeClipRect
CreateDCW
SetStretchBltMode
StretchBlt
CreatePen
MoveToEx
LineTo
CreateDIBSection
GetObjectA
CreateRectRgnIndirect
GetClipRgn
ExtSelectClipRgn
CreateBitmap
SetPixel
GetDIBits
CreateFontW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegUnLoadKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetFileSecurityW
RegSetValueExW
SaferCreateLevel
SaferComputeTokenFromLevel
CreateProcessAsUserW
SaferCloseLevel
RegCreateKeyW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
OpenServiceW
ControlService
StartServiceW
QueryServiceStatus
RegQueryInfoKeyW
RegEnumValueW
SetFileSecurityW

comctl32

ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Replace
ImageList_Add
ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
ImageList_GetIconSize

shell32

SHFileOperationW
SHExtractIconsW
ShellExecuteW
SHFormatDrive
SHGetDesktopFolder
SHBrowseForFolderW
SHGetPathFromIDListW
SHParseDisplayName
SHCreateShellItem
SHGetFolderLocation
ShellExecuteExW

ole32

CoInitialize
StringFromGUID2
CoTaskMemFree
CoCreateInstance
RevokeDragDrop

shlwapi

PathAddBackslashW
PathIsRelativeW
PathMatchSpecW
PathRemoveExtensionW
PathRemoveBackslashW
PathRemoveFileSpecW
PathFindExtensionW

ntdll

RtlComputeCrc32
RtlAdjustPrivilege
NtQueryInformationProcess
NtShutdownSystem
RtlGetVersion
NtQuerySystemInformation
RtlInitUnicodeString
NtCreatePagingFile
NtSetInformationFile

setupapi

SetupEnumInfSectionsW
SetupGetLineCountW
SetupGetLineByIndexW
SetupGetFieldCount
SetupCloseInfFile
SetupDecompressOrCopyFileW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
CM_Get_Parent
CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList
SetupOpenInfFileW
SetupGetBinaryField
SetupGetIntField
SetupGetMultiSzFieldW
SetupIterateCabinetW
SetupGetStringFieldW

uxtheme

SetWindowTheme

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

tools\x64\offreg

ORDeleteKey
ORSaveHive
OREnumKey
ORCloseKey
ORSetValue
OROpenKey
ORGetValue
ORCloseHive
ORDeleteValue
ORCreateKey
OROpenHive

crypt32

CryptBinaryToStringW

Sections

.code
Size: 499KB - Virtual size: 498KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
使用说明 .txt
ɫվ.txt
ɫվ.url
.url
ɫվ_ٶ.url
.url

Sharing

General

Malware Config

Signatures

Files

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.code Size: 512B - Virtual size: 102B

.text Size: 512B - Virtual size: 24B

.rdata Size: 512B - Virtual size: 69B

.data Size: 512B - Virtual size: 204B

.rsrc Size: 14KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 32B

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.code Size: 512B - Virtual size: 102B

.text Size: 512B - Virtual size: 24B

.rdata Size: 512B - Virtual size: 69B

.data Size: 512B - Virtual size: 204B

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 512B - Virtual size: 32B

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 108B

.rsrc Size: 21KB - Virtual size: 21KB

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.code Size: 512B - Virtual size: 102B

.text Size: 512B - Virtual size: 24B

.rdata Size: 512B - Virtual size: 69B

.data Size: 512B - Virtual size: 204B

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 512B - Virtual size: 32B

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.code Size: 512B - Virtual size: 144B

.text Size: 512B - Virtual size: 24B

.rdata Size: 512B - Virtual size: 69B

.data Size: 512B - Virtual size: 272B

.rsrc Size: 31KB - Virtual size: 32KB

.reloc Size: 512B - Virtual size: 12B

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.code
Size: 512B - Virtual size: 102B

.text
Size: 512B - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 69B

.data
Size: 512B - Virtual size: 204B

.rsrc
Size: 14KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 32B

.code
Size: 512B - Virtual size: 102B

.text
Size: 512B - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 69B

.data
Size: 512B - Virtual size: 204B

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 512B - Virtual size: 32B

.rdata
Size: 512B - Virtual size: 108B

.rsrc
Size: 21KB - Virtual size: 21KB

.code
Size: 512B - Virtual size: 102B

.text
Size: 512B - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 69B

.data
Size: 512B - Virtual size: 204B

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 512B - Virtual size: 32B

.code
Size: 512B - Virtual size: 144B

.text
Size: 512B - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 69B

.data
Size: 512B - Virtual size: 272B

.rsrc
Size: 31KB - Virtual size: 32KB

.reloc
Size: 512B - Virtual size: 12B

.code
Size: 512B - Virtual size: 102B

.text
Size: 512B - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 69B

.data
Size: 512B - Virtual size: 204B

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 512B - Virtual size: 32B

.code
Size: 512B - Virtual size: 102B

.text
Size: 512B - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 69B

.data
Size: 512B - Virtual size: 204B

.rsrc
Size: 14KB - Virtual size: 13KB

.reloc
Size: 512B - Virtual size: 32B

.code
Size: 512B - Virtual size: 102B

.text
Size: 512B - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 69B

.data
Size: 512B - Virtual size: 204B

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 512B - Virtual size: 32B

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

11:21:42:a1:2c:75:7c:ec:88:72:b6:e2:03:ec:d4:ea:64:91
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

ce:60:89:dd:7f:a3:17:ee:f9:5a:01:61:36:d8:51:67:7d:44:82:29
Signer

14/12/2015, 23:19
Valid: false

.text
Size: 68KB - Virtual size: 67KB