7219a6c9f7eea70ae9e60c43d8326ba7f557f01b3f9315e2ff732ccf7ba96cd7

Sharing

Copy URL Twitter E-mail

General

Target

7219a6c9f7eea70ae9e60c43d8326ba7f557f01b3f9315e2ff732ccf7ba96cd7
Size

1016KB
MD5

835607052a2eed14998fb520c5ef101c
SHA1

99d20dae05c7811ef32e1a7f61bea2658efc8950
SHA256

7219a6c9f7eea70ae9e60c43d8326ba7f557f01b3f9315e2ff732ccf7ba96cd7
SHA512

7bdc575f2846193f3d81b1e1dfbbc1383c85a236c7465cd2c5687c21b288cda88736d5ba12034b00c77d83507f5aaa97e75ea9720a2a7b696041ec7cf6310bf8
SSDEEP

24576:NPsdf8jpznx4uJeclTOeoR7FyQ7Jvng2Z2/tQCH0ocxI:NAf6pzxUcliBRxh7Jvg2AtQ51I

Score

N/A

Malware Config

Signatures

Files

7219a6c9f7eea70ae9e60c43d8326ba7f557f01b3f9315e2ff732ccf7ba96cd7
.zip
WinNTSetup 3.9.4/Lang/1028.dll
.dll windows x86

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset

kernel32

HeapCreate
HeapDestroy
GetModuleHandleA

Exports

Exports

dummy

Sections

.code
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinNTSetup 3.9.4/Lang/1036.dll
.dll windows x86

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset

kernel32

HeapCreate
HeapDestroy
GetModuleHandleA

Exports

Exports

dummy

Sections

.code
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinNTSetup 3.9.4/Lang/1042.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WinNTSetup 3.9.4/Lang/1046.dll
.dll windows x86

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset

kernel32

HeapCreate
HeapDestroy
GetModuleHandleA

Exports

Exports

dummy

Sections

.code
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinNTSetup 3.9.4/Lang/1049.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WinNTSetup 3.9.4/Lang/1055.dll
.dll windows x86

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset

kernel32

HeapCreate
HeapDestroy
GetModuleHandleA

Exports

Exports

dummy

Sections

.code
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinNTSetup 3.9.4/Lang/1058.dll
.dll windows x86

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset

kernel32

HeapCreate
HeapDestroy
GetModuleHandleA

Exports

Exports

dummy

Sections

.code
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinNTSetup 3.9.4/Lang/2052.dll
.dll windows x86

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset

kernel32

HeapCreate
HeapDestroy
GetModuleHandleA

Exports

Exports

dummy

Sections

.code
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinNTSetup 3.9.4/Lang/2058.dll
.dll windows x86

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset

kernel32

HeapCreate
HeapDestroy
GetModuleHandleA

Exports

Exports

dummy

Sections

.code
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinNTSetup 3.9.4/Tools/WimBootCompress.ini
WinNTSetup 3.9.4/Tools/Win10Builds.ini
WinNTSetup 3.9.4/Tools/Win7USBBoot.ini
WinNTSetup 3.9.4/Tools/WinNTSetup_iso.cmd
WinNTSetup 3.9.4/Tools/diskpart/Disk0_bios.txt
WinNTSetup 3.9.4/Tools/diskpart/Disk0_uefi.txt
.vbs
WinNTSetup 3.9.4/Tools/diskpart/XP_legacy/Disk0_bios.txt
WinNTSetup 3.9.4/Tools/diskpart/enabled=1
WinNTSetup 3.9.4/Tools/imdisk/cpl/amd64/imdisk.cpl
.dll windows x64

cd0023621a2b042cca76638899ca9241

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:4d:e1
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:21:5d:dd:41:0e:aa:0b:6d:23:f3:d1:8d:03:cb:d4:6b:f4
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

18/02/2016, 13:18

Not After

10/02/2019, 15:13

Subject

SERIALNUMBER=969697-0400,CN=Lagerkvist Teknisk Rådgivning i Borås HB,O=Lagerkvist Teknisk Rådgivning i Borås HB,STREET=Alvestagatan 29 lgh 1502,L=Borås,ST=Västra Götalands Län,C=SE,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:25:3a:27:38:69:0a:34:51:c1:00:00:00:00:00:25
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/09/2018, 21:30

Not After

06/09/2019, 21:30

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:d1:3d:7d:cc:41:6e:88:0a:84:9a:c6:ca:2a:59:de:4c:db:5d:9a:6e:54:d2:c3:3e:67:11:51:b6:2c:26:3d
Signer

Actual PE Digest

5e:d1:3d:7d:cc:41:6e:88:0a:84:9a:c6:ca:2a:59:de:4c:db:5d:9a:6e:54:d2:c3:3e:67:11:51:b6:2c:26:3d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

06/10/2022, 18:38
Valid: false

d9:14:e1:3d:cb:0f:de:9b:26:ee:af:a4:e1:53:91:91:77:ce:49:eb
Signer

Actual PE Digest

d9:14:e1:3d:cb:0f:de:9b:26:ee:af:a4:e1:53:91:91:77:ce:49:eb

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=969697-0400,CN=Lagerkvist Teknisk Rådgivning i Borås HB,O=Lagerkvist Teknisk Rådgivning i Borås HB,STREET=Alvestagatan 29 lgh 1502,L=Borås,ST=Västra Götalands Län,C=SE,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

19/11/2018, 03:17
Valid: true

Chain 1

SERIALNUMBER=969697-0400,CN=Lagerkvist Teknisk Rådgivning i Borås HB,O=Lagerkvist Teknisk Rådgivning i Borås HB,STREET=Alvestagatan 29 lgh 1502,L=Borås,ST=Västra Götalands Län,C=SE,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=969697-0400,CN=Lagerkvist Teknisk Rådgivning i Borås HB,O=Lagerkvist Teknisk Rådgivning i Borås HB,STREET=Alvestagatan 29 lgh 1502,L=Borås,ST=Västra Götalands Län,C=SE,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

toupper
_iob
fprintf
fflush
_fgetchar
strchr
_XcptFilter
fwprintf
??2@YAPEAX_K@Z
wcstok
towupper
wcstod
??3@YAXPEAX@Z
_beginthreadex
wcsncat
wcstoul
malloc
free
wcsncmp
wcsrchr
_initterm
_amsg_exit
__C_specific_handler
memcpy
memset
wcschr
wcsncpy
_snwprintf
_wcsicmp
_fgetwchar

kernel32

CloseHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetVolumeInformationW
DeleteFileW
WaitForMultipleObjects
QueryDosDeviceW
GetTickCount
SetEvent
WaitForSingleObject
HeapReAlloc
GetWindowsDirectoryW
SetCurrentDirectoryW
MultiByteToWideChar
GetDriveTypeA
LocalFree
DeviceIoControl
CreateEventW
LocalAlloc
DefineDosDeviceW
VirtualAlloc
SetLastError
GetLastError
FlushFileBuffers
CreateFileW
ReadFile
FormatMessageW
Sleep
WriteFile
WaitNamedPipeW
GetProcessHeap
VirtualFree
GetLogicalDrives
HeapFree
HeapAlloc
SetEndOfFile
SetFilePointer
GetFileSize

advapi32

StartServiceW
OpenSCManagerW
OpenServiceW
RegCreateKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
QueryServiceStatus
CloseServiceHandle
SetSecurityDescriptorDacl
RegDeleteKeyW
InitializeSecurityDescriptor
RegOpenKeyW
RegQueryValueExW

user32

SetWindowTextW
GetPropW
CheckDlgButton
GetWindowTextLengthW
GetDlgItemInt
TrackPopupMenu
PostMessageW
GetSubMenu
GetParent
SetFocus
SetDlgItemInt
GetMenu
LoadIconW
GetAsyncKeyState
SetClassLongPtrW
EnableMenuItem
EndDialog
SendDlgItemMessageW
DispatchMessageW
IsDlgButtonChecked
DrawMenuBar
GetSystemMetrics
GetDlgItemTextW
SetDlgItemTextW
SendMessageW
MapWindowPoints
EnableWindow
DestroyWindow
DialogBoxParamW
CreateDialogParamW
RemovePropW
SetPropW
TranslateMessage
IsDialogMessageW
PeekMessageW
GetDlgItem
ShowWindow
SendMessageTimeoutW
MessageBoxW

shell32

SHFormatDrive
ShellExecuteW
SHChangeNotify

comctl32

ImageList_Create
ImageList_ReplaceIcon

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ntdll

RtlInitUnicodeString
RtlFreeUnicodeString
RtlNtStatusToDosError
NtClose
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlCreateUnicodeString

Exports

Exports

CPlApplet
ImDiskAdjustImageFileSize
ImDiskAllocPrintF
ImDiskBuildMBR
ImDiskChangeFlags
ImDiskCheckDriverVersion
ImDiskConsoleMessageA
ImDiskConsoleMessageW
ImDiskConvertCHSToLBA
ImDiskConvertLBAToCHS
ImDiskCreateDevice
ImDiskCreateDeviceEx
ImDiskCreateMountPoint
ImDiskExtendDevice
ImDiskFindFreeDriveLetter
ImDiskFlushWindowMessages
ImDiskForceRemoveDevice
ImDiskGetAPIFlags
ImDiskGetDeviceList
ImDiskGetDeviceListEx
ImDiskGetFormattedGeometry
ImDiskGetFormattedGeometryIndirect
ImDiskGetOffsetByFileExt
ImDiskGetPartitionInfoIndirect
ImDiskGetPartitionInfoIndirectEx
ImDiskGetPartitionInformation
ImDiskGetPartitionInformationEx
ImDiskGetPartitionTypeName
ImDiskGetRegistryAutoLoadDevices
ImDiskGetSinglePartitionInfoIndirect
ImDiskGetSinglePartitionInformation
ImDiskGetVersion
ImDiskGetVolumeSize
ImDiskImageContainsISOFS
ImDiskImageContainsISOFSIndirect
ImDiskMsgBoxPrintF
ImDiskNativePathToWin32
ImDiskNotifyRemovePending
ImDiskNotifyShellDriveLetter
ImDiskOpenDeviceByMountPoint
ImDiskOpenDeviceByName
ImDiskOpenDeviceByNumber
ImDiskOpenRefreshEvent
ImDiskQueryDevice
ImDiskReadFileHandle
ImDiskRemoveDevice
ImDiskRemoveMountPoint
ImDiskRemoveRegistrySettings
ImDiskSaveImageFile
ImDiskSaveImageFileInteractive
ImDiskSaveRegistrySettings
ImDiskSetAPIFlags
ImDiskStartService
RunDLL_MountFile
RunDLL_MountFileW
RunDLL_RemoveDevice
RunDLL_SaveImageFile

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinNTSetup 3.9.4/Tools/imdisk/cpl/i386/imdisk.cpl
.dll windows x86

ea7a7ccc5fd79c1838a75212eeb78983

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:4d:e1
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:21:01:0f:f2:71:77:94:5c:4e:36:c5:fc:7a:4c:98:78:8a
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/02/2016, 16:22

Not After

10/02/2019, 15:13

Subject

SERIALNUMBER=969697-0400,CN=Lagerkvist Teknisk Rådgivning i Borås HB,O=Lagerkvist Teknisk Rådgivning i Borås HB,STREET=Alvestagatan 29 lgh 1502,L=Borås,ST=Västra Götalands Län,C=SE,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:25:3a:27:38:69:0a:34:51:c1:00:00:00:00:00:25
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/09/2018, 21:30

Not After

06/09/2019, 21:30

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

95:ba:c6:36:5d:47:e4:84:b6:b6:2e:6a:4d:e0:c1:ea:15:6e:57:b4:08:22:08:ed:fa:cb:05:01:63:66:1a:56
Signer

Actual PE Digest

95:ba:c6:36:5d:47:e4:84:b6:b6:2e:6a:4d:e0:c1:ea:15:6e:57:b4:08:22:08:ed:fa:cb:05:01:63:66:1a:56

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

06/10/2022, 18:38
Valid: false

fc:7c:99:a3:05:b0:a2:e9:5a:14:df:b0:ff:ab:17:ee:0b:63:a5:3e
Signer

Actual PE Digest

fc:7c:99:a3:05:b0:a2:e9:5a:14:df:b0:ff:ab:17:ee:0b:63:a5:3e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=969697-0400,CN=Lagerkvist Teknisk Rådgivning i Borås HB,O=Lagerkvist Teknisk Rådgivning i Borås HB,STREET=Alvestagatan 29 lgh 1502,L=Borås,ST=Västra Götalands Län,C=SE,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

19/11/2018, 03:07
Valid: true

Chain 1

SERIALNUMBER=969697-0400,CN=Lagerkvist Teknisk Rådgivning i Borås HB,O=Lagerkvist Teknisk Rådgivning i Borås HB,STREET=Alvestagatan 29 lgh 1502,L=Borås,ST=Västra Götalands Län,C=SE,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=969697-0400,CN=Lagerkvist Teknisk Rådgivning i Borås HB,O=Lagerkvist Teknisk Rådgivning i Borås HB,STREET=Alvestagatan 29 lgh 1502,L=Borås,ST=Västra Götalands Län,C=SE,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_fgetwchar
_iob
fprintf
fflush
_fgetchar
toupper
strchr
??2@YAPAXI@Z
_beginthreadex
wcsncat
??3@YAXPAX@Z
fwprintf
towupper
wcstok
wcstod
malloc
free
memcpy
wcsncmp
wcschr
memset
wcsncpy
wcsrchr
_wcsicmp
_snwprintf
wcstoul

kernel32

GetWindowsDirectoryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
SetEvent
WaitForSingleObject
GetTickCount
DeleteFileW
GetVolumeInformationW
HeapReAlloc
WaitForMultipleObjects
QueryDosDeviceW
GetDriveTypeA
SetCurrentDirectoryW
MultiByteToWideChar
VirtualAlloc
WriteFile
VirtualFree
WaitNamedPipeW
Sleep
LocalAlloc
CreateEventW
GetFileSize
SetEndOfFile
FlushFileBuffers
GetLogicalDrives
GetVersion
DefineDosDeviceW
CreateFileW
GetProcessHeap
HeapAlloc
DeviceIoControl
CloseHandle
HeapFree
SetLastError
SetFilePointer
ReadFile
GetLastError
LocalFree
FormatMessageW

advapi32

RegCloseKey
StartServiceW
CloseServiceHandle
OpenServiceW
RegOpenKeyW
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
QueryServiceStatus
RegDeleteValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteKeyW
OpenSCManagerW

user32

DispatchMessageW
IsDialogMessageW
GetDlgItemInt
GetMenu
EnableMenuItem
DrawMenuBar
MapWindowPoints
GetSubMenu
TrackPopupMenu
GetAsyncKeyState
LoadIconW
SetClassLongW
GetSystemMetrics
SendMessageW
PostMessageW
GetParent
GetWindowTextLengthW
EnableWindow
TranslateMessage
SetDlgItemInt
SendDlgItemMessageW
CheckDlgButton
SetFocus
IsDlgButtonChecked
EndDialog
SetDlgItemTextW
GetDlgItemTextW
CreateDialogParamW
DestroyWindow
DialogBoxParamW
SetWindowTextW
SendMessageTimeoutW
MessageBoxW
GetPropW
ShowWindow
SetPropW
GetDlgItem
RemovePropW
PeekMessageW

shell32

SHFormatDrive
ShellExecuteW
SHChangeNotify

comctl32

ImageList_Create
ImageList_ReplaceIcon

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ntdll

NtOpenFile
RtlInitUnicodeString
NtClose
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
RtlCreateUnicodeString
RtlNtStatusToDosError

Exports

Exports

CPlApplet
ImDiskAdjustImageFileSize
ImDiskAllocPrintF
ImDiskBuildMBR
ImDiskChangeFlags
ImDiskCheckDriverVersion
ImDiskConsoleMessageA
ImDiskConsoleMessageW
ImDiskConvertCHSToLBA
ImDiskConvertLBAToCHS
ImDiskCreateDevice
ImDiskCreateDeviceEx
ImDiskCreateMountPoint
ImDiskExtendDevice
ImDiskFindFreeDriveLetter
ImDiskFlushWindowMessages
ImDiskForceRemoveDevice
ImDiskGetAPIFlags
ImDiskGetDeviceList
ImDiskGetDeviceListEx
ImDiskGetFormattedGeometry
ImDiskGetFormattedGeometryIndirect
ImDiskGetOffsetByFileExt
ImDiskGetPartitionInfoIndirect
ImDiskGetPartitionInfoIndirectEx
ImDiskGetPartitionInformation
ImDiskGetPartitionInformationEx
ImDiskGetPartitionTypeName
ImDiskGetRegistryAutoLoadDevices
ImDiskGetSinglePartitionInfoIndirect
ImDiskGetSinglePartitionInformation
ImDiskGetVersion
ImDiskGetVolumeSize
ImDiskImageContainsISOFS
ImDiskImageContainsISOFSIndirect
ImDiskMsgBoxPrintF
ImDiskNativePathToWin32
ImDiskNotifyRemovePending
ImDiskNotifyShellDriveLetter
ImDiskOpenDeviceByMountPoint
ImDiskOpenDeviceByName
ImDiskOpenDeviceByNumber
ImDiskOpenRefreshEvent
ImDiskQueryDevice
ImDiskReadFileHandle
ImDiskRemoveDevice
ImDiskRemoveMountPoint
ImDiskRemoveRegistrySettings
ImDiskSaveImageFile
ImDiskSaveImageFileInteractive
ImDiskSaveRegistrySettings
ImDiskSetAPIFlags
ImDiskStartService
RunDLL_MountFile
RunDLL_MountFileW
RunDLL_RemoveDevice
RunDLL_SaveImageFile
_CPlApplet@16
_ImDiskAdjustImageFileSize@8
_ImDiskBuildMBR@20
_ImDiskChangeFlags@20
_ImDiskCheckDriverVersion@4
_ImDiskConsoleMessageA@16
_ImDiskConsoleMessageW@16
_ImDiskConvertCHSToLBA@8
_ImDiskConvertLBAToCHS@8
_ImDiskCreateDevice@28
_ImDiskCreateDeviceEx@32
_ImDiskCreateMountPoint@8
_ImDiskExtendDevice@12
_ImDiskFindFreeDriveLetter@0
_ImDiskFlushWindowMessages@4
_ImDiskForceRemoveDevice@8
_ImDiskGetAPIFlags@0
_ImDiskGetDeviceList@0
_ImDiskGetDeviceListEx@8
_ImDiskGetFormattedGeometry@12
_ImDiskGetFormattedGeometryIndirect@16
_ImDiskGetOffsetByFileExt@8
_ImDiskGetPartitionInfoIndirect@20
_ImDiskGetPartitionInfoIndirectEx@24
_ImDiskGetPartitionInformation@16
_ImDiskGetPartitionInformationEx@20
_ImDiskGetPartitionTypeName@12
_ImDiskGetRegistryAutoLoadDevices@4
_ImDiskGetSinglePartitionInfoIndirect@24
_ImDiskGetSinglePartitionInformation@20
_ImDiskGetVersion@8
_ImDiskGetVolumeSize@8
_ImDiskImageContainsISOFS@8
_ImDiskImageContainsISOFSIndirect@12
_ImDiskNativePathToWin32@4
_ImDiskNotifyRemovePending@8
_ImDiskNotifyShellDriveLetter@8
_ImDiskOpenDeviceByMountPoint@8
_ImDiskOpenDeviceByName@8
_ImDiskOpenDeviceByNumber@8
_ImDiskOpenRefreshEvent@4
_ImDiskQueryDevice@12
_ImDiskReadFileHandle@24
_ImDiskRemoveDevice@12
_ImDiskRemoveMountPoint@4
_ImDiskRemoveRegistrySettings@4
_ImDiskSaveImageFile@16
_ImDiskSaveImageFileInteractive@16
_ImDiskSaveRegistrySettings@4
_ImDiskSetAPIFlags@8
_ImDiskStartService@4
_RunDLL_MountFile@16
_RunDLL_MountFileW@16
_RunDLL_RemoveDevice@16
_RunDLL_SaveImageFile@16

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinNTSetup 3.9.4/Tools/imdisk/sys/amd64/imdisk.sys
.exe windows x64

ca1b7a99c1db8c685051151b20cecfd0

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:42:a1:2c:75:7c:ec:88:72:b6:e2:03:ec:d4:ea:64:91
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

17/01/2013, 15:30

Not After

18/03/2016, 12:43

Subject

CN=Lagerkvist Teknisk Radgivning i Boras HB,O=Lagerkvist Teknisk Radgivning i Boras HB,ST=-,C=SE,1.2.840.113549.1.9.1=#0c10696e666f406c74722d646174612e7365

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5c:42:5e:bf:54:48:19:7c:ad:73:70:15:5e:09:9d:b5:dd:f6:67:8b
Signer

Actual PE Digest

5c:42:5e:bf:54:48:19:7c:ad:73:70:15:5e:09:9d:b5:dd:f6:67:8b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Lagerkvist Teknisk Radgivning i Boras HB,O=Lagerkvist Teknisk Radgivning i Boras HB,ST=-,C=SE,1.2.840.113549.1.9.1=#0c10696e666f406c74722d646174612e7365

14/12/2015, 23:20
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ZwCreateEvent
IoDeleteSymbolicLink
ExFreePoolWithTag
_snwprintf
RtlSetDaclSecurityDescriptor
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
RtlAppendUnicodeToString
KeInitializeEvent
KeDelayExecutionThread
PsCreateSystemThread
ZwQueryValueKey
IoCreateUnprotectedSymbolicLink
ExEventObjectType
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
RtlCopyUnicodeString
ObfDereferenceObject
IoCreateDevice
ObReferenceObjectByPointer
DbgPrint
RtlCreateSecurityDescriptor
KePulseEvent
ZwOpenKey
KeClearEvent
KeReadStateEvent
IoBuildSynchronousFsdRequest
ZwReadFile
IoGetRelatedDeviceObject
IoCancelIrp
KeWaitForMultipleObjects
IofCallDriver
ZwFsControlFile
KeReleaseInStackQueuedSpinLock
_wcsnicmp
ZwMapViewOfSection
KeAcquireInStackQueuedSpinLock
ZwSetInformationFile
SeCreateClientSecurity
IoFileObjectType
ZwWaitForSingleObject
ZwCreateFile
SeImpersonateClient
ZwFreeVirtualMemory
RtlAppendUnicodeStringToString
ZwDeviceIoControlFile
ZwQueryInformationFile
ZwOpenSection
SeTokenType
ZwAllocateVirtualMemory
IoBuildDeviceIoControlRequest
NtWriteFile
KeSetPriorityThread
NtFsControlFile
MmMapLockedPagesSpecifyCache
PsTerminateSystemThread
IofCompleteRequest
NtReadFile
SeSinglePrivilegeCheck
IoFreeMdl
IoFreeIrp
IoAllocateIrp
MmUnlockPages
ZwOpenEvent
ZwUnmapViewOfSection
KeBugCheckEx

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinNTSetup 3.9.4/Tools/imdisk/sys/i386/imdisk.sys
.exe windows x86

0f7dd87f79d112f5be926ddd046011c3

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:42:a1:2c:75:7c:ec:88:72:b6:e2:03:ec:d4:ea:64:91
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

17/01/2013, 15:30

Not After

18/03/2016, 12:43

Subject

CN=Lagerkvist Teknisk Radgivning i Boras HB,O=Lagerkvist Teknisk Radgivning i Boras HB,ST=-,C=SE,1.2.840.113549.1.9.1=#0c10696e666f406c74722d646174612e7365

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:77:53:04:63:95:90:dd:ac:20:ee:b4:60:4a:3c:60:4d:94:46:a9
Signer

Actual PE Digest

44:77:53:04:63:95:90:dd:ac:20:ee:b4:60:4a:3c:60:4d:94:46:a9

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Lagerkvist Teknisk Radgivning i Boras HB,O=Lagerkvist Teknisk Radgivning i Boras HB,ST=-,C=SE,1.2.840.113549.1.9.1=#0c10696e666f406c74722d646174612e7365

14/12/2015, 23:19
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

PsCreateSystemThread
ZwQueryValueKey
RtlInitUnicodeString
_snwprintf
KeDelayExecutionThread
memcpy
IoCreateUnprotectedSymbolicLink
IoDeleteSymbolicLink
KeSetEvent
KeWaitForSingleObject
KeInitializeEvent
ObReferenceObjectByPointer
IoDeleteDevice
ObfDereferenceObject
KePulseEvent
DbgPrint
ObReferenceObjectByHandle
ExEventObjectType
ZwCreateEvent
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
IoCreateDevice
ZwOpenKey
RtlAppendUnicodeToString
RtlCopyUnicodeString
ZwReadFile
IoCancelIrp
KeReadStateEvent
KeWaitForMultipleObjects
IofCallDriver
KeClearEvent
IoBuildSynchronousFsdRequest
IoGetRelatedDeviceObject
ZwWaitForSingleObject
ZwClose
ZwQueryInformationFile
KeGetCurrentThread
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
IoFileObjectType
ZwMapViewOfSection
ZwSetInformationFile
ZwFsControlFile
ZwCreateFile
ZwOpenSection
RtlAppendUnicodeStringToString
SeTokenType
SeImpersonateClient
SeCreateClientSecurity
_wcsnicmp
MmMapLockedPages
NtReadFile
NtWriteFile
NtFsControlFile
IoBuildDeviceIoControlRequest
IofCompleteRequest
ExfInterlockedRemoveHeadList
PsTerminateSystemThread
KeSetPriorityThread
ExfInterlockedInsertTailList
SeSinglePrivilegeCheck
IoFreeIrp
MmUnlockPages
IoFreeMdl
memmove
IoAllocateIrp
ZwUnmapViewOfSection
ZwOpenEvent
ExFreePool
memset
ZwDeviceIoControlFile
ExAllocatePoolWithTag

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 746B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinNTSetup 3.9.4/Tools/x64/DISM/ReadMe.txt
WinNTSetup 3.9.4/Tools/x64/MSSTMake.exe
.exe windows x64

6929a6376371544b1e02fafed262c6a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileSize
lstrcmpA
MoveFileExA
lstrcpynA
ExpandEnvironmentStringsA
GetFileAttributesA
CreateDirectoryA
SetCurrentDirectoryA
FindFirstFileA
GetLastError
SetLastError
RemoveDirectoryA
CopyFileA
SetFileAttributesA
FindClose
FindNextFileA
GetCurrentDirectoryA
CloseHandle
DeleteFileA
lstrcpyA
SetFilePointer
CreateFileA
WritePrivateProfileStructA
MapViewOfFile
UnmapViewOfFile
SetConsoleTextAttribute
WritePrivateProfileSectionA
WriteFile
GetPrivateProfileIntA
WideCharToMultiByte
Sleep
ReadFile
lstrcatA
GetStdHandle
GetPrivateProfileStringA
GetLocalTime
WriteConsoleA
CreateFileMappingA
GetConsoleScreenBufferInfo
WritePrivateProfileStringA
GetPrivateProfileStructA
LoadLibraryW
lstrlenA
GetFullPathNameA
HeapSize
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
GetVersion
HeapSetInformation
DeleteCriticalSection
GetStartupInfoW
HeapReAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
RtlUnwindEx
GetModuleFileNameW
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsSetValue
FlsFree
GetCurrentThreadId
FlsAlloc
DecodePointer
HeapFree
HeapAlloc
LCMapStringW
MultiByteToWideChar
RaiseException
RtlPcToFileHeader
GetProcAddress
GetModuleHandleW
ExitProcess

user32

CharNextA
CharUpperA

advapi32

IsTextUnicode

shlwapi

wnsprintfA
PathCombineA
PathSearchAndQualifyA
PathAddBackslashA
PathIsRelativeA
PathAppendA
PathIsDirectoryA

setupapi

SetupFindNextLine
SetupGetLineCountA
SetupDiGetActualSectionToInstallExA
SetupOpenInfFileA
SetupGetLineTextA
SetupGetFileCompressionInfoExA
SetupGetLineByIndexA
SetupGetSourceFileLocationA
SetupDecompressOrCopyFileA
SetupFindNextMatchLineA
SetupCloseInfFile
SetupGetFieldCount
SetupFindFirstLineA
SetupGetStringFieldA
SetupEnumInfSectionsA
SetupGetIntField

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WinNTSetup 3.9.4/Tools/x64/diskcopy.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

Dummy

Sections

.text
Size: 16B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WinNTSetup 3.9.4/Tools/x64/offreg.dll
.dll windows x64

c355194d28724bc46eb5b11246f55848

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_wcsicmp
_aligned_free
_aligned_malloc
_wcsnicmp
memmove
memset
memcpy
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
memcmp

kernel32

FreeLibrary
LeaveCriticalSection
GetLastError
GetProcAddress
EnterCriticalSection
LoadLibraryExA
DeleteCriticalSection
TlsGetValue
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsFree
WriteFile
ReadFile
CreateFileW
FlushFileBuffers
GetFileSizeEx
CloseHandle
RtlVirtualUnwind
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
TlsSetValue

advapi32

InitializeSid
DestroyPrivateObjectSecurity
IsValidSecurityDescriptor
SetSecurityDescriptorGroup
GetSecurityDescriptorControl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
MakeSelfRelativeSD
GetSidSubAuthority
SetPrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
GetAce
InitializeAcl
AddAccessAllowedAce
IsValidSid
GetLengthSid
GetSecurityDescriptorLength
GetSidLengthRequired

ntdll

RtlUpcaseUnicodeChar

Exports

Exports

ORCloseHive
ORCloseKey
ORCreateHive
ORCreateKey
ORDeleteKey
ORDeleteValue
OREnumKey
OREnumValue
ORGetKeySecurity
ORGetValue
ORGetVersion
ORGetVirtualFlags
OROpenHive
OROpenHiveByHandle
OROpenKey
ORQueryInfoKey
ORSaveHive
ORSetKeySecurity
ORSetValue
ORSetVirtualFlags

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinNTSetup 3.9.4/Tools/x64/wimlib/ReadMe.txt
WinNTSetup 3.9.4/Tools/x86/DISM/ReadMe.txt
WinNTSetup 3.9.4/Tools/x86/MSSTMake.exe
.exe windows x86

48a058d36054eaa7198119524bd92efd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
lstrcmpA
MoveFileExA
lstrcpynA
ExpandEnvironmentStringsA
GetFileAttributesA
CreateDirectoryA
SetCurrentDirectoryA
FindFirstFileA
GetLastError
SetLastError
RemoveDirectoryA
CopyFileA
SetFileAttributesA
FindClose
FindNextFileA
GetCurrentDirectoryA
CloseHandle
DeleteFileA
lstrcpyA
SetFilePointer
CreateFileA
WritePrivateProfileStructA
MapViewOfFile
UnmapViewOfFile
SetConsoleTextAttribute
WritePrivateProfileSectionA
WriteFile
GetPrivateProfileIntA
WideCharToMultiByte
Sleep
ReadFile
lstrcatA
GetStdHandle
GetPrivateProfileStringA
GetLocalTime
WriteConsoleA
CreateFileMappingA
GetConsoleScreenBufferInfo
WritePrivateProfileStringA
GetPrivateProfileStructA
RtlUnwind
LoadLibraryW
lstrlenA
GetFullPathNameA
HeapSize
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
DeleteCriticalSection
GetStartupInfoW
HeapReAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
GetCommandLineA
HeapSetInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
GetModuleHandleW
GetCurrentThreadId
GetProcAddress
HeapFree
HeapAlloc
LCMapStringW
MultiByteToWideChar
RaiseException

user32

CharNextA
CharUpperA

advapi32

IsTextUnicode

shlwapi

wnsprintfA
PathCombineA
PathSearchAndQualifyA
PathAddBackslashA
PathIsRelativeA
PathAppendA
PathIsDirectoryA

setupapi

SetupFindNextLine
SetupGetLineCountA
SetupDiGetActualSectionToInstallExA
SetupOpenInfFileA
SetupGetLineTextA
SetupGetFileCompressionInfoExA
SetupGetLineByIndexA
SetupGetSourceFileLocationA
SetupDecompressOrCopyFileA
SetupFindNextMatchLineA
SetupCloseInfFile
SetupGetFieldCount
SetupFindFirstLineA
SetupGetStringFieldA
SetupEnumInfSectionsA
SetupGetIntField

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WinNTSetup 3.9.4/Tools/x86/diskcopy.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

Dummy

Sections

.text
Size: 16B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WinNTSetup 3.9.4/Tools/x86/offreg.dll
.dll windows x86

1e7a761a7efaf7f688db0627337c77b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wcsicmp
_aligned_free
_aligned_malloc
_wcsnicmp
memmove
memset
memcpy
_initterm
malloc
free
_amsg_exit
_XcptFilter
memcmp

kernel32

FreeLibrary
LeaveCriticalSection
GetLastError
GetProcAddress
EnterCriticalSection
LoadLibraryExA
DeleteCriticalSection
TlsGetValue
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsFree
WriteFile
ReadFile
CreateFileW
FlushFileBuffers
GetFileSizeEx
CloseHandle
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
Sleep
RtlUnwind
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
TlsSetValue

advapi32

InitializeSid
DestroyPrivateObjectSecurity
IsValidSecurityDescriptor
SetSecurityDescriptorGroup
GetSecurityDescriptorControl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
MakeSelfRelativeSD
GetSidSubAuthority
SetPrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
GetAce
InitializeAcl
AddAccessAllowedAce
IsValidSid
GetLengthSid
GetSecurityDescriptorLength
GetSidLengthRequired

ntdll

RtlUpcaseUnicodeChar

Exports

Exports

ORCloseHive
ORCloseKey
ORCreateHive
ORCreateKey
ORDeleteKey
ORDeleteValue
OREnumKey
OREnumValue
ORGetKeySecurity
ORGetValue
ORGetVersion
ORGetVirtualFlags
OROpenHive
OROpenHiveByHandle
OROpenKey
ORQueryInfoKey
ORSaveHive
ORSetKeySecurity
ORSetValue
ORSetVirtualFlags

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinNTSetup 3.9.4/Tools/x86/wimlib/ReadMe.txt
WinNTSetup 3.9.4/WinNTSetup_x64.exe
.exe windows x64

8f08ecb916ebc8b1584f3bdb7d40e15c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

tolower
strcmp
sprintf
fmod
wcscat
setlocale
memmove
wcsncpy
_wcsicmp
_strnicmp
_stricmp
_snwprintf
_mktime64
_wcsdup
_gmtime64
__wgetmainargs
_vsnwprintf
_wcsnicmp
calloc
ceil
free
malloc
memcmp
memcpy
memset
strrchr
swscanf
wcscmp
wcscpy
wcslen
wcsncmp
wcsrchr
wcsstr
wcstok
wcstol

kernel32

MultiByteToWideChar
OpenProcess
Process32FirstW
Process32NextW
QueryDosDeviceW
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReadProcessMemory
RemoveDirectoryW
RtlMoveMemory
SetCurrentDirectoryW
SetDllDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetErrorMode
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetFileValidData
SizeofResource
Sleep
UnmapViewOfFile
UpdateResourceW
VirtualProtect
WideCharToMultiByte
WriteConsoleW
WriteFile
WritePrivateProfileSectionW
WritePrivateProfileStringW
lstrlenA
AttachConsole
BeginUpdateResourceW
CloseHandle
CopyFileW
CreateDirectoryW
MoveFileW
MapViewOfFile
LockResource
LocalFree
LocalFileTimeToFileTime
LoadResource
LoadLibraryW
LoadLibraryExW
HeapDestroy
HeapCreate
GlobalUnlock
GlobalMemoryStatusEx
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryW
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
GetVolumeInformationW
GetUserDefaultLCID
GetTimeFormatW
GetTempPathW
GetTempFileNameW
GetSystemInfo
GetStdHandle
GetProcAddress
CreateSemaphoreA
WaitForMultipleObjects
ReleaseSemaphore
GetCurrentThread
DeleteCriticalSection
TlsFree
MulDiv
HeapSize
SetLastError
LoadLibraryA
HeapReAlloc
TlsSetValue
TlsGetValue
TlsAlloc
GetTickCount
CreateProcessW
CreatePipe
DuplicateHandle
GetCurrentProcess
HeapFree
HeapAlloc
GetExitCodeProcess
PeekNamedPipe
InitializeCriticalSection
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetNativeSystemInfo
GetModuleHandleW
GetModuleFileNameW
GetLongPathNameW
GetLogicalDrives
GetLogicalDriveStringsW
GetLocalTime
GetLastError
GetFileSizeEx
GetFileSize
GetFileAttributesW
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceExW
GetDateFormatW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentDirectoryW
GetConsoleWindow
GetCommandLineW
FreeResource
FreeLibrary
FormatMessageW
FlushFileBuffers
FindResourceW
FindResourceExW
FindNextFileW
FindFirstFileW
FindClose
ExitProcess
EnumResourceNamesW
EndUpdateResourceW
DosDateTimeToFileTime
DeviceIoControl
DeleteFileW
DefineDosDeviceW
CreateToolhelp32Snapshot
CreateFileW
CreateFileMappingW
CreateThread
GetFirmwareEnvironmentVariableW

user32

keybd_event
WindowFromPoint
UnhookWindowsHookEx
TrackPopupMenu
SystemParametersInfoW
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowLongPtrW
SetTimer
SetPropW
SetMenuItemInfoW
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SendMessageW
RemovePropW
ReleaseDC
PostMessageW
OpenClipboard
MessageBoxW
MessageBoxIndirectW
MessageBeep
LoadStringW
LoadImageW
CharUpperW
GetSystemMetrics
GetWindowTextW
GetWindowTextLengthW
GetFocus
IsWindowEnabled
UpdateWindow
InvalidateRect
ValidateRect
GetClientRect
GetSysColorBrush
DrawFocusRect
FrameRect
GetIconInfo
GetWindow
DefWindowProcW
RegisterClassExW
RedrawWindow
SetClassLongPtrW
EnableWindow
GetWindowDC
SetScrollPos
InflateRect
GetParent
MapWindowPoints
DestroyWindow
ShowWindow
SetCapture
ReleaseCapture
BeginPaint
EndPaint
ScreenToClient
IsWindowVisible
GetUpdateRect
IntersectRect
MoveWindow
DrawTextW
SetRect
GetWindowLongW
GetScrollPos
DrawFrameControl
CreateAcceleratorTableW
DestroyAcceleratorTable
SetActiveWindow
IsIconic
IsZoomed
RegisterClassW
UnregisterClassW
AdjustWindowRectEx
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
TranslateAcceleratorW
GetMenu
DefFrameProcW
IsChild
GetKeyState
RegisterWindowMessageW
LoadIconW
LoadCursorW
KillTimer
InsertMenuW
GetWindowThreadProcessId
GetWindowRect
GetWindowPlacement
GetWindowLongPtrW
GetSystemMenu
GetSysColor
GetPropW
GetMessagePos
GetForegroundWindow
GetDoubleClickTime
GetDlgCtrlID
GetDC
GetClassNameW
GetActiveWindow
FlashWindowEx
FindWindowW
FillRect
EnumChildWindows
EmptyClipboard
DrawIconEx
DestroyIcon
CreateWindowExW
CreatePopupMenu
CloseClipboard
CheckMenuItem
CharLowerW
CallWindowProcW
CallNextHookEx
AppendMenuW
DrawStateW

gdi32

SelectObject
GetDeviceCaps
DeleteDC
CreateSolidBrush
CreateFontIndirectW
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
AddFontResourceW
GetTextExtentPoint32W
BitBlt
CreateRectRgn
DeleteObject
GetObjectType
SelectClipRgn
GetObjectW
ExcludeClipRect
GetStockObject
CreateBrushIndirect
SetBkMode
SetBkColor
SetTextColor
CreateDCW
StretchBlt
SetStretchBltMode
CreatePen
LineTo
MoveToEx
GetObjectA
CreateRectRgnIndirect
GetClipRgn
ExtSelectClipRgn
CreateBitmap
GetDIBits
SetPixel
CreateFontW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

CheckTokenMembership
AllocateAndInitializeSid
ControlService
CloseServiceHandle
CreateProcessAsUserW
RegQueryValueExW
CreateServiceW
StartServiceW
SetFileSecurityW
SaferCreateLevel
SaferComputeTokenFromLevel
SaferCloseLevel
RegUnLoadKeyW
RegSetValueExW
FreeSid
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyW
RegCreateKeyExW
RegCloseKey
QueryServiceStatus
OpenServiceW
OpenSCManagerW
GetFileSecurityW

comctl32

ImageList_GetIconSize
ImageList_Create
InitCommonControlsEx
ImageList_Destroy
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_Remove
ImageList_ReplaceIcon

shell32

ShellExecuteExW
SHCreateShellItem
SHExtractIconsW
SHFileOperationW
SHFormatDrive
SHGetDesktopFolder
SHGetPathFromIDListW
SHParseDisplayName
SHBrowseForFolderW
ShellExecuteW

ole32

CoInitialize
CoTaskMemFree
StringFromGUID2
RevokeDragDrop
CoCreateInstance

shlwapi

PathAddBackslashW
PathFileExistsW
PathIsRelativeW
PathMatchSpecW
PathRemoveBackslashW
PathRemoveExtensionW
PathRemoveFileSpecW
StrToIntW
PathFindExtensionW

ntdll

NtShutdownSystem
NtCreatePagingFile
NtOpenFile
NtQueryInformationProcess
NtQuerySystemInformation
NtSetInformationFile
RtlAdjustPrivilege
RtlComputeCrc32
RtlGetVersion
RtlInitUnicodeString
NtClose

setupapi

SetupGetBinaryField
SetupGetFieldCount
SetupGetIntField
SetupGetLineByIndexW
SetupGetLineCountW
SetupFindFirstLineW
SetupGetStringFieldW
SetupIterateCabinetW
SetupOpenInfFileW
SetupEnumInfSectionsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
CM_Get_Device_IDW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDecompressOrCopyFileW
SetupCloseInfFile
CM_Get_Parent
SetupGetMultiSzFieldW

uxtheme

SetWindowTheme

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

tools\x64\offreg

ORSaveHive
OROpenKey
OROpenHive
ORGetValue
OREnumKey
ORDeleteValue
ORSetValue
ORCreateKey
ORCloseKey
ORCloseHive
ORDeleteKey

crypt32

CryptBinaryToStringW

Sections

.text
Size: 616KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WinNTSetup 3.9.4/WinNTSetup_x86.exe
.exe windows x86

5eb712e30c7bccd9cc287e56eb13163d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

calloc
_wcsnicmp
memmove
wcstol
wcstok
wcsstr
wcsrchr
wcsncmp
wcslen
wcscpy
wcscmp
swscanf
strrchr
mktime
memset
memcpy
memcmp
malloc
gmtime
free
ceil
_strnicmp
_stricmp
_snwprintf
_wcsicmp
_vsnwprintf
tolower
strcmp
sprintf
__wgetmainargs
_CIfmod
wcscat
setlocale
wcsncpy
_wcsdup

kernel32

GetProcAddress
GetStdHandle
GetSystemInfo
GetTempFileNameW
GetTempPathW
GetTimeFormatW
GetUserDefaultLCID
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatusEx
GlobalUnlock
HeapCreate
HeapDestroy
LoadLibraryExW
LoadLibraryW
LoadResource
LocalFileTimeToFileTime
LocalFree
LockResource
MapViewOfFile
MoveFileW
MultiByteToWideChar
OpenProcess
Process32FirstW
Process32NextW
QueryDosDeviceW
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReadProcessMemory
RemoveDirectoryW
SetCurrentDirectoryW
SetDllDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetErrorMode
SetFileAttributesW
SetFilePointer
SetFilePointerEx
GetPrivateProfileStringW
SizeofResource
Sleep
UnmapViewOfFile
UpdateResourceW
VirtualProtect
WideCharToMultiByte
WriteConsoleW
WriteFile
WritePrivateProfileSectionW
WritePrivateProfileStringW
lstrlenA
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateThread
AttachConsole
BeginUpdateResourceW
GetPrivateProfileSectionW
GetNativeSystemInfo
GetModuleHandleW
GetModuleFileNameW
GetLongPathNameW
GetLogicalDrives
GetLogicalDriveStringsW
GetLocalTime
GetLastError
GetFirmwareEnvironmentVariableW
GetFileSizeEx
GetFileSize
GetFileAttributesW
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceExW
GetDateFormatW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentDirectoryW
GetConsoleWindow
GetCommandLineW
FreeResource
FreeLibrary
FormatMessageW
CreateSemaphoreA
WaitForMultipleObjects
ReleaseSemaphore
GetCurrentThread
InterlockedCompareExchange
InterlockedExchange
DeleteCriticalSection
TlsFree
MulDiv
HeapSize
SetLastError
LoadLibraryA
HeapReAlloc
GetVersionExW
TlsSetValue
TlsGetValue
TlsAlloc
GetTickCount
CreateProcessW
CreatePipe
DuplicateHandle
GetCurrentProcess
HeapFree
HeapAlloc
GetExitCodeProcess
PeekNamedPipe
InitializeCriticalSection
FlushFileBuffers
FindResourceW
FindResourceExW
FindNextFileW
FindFirstFileW
FindClose
ExitProcess
EndUpdateResourceW
EnumResourceNamesW
DosDateTimeToFileTime
SetFileValidData
DeviceIoControl
DeleteFileW
DefineDosDeviceW
CreateToolhelp32Snapshot
CreateFileW
CreateFileMappingW
CreateDirectoryW
CopyFileW
CloseHandle

user32

DrawIconEx
DestroyIcon
CreateWindowExW
CreatePopupMenu
CloseClipboard
CheckMenuItem
CharLowerW
CallWindowProcW
CallNextHookEx
AppendMenuW
DrawFocusRect
EmptyClipboard
EnumChildWindows
FillRect
FindWindowW
FlashWindowEx
GetActiveWindow
GetClassNameW
GetDC
GetDlgCtrlID
GetDoubleClickTime
GetForegroundWindow
GetMessagePos
GetPropW
GetSysColor
GetSystemMenu
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowThreadProcessId
InsertMenuW
keybd_event
WindowFromPoint
UnhookWindowsHookEx
TrackPopupMenu
SystemParametersInfoW
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowLongW
SetTimer
SetPropW
SetMenuItemInfoW
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SendMessageW
KillTimer
ReleaseDC
PostMessageW
OpenClipboard
MessageBoxW
MessageBoxIndirectW
MessageBeep
LoadStringW
LoadImageW
CharUpperW
GetSystemMetrics
GetWindowTextW
GetWindowTextLengthW
GetFocus
IsWindowEnabled
DrawStateW
UpdateWindow
InvalidateRect
ValidateRect
GetClientRect
GetSysColorBrush
RemovePropW
FrameRect
GetIconInfo
GetWindow
DefWindowProcW
RegisterClassExW
RedrawWindow
SetClassLongW
EnableWindow
GetWindowDC
SetScrollPos
InflateRect
GetParent
MapWindowPoints
DestroyWindow
ShowWindow
SetCapture
ReleaseCapture
BeginPaint
EndPaint
ScreenToClient
IsWindowVisible
GetUpdateRect
IntersectRect
MoveWindow
DrawTextW
SetRect
GetScrollPos
DrawFrameControl
CreateAcceleratorTableW
DestroyAcceleratorTable
SetActiveWindow
IsIconic
IsZoomed
RegisterClassW
UnregisterClassW
AdjustWindowRectEx
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
TranslateAcceleratorW
GetMenu
DefFrameProcW
IsChild
GetKeyState
RegisterWindowMessageW
LoadIconW
LoadCursorW

gdi32

GetDeviceCaps
DeleteDC
CreateSolidBrush
CreateFontIndirectW
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
AddFontResourceW
GetTextExtentPoint32W
BitBlt
CreateRectRgn
DeleteObject
GetObjectType
SelectClipRgn
GetObjectW
ExcludeClipRect
GetStockObject
CreateBrushIndirect
SetBkMode
SetBkColor
SetTextColor
CreateDCW
StretchBlt
SetStretchBltMode
CreatePen
LineTo
MoveToEx
GetObjectA
CreateRectRgnIndirect
GetClipRgn
ExtSelectClipRgn
CreateBitmap
GetDIBits
SetPixel
CreateFontW
SelectObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

SaferCloseLevel
CheckTokenMembership
CloseServiceHandle
ControlService
CreateProcessAsUserW
CreateServiceW
FreeSid
GetFileSecurityW
OpenSCManagerW
OpenServiceW
StartServiceW
SetFileSecurityW
SaferCreateLevel
SaferComputeTokenFromLevel
QueryServiceStatus
RegUnLoadKeyW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyW
RegCreateKeyExW
RegCloseKey
AllocateAndInitializeSid

comctl32

ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Destroy
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_Remove
ImageList_GetIconSize

shell32

ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
SHGetDesktopFolder
SHFormatDrive
SHFileOperationW
SHExtractIconsW
SHBrowseForFolderW
SHCreateShellItem
SHParseDisplayName

ole32

CoCreateInstance
RevokeDragDrop
CoInitialize
CoTaskMemFree
StringFromGUID2

shlwapi

PathAddBackslashW
StrToIntW
PathRemoveFileSpecW
PathRemoveExtensionW
PathRemoveBackslashW
PathMatchSpecW
PathIsRelativeW
PathFindExtensionW
PathFileExistsW

ntdll

NtShutdownSystem
NtUnmapViewOfSection
RtlInitUnicodeString
NtQueryInformationProcess
RtlComputeCrc32
NtSetInformationFile
NtOpenSection
NtOpenFile
NtMapViewOfSection
NtCreatePagingFile
RtlAdjustPrivilege
NtQuerySystemInformation
RtlGetVersion
NtClose

setupapi

SetupOpenInfFileW
SetupGetLineByIndexW
SetupGetIntField
SetupGetFieldCount
SetupGetBinaryField
SetupFindFirstLineW
SetupEnumInfSectionsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDecompressOrCopyFileW
SetupCloseInfFile
CM_Get_Parent
CM_Get_Device_IDW
SetupGetMultiSzFieldW
SetupGetStringFieldW
SetupIterateCabinetW
SetupGetLineCountW

uxtheme

SetWindowTheme

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

tools\x86\offreg

ORCloseHive
ORSetValue
ORSaveHive
OROpenKey
OROpenHive
ORGetValue
OREnumKey
ORDeleteValue
ORDeleteKey
ORCreateKey
ORCloseKey

crypt32

CryptBinaryToStringW

Sections

.text
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
绿色下载站.txt
绿色下载站.url
.url
绿色下载站_百度搜索.url
.url

Sharing

General

Malware Config

Signatures

Files

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.code Size: 512B - Virtual size: 102B

.text Size: 512B - Virtual size: 24B

.rdata Size: 512B - Virtual size: 69B

.data Size: 512B - Virtual size: 204B

.rsrc Size: 14KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 32B

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.code Size: 512B - Virtual size: 102B

.text Size: 512B - Virtual size: 24B

.rdata Size: 512B - Virtual size: 69B

.data Size: 512B - Virtual size: 204B

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 512B - Virtual size: 32B

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 108B

.rsrc Size: 21KB - Virtual size: 21KB

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.code Size: 512B - Virtual size: 102B

.text Size: 512B - Virtual size: 24B

.rdata Size: 512B - Virtual size: 69B

.data Size: 512B - Virtual size: 204B

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 512B - Virtual size: 32B

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 32KB - Virtual size: 32KB

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.code Size: 512B - Virtual size: 102B

.text Size: 512B - Virtual size: 24B

.rdata Size: 512B - Virtual size: 69B

.data Size: 512B - Virtual size: 204B

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 512B - Virtual size: 32B

6a4041370c121d4f288ee4d92bfe9499

Headers

File Characteristics

Imports

.code
Size: 512B - Virtual size: 102B

.text
Size: 512B - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 69B

.data
Size: 512B - Virtual size: 204B

.rsrc
Size: 14KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 32B

.code
Size: 512B - Virtual size: 102B

.text
Size: 512B - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 69B

.data
Size: 512B - Virtual size: 204B

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 512B - Virtual size: 32B

.rdata
Size: 512B - Virtual size: 108B

.rsrc
Size: 21KB - Virtual size: 21KB

.code
Size: 512B - Virtual size: 102B

.text
Size: 512B - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 69B

.data
Size: 512B - Virtual size: 204B

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 512B - Virtual size: 32B

.rsrc
Size: 32KB - Virtual size: 32KB

.code
Size: 512B - Virtual size: 102B

.text
Size: 512B - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 69B

.data
Size: 512B - Virtual size: 204B

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 512B - Virtual size: 32B

.code
Size: 512B - Virtual size: 102B

.text
Size: 512B - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 69B

.data
Size: 512B - Virtual size: 204B

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 512B - Virtual size: 32B

.code
Size: 512B - Virtual size: 102B

.text
Size: 512B - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 69B

.data
Size: 512B - Virtual size: 204B

.rsrc
Size: 14KB - Virtual size: 13KB

.reloc
Size: 512B - Virtual size: 32B

.code
Size: 512B - Virtual size: 102B

.text
Size: 512B - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 69B

.data
Size: 512B - Virtual size: 204B

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 512B - Virtual size: 32B

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

04:00:00:00:00:01:31:89:c6:4d:e1
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

11:21:5d:dd:41:0e:aa:0b:6d:23:f3:d1:8d:03:cb:d4:6b:f4
Certificate

33:00:00:00:25:3a:27:38:69:0a:34:51:c1:00:00:00:00:00:25
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

5e:d1:3d:7d:cc:41:6e:88:0a:84:9a:c6:ca:2a:59:de:4c:db:5d:9a:6e:54:d2:c3:3e:67:11:51:b6:2c:26:3d
Signer

06/10/2022, 18:38
Valid: false

d9:14:e1:3d:cb:0f:de:9b:26:ee:af:a4:e1:53:91:91:77:ce:49:eb
Signer