60120d066b66e0dc15c86c49e2749828f2bf6b6f7318d63fa325aae57c757d1d

Sharing

Copy URL Twitter E-mail

General

Target

60120d066b66e0dc15c86c49e2749828f2bf6b6f7318d63fa325aae57c757d1d
Size

3.5MB
MD5

0dcafcad6afb27de2db257b0f3bff41b
SHA1

e1c70607be3b4c850136ee2dd68fc86534880fc1
SHA256

60120d066b66e0dc15c86c49e2749828f2bf6b6f7318d63fa325aae57c757d1d
SHA512

030698d08619cb6073c38db55c5f970c413444c7b64840e3120643b3ea8729892046fe83eafbdeb3bfc4fa7571e9c58e60861a5b5806eeec194131c8c482631d
SSDEEP

98304:1z112fq4PgqSQpUxgKolTMQqiiQIRYYVVEUlVRZDmpYC2t9EY:1z112fq6XS8SgMQ2/YoCIiewY

Score

N/A

Malware Config

Signatures

Files

60120d066b66e0dc15c86c49e2749828f2bf6b6f7318d63fa325aae57c757d1d
.rar
README.txt
RemoveService.cmd
UninstallToolHelper.exe
.exe windows x86

f0e8305f3a2a23ba622fa7f18bf7cd51

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

23:e8:29:0d:71:95:04:18:c0:08:59:7e:42:f7:48:1b
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

22/10/2008, 12:07

Not After

30/12/2025, 23:59

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/06/2018, 13:44

Not After

23/01/2020, 20:43

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

22/10/2008, 12:07

Not After

10/06/2027, 10:46

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/06/2018, 13:44

Not After

23/01/2020, 20:43

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a0:1c:49:44:89:8f:4d:60:53:6f:f6:4a:57:14:61:b5:ef:1c:99:8e:5c:96:b5:a0:31:5a:14:48:b8:dd:47:2e
Signer

Actual PE Digest

a0:1c:49:44:89:8f:4d:60:53:6f:f6:4a:57:14:61:b5:ef:1c:99:8e:5c:96:b5:a0:31:5a:14:48:b8:dd:47:2e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

03/10/2018, 14:26
Valid: true

Chain 1

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

53:e1:e4:9c:8e:0b:7b:42:37:6b:63:c6:f9:5e:9c:85:58:65:37:35
Signer

Actual PE Digest

53:e1:e4:9c:8e:0b:7b:42:37:6b:63:c6:f9:5e:9c:85:58:65:37:35

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

03/10/2018, 14:26
Valid: true

Chain 1

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenEventW
CreateFileMappingW
OpenMutexW
CreateFileW
WriteConsoleW
UnmapViewOfFile
MapViewOfFile
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
CloseHandle
WaitForSingleObject
SetEvent
HeapSize
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LCMapStringW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetFileType
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
FlushFileBuffers

user32

MessageBoxA

advapi32

RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

z0tyg8go
Size: 58KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

oc7esfle
Size: 287KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0.jibmbs
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
UninstallToolPortable.exe
.exe windows x86

134015f954eea11f9de4bd20a6334c02

Code Sign

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2020, 00:00

Not After

06/05/2023, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2020, 00:00

Not After

06/05/2023, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:d0:2b:bf:d4:2d:34:d7:0e:07:3d:07:68:f7:3e:81:12:e9:bd:0d:97:2c:77:5b:4f:33:2d:8a:da:c3:88:69
Signer

Actual PE Digest

a1:d0:2b:bf:d4:2d:34:d7:0e:07:3d:07:68:f7:3e:81:12:e9:bd:0d:97:2c:77:5b:4f:33:2d:8a:da:c3:88:69

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

18/10/2022, 20:56
Valid: true

Chain 1

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

73:6d:e7:3d:89:96:c4:15:0d:24:5f:19:12:c1:5f:ef:ca:22:41:c7
Signer

Actual PE Digest

73:6d:e7:3d:89:96:c4:15:0d:24:5f:19:12:c1:5f:ef:ca:22:41:c7

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

18/10/2022, 20:56
Valid: true

Chain 1

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
FindClose
FindNextFileW
GetFileAttributesW
WriteFile
CloseHandle
WaitForSingleObject
GetProcAddress
LocalFree
HeapAlloc
HeapFree
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetModuleFileNameW
WideCharToMultiByte
FreeLibrary
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
GetConsoleOutputCP
GetConsoleMode
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
HeapSize
WriteConsoleW
MultiByteToWideChar
GetLastError
GetCurrentProcess
GetModuleHandleW
GetCommandLineW

user32

CharLowerBuffW
GetMessageW
PostMessageW
MessageBoxW

shell32

CommandLineToArgvW

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UninstallTool_x64.dat
.exe windows x64

806de8eea676789cdc82805536911cad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalGetAtomNameW
GetFileSizeEx
GlobalFlags
GetSystemDefaultUILanguage
SetErrorMode
GetUserDefaultLCID
FindResourceExW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetDriveTypeW
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
LCMapStringW
HeapQueryInformation
VirtualQuery
GetSystemInfo
GetFileType
SetStdHandle
TlsAlloc
FreeLibraryAndExitThread
ExitThread
RtlUnwind
RtlUnwindEx
RtlPcToFileHeader
GetCPInfo
CompareStringEx
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
FlushFileBuffers
GetThreadLocale
GetPrivateProfileIntW
SuspendThread
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
GetSystemDirectoryW
EncodePointer
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
OutputDebugStringA
GetACP
OpenEventW
OpenMutexW
CreateMutexW
GlobalFree
lstrlenA
ExitProcess
CompareStringW
EnumResourceLanguagesW
EnumResourceTypesW
EnumResourceNamesW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpA
SetThreadPriority
CreateDirectoryW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetModuleHandleA
LocalUnlock
LocalLock
GetVersionExW
VirtualFree
VirtualAlloc
ExpandEnvironmentStringsW
lstrcatW
lstrcpyW
GetNativeSystemInfo
GetVersion
SetUnhandledExceptionFilter
RtlCaptureContext
K32GetModuleFileNameExW
TlsGetValue
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryFullProcessImageNameW
GetModuleHandleExW
GetModuleFileNameW
GetModuleFileNameA
GetCurrentThread
GetProcessTimes
CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
OutputDebugStringW
DebugBreak
IsDebuggerPresent
FileTimeToLocalFileTime
CompareFileTime
GlobalLock
GlobalUnlock
GlobalAlloc
GetTempPathW
QueryDosDeviceW
GetTempFileNameW
GetLogicalDriveStringsW
GetFullPathNameW
FindNextFileW
FindFirstFileW
FindClose
SetFilePointer
FormatMessageW
GetWindowsDirectoryW
SetFileAttributesW
RemoveDirectoryW
IsBadWritePtr
IsBadReadPtr
MoveFileExW
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileAttributesExW
InitializeCriticalSectionAndSpinCount
lstrcmpiW
LoadLibraryW
CopyFileW
ResumeThread
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteConsoleA
GetConsoleMode
GetDynamicTimeZoneInformation
GetFileAttributesW
GetStdHandle
GetLongPathNameW
GetExitCodeThread
WriteFile
GetTickCount
WinExec
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
DecodePointer
lstrcmpW
SearchPathW
GetComputerNameW
DeleteFileW
CreateThread
GetCommandLineW
GetLocalTime
Sleep
GetCurrentDirectoryW
lstrcpynW
LoadLibraryExW
VirtualProtect
LoadLibraryA
FreeLibrary
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateProcessW
GetExitCodeProcess
GetCurrentProcess
ReadFile
GetFileSize
lstrlenW
OpenProcess
TerminateProcess
GetLastError
MulDiv
CreateFileW
LocalFree
LocalAlloc
GetProcAddress
GetTickCount64
VerifyVersionInfoW
VerSetConditionMask
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetUserDefaultUILanguage
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleHandleW
GetSystemTime
TerminateThread
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
DeviceIoControl
SetLastError
CloseHandle
GetCommandLineA

user32

GetKeyboardLayoutList
ToUnicodeEx
GetMenuItemInfoW
GetMenuItemID
SetWindowRgn
SetParent
GetTopWindow
UpdateWindow
LoadMenuW
MapVirtualKeyW
wsprintfW
GetNextDlgTabItem
GetSysColorBrush
AdjustWindowRectEx
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
CreateIconIndirect
CreateIconFromResourceEx
LoadBitmapW
DrawStateW
RegisterClipboardFormatW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
InvertRect
LockWindowUpdate
GetDCEx
GetSubMenu
GetCapture
ReleaseCapture
GetWindowPlacement
SetWindowPlacement
TranslateAcceleratorW
SendDlgItemMessageA
SendMessageW
EnableWindow
SetCapture
WindowFromPoint
ShowScrollBar
GetUpdateRect
DrawFocusRect
WinHelpW
IsDialogMessageW
GetWindow
GetLastActivePopup
MessageBeep
RedrawWindow
DrawIcon
EnableMenuItem
GetSystemMenu
GetAsyncKeyState
GetDialogBaseUnits
CheckDlgButton
CreateDialogIndirectParamW
MoveWindow
DestroyWindow
PostQuitMessage
GetKeyboardLayout
PeekMessageW
DispatchMessageW
TranslateMessage
LoadStringW
EnumDisplaySettingsW
FindWindowExW
FindWindowW
MessageBoxW
WaitForInputIdle
SetLayeredWindowAttributes
ShowWindow
CreateWindowExW
RegisterClassExW
ExitWindowsEx
GetMessageW
SetWindowLongW
GetWindowLongW
SetFocus
EmptyClipboard
CheckMenuItem
CloseClipboard
GetMenuStringW
LookupIconIdFromDirectoryEx
DrawEdge
GetDoubleClickTime
GetMenu
SetMenu
GetMenuState
GetClassLongPtrW
SetCursorPos
GetClassLongW
CallWindowProcW
IsWindowUnicode
GetWindowLongPtrA
SetWindowLongPtrA
GetScrollInfo
GetTabbedTextExtentA
MapDialogRect
IsIconic
OpenClipboard
BringWindowToTop
AttachThreadInput
CharLowerBuffW
CharLowerBuffA
FillRect
SetWindowTextW
CharLowerW
GetShellWindow
GetDlgItem
DeleteMenu
GetMenuItemCount
CopyIcon
GetMenuDefaultItem
TrackPopupMenu
UnregisterClassW
ClientToScreen
InsertMenuW
CharUpperW
IsCharLowerW
GetKeyboardState
GetKeyNameTextW
MapVirtualKeyExW
IsWindowEnabled
LoadAcceleratorsW
CopyAcceleratorTableW
IsZoomed
IsClipboardFormatAvailable
MapWindowPoints
GetCursor
IsMenu
IsChild
GetDlgCtrlID
GetWindowRgn
HideCaret
ShowCaret
SetActiveWindow
WaitMessage
UnionRect
DestroyIcon
IsWindowVisible
GetActiveWindow
GetWindowTextW
GetDesktopWindow
EnumWindows
GetSysColor
GetParent
EnumChildWindows
GetFocus
GetSystemMetrics
DrawTextW
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRgn
GetWindowTextLengthW
GetClientRect
GetWindowRect
GetCursorPos
FrameRect
InflateRect
IntersectRect
PtInRect
GetWindowLongPtrW
GetClassNameW
RegisterWindowMessageW
PostMessageW
IsWindow
GetKeyState
InvalidateRect
SetCursor
ScreenToClient
SetRect
OffsetRect
LoadCursorW
LoadImageW
DrawIconEx
GetIconInfo
LoadIconW
SetWindowPos
SetWindowLongPtrW
SendMessageTimeoutW
GetWindowThreadProcessId
DrawFrameControl
GetMessagePos
CreatePopupMenu
AppendMenuW
CopyRect
SetClassLongPtrW
SystemParametersInfoW
SetMenuDefaultItem
GetForegroundWindow
SetRectEmpty
IsRectEmpty
EqualRect
DefWindowProcW
GetClassInfoW
DrawTextExW
GrayStringW
TabbedTextOutW
SendInput
SetForegroundWindow
SetTimer
KillTimer
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetMessageTime
RegisterClassW
GetClassInfoExW
ValidateRect
GetScrollPos
SetScrollRange
GetScrollRange
SetPropW
GetPropW
RemovePropW
SetScrollInfo
MonitorFromWindow
GetMonitorInfoW
SetDlgItemTextW
EndDialog
ShowOwnedPopups
GetWindowDC
CharNextW
DestroyMenu
SetWindowContextHelpId
DrawMenuBar
DefFrameProcW
TranslateMDISysAccel
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
RealChildWindowFromPoint
GetNextDlgGroupItem
PostThreadMessageW
SetClipboardData

gdi32

BeginPath
CloseFigure
EndPath
FillPath
StrokeAndFillPath
StrokePath
MoveToEx
PolyBezierTo
OffsetViewportOrgEx
GetRgnBox
CreatePolygonRgn
SetPixelV
FillRgn
FrameRgn
RestoreDC
RealizePalette
SaveDC
SetDIBitsToDevice
ExcludeClipRect
SelectClipRgn
SetMapMode
ExtSelectClipRgn
SetTextAlign
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetMapMode
SetRectRgn
DPtoLP
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetTextExtentPoint32A
GetTextAlign
GetCurrentPositionEx
GetClipRgn
GetClipBox
GetCharWidthW
Ellipse
StretchDIBits
CreatePatternBrush
Polyline
CreateFontW
GetViewportOrgEx
PtInRegion
GetBitmapBits
ExtCreateRegion
GetCurrentObject
CreateDIBSection
SetStretchBltMode
StretchBlt
GetDIBits
CreateBitmap
Polygon
SetPixel
EnumFontFamiliesExW
CreateRectRgnIndirect
GetPixel
CreateRoundRectRgn
CreateRectRgn
CombineRgn
DeleteDC
CreateDCW
GetTextColor
TextOutW
RectVisible
PtVisible
GetBkColor
Escape
BitBlt
RoundRect
Rectangle
GetTextExtentPoint32W
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
DeleteObject
CreatePen
ExtTextOutW
SetTextColor
SetBkMode
SetBkColor
SelectObject
PatBlt
GetStockObject
GetDeviceCaps
GetTextMetricsW
CreateSolidBrush

msimg32

GradientFill
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegOpenKeyExW
RegCreateKeyW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
OpenProcessToken
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueW
CloseServiceHandle
ControlService
EnumServicesStatusExW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
RegQueryValueW
RegEnumKeyW
DeleteService
CreateServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
GetUserNameW
RegEnumValueW
RegEnumKeyExW
RegCloseKey
ConvertSidToStringSidW
IsValidSid
GetTokenInformation
RegDeleteKeyW
StartServiceW
QueryServiceStatus

shell32

DragFinish
Shell_NotifyIconW
SHAppBarMessage
SHGetSpecialFolderLocation
SHGetMalloc
SHChangeNotify
ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetPathFromIDListW
SHFileOperationW
CommandLineToArgvW
SHGetFileInfoW
ExtractIconExW
DragAcceptFiles
DragQueryFileW
ord680
ShellExecuteW

comctl32

ImageList_Draw
ImageList_GetIconSize
ord410
ord412
ord413
ord381
ImageList_AddMasked
_TrackMouseEvent
ImageList_Destroy
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Add
ImageList_DrawEx
ImageList_GetImageInfo

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
ord487
PathStripPathW
PathMatchSpecW
PathRemoveFileSpecW
PathAddBackslashW
StrFormatByteSizeW
PathCompactPathW
PathParseIconLocationW
PathGetArgsW
PathUnquoteSpacesW
PathRemoveArgsW
PathIsRelativeW
PathIsDirectoryW
PathFileExistsW
SHDeleteKeyW
UrlUnescapeW

uxtheme

GetThemeColor
GetThemeInt
SetWindowTheme
BeginBufferedPaint
EndBufferedPaint
BufferedPaintSetAlpha
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeParentBackground
CloseThemeData
DrawThemeBackground
GetThemeBackgroundContentRect
OpenThemeData

ole32

CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
StgCreateDocfileOnILockBytes
CoGetClassObject
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoInitialize
CoCreateGuid
CoTaskMemAlloc
PropVariantClear
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
CoRegisterMessageFilter

oleaut32

VariantCopy
VariantClear
VariantInit
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SysFreeString
SysAllocStringLen
SysAllocString
VarDateFromStr
VarBstrFromDate
VarUdateFromDate
VariantChangeType
SystemTimeToVariantTime
SafeArrayGetDim
SafeArrayGetElemsize
LoadTypeLi
SysStringLen
SysStringByteLen
SysAllocStringByteLen
OleCreateFontIndirect
VariantChangeTypeEx
VariantTimeToSystemTime
OleLoadPicturePath

oledlg

OleUIBusyW
OleUIAddVerbMenuW

gdiplus

GdipGetImageHeight
GdipImageRotateFlip
GdipCreateBitmapFromHICON
GdipBitmapLockBits
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipDrawRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipAddPathArcI
GdipClosePathFigure
GdipStartPathFigure
GdipResetPath
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdipGetImageWidth
GdipDrawPath

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

PlaySoundW

oleacc

LresultFromObject
CreateStdAccessibleObject

wininet

InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 832KB - Virtual size: 832KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 936KB - Virtual size: 940KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UninstallTool_x86.dat
.exe windows x86

23084896a93e75deae9970de564ea7e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFlags
GetSystemDefaultUILanguage
SetErrorMode
GetUserDefaultLCID
FindResourceExW
UnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
GetStartupInfoW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetDriveTypeW
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
LCMapStringW
HeapQueryInformation
VirtualQuery
GetSystemInfo
GetFileType
SetStdHandle
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
GetFileSizeEx
RtlUnwind
GetCPInfo
CompareStringEx
LCMapStringEx
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
FlushFileBuffers
GetThreadLocale
GetPrivateProfileIntW
SuspendThread
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
GetACP
OpenEventW
OpenMutexW
CreateMutexW
GlobalFree
lstrlenA
ExitProcess
CompareStringW
EnumResourceLanguagesW
EnumResourceTypesW
EnumResourceNamesW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpA
SetThreadPriority
CreateDirectoryW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetModuleHandleA
LocalUnlock
LocalLock
GetVersionExW
VirtualFree
VirtualAlloc
ExpandEnvironmentStringsW
lstrcatW
lstrcpyW
GetNativeSystemInfo
GetVersion
SetUnhandledExceptionFilter
K32GetModuleFileNameExW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryFullProcessImageNameW
GetModuleHandleExW
GetModuleFileNameW
GetModuleFileNameA
GetCurrentThread
GetProcessTimes
CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
OutputDebugStringW
DebugBreak
IsDebuggerPresent
CompareFileTime
GlobalLock
GlobalUnlock
GlobalAlloc
GetTempPathW
QueryDosDeviceW
GetTempFileNameW
GetLogicalDriveStringsW
GetFullPathNameW
FindNextFileW
FindFirstFileW
FindClose
SetFilePointer
FormatMessageW
GetWindowsDirectoryW
SetFileAttributesW
RemoveDirectoryW
IsBadWritePtr
IsBadReadPtr
MoveFileExW
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileAttributesExW
InitializeCriticalSectionAndSpinCount
lstrcmpiW
LoadLibraryW
CopyFileW
ResumeThread
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteConsoleA
GetConsoleMode
GetDynamicTimeZoneInformation
GetFileAttributesW
GetStdHandle
GetLongPathNameW
GetExitCodeThread
WriteFile
GetTickCount
WinExec
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
DecodePointer
lstrcmpW
SearchPathW
GetComputerNameW
DeleteFileW
CreateThread
GetCommandLineW
GetLocalTime
Sleep
GetCurrentDirectoryW
lstrcpynW
LoadLibraryExW
VirtualProtect
LoadLibraryA
FreeLibrary
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateProcessW
GetExitCodeProcess
FileTimeToDosDateTime
GetSystemTimeAsFileTime
ReadFile
GetFileSize
FileTimeToLocalFileTime
CreateFileW
lstrlenW
OpenProcess
TerminateProcess
GetLastError
MulDiv
LocalFree
LocalAlloc
GetProcAddress
GetTickCount64
VerifyVersionInfoW
VerSetConditionMask
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetUserDefaultUILanguage
GetCurrentProcessId
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleHandleW
GetSystemTime
TerminateThread
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
DeviceIoControl
SetLastError
CloseHandle

user32

GetMenuItemInfoW
GetMenuItemID
SetWindowRgn
SetParent
GetTopWindow
UpdateWindow
LoadMenuW
MapVirtualKeyW
wsprintfW
GetNextDlgTabItem
GetSysColorBrush
AdjustWindowRectEx
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
CreateIconIndirect
CreateIconFromResourceEx
LoadBitmapW
DrawStateW
RegisterClipboardFormatW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
InvertRect
LockWindowUpdate
GetDCEx
GetWindowPlacement
SetWindowPlacement
TranslateAcceleratorW
SendDlgItemMessageA
SendMessageW
EnableWindow
GetSubMenu
GetCapture
ReleaseCapture
SetCapture
WindowFromPoint
ShowScrollBar
GetUpdateRect
DrawFocusRect
WinHelpW
IsDialogMessageW
GetWindow
GetLastActivePopup
MessageBeep
RedrawWindow
DrawIcon
EnableMenuItem
GetSystemMenu
GetAsyncKeyState
GetDialogBaseUnits
CheckDlgButton
CreateDialogIndirectParamW
MoveWindow
DestroyWindow
PostQuitMessage
WaitMessage
ToUnicodeEx
DispatchMessageW
TranslateMessage
LoadStringW
EnumDisplaySettingsW
FindWindowExW
FindWindowW
MessageBoxW
WaitForInputIdle
SetLayeredWindowAttributes
ShowWindow
CreateWindowExW
RegisterClassExW
ExitWindowsEx
GetMessageW
SetFocus
EmptyClipboard
SetClipboardData
CloseClipboard
CheckMenuItem
BringWindowToTop
AttachThreadInput
SetActiveWindow
UnionRect
GetMenuStringW
LookupIconIdFromDirectoryEx
DrawEdge
GetDoubleClickTime
GetMenu
SetMenu
GetMenuState
GetClassLongW
SetCursorPos
CallWindowProcW
IsWindowUnicode
GetWindowLongA
SetWindowLongA
GetScrollInfo
GetTabbedTextExtentA
MapDialogRect
GetKeyboardLayoutList
CharLowerBuffW
CharLowerBuffA
FillRect
SetWindowTextW
CharLowerW
GetShellWindow
GetDlgItem
DeleteMenu
GetMenuItemCount
CopyIcon
GetMenuDefaultItem
TrackPopupMenu
UnregisterClassW
ClientToScreen
InsertMenuW
KillTimer
SetTimer
SetForegroundWindow
GetKeyboardLayout
IsIconic
CharUpperW
IsCharLowerW
GetKeyboardState
GetKeyNameTextW
MapVirtualKeyExW
IsWindowEnabled
LoadAcceleratorsW
CopyAcceleratorTableW
IsZoomed
IsClipboardFormatAvailable
MapWindowPoints
GetCursor
IsMenu
IsChild
GetDlgCtrlID
GetWindowRgn
HideCaret
ShowCaret
PeekMessageW
DestroyIcon
IsWindowVisible
GetActiveWindow
GetWindowTextW
GetDesktopWindow
EnumWindows
GetSysColor
GetParent
EnumChildWindows
GetFocus
GetSystemMetrics
DrawTextW
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRgn
GetWindowTextLengthW
GetClientRect
GetWindowRect
GetCursorPos
FrameRect
InflateRect
IntersectRect
PtInRect
GetWindowLongW
GetClassNameW
RegisterWindowMessageW
PostMessageW
IsWindow
GetKeyState
InvalidateRect
SetCursor
ScreenToClient
SetRect
OffsetRect
LoadCursorW
LoadImageW
DrawIconEx
GetIconInfo
LoadIconW
SetWindowPos
SetWindowLongW
SendMessageTimeoutW
GetWindowThreadProcessId
MessageBoxA
DrawFrameControl
GetMessagePos
CreatePopupMenu
AppendMenuW
CopyRect
SetClassLongW
SystemParametersInfoW
SetMenuDefaultItem
GetForegroundWindow
SetRectEmpty
IsRectEmpty
EqualRect
DefWindowProcW
GetClassInfoW
DrawTextExW
GrayStringW
TabbedTextOutW
SendInput
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetMessageTime
RegisterClassW
GetClassInfoExW
ValidateRect
GetScrollPos
SetScrollRange
GetScrollRange
SetPropW
GetPropW
RemovePropW
SetScrollInfo
MonitorFromWindow
GetMonitorInfoW
SetDlgItemTextW
EndDialog
ShowOwnedPopups
GetWindowDC
CharNextW
DestroyMenu
SetWindowContextHelpId
DrawMenuBar
DefFrameProcW
TranslateMDISysAccel
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
RealChildWindowFromPoint
GetNextDlgGroupItem
PostThreadMessageW
OpenClipboard

gdi32

StrokeAndFillPath
StrokePath
MoveToEx
PolyBezierTo
OffsetViewportOrgEx
GetRgnBox
CreatePolygonRgn
SetPixelV
FillRgn
FrameRgn
RestoreDC
RealizePalette
SaveDC
SetDIBitsToDevice
ExcludeClipRect
SelectClipRgn
SetMapMode
FillPath
SetTextAlign
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetMapMode
SetRectRgn
DPtoLP
EndPath
CloseFigure
BeginPath
ExtSelectClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetTextExtentPoint32A
GetTextAlign
GetCurrentPositionEx
GetClipRgn
GetClipBox
GetCharWidthW
Ellipse
StretchDIBits
CreatePatternBrush
Polyline
CreateFontW
GetViewportOrgEx
PtInRegion
GetBitmapBits
ExtCreateRegion
GetCurrentObject
CreateDIBSection
SetStretchBltMode
StretchBlt
CreateBitmap
Polygon
SetPixel
EnumFontFamiliesExW
CreateRectRgnIndirect
GetTextMetricsW
GetPixel
CreateRoundRectRgn
CreateRectRgn
CombineRgn
DeleteDC
CreateDCW
GetTextColor
TextOutW
RectVisible
PtVisible
GetBkColor
Escape
BitBlt
RoundRect
Rectangle
GetTextExtentPoint32W
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
DeleteObject
CreatePen
ExtTextOutW
SetTextColor
SetBkMode
SetBkColor
CreateSolidBrush
GetDeviceCaps
GetStockObject
PatBlt
GetDIBits
SelectObject

msimg32

GradientFill
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegOpenKeyExW
RegCreateKeyW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegQueryInfoKeyW
OpenProcessToken
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueW
CloseServiceHandle
ControlService
RegQueryValueW
RegEnumKeyW
DeleteService
CreateServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
GetUserNameW
RegEnumValueW
RegEnumKeyExW
ConvertSidToStringSidW
RegCloseKey
IsValidSid
GetTokenInformation
RegDeleteKeyW
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
EnumServicesStatusExW

shell32

DragFinish
Shell_NotifyIconW
SHAppBarMessage
SHGetSpecialFolderLocation
SHGetMalloc
SHChangeNotify
ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetPathFromIDListW
SHFileOperationW
CommandLineToArgvW
SHGetFileInfoW
ExtractIconExW
DragAcceptFiles
DragQueryFileW
ord680
ShellExecuteW

comctl32

ImageList_Draw
ImageList_GetIconSize
ord410
ord412
ord413
ord381
ImageList_AddMasked
_TrackMouseEvent
ImageList_Destroy
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Add
ImageList_DrawEx
ImageList_GetImageInfo

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
ord487
PathStripPathW
PathMatchSpecW
PathRemoveFileSpecW
PathAddBackslashW
StrFormatByteSizeW
PathCompactPathW
PathParseIconLocationW
PathGetArgsW
PathUnquoteSpacesW
PathRemoveArgsW
PathIsRelativeW
PathIsDirectoryW
PathFileExistsW
SHDeleteKeyW
UrlUnescapeW

uxtheme

GetThemeColor
GetThemeInt
SetWindowTheme
BeginBufferedPaint
EndBufferedPaint
BufferedPaintSetAlpha
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeParentBackground
CloseThemeData
DrawThemeBackground
GetThemeBackgroundContentRect
OpenThemeData

ole32

CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
StgCreateDocfileOnILockBytes
CoGetClassObject
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoInitialize
CoCreateGuid
CoTaskMemAlloc
PropVariantClear
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
CoRegisterMessageFilter

oleaut32

VariantClear
VariantInit
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SysFreeString
SysAllocStringLen
SysAllocString
VariantTimeToSystemTime
VariantChangeTypeEx
VarDateFromStr
VarBstrFromDate
VarUdateFromDate
VariantChangeType
SysAllocStringByteLen
SafeArrayGetDim
SafeArrayGetElemsize
LoadTypeLi
VariantCopy
SysStringLen
OleCreateFontIndirect
SystemTimeToVariantTime
OleLoadPicturePath
SysStringByteLen

oledlg

OleUIBusyW
OleUIAddVerbMenuW

gdiplus

GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipImageRotateFlip
GdipBitmapUnlockBits
GdipBitmapLockBits
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHICON
GdipDrawRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipAddPathArcI
GdipClosePathFigure
GdipStartPathFigure
GdipResetPath
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdipCloneImage
GdipDrawPath

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

PlaySoundW

oleacc

LresultFromObject
CreateStdAccessibleObject

wininet

InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW

Exports

Exports

_EXECryptor_AntiDebug@0
_EXECryptor_DecodeSerialNumber@16
_EXECryptor_DecodeSerialNumberW@16
_EXECryptor_DecryptStr@8
_EXECryptor_DecryptStrW@8
_EXECryptor_EncryptStr@8
_EXECryptor_EncryptStrW@8
_EXECryptor_GetDate@0
_EXECryptor_GetEXECryptorVersion@0
_EXECryptor_GetHardwareID@0
_EXECryptor_GetProcAddr@8
_EXECryptor_GetReleaseDate@0
_EXECryptor_GetTrialDaysLeft@4
_EXECryptor_GetTrialRunsLeft@4
_EXECryptor_IsAppProtected@0
_EXECryptor_IsRegistered@0
_EXECryptor_MessageBoxA@16
_EXECryptor_ProtectImport@0
_EXECryptor_RegConst_0@0
_EXECryptor_RegConst_1@0
_EXECryptor_RegConst_2@0
_EXECryptor_RegConst_3@0
_EXECryptor_RegConst_4@0
_EXECryptor_RegConst_5@0
_EXECryptor_RegConst_6@0
_EXECryptor_RegConst_7@0
_EXECryptor_SecureRead@8
_EXECryptor_SecureReadW@8
_EXECryptor_SecureWrite@8
_EXECryptor_SecureWriteW@8
_EXECryptor_VerifySerialNumber@16
_EXECryptor_VerifySerialNumberW@16

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 555KB - Virtual size: 555KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 932KB - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
languages/Chinese_Simplified.xml
languages/English.xml
license.dat
preferences.xml
.xml
x64/CisUtMonitor.inf
x64/CisUtMonitor.sys
.exe windows x64

f43b6ef93625d306e6fdaf0ae00f11b3

Code Sign

0b:b4:b4:f9:68:eb:5e:9a:e8:3d:37:aa:2a:51:8d:7f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/02/2016, 00:00

Not After

09/04/2019, 23:59

Subject

CN=Software Security Systems ChTUP,O=Software Security Systems ChTUP,L=Minsk,ST=Minsk,C=BY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1e:cf:bc:bd:80:3f:a1:41:27:27:a0:b3:9a:cd:0c:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/02/2016, 00:00

Not After

09/04/2019, 23:59

Subject

CN=Software Security Systems ChTUP,O=Software Security Systems ChTUP,L=Minsk,ST=Minsk,C=BY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

28:95:2e:a4:f4:45:5d:20:af:17:bd:55:77:88:30:fe:a6:42:b1:24:10:24:f3:0b:6c:96:c3:75:6a:1a:19:e8
Signer

Actual PE Digest

28:95:2e:a4:f4:45:5d:20:af:17:bd:55:77:88:30:fe:a6:42:b1:24:10:24:f3:0b:6c:96:c3:75:6a:1a:19:e8

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Software Security Systems ChTUP,O=Software Security Systems ChTUP,L=Minsk,ST=Minsk,C=BY

23/11/2018, 07:01
Valid: false

76:a1:c9:15:92:18:fd:75:16:8f:1b:22:88:d8:f6:b3:c9:49:16:06
Signer

Actual PE Digest

76:a1:c9:15:92:18:fd:75:16:8f:1b:22:88:d8:f6:b3:c9:49:16:06

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Software Security Systems ChTUP,O=Software Security Systems ChTUP,L=Minsk,ST=Minsk,C=BY

23/11/2018, 07:01
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExDeletePagedLookasideList
IoUnregisterShutdownNotification
ExEventObjectType
IofCompleteRequest
ExQueryDepthSList
ObReferenceObjectByHandle
KeWaitForSingleObject
PsGetVersion
ExInterlockedRemoveHeadList
CmRegisterCallback
IoCreateSymbolicLink
ExInitializePagedLookasideList
ObfDereferenceObject
IoCreateDevice
CmUnRegisterCallback
DbgPrint
ExDeleteNPagedLookasideList
IoThreadToProcess
KeSetEvent
ExpInterlockedPopEntrySList
ExInterlockedInsertTailList
PsGetProcessId
KeReleaseMutex
ExAllocatePoolWithTag
_wcsnicmp
RtlCheckRegistryKey
ZwQueryValueKey
RtlCompareUnicodeString
RtlConvertSidToUnicodeString
ZwOpenThreadTokenEx
RtlTimeToSecondsSince1970
MmGetSystemRoutineAddress
ZwOpenProcessTokenEx
ObQueryNameString
ExSystemTimeToLocalTime
ZwClose
ZwOpenProcess
RtlCopyUnicodeString
MmIsAddressValid
ZwQueryInformationToken
ZwOpenKey
KeBugCheckEx
PsSetCreateProcessNotifyRoutine
ExpInterlockedPushEntrySList
IoDeleteDevice
RtlInitUnicodeString
ExInitializeNPagedLookasideList
KeInitializeMutex
IoRegisterShutdownNotification
ExFreePoolWithTag
_wcsicmp
IoDeleteSymbolicLink
__C_specific_handler

fltmgr.sys

FltReleaseFileNameInformation
FltCloseCommunicationPort
FltGetFileNameInformation
FltGetDestinationFileNameInformation
FltStartFiltering
FltRegisterFilter
FltUnregisterFilter
FltParseFileNameInformation

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/CisUtMonitor.inf
x86/CisUtMonitor.sys
.exe windows x86

76aba047f0b037cb0deb0211092d4824

Code Sign

0b:b4:b4:f9:68:eb:5e:9a:e8:3d:37:aa:2a:51:8d:7f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/02/2016, 00:00

Not After

09/04/2019, 23:59

Subject

CN=Software Security Systems ChTUP,O=Software Security Systems ChTUP,L=Minsk,ST=Minsk,C=BY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1e:cf:bc:bd:80:3f:a1:41:27:27:a0:b3:9a:cd:0c:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/02/2016, 00:00

Not After

09/04/2019, 23:59

Subject

CN=Software Security Systems ChTUP,O=Software Security Systems ChTUP,L=Minsk,ST=Minsk,C=BY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

97:cd:bc:e7:f0:f1:e8:c2:85:97:30:66:b4:87:21:b5:26:d8:ba:dc:03:27:fb:8e:36:a1:03:ae:61:e8:85:77
Signer

Actual PE Digest

97:cd:bc:e7:f0:f1:e8:c2:85:97:30:66:b4:87:21:b5:26:d8:ba:dc:03:27:fb:8e:36:a1:03:ae:61:e8:85:77

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Software Security Systems ChTUP,O=Software Security Systems ChTUP,L=Minsk,ST=Minsk,C=BY

23/11/2018, 07:01
Valid: false

cc:ce:78:3e:47:3a:1d:36:4f:90:51:4f:e4:d3:fe:87:a0:d6:6d:fe
Signer

Actual PE Digest

cc:ce:78:3e:47:3a:1d:36:4f:90:51:4f:e4:d3:fe:87:a0:d6:6d:fe

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Software Security Systems ChTUP,O=Software Security Systems ChTUP,L=Minsk,ST=Minsk,C=BY

23/11/2018, 07:01
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExEventObjectType
DbgPrint
ObfDereferenceObject
ExFreePoolWithTag
ExfInterlockedRemoveHeadList
memcpy
IofCompleteRequest
KeWaitForSingleObject
KeReleaseMutex
IoRegisterShutdownNotification
IoCreateSymbolicLink
CmRegisterCallback
KeInitializeMutex
ExInitializePagedLookasideList
ExInitializeNPagedLookasideList
IoCreateDevice
memset
PsGetVersion
InterlockedPopEntrySList
KeSetEvent
ExfInterlockedInsertTailList
PsGetProcessId
IoThreadToProcess
KeGetCurrentThread
ExAllocatePoolWithTag
_wcsicmp
_wcsnicmp
RtlCheckRegistryKey
ObReferenceObjectByHandle
ZwQueryValueKey
ZwDeleteKey
ZwSetValueKey
ZwCreateKey
RtlCompareUnicodeString
RtlCopyUnicodeString
MmGetSystemRoutineAddress
ZwClose
ZwOpenProcess
RtlTimeToSecondsSince1970
ExSystemTimeToLocalTime
KeQuerySystemTime
ObQueryNameString
MmIsAddressValid
ZwOpenKey
RtlConvertSidToUnicodeString
ZwQueryInformationToken
ZwOpenProcessTokenEx
ZwOpenThreadTokenEx
MmUnmapLockedPages
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
ExAllocatePool
KeServiceDescriptorTable
KeTickCount
KeBugCheckEx
PsSetCreateProcessNotifyRoutine
CmUnRegisterCallback
RtlInitUnicodeString
IoDeleteSymbolicLink
IoUnregisterShutdownNotification
ExDeleteNPagedLookasideList
ExDeletePagedLookasideList
IoDeleteDevice
ZwQueryObject
InterlockedPushEntrySList
RtlUnwind

fltmgr.sys

FltGetFileNameInformation
FltParseFileNameInformation
FltReleaseFileNameInformation
FltCloseCommunicationPort
FltRegisterFilter
FltStartFiltering
FltUnregisterFilter
FltGetDestinationFileNameInformation

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0e8305f3a2a23ba622fa7f18bf7cd51

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

23:e8:29:0d:71:95:04:18:c0:08:59:7e:42:f7:48:1bCertificate

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4Certificate

Extended Key Usages

Key Usages

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28Certificate

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

a0:1c:49:44:89:8f:4d:60:53:6f:f6:4a:57:14:61:b5:ef:1c:99:8e:5c:96:b5:a0:31:5a:14:48:b8:dd:47:2eSigner

Signature Validations

Verification

03/10/2018, 14:26 Valid: true

Chain 1

53:e1:e4:9c:8e:0b:7b:42:37:6b:63:c6:f9:5e:9c:85:58:65:37:35Signer

Signature Validations

Verification

03/10/2018, 14:26 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 96KB - Virtual size: 96KB

z0tyg8go Size: 58KB - Virtual size: 60KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 4KB

oc7esfle Size: 287KB - Virtual size: 288KB

0.jibmbs Size: 512B - Virtual size: 4KB

134015f954eea11f9de4bd20a6334c02

Code Sign

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7fCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7fCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

23:e8:29:0d:71:95:04:18:c0:08:59:7e:42:f7:48:1b
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

a0:1c:49:44:89:8f:4d:60:53:6f:f6:4a:57:14:61:b5:ef:1c:99:8e:5c:96:b5:a0:31:5a:14:48:b8:dd:47:2e
Signer

03/10/2018, 14:26
Valid: true

53:e1:e4:9c:8e:0b:7b:42:37:6b:63:c6:f9:5e:9c:85:58:65:37:35
Signer

03/10/2018, 14:26
Valid: true

.text
Size: 96KB - Virtual size: 96KB

z0tyg8go
Size: 58KB - Virtual size: 60KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 4KB

oc7esfle
Size: 287KB - Virtual size: 288KB

0.jibmbs
Size: 512B - Virtual size: 4KB

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

a1:d0:2b:bf:d4:2d:34:d7:0e:07:3d:07:68:f7:3e:81:12:e9:bd:0d:97:2c:77:5b:4f:33:2d:8a:da:c3:88:69
Signer

18/10/2022, 20:56
Valid: true

73:6d:e7:3d:89:96:c4:15:0d:24:5f:19:12:c1:5f:ef:ca:22:41:c7
Signer

18/10/2022, 20:56
Valid: true

.text
Size: 151KB - Virtual size: 151KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 87KB - Virtual size: 86KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 832KB - Virtual size: 832KB

.data
Size: 68KB - Virtual size: 102KB

.pdata
Size: 141KB - Virtual size: 141KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 936KB - Virtual size: 940KB