DirectX 9[.]0[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

DirectX 9.0.rar
Size

96.1MB
MD5

fbe70d41df186045966aeb111868b8fc
SHA1

b47cd05261709673f540fa99683ac50577d5fad2
SHA256

a1f38d9515d4181bebfee9e8d5ddf644c6df72fb03de4db56781f988f1485739
SHA512

b0501bf845a6481db8f984d6761f6b4280573ae6fb1cf57d3f5b9264aca6cefa228c81feb8371915f2a45b95643708713719c1286fa0a8d4f34d789391d8ab48
SSDEEP

3145728:OIdGk88w/LFfisrsSqjl8o0CEL0pHZlzl+vH1:Tok83/JqPSqB8oB/Zdl+vV

Score

1^/10

Malware Config

Signatures

Files

DirectX 9.0.rar
.rar
DirectX 9.0/APR2007_XACT_x64.cab
.cab .ps1
apr2007_xact_x64.inf
infinst.exe
.exe windows x64

6668c9525ad04c4190169dc04fde550d

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

44:c2:26:68:e3:a7:0e:0f:e1:0d:6e:d0:a5:42:df:15:4c:e1:0a:0f
Signer

Actual PE Digest

44:c2:26:68:e3:a7:0e:0f:e1:0d:6e:d0:a5:42:df:15:4c:e1:0a:0f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

05/04/2007, 01:53
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OutputDebugStringA
GetWindowsDirectoryA
GetLastError
LocalFree
FormatMessageA
CompareStringA
CloseHandle
CreateFileA
lstrlenA
GetPrivateProfileStringA
FindClose
FindFirstFileA
MoveFileExA
CopyFileA
GetCurrentDirectoryA
GetModuleFileNameA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetLocalTime
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
HeapCreate
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
Sleep
SetFilePointer
SetStdHandle
FlushFileBuffers
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
SetEndOfFile
ReadFile
GetLocaleInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery

user32

CharNextA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupOpenInfFileA
SetupOpenFileQueue
SetupInstallFromInfSectionA
SetupCloseFileQueue
SetupCloseInfFile
SetupCopyOEMInfA
SetupDiDestroyDeviceInfoList
SetupDiSetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDefaultQueueCallbackA

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
x3daudio1_1.dll
.dll windows x64

01dbb721ad8b0aa287d0e6cb37b97382

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:2b:fc:2c:be:00:d2:f9:f0:2d:7a:31:b3:c6:e8:cc:c4:87:22:77
Signer

Actual PE Digest

6e:2b:fc:2c:be:00:d2:f9:f0:2d:7a:31:b3:c6:e8:cc:c4:87:22:77

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

07/02/2023, 20:44
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

tan
sinf
sin
sqrt
_initterm
cosf
malloc
acosf
free
atan2f

kernel32

Sleep
DisableThreadLibraryCalls

Exports

Exports

X3DAudioCalculate
X3DAudioInitialize

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xact2_7_x64.cat
xact2_7_x64.inf
xact2_7_x64_xp.inf
xactengine2_7.dll
.dll regsvr32 windows x64

db64690fd3880f9d7a43b3137465b79c

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a8:0a:f8:7d:a4:03:9b:2c:84:8b:b3:7d:71:bf:21:21:a5:17:49:1b
Signer

Actual PE Digest

a8:0a:f8:7d:a4:03:9b:2c:84:8b:b3:7d:71:bf:21:21:a5:17:49:1b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

05/04/2007, 01:55
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_initterm
sinf
cosf
strncpy
sqrtf
free
malloc
cos
floorf
??2@YAPEAX_K@Z
_vsnwprintf
sin
powf
pow
log10
memcmp
_purecall
memcpy
acosf
atan2f
memset
sqrt
_isnan
??3@YAXPEAX@Z
_controlfp
_vsnprintf
_aligned_malloc
_aligned_free
tan

kernel32

GetSystemInfo
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
lstrcmpW
__C_specific_handler
HeapSize
GetFileSize
SetEndOfFile
SetFilePointer
DisableThreadLibraryCalls
GetLastError
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
GetTickCount
QueryPerformanceCounter
HeapFree
CreateSemaphoreW
GetCurrentThreadId
HeapAlloc
InitializeCriticalSection
DeleteCriticalSection
TryEnterCriticalSection
CloseHandle
CreateFileA
QueryPerformanceFrequency
GetOverlappedResult
ReadFile
WaitForMultipleObjects
WaitForSingleObject
SetEvent
CreateThread
CreateEventA
Sleep
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
WriteFile
ReleaseSemaphore
CreateEventW
SetThreadPriority
GetProcessHeap
RtlCaptureContext
SwitchToThread

rpcrt4

RpcStringFreeA
UuidToStringA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
PropVariantClear
CLSIDFromString

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

user32

GetDesktopWindow

winmm

timeEndPeriod
timeBeginPeriod

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 354KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 512B - Virtual size: 99B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DirectX 9.0/APR2007_XACT_x86.cab
.cab
DirectX 9.0/APR2007_d3dx10_33_x64.cab
.cab
DirectX 9.0/APR2007_d3dx10_33_x86.cab
.cab
DirectX 9.0/APR2007_d3dx9_33_x64.cab
.cab
DirectX 9.0/APR2007_d3dx9_33_x86.cab
.cab
DirectX 9.0/APR2007_xinput_x64.cab
.cab
DirectX 9.0/APR2007_xinput_x86.cab
.cab
DirectX 9.0/AUG2006_XACT_x64.cab
.cab
DirectX 9.0/AUG2006_XACT_x86.cab
.cab
DirectX 9.0/AUG2006_xinput_x64.cab
.cab
DirectX 9.0/AUG2006_xinput_x86.cab
.cab
DirectX 9.0/AUG2007_XACT_x64.cab
.cab
DirectX 9.0/AUG2007_XACT_x86.cab
.cab
DirectX 9.0/AUG2007_d3dx10_35_x64.cab
.cab
DirectX 9.0/AUG2007_d3dx10_35_x86.cab
.cab
DirectX 9.0/AUG2007_d3dx9_35_x64.cab
.cab
DirectX 9.0/AUG2007_d3dx9_35_x86.cab
.cab
DirectX 9.0/Apr2005_d3dx9_25_x64.cab
.cab
DirectX 9.0/Apr2005_d3dx9_25_x86.cab
.cab
DirectX 9.0/Apr2006_MDX1_x86.cab
.cab
DirectX 9.0/Apr2006_MDX1_x86_Archive.cab
.cab
DirectX 9.0/Apr2006_XACT_x64.cab
.cab
DirectX 9.0/Apr2006_XACT_x86.cab
.cab
DirectX 9.0/Apr2006_d3dx9_30_x64.cab
.cab
DirectX 9.0/Apr2006_d3dx9_30_x86.cab
.cab
DirectX 9.0/Apr2006_xinput_x64.cab
.cab
DirectX 9.0/Apr2006_xinput_x86.cab
.cab .ps1
DirectX 9.0/Aug2005_d3dx9_27_x64.cab
.cab
DirectX 9.0/Aug2005_d3dx9_27_x86.cab
.cab
DirectX 9.0/Aug2008_XACT_x64.cab
.cab
DirectX 9.0/Aug2008_XACT_x86.cab
.cab
DirectX 9.0/Aug2008_XAudio_x64.cab
.cab
DirectX 9.0/Aug2008_XAudio_x86.cab
.cab
DirectX 9.0/Aug2008_d3dx10_39_x64.cab
.cab
DirectX 9.0/Aug2008_d3dx10_39_x86.cab
.cab
DirectX 9.0/Aug2008_d3dx9_39_x64.cab
.cab
DirectX 9.0/Aug2008_d3dx9_39_x86.cab
.cab
DirectX 9.0/Aug2009_D3DCompiler_42_x64.cab
.cab
DirectX 9.0/Aug2009_D3DCompiler_42_x86.cab
.cab
DirectX 9.0/Aug2009_XACT_x64.cab
.cab
DirectX 9.0/Aug2009_XACT_x86.cab
.cab
DirectX 9.0/Aug2009_XAudio_x64.cab
.cab
DirectX 9.0/Aug2009_XAudio_x86.cab
.cab
DirectX 9.0/Aug2009_d3dcsx_42_x64.cab
.cab
DirectX 9.0/Aug2009_d3dcsx_42_x86.cab
.cab
DirectX 9.0/Aug2009_d3dx10_42_x64.cab
.cab
DirectX 9.0/Aug2009_d3dx10_42_x86.cab
.cab
DirectX 9.0/Aug2009_d3dx11_42_x64.cab
.cab
DirectX 9.0/Aug2009_d3dx11_42_x86.cab
.cab
DirectX 9.0/Aug2009_d3dx9_42_x64.cab
.cab
DirectX 9.0/Aug2009_d3dx9_42_x86.cab
.cab
DirectX 9.0/DEC2006_XACT_x64.cab
.cab
DirectX 9.0/DEC2006_XACT_x86.cab
.cab
DirectX 9.0/DEC2006_d3dx10_00_x64.cab
.cab
DirectX 9.0/DEC2006_d3dx10_00_x86.cab
.cab
DirectX 9.0/DEC2006_d3dx9_32_x64.cab
.cab
DirectX 9.0/DEC2006_d3dx9_32_x86.cab
.cab
DirectX 9.0/DSETUP.dll
.dll windows x86

fcc13f8625d566aaaa2bb3f0da90254b

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

38:29:f8:13:65:88:5c:bf:c5:fa:66:63:11:cb:3f:22:25:39:e2:6c
Signer

Actual PE Digest

38:29:f8:13:65:88:5c:bf:c5:fa:66:63:11:cb:3f:22:25:39:e2:6c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

30/03/2011, 18:42
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryW
LocalFree
LocalAlloc
lstrcmpA
WideCharToMultiByte
GetSystemDefaultLCID
LoadLibraryW
GetModuleFileNameW
MultiByteToWideChar
CompareStringA
CreateDirectoryA
GetWindowsDirectoryA
FormatMessageA
GetCommandLineA
HeapFree
HeapReAlloc
HeapAlloc
GetLocalTime
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemDirectoryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
RtlUnwind
WriteFile
InitializeCriticalSection
GetModuleHandleW
GetCPInfo
GetACP
GetOEMCP
Sleep
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
CreateFileA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap
ReadFile
VirtualProtect
GetSystemInfo
VirtualQuery
SetCurrentDirectoryA
GetVersionExA
LoadLibraryA
GetProcAddress
SetCurrentDirectoryW
OutputDebugStringA
CreateMutexA
GetLastError
CloseHandle
GetSystemTimeAsFileTime
FreeLibrary

user32

GetKeyboardType
DestroyWindow
SetFocus
CreateDialogParamA
SetDlgItemTextA
MessageBoxA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegSetValueExW
RegCreateKeyExW
RegQueryValueExA

winmm

mmioRead
mmioDescend
mmioClose
mmioOpenA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

StringFromGUID2

Exports

Exports

DirectXDeviceDriverSetupA
DirectXDeviceDriverSetupW
DirectXLoadString
DirectXRegisterApplicationA
DirectXRegisterApplicationW
DirectXSetupA
DirectXSetupCallback
DirectXSetupGetEULAA
DirectXSetupGetEULAW
DirectXSetupGetFileVersion
DirectXSetupGetVersion
DirectXSetupIsEng
DirectXSetupIsJapan
DirectXSetupIsJapanNec
DirectXSetupSetCallback
DirectXSetupShowEULA
DirectXSetupW
DirectXUnRegisterApplication

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DirectX 9.0/DXSETUP.exe
.exe windows x86

c3f46af231fa1b9042c9d1b85247a291

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7c:43:ce:81:54:6c:17:23:08:58:c5:e8:17:dc:76:a3:4b:3b:a7:d9
Signer

Actual PE Digest

7c:43:ce:81:54:6c:17:23:08:58:c5:e8:17:dc:76:a3:4b:3b:a7:d9

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

30/03/2011, 18:42
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

kernel32

FindClose
FindFirstFileA
lstrlenA
ReadFile
GetFileSize
CreateFileA
GetCurrentDirectoryA
GetCurrentProcess
GetModuleFileNameA
SetErrorMode
CreateMutexA
GetModuleHandleA
CreateThread
GetSystemDirectoryA
CloseHandle
GetVersionExA
LoadLibraryA
GetProcAddress
FreeLibrary
CompareStringA
GetWindowsDirectoryA
FormatMessageA
lstrcmpiA
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
VirtualQuery
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapReAlloc
VirtualAlloc
Sleep
GetModuleHandleW
InitializeCriticalSection
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetOEMCP
OutputDebugStringA
CreateDirectoryA
GetLastError
LocalFree
GetCommandLineA
GetStartupInfoA
GetLocalTime
SetUnhandledExceptionFilter
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
HeapAlloc
GetCPInfo
GetACP

gdi32

StretchBlt
GetObjectA
DeleteDC
CreateCompatibleDC
SelectObject
CreateFontIndirectA
DeleteObject
GetDeviceCaps

user32

ReleaseDC
GetDC
LoadImageA
SystemParametersInfoA
SendDlgItemMessageA
SetDlgItemTextW
SetWindowTextW
GetWindowLongA
SetWindowLongA
PostMessageA
GetParent
SetDlgItemTextA
GetDlgItem
SendMessageA
ShowWindow
SetFocus
GetAsyncKeyState
ExitWindowsEx
EnumWindows
CharLowerA
LoadStringW
MessageBoxW
LoadStringA
MessageBoxA
GetWindowTextA
GetClassNameA
SetForegroundWindow

version

GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoA
VerQueryValueA

comctl32

CreatePropertySheetPageA
PropertySheetA
ord17

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DirectX 9.0/Dec2005_d3dx9_28_x64.cab
.cab
DirectX 9.0/Dec2005_d3dx9_28_x86.cab
.cab
DirectX 9.0/FEB2007_XACT_x64.cab
.cab
DirectX 9.0/FEB2007_XACT_x86.cab
.cab
DirectX 9.0/Feb2005_d3dx9_24_x64.cab
.cab
DirectX 9.0/Feb2005_d3dx9_24_x86.cab
.cab
DirectX 9.0/Feb2006_XACT_x64.cab
.cab
DirectX 9.0/Feb2006_XACT_x86.cab
.cab
DirectX 9.0/Feb2006_d3dx9_29_x64.cab
.cab
DirectX 9.0/Feb2006_d3dx9_29_x86.cab
.cab
DirectX 9.0/Feb2010_X3DAudio_x64.cab
.cab
DirectX 9.0/Feb2010_X3DAudio_x86.cab
.cab
DirectX 9.0/Feb2010_XACT_x64.cab
.cab
DirectX 9.0/Feb2010_XACT_x86.cab
.cab
DirectX 9.0/Feb2010_XAudio_x64.cab
.cab
DirectX 9.0/Feb2010_XAudio_x86.cab
.cab
DirectX 9.0/JUN2006_XACT_x64.cab
.cab
DirectX 9.0/JUN2006_XACT_x86.cab
.cab
DirectX 9.0/JUN2007_XACT_x64.cab
.cab
DirectX 9.0/JUN2007_XACT_x86.cab
.cab
DirectX 9.0/JUN2007_d3dx10_34_x64.cab
.cab
DirectX 9.0/JUN2007_d3dx10_34_x86.cab
.cab
DirectX 9.0/JUN2007_d3dx9_34_x64.cab
.cab
DirectX 9.0/JUN2007_d3dx9_34_x86.cab
.cab
DirectX 9.0/JUN2008_X3DAudio_x64.cab
.cab
DirectX 9.0/JUN2008_X3DAudio_x86.cab
.cab
DirectX 9.0/JUN2008_XACT_x64.cab
.cab
DirectX 9.0/JUN2008_XACT_x86.cab
.cab
DirectX 9.0/JUN2008_XAudio_x64.cab
.cab
DirectX 9.0/JUN2008_XAudio_x86.cab
.cab
DirectX 9.0/JUN2008_d3dx10_38_x64.cab
.cab
DirectX 9.0/JUN2008_d3dx10_38_x86.cab
.cab
DirectX 9.0/JUN2008_d3dx9_38_x64.cab
.cab
DirectX 9.0/JUN2008_d3dx9_38_x86.cab
.cab
DirectX 9.0/Jun2005_d3dx9_26_x64.cab
.cab
DirectX 9.0/Jun2005_d3dx9_26_x86.cab
.cab
DirectX 9.0/Jun2010_D3DCompiler_43_x64.cab
.cab
DirectX 9.0/Jun2010_D3DCompiler_43_x86.cab
.cab
DirectX 9.0/Jun2010_XACT_x64.cab
.cab
DirectX 9.0/Jun2010_XACT_x86.cab
.cab
DirectX 9.0/Jun2010_XAudio_x64.cab
.cab
DirectX 9.0/Jun2010_XAudio_x86.cab
.cab
DirectX 9.0/Jun2010_d3dcsx_43_x64.cab
.cab
DirectX 9.0/Jun2010_d3dcsx_43_x86.cab
.cab
DirectX 9.0/Jun2010_d3dx10_43_x64.cab
.cab
DirectX 9.0/Jun2010_d3dx10_43_x86.cab
.cab
DirectX 9.0/Jun2010_d3dx11_43_x64.cab
.cab
DirectX 9.0/Jun2010_d3dx11_43_x86.cab
.cab
DirectX 9.0/Jun2010_d3dx9_43_x64.cab
.cab
DirectX 9.0/Jun2010_d3dx9_43_x86.cab
.cab
DirectX 9.0/Mar2008_X3DAudio_x64.cab
.cab
DirectX 9.0/Mar2008_X3DAudio_x86.cab
.cab
DirectX 9.0/Mar2008_XACT_x64.cab
.cab
DirectX 9.0/Mar2008_XACT_x86.cab
.cab
DirectX 9.0/Mar2008_XAudio_x64.cab
.cab
DirectX 9.0/Mar2008_XAudio_x86.cab
.cab
DirectX 9.0/Mar2008_d3dx10_37_x64.cab
.cab
DirectX 9.0/Mar2008_d3dx10_37_x86.cab
.cab
DirectX 9.0/Mar2008_d3dx9_37_x64.cab
.cab
DirectX 9.0/Mar2008_d3dx9_37_x86.cab
.cab
DirectX 9.0/Mar2009_X3DAudio_x64.cab
.cab
DirectX 9.0/Mar2009_X3DAudio_x86.cab
.cab
DirectX 9.0/Mar2009_XACT_x64.cab
.cab
DirectX 9.0/Mar2009_XACT_x86.cab
.cab
DirectX 9.0/Mar2009_XAudio_x64.cab
.cab
DirectX 9.0/Mar2009_XAudio_x86.cab
.cab
DirectX 9.0/Mar2009_d3dx10_41_x64.cab
.cab
DirectX 9.0/Mar2009_d3dx10_41_x86.cab
.cab
DirectX 9.0/Mar2009_d3dx9_41_x64.cab
.cab
DirectX 9.0/Mar2009_d3dx9_41_x86.cab
.cab
DirectX 9.0/NOV2007_X3DAudio_x64.cab
.cab
DirectX 9.0/NOV2007_X3DAudio_x86.cab
.cab
DirectX 9.0/NOV2007_XACT_x64.cab
.cab
DirectX 9.0/NOV2007_XACT_x86.cab
.cab
DirectX 9.0/Nov2007_d3dx10_36_x64.cab
.cab
DirectX 9.0/Nov2007_d3dx10_36_x86.cab
.cab
DirectX 9.0/Nov2007_d3dx9_36_x64.cab
.cab
DirectX 9.0/Nov2007_d3dx9_36_x86.cab
.cab
DirectX 9.0/Nov2008_X3DAudio_x64.cab
.cab
DirectX 9.0/Nov2008_X3DAudio_x86.cab
.cab
DirectX 9.0/Nov2008_XACT_x64.cab
.cab
DirectX 9.0/Nov2008_XACT_x86.cab
.cab
DirectX 9.0/Nov2008_XAudio_x64.cab
.cab
DirectX 9.0/Nov2008_XAudio_x86.cab
.cab
DirectX 9.0/Nov2008_d3dx10_40_x64.cab
.cab
DirectX 9.0/Nov2008_d3dx10_40_x86.cab
.cab
DirectX 9.0/Nov2008_d3dx9_40_x64.cab
.cab
DirectX 9.0/Nov2008_d3dx9_40_x86.cab
.cab
DirectX 9.0/OCT2006_XACT_x64.cab
.cab
DirectX 9.0/OCT2006_XACT_x86.cab
.cab
DirectX 9.0/OCT2006_d3dx9_31_x64.cab
.cab
DirectX 9.0/OCT2006_d3dx9_31_x86.cab
.cab
DirectX 9.0/Oct2005_xinput_x64.cab
.cab
DirectX 9.0/Oct2005_xinput_x86.cab
.cab
DirectX 9.0/dsetup32.dll
.dll windows x86

d9d6cc43183af6cd33abf97f1c22911c

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

cd:31:17:dc:2e:92:27:6a:de:ee:56:03:73:8e:ff:ea:72:73:7e:34
Signer

Actual PE Digest

cd:31:17:dc:2e:92:27:6a:de:ee:56:03:73:8e:ff:ea:72:73:7e:34

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

30/03/2011, 18:42
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindFirstFileA
GetSystemDirectoryA
CopyFileA
DeleteFileA
WideCharToMultiByte
LoadResource
FindResourceA
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
lstrcmpA
LockResource
SizeofResource
SetLastError
MultiByteToWideChar
GetPrivateProfileStringA
CloseHandle
GetFileSize
CreateFileA
GetPrivateProfileSectionA
FindNextFileA
GetSystemDefaultLCID
GetShortPathNameA
GetModuleFileNameA
GetFileAttributesA
GetPrivateProfileSectionNamesA
GetSystemInfo
GetModuleHandleA
ReadFile
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetTempFileNameA
GetDriveTypeA
GetCurrentDirectoryA
ExpandEnvironmentStringsA
GetTempPathA
MoveFileExA
SetFileTime
GetFileTime
Sleep
CreateMutexA
GetCommandLineA
GetLocalTime
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetVersionExA
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
WriteFile
GetConsoleCP
GetConsoleMode
InitializeCriticalSection
GetModuleHandleW
SetFilePointer
SetStdHandle
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
VirtualQuery
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap
GetProcAddress
LoadLibraryA
GetCurrentProcess
FreeLibrary
CompareStringA
FormatMessageA
LocalFree
GetWindowsDirectoryA
OutputDebugStringA
CreateDirectoryA
InterlockedDecrement
GetLastError

gdi32

GetDeviceCaps

user32

PeekMessageA
ShowWindow
GetDlgItem
SendMessageA
CharLowerA
MessageBoxA
CreateDialogParamA
SetFocus
DestroyWindow
DialogBoxParamA
GetMessageA
CharNextA
EndDialog
SetDlgItemTextA
SendDlgItemMessageA
GetDesktopWindow
GetWindowRect
GetDC
ReleaseDC
SetWindowPos
LoadStringA
DispatchMessageA
TranslateMessage
GetKeyboardType

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA

version

VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA

shell32

SHFileOperationA

Exports

Exports

DirectXLoadString
DirectXSetupCallback
DirectXSetupSetCallback
DirectXSetupShowEULA
iDirectXSetup
iDirectXSetupGetEULAA
iDirectXSetupGetEULAW

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DirectX 9.0/dxdllreg_x86.cab
.cab
DirectX 9.0/dxupdate.cab
.cab

Sharing

General

Malware Config

Signatures

Files

6668c9525ad04c4190169dc04fde550d

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

44:c2:26:68:e3:a7:0e:0f:e1:0d:6e:d0:a5:42:df:15:4c:e1:0a:0fSigner

Signature Validations

Verification

05/04/2007, 01:53 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

version

setupapi

Sections

.text Size: 52KB - Virtual size: 52KB

.data Size: 2KB - Virtual size: 11KB

.pdata Size: 3KB - Virtual size: 2KB

01dbb721ad8b0aa287d0e6cb37b97382

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

6e:2b:fc:2c:be:00:d2:f9:f0:2d:7a:31:b3:c6:e8:cc:c4:87:22:77Signer

Signature Validations

Verification

07/02/2023, 20:44 Valid: false

Headers

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 296B

.pdata Size: 512B - Virtual size: 168B

.rsrc Size: 1024B - Virtual size: 984B

db64690fd3880f9d7a43b3137465b79c

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

44:c2:26:68:e3:a7:0e:0f:e1:0d:6e:d0:a5:42:df:15:4c:e1:0a:0f
Signer

05/04/2007, 01:53
Valid: false

.text
Size: 52KB - Virtual size: 52KB

.data
Size: 2KB - Virtual size: 11KB

.pdata
Size: 3KB - Virtual size: 2KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

6e:2b:fc:2c:be:00:d2:f9:f0:2d:7a:31:b3:c6:e8:cc:c4:87:22:77
Signer

07/02/2023, 20:44
Valid: false

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 296B

.pdata
Size: 512B - Virtual size: 168B

.rsrc
Size: 1024B - Virtual size: 984B

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

a8:0a:f8:7d:a4:03:9b:2c:84:8b:b3:7d:71:bf:21:21:a5:17:49:1b
Signer

05/04/2007, 01:55
Valid: false

.text
Size: 354KB - Virtual size: 354KB

RT_CODE
Size: 512B - Virtual size: 99B

.data
Size: 1024B - Virtual size: 11KB

.pdata
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 4KB - Virtual size: 3KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:b2:9b:00:00:00:00:00:15
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

38:29:f8:13:65:88:5c:bf:c5:fa:66:63:11:cb:3f:22:25:39:e2:6c
Signer

30/03/2011, 18:42
Valid: false

.text
Size: 74KB - Virtual size: 74KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB