TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win10v2004-20230221-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
9411858005.zip
-
Size
6.9MB
-
MD5
6519a1a9e6fd1c9cf3209b75f1bb4ea2
-
SHA1
99586edab0da6863606970139bcc1ae756f78cfd
-
SHA256
cde11cf5a746301783e9a5432ed2d77b13406537c9cc4cc24267ccb7eef45822
-
SHA512
70a3102411a779b5052160a413cffa73ff595da38738592ef95ae9bc2e7fd9f4ed257043aec4ab1d6a0bfb6db312fbe912f3d76ffcfbb9c64f831d82e883abc0
-
SSDEEP
98304:DQqjG1EvqHwNDs1OfGcnyeus1Topvb2MVBKT5N4S0EUttWhAAwh7W6ua:DQ2GXEDeOf/7mpvb905NHzKtpFh7W6ua
Score
1/10
Malware Config
Signatures
Files
-
9411858005.zip.zip
Password: infected
-
dc6600a9256901ed0b8d7628e9b52ae019103f85a985b3028c6d44dbaccab30f.zip
-
setup.exe.exe windows x86
e569e6f445d32ba23766ad67d1e3787f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
kernel32
GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale
comctl32
InitCommonControls
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
user32
CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW
oleaut32
SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate
netapi32
NetWkstaGetInfo
NetApiBufferFree
advapi32
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
AdjustTokenPrivileges
GetTokenInformation
ConvertSidToStringSidW
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW
Exports
Exports
Sections
.text Size: 718KB - Virtual size: 718KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 27KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didata Size: 512B - Virtual size: 420B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 154B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: - Virtual size: 24B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 93B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 185KB - Virtual size: 184KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
setupapi.dll.dll windows x64
03f310fd1bd3afc702f5db7aa523cddf
Code Sign
33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/09/2021, 18:23Not After01/09/2022, 18:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
eb:0e:1f:1e:ae:fe:05:e7:31:eb:3c:56:a2:f8:77:ab:c9:ad:98:35:3d:cf:f6:0e:27:f6:76:d4:ff:bb:c9:f9Signer
Actual PE Digesteb:0e:1f:1e:ae:fe:05:e7:31:eb:3c:56:a2:f8:77:ab:c9:ad:98:35:3d:cf:f6:0e:27:f6:76:d4:ff:bb:c9:f9Digest Algorithmsha256PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US27/02/2023, 09:32 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
Imports
msvcrt
free
wcsspn
toupper
swscanf
_beginthreadex
_amsg_exit
malloc
_initterm
_wcslwr
_lock
_beginthread
iswctype
_vsnprintf
_resetstkoflw
__CxxFrameHandler4
??3@YAXPEAX@Z
_purecall
_errno
_wcstoui64
??_V@YAXPEAX@Z
_wtoi
_ultow_s
_itow_s
wcscpy_s
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
wcstoul
_unlock
wcsncmp
__dllonexit
_onexit
memset
wcsnlen
__C_specific_handler
_endthread
wcstol
towupper
wcsstr
memcmp
_wcsnicmp
wcschr
_wcsicmp
wcsrchr
_vsnwprintf
_XcptFilter
wcscmp
ntdll
RtlGUIDFromString
RtlRandomEx
RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
NtDeleteKey
NtOpenKey
NtCreateKey
NtQueryValueKey
NtSetValueKey
NtDeleteValueKey
NtEnumerateKey
NtSetInformationFile
NtQueryInformationFile
NtSetInformationThread
NtQueryInformationThread
NtQuerySystemInformation
RtlInitUnicodeStringEx
RtlUnicodeStringToInteger
RtlUpcaseUnicodeChar
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteN
RtlUnicodeToMultiByteSize
NtCreateTransaction
NtCommitTransaction
RtlImageNtHeader
EtwEventSetInformation
RtlIoEncodeMemIoResource
RtlUnsubscribeWnfStateChangeNotification
RtlNtStatusToDosError
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlPrefixUnicodeString
EtwEventUnregister
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlNtStatusToDosErrorNoTeb
RtlHashUnicodeString
RtlInitUnicodeString
RtlGetVersion
EtwEventWriteTransfer
EtwTraceMessage
NtClose
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
RaiseException
SetLastError
UnhandledExceptionFilter
SetErrorMode
GetLastError
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
lstrcmpW
api-ms-win-core-kernel32-legacy-l1-1-0
MoveFileW
DosDateTimeToFileTime
api-ms-win-core-handle-l1-1-0
CloseHandle
DuplicateHandle
api-ms-win-core-synch-l1-1-0
EnterCriticalSection
ResetEvent
DeleteCriticalSection
InitializeCriticalSection
WaitForMultipleObjectsEx
WaitForSingleObject
CreateEventW
AcquireSRWLockExclusive
SleepEx
CreateMutexW
ReleaseMutex
ReleaseSRWLockExclusive
LeaveCriticalSection
WaitForSingleObjectEx
SetEvent
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
FindResourceW
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameW
GetProcAddress
LoadResource
GetModuleFileNameA
FreeLibrary
LoadStringW
FindResourceExW
GetModuleHandleW
GetModuleHandleA
LockResource
FreeResource
SizeofResource
LoadLibraryExA
LoadLibraryExW
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
SystemTimeToFileTime
api-ms-win-core-string-l1-1-0
GetStringTypeExW
WideCharToMultiByte
CompareStringW
CompareStringOrdinal
MultiByteToWideChar
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc
api-ms-win-core-processenvironment-l1-1-0
GetCurrentDirectoryW
GetCommandLineA
GetEnvironmentVariableW
SetCurrentDirectoryW
ExpandEnvironmentStringsW
api-ms-win-core-shlwapi-legacy-l1-1-0
PathParseIconLocationW
api-ms-win-core-localization-l1-2-0
GetLocaleInfoW
GetThreadLocale
FormatMessageW
GetThreadUILanguage
LCMapStringW
api-ms-win-core-synch-l1-2-0
Sleep
InitOnceBeginInitialize
InitOnceComplete
api-ms-win-core-sysinfo-l1-1-0
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount64
GetLocalTime
GetTickCount
GetSystemInfo
GetSystemDirectoryW
api-ms-win-core-datetime-l1-1-0
GetDateFormatW
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
LocalReAlloc
api-ms-win-core-processthreads-l1-1-0
TlsAlloc
TlsGetValue
GetExitCodeProcess
OpenThreadToken
TlsSetValue
TlsFree
GetExitCodeThread
OpenProcessToken
GetCurrentThread
GetCurrentProcess
TerminateProcess
GetStartupInfoW
CreateProcessW
GetCurrentProcessId
GetCurrentThreadId
SetThreadToken
api-ms-win-core-sysinfo-l1-2-0
GetNativeSystemInfo
VerSetConditionMask
api-ms-win-core-file-l2-1-2
CopyFileW
api-ms-win-core-file-l2-1-0
MoveFileExW
CopyFileExW
CreateHardLinkW
api-ms-win-core-privateprofile-l1-1-0
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileSectionW
api-ms-win-core-version-l1-1-0
GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW
api-ms-win-core-sidebyside-l1-1-0
ReleaseActCtx
ActivateActCtx
CreateActCtxW
DeactivateActCtx
api-ms-win-core-kernel32-legacy-l1-1-1
VerifyVersionInfoW
api-ms-win-core-wow64-l1-1-1
IsWow64Process2
api-ms-win-core-memory-l1-1-0
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
VirtualProtect
VirtualQuery
api-ms-win-core-privateprofile-l1-1-1
WritePrivateProfileSectionW
api-ms-win-core-localization-obsolete-l1-2-0
GetSystemDefaultUILanguage
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
kernel32
LZCopy
LZClose
LZOpenFileW
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
api-ms-win-eventing-classicprovider-l1-1-0
TraceMessage
api-ms-win-core-util-l1-1-0
EncodePointer
DecodePointer
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Exports
Exports
CMP_GetBlockedDriverInfo
CMP_GetServerSideDeviceInstallFlags
CMP_Init_Detection
CMP_Report_LogOn
CMP_WaitNoPendingInstallEvents
CMP_WaitServicesAvailable
CM_Add_Driver_PackageW
CM_Add_Empty_Log_Conf
CM_Add_Empty_Log_Conf_Ex
CM_Add_IDA
CM_Add_IDW
CM_Add_ID_ExA
CM_Add_ID_ExW
CM_Add_Range
CM_Add_Res_Des
CM_Add_Res_Des_Ex
CM_Apply_PowerScheme
CM_Connect_MachineA
CM_Connect_MachineW
CM_Create_DevNodeA
CM_Create_DevNodeW
CM_Create_DevNode_ExA
CM_Create_DevNode_ExW
CM_Create_Range_List
CM_Delete_Class_Key
CM_Delete_Class_Key_Ex
CM_Delete_DevNode_Key
CM_Delete_DevNode_Key_Ex
CM_Delete_Device_Interface_KeyA
CM_Delete_Device_Interface_KeyW
CM_Delete_Device_Interface_Key_ExA
CM_Delete_Device_Interface_Key_ExW
CM_Delete_Driver_PackageW
CM_Delete_PowerScheme
CM_Delete_Range
CM_Detect_Resource_Conflict
CM_Detect_Resource_Conflict_Ex
CM_Disable_DevNode
CM_Disable_DevNode_Ex
CM_Disconnect_Machine
CM_Dup_Range_List
CM_Duplicate_PowerScheme
CM_Enable_DevNode
CM_Enable_DevNode_Ex
CM_Enumerate_Classes
CM_Enumerate_Classes_Ex
CM_Enumerate_EnumeratorsA
CM_Enumerate_EnumeratorsW
CM_Enumerate_Enumerators_ExA
CM_Enumerate_Enumerators_ExW
CM_Find_Range
CM_First_Range
CM_Free_Log_Conf
CM_Free_Log_Conf_Ex
CM_Free_Log_Conf_Handle
CM_Free_Range_List
CM_Free_Res_Des
CM_Free_Res_Des_Ex
CM_Free_Res_Des_Handle
CM_Free_Resource_Conflict_Handle
CM_Get_Child
CM_Get_Child_Ex
CM_Get_Class_Key_NameA
CM_Get_Class_Key_NameW
CM_Get_Class_Key_Name_ExA
CM_Get_Class_Key_Name_ExW
CM_Get_Class_NameA
CM_Get_Class_NameW
CM_Get_Class_Name_ExA
CM_Get_Class_Name_ExW
CM_Get_Class_Registry_PropertyA
CM_Get_Class_Registry_PropertyW
CM_Get_Depth
CM_Get_Depth_Ex
CM_Get_DevNode_Custom_PropertyA
CM_Get_DevNode_Custom_PropertyW
CM_Get_DevNode_Custom_Property_ExA
CM_Get_DevNode_Custom_Property_ExW
CM_Get_DevNode_Registry_PropertyA
CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Registry_Property_ExA
CM_Get_DevNode_Registry_Property_ExW
CM_Get_DevNode_Status
CM_Get_DevNode_Status_Ex
CM_Get_Device_IDA
CM_Get_Device_IDW
CM_Get_Device_ID_ExA
CM_Get_Device_ID_ExW
CM_Get_Device_ID_ListA
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_ExA
CM_Get_Device_ID_List_ExW
CM_Get_Device_ID_List_SizeA
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_List_Size_ExA
CM_Get_Device_ID_List_Size_ExW
CM_Get_Device_ID_Size
CM_Get_Device_ID_Size_Ex
CM_Get_Device_Interface_AliasA
CM_Get_Device_Interface_AliasW
CM_Get_Device_Interface_Alias_ExA
CM_Get_Device_Interface_Alias_ExW
CM_Get_Device_Interface_ListA
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_ExA
CM_Get_Device_Interface_List_ExW
CM_Get_Device_Interface_List_SizeA
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_List_Size_ExA
CM_Get_Device_Interface_List_Size_ExW
CM_Get_First_Log_Conf
CM_Get_First_Log_Conf_Ex
CM_Get_Global_State
CM_Get_Global_State_Ex
CM_Get_HW_Prof_FlagsA
CM_Get_HW_Prof_FlagsW
CM_Get_HW_Prof_Flags_ExA
CM_Get_HW_Prof_Flags_ExW
CM_Get_Hardware_Profile_InfoA
CM_Get_Hardware_Profile_InfoW
CM_Get_Hardware_Profile_Info_ExA
CM_Get_Hardware_Profile_Info_ExW
CM_Get_Log_Conf_Priority
CM_Get_Log_Conf_Priority_Ex
CM_Get_Next_Log_Conf
CM_Get_Next_Log_Conf_Ex
CM_Get_Next_Res_Des
CM_Get_Next_Res_Des_Ex
CM_Get_Parent
CM_Get_Parent_Ex
CM_Get_Res_Des_Data
CM_Get_Res_Des_Data_Ex
CM_Get_Res_Des_Data_Size
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Resource_Conflict_Count
CM_Get_Resource_Conflict_DetailsA
CM_Get_Resource_Conflict_DetailsW
CM_Get_Sibling
CM_Get_Sibling_Ex
CM_Get_Version
CM_Get_Version_Ex
CM_Import_PowerScheme
CM_Install_DevNodeW
CM_Install_DevNode_ExW
CM_Intersect_Range_List
CM_Invert_Range_List
CM_Is_Dock_Station_Present
CM_Is_Dock_Station_Present_Ex
CM_Is_Version_Available
CM_Is_Version_Available_Ex
CM_Locate_DevNodeA
CM_Locate_DevNodeW
CM_Locate_DevNode_ExA
CM_Locate_DevNode_ExW
CM_Merge_Range_List
CM_Modify_Res_Des
CM_Modify_Res_Des_Ex
CM_Move_DevNode
CM_Move_DevNode_Ex
CM_Next_Range
CM_Open_Class_KeyA
CM_Open_Class_KeyW
CM_Open_Class_Key_ExA
CM_Open_Class_Key_ExW
CM_Open_DevNode_Key
CM_Open_DevNode_Key_Ex
CM_Open_Device_Interface_KeyA
CM_Open_Device_Interface_KeyW
CM_Open_Device_Interface_Key_ExA
CM_Open_Device_Interface_Key_ExW
CM_Query_And_Remove_SubTreeA
CM_Query_And_Remove_SubTreeW
CM_Query_And_Remove_SubTree_ExA
CM_Query_And_Remove_SubTree_ExW
CM_Query_Arbitrator_Free_Data
CM_Query_Arbitrator_Free_Data_Ex
CM_Query_Arbitrator_Free_Size
CM_Query_Arbitrator_Free_Size_Ex
CM_Query_Remove_SubTree
CM_Query_Remove_SubTree_Ex
CM_Query_Resource_Conflict_List
CM_Reenumerate_DevNode
CM_Reenumerate_DevNode_Ex
CM_Register_Device_Driver
CM_Register_Device_Driver_Ex
CM_Register_Device_InterfaceA
CM_Register_Device_InterfaceW
CM_Register_Device_Interface_ExA
CM_Register_Device_Interface_ExW
CM_Remove_SubTree
CM_Remove_SubTree_Ex
CM_Request_Device_EjectA
CM_Request_Device_EjectW
CM_Request_Device_Eject_ExA
CM_Request_Device_Eject_ExW
CM_Request_Eject_PC
CM_Request_Eject_PC_Ex
CM_RestoreAll_DefaultPowerSchemes
CM_Restore_DefaultPowerScheme
CM_Run_Detection
CM_Run_Detection_Ex
CM_Set_ActiveScheme
CM_Set_Class_Registry_PropertyA
CM_Set_Class_Registry_PropertyW
CM_Set_DevNode_Problem
CM_Set_DevNode_Problem_Ex
CM_Set_DevNode_Registry_PropertyA
CM_Set_DevNode_Registry_PropertyW
CM_Set_DevNode_Registry_Property_ExA
CM_Set_DevNode_Registry_Property_ExW
CM_Set_HW_Prof
CM_Set_HW_Prof_Ex
CM_Set_HW_Prof_FlagsA
CM_Set_HW_Prof_FlagsW
CM_Set_HW_Prof_Flags_ExA
CM_Set_HW_Prof_Flags_ExW
CM_Setup_DevNode
CM_Setup_DevNode_Ex
CM_Test_Range_Available
CM_Uninstall_DevNode
CM_Uninstall_DevNode_Ex
CM_Unregister_Device_InterfaceA
CM_Unregister_Device_InterfaceW
CM_Unregister_Device_Interface_ExA
CM_Unregister_Device_Interface_ExW
CM_Write_UserPowerKey
DoesUserHavePrivilege
DriverStoreAddDriverPackageA
DriverStoreAddDriverPackageW
DriverStoreDeleteDriverPackageA
DriverStoreDeleteDriverPackageW
DriverStoreEnumDriverPackageA
DriverStoreEnumDriverPackageW
DriverStoreFindDriverPackageA
DriverStoreFindDriverPackageW
ExtensionPropSheetPageProc
InstallCatalog
InstallHinfSection
InstallHinfSectionA
InstallHinfSectionW
IsUserAdmin
MyFree
MyMalloc
MyRealloc
PnpEnumDrpFile
PnpIsFileAclIntact
PnpIsFileContentIntact
PnpIsFilePnpDriver
PnpRepairWindowsProtectedDriver
SetupAddInstallSectionToDiskSpaceListA
SetupAddInstallSectionToDiskSpaceListW
SetupAddSectionToDiskSpaceListA
SetupAddSectionToDiskSpaceListW
SetupAddToDiskSpaceListA
SetupAddToDiskSpaceListW
SetupAddToSourceListA
SetupAddToSourceListW
SetupAdjustDiskSpaceListA
SetupAdjustDiskSpaceListW
SetupBackupErrorA
SetupBackupErrorW
SetupCancelTemporarySourceList
SetupCloseFileQueue
SetupCloseInfFile
SetupCloseLog
SetupCommitFileQueue
SetupCommitFileQueueA
SetupCommitFileQueueW
SetupConfigureWmiFromInfSectionA
SetupConfigureWmiFromInfSectionW
SetupCopyErrorA
SetupCopyErrorW
SetupCopyOEMInfA
SetupCopyOEMInfW
SetupCreateDiskSpaceListA
SetupCreateDiskSpaceListW
SetupDecompressOrCopyFileA
SetupDecompressOrCopyFileW
SetupDefaultQueueCallback
SetupDefaultQueueCallbackA
SetupDefaultQueueCallbackW
SetupDeleteErrorA
SetupDeleteErrorW
SetupDestroyDiskSpaceList
SetupDiApplyPowerScheme
SetupDiAskForOEMDisk
SetupDiBuildClassInfoList
SetupDiBuildClassInfoListExA
SetupDiBuildClassInfoListExW
SetupDiBuildDriverInfoList
SetupDiCallClassInstaller
SetupDiCancelDriverInfoSearch
SetupDiChangeState
SetupDiClassGuidsFromNameA
SetupDiClassGuidsFromNameExA
SetupDiClassGuidsFromNameExW
SetupDiClassGuidsFromNameW
SetupDiClassNameFromGuidA
SetupDiClassNameFromGuidExA
SetupDiClassNameFromGuidExW
SetupDiClassNameFromGuidW
SetupDiCreateDevRegKeyA
SetupDiCreateDevRegKeyW
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoListExA
SetupDiCreateDeviceInfoListExW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInterfaceA
SetupDiCreateDeviceInterfaceRegKeyA
SetupDiCreateDeviceInterfaceRegKeyW
SetupDiCreateDeviceInterfaceW
SetupDiDeleteDevRegKey
SetupDiDeleteDeviceInfo
SetupDiDeleteDeviceInterfaceData
SetupDiDeleteDeviceInterfaceRegKey
SetupDiDestroyClassImageList
SetupDiDestroyDeviceInfoList
SetupDiDestroyDriverInfoList
SetupDiDrawMiniIcon
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiEnumDriverInfoA
SetupDiEnumDriverInfoW
SetupDiGetActualModelsSectionA
SetupDiGetActualModelsSectionW
SetupDiGetActualSectionToInstallA
SetupDiGetActualSectionToInstallExA
SetupDiGetActualSectionToInstallExW
SetupDiGetActualSectionToInstallW
SetupDiGetClassBitmapIndex
SetupDiGetClassDescriptionA
SetupDiGetClassDescriptionExA
SetupDiGetClassDescriptionExW
SetupDiGetClassDescriptionW
SetupDiGetClassDevPropertySheetsA
SetupDiGetClassDevPropertySheetsW
SetupDiGetClassDevsA
SetupDiGetClassDevsExA
SetupDiGetClassDevsExW
SetupDiGetClassDevsW
SetupDiGetClassImageIndex
SetupDiGetClassImageList
SetupDiGetClassImageListExA
SetupDiGetClassImageListExW
SetupDiGetClassInstallParamsA
SetupDiGetClassInstallParamsW
SetupDiGetClassPropertyExW
SetupDiGetClassPropertyKeys
SetupDiGetClassPropertyKeysExW
SetupDiGetClassPropertyW
SetupDiGetClassRegistryPropertyA
SetupDiGetClassRegistryPropertyW
SetupDiGetCustomDevicePropertyA
SetupDiGetCustomDevicePropertyW
SetupDiGetDeviceInfoListClass
SetupDiGetDeviceInfoListDetailA
SetupDiGetDeviceInfoListDetailW
SetupDiGetDeviceInstallParamsA
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInterfaceAlias
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInterfacePropertyKeys
SetupDiGetDeviceInterfacePropertyW
SetupDiGetDevicePropertyKeys
SetupDiGetDevicePropertyW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDriverInfoDetailA
SetupDiGetDriverInfoDetailW
SetupDiGetDriverInstallParamsA
SetupDiGetDriverInstallParamsW
SetupDiGetHwProfileFriendlyNameA
SetupDiGetHwProfileFriendlyNameExA
SetupDiGetHwProfileFriendlyNameExW
SetupDiGetHwProfileFriendlyNameW
SetupDiGetHwProfileList
SetupDiGetHwProfileListExA
SetupDiGetHwProfileListExW
SetupDiGetINFClassA
SetupDiGetINFClassW
SetupDiGetSelectedDevice
SetupDiGetSelectedDriverA
SetupDiGetSelectedDriverW
SetupDiGetWizardPage
SetupDiInstallClassA
SetupDiInstallClassExA
SetupDiInstallClassExW
SetupDiInstallClassW
SetupDiInstallDevice
SetupDiInstallDeviceInterfaces
SetupDiInstallDriverFiles
SetupDiLoadClassIcon
SetupDiLoadDeviceIcon
SetupDiMoveDuplicateDevice
SetupDiOpenClassRegKey
SetupDiOpenClassRegKeyExA
SetupDiOpenClassRegKeyExW
SetupDiOpenDevRegKey
SetupDiOpenDeviceInfoA
SetupDiOpenDeviceInfoW
SetupDiOpenDeviceInterfaceA
SetupDiOpenDeviceInterfaceRegKey
SetupDiOpenDeviceInterfaceW
SetupDiRegisterCoDeviceInstallers
SetupDiRegisterDeviceInfo
SetupDiRemoveDevice
SetupDiRemoveDeviceInterface
SetupDiReportAdditionalSoftwareRequested
SetupDiReportDeviceInstallError
SetupDiReportDriverNotFoundError
SetupDiReportDriverPackageImportationError
SetupDiReportGenericDriverInstalled
SetupDiReportPnPDeviceProblem
SetupDiRestartDevices
SetupDiSelectBestCompatDrv
SetupDiSelectDevice
SetupDiSelectOEMDrv
SetupDiSetClassInstallParamsA
SetupDiSetClassInstallParamsW
SetupDiSetClassPropertyExW
SetupDiSetClassPropertyW
SetupDiSetClassRegistryPropertyA
SetupDiSetClassRegistryPropertyW
SetupDiSetDeviceInstallParamsA
SetupDiSetDeviceInstallParamsW
SetupDiSetDeviceInterfaceDefault
SetupDiSetDeviceInterfacePropertyW
SetupDiSetDevicePropertyW
SetupDiSetDeviceRegistryPropertyA
SetupDiSetDeviceRegistryPropertyW
SetupDiSetDriverInstallParamsA
SetupDiSetDriverInstallParamsW
SetupDiSetSelectedDevice
SetupDiSetSelectedDriverA
SetupDiSetSelectedDriverW
SetupDiUnremoveDevice
SetupDuplicateDiskSpaceListA
SetupDuplicateDiskSpaceListW
SetupEnumInfSectionsA
SetupEnumInfSectionsW
SetupEnumPublishedInfA
SetupEnumPublishedInfW
SetupFindFirstLineA
SetupFindFirstLineW
SetupFindNextLine
SetupFindNextMatchLineA
SetupFindNextMatchLineW
SetupFreeSourceListA
SetupFreeSourceListW
SetupGetBackupInformationA
SetupGetBackupInformationW
SetupGetBinaryField
SetupGetFieldCount
SetupGetFileCompressionInfoA
SetupGetFileCompressionInfoExA
SetupGetFileCompressionInfoExW
SetupGetFileCompressionInfoW
SetupGetFileQueueCount
SetupGetFileQueueFlags
SetupGetInfDriverStoreLocationA
SetupGetInfDriverStoreLocationW
SetupGetInfFileListA
SetupGetInfFileListW
SetupGetInfInformationA
SetupGetInfInformationW
SetupGetInfPublishedNameA
SetupGetInfPublishedNameW
SetupGetInfSections
SetupGetIntField
SetupGetLineByIndexA
SetupGetLineByIndexW
SetupGetLineCountA
SetupGetLineCountW
SetupGetLineTextA
SetupGetLineTextW
SetupGetMultiSzFieldA
SetupGetMultiSzFieldW
SetupGetNonInteractiveMode
SetupGetSourceFileLocationA
SetupGetSourceFileLocationW
SetupGetSourceFileSizeA
SetupGetSourceFileSizeW
SetupGetSourceInfoA
SetupGetSourceInfoW
SetupGetStringFieldA
SetupGetStringFieldW
SetupGetTargetPathA
SetupGetTargetPathW
SetupGetThreadLogToken
SetupInitDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
SetupInitializeFileLogA
SetupInitializeFileLogW
SetupInstallFileA
SetupInstallFileExA
SetupInstallFileExW
Sections
.text Size: 872KB - Virtual size: 868KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 212KB - Virtual size: 208KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 28KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.3MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
verifier.dll.dll windows x64
8bf144f6fdf48da3cc6073dd4bd7b5d4
Code Sign
33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:24Not After02/05/2020, 21:24SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d5:74:c3:ea:7c:d0:b3:3b:38:49:1e:e7:bb:99:67:72:6c:c0:9d:be:e0:54:e0:99:31:b5:3a:95:05:af:a0:28Signer
Actual PE Digestd5:74:c3:ea:7c:d0:b3:3b:38:49:1e:e7:bb:99:67:72:6c:c0:9d:be:e0:54:e0:99:31:b5:3a:95:05:af:a0:28Digest Algorithmsha256PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US27/02/2023, 09:32 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntdll
RtlDllShutdownInProgress
RtlCompareUnicodeString
NtQuerySystemTime
RtlAllocateHeap
RtlRandom
NtQueryPerformanceCounter
RtlInitUnicodeString
RtlCaptureStackBackTrace
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlLeaveCriticalSection
DbgPrint
RtlDeleteCriticalSection
NtFreeVirtualMemory
RtlGetUserInfoHeap
RtlDestroyHeap
RtlValidateHeap
RtlInitializeGenericTableAvl
RtlInitializeSRWLock
DbgPrintEx
NtQueryVirtualMemory
RtlDeleteElementGenericTableAvl
NtQuerySystemInformation
NtOpenEvent
RtlUpcaseUnicodeChar
NtQueryInformationProcess
RtlReleaseSRWLockExclusive
RtlLookupElementGenericTableAvl
RtlAcquireSRWLockExclusive
NtAllocateVirtualMemory
RtlInsertElementGenericTableAvl
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
NtReadVirtualMemory
RtlEnumerateGenericTableAvl
RtlInitializeCriticalSectionEx
RtlSizeHeap
RtlSetUserFlagsHeap
NtQueryEvent
NtProtectVirtualMemory
RtlSetUserValueHeap
RtlFreeHeap
RtlFlushSecureMemoryCache
RtlSetHeapInformation
RtlCreateHeap
RtlUnlockHeap
RtlLockHeap
RtlRaiseException
LdrLockLoaderLock
LdrUnlockLoaderLock
RtlCaptureContext
RtlReportException
NtTerminateProcess
LdrGetProcedureAddress
LdrUnloadDll
LdrLoadDll
RtlDecodePointer
RtlInitAnsiString
RtlEncodePointer
RtlFreeAnsiString
LdrFindResource_U
RtlUnicodeStringToAnsiString
LdrAccessResource
LdrQueryImageFileKeyOption
LdrQueryImageFileExecutionOptions
RtlImageNtHeader
EtwEventWriteTransfer
RtlSetEnvironmentVariable
EtwEventUnregister
EtwEventRegister
NtWriteVirtualMemory
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
memmove
__C_specific_handler
_vsnwprintf
_wcsicmp
_vsnprintf
sscanf_s
wcstoul
RtlVerifyVersionInfo
wcsstr
_stricmp
VerSetConditionMask
RtlQueryHeapInformation
NtOpenThread
NtSuspendThread
NtClose
LdrQueryProcessModuleInformation
RtlNtStatusToDosError
NtResumeThread
RtlAddVectoredExceptionHandler
RtlEqualUnicodeString
LdrGetDllHandle
RtlDeleteResource
RtlAcquireResourceShared
NtDelayExecution
RtlAcquirePebLock
RtlReleaseResource
RtlInitializeResource
RtlAcquireResourceExclusive
RtlRemoveVectoredExceptionHandler
NtQueryInformationThread
RtlFindClearBitsAndSet
NtQueryObject
RtlReleasePebLock
RtlInterlockedPushEntrySList
RtlSplay
RtlDelete
RtlInitializeSListHead
RtlpWaitForCriticalSection
RtlInitializeCriticalSectionAndSpinCount
RtlTryEnterCriticalSection
RtlConvertExclusiveToShared
RtlRaiseStatus
RtlConvertSharedToExclusive
RtlInterlockedPopEntrySList
LdrFindEntryForAddress
iswspace
RtlEnumerateGenericTableWithoutSplayingAvl
_wcsnicmp
RtlQueryDepthSList
NtCreateEvent
RtlDeregisterWait
NtSetEvent
RtlRegisterWait
NtOpenProcessTokenEx
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
NtOpenKey
RtlConvertSidToUnicodeString
NtQueryInformationToken
NtDeleteValueKey
NtSetValueKey
NtQueryValueKey
NtGetContextThread
RtlDeregisterWaitEx
RtlWalkFrameChain
NtClearEvent
RtlFreeUnicodeString
RtlSetThreadPoolStartFunc
RtlCheckForOrphanedCriticalSections
NtWaitForMultipleObjects
NtCreateKey
NtWaitForSingleObject
NtCreateSection
NtUnmapViewOfSection
NtOpenSection
NtMapViewOfSection
__chkstk
memcpy
memset
Exports
Exports
AVrfAPILookupCallback
VerifierAddFreeMemoryCallback
VerifierCheckPageHeapAllocation
VerifierCreateRpcPageHeap
VerifierDeleteFreeMemoryCallback
VerifierDestroyRpcPageHeap
VerifierDisableFaultInjectionExclusionRange
VerifierDisableFaultInjectionTargetRange
VerifierEnableFaultInjectionExclusionRange
VerifierEnableFaultInjectionTargetRange
VerifierEnumerateResource
VerifierForceNormalHeap
VerifierGetInfoForException
VerifierGetMemoryForDump
VerifierGetPropertyValueByName
VerifierGetProviderHelper
VerifierIsAddressInAnyPageHeap
VerifierIsCurrentThreadHoldingLocks
VerifierIsDllEntryActive
VerifierIsPerUserSettingsEnabled
VerifierQueryRuntimeFlags
VerifierRedirectStopFunctions
VerifierSetFaultInjectionProbability
VerifierSetFlags
VerifierSetRuntimeFlags
VerifierStopMessage
Sections
.text Size: 163KB - Virtual size: 163KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 30KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
version.dll.dll windows x64
34340c2c4e9aa6ef6ad12bb695fc695b
Code Sign
33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/03/2020, 18:30Not After03/03/2021, 18:30SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
99:36:00:2d:63:8d:dc:7d:27:9e:21:e3:d8:be:62:5d:4e:6c:68:50:b8:56:3b:19:e3:ff:44:56:61:da:3d:17Signer
Actual PE Digest99:36:00:2d:63:8d:dc:7d:27:9e:21:e3:d8:be:62:5d:4e:6c:68:50:b8:56:3b:19:e3:ff:44:56:61:da:3d:17Digest Algorithmsha256PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US27/02/2023, 09:32 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
msvcrt
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnwprintf
_vsnprintf
memcmp
api-ms-win-core-errorhandling-l1-1-0
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
api-ms-win-core-version-l1-1-0
VerQueryValueW
VerFindFileW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
api-ms-win-core-localization-l1-2-0
IsDBCSLeadByte
api-ms-win-core-version-l1-1-1
GetFileVersionInfoW
GetFileVersionInfoSizeW
api-ms-win-core-file-l1-1-0
CreateFileW
DeleteFileA
GetFileSize
DeleteFileW
GetFullPathNameA
SetFileTime
GetFileTime
GetFileAttributesW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-processthreads-l1-1-0
TlsFree
GetCurrentProcessId
GetCurrentThreadId
TlsSetValue
TerminateProcess
TlsAlloc
TlsGetValue
GetCurrentProcess
api-ms-win-core-libraryloader-l1-2-0
FreeLibrary
GetProcAddress
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-versionansi-l1-1-0
GetFileVersionInfoExA
VerFindFileA
GetFileVersionInfoSizeExA
VerQueryValueA
api-ms-win-core-versionansi-l1-1-1
GetFileVersionInfoSizeA
GetFileVersionInfoA
api-ms-win-core-version-private-l1-1-0
GetFileVersionInfoByHandle
kernelbase
lstrcmpiA
lstrcmpiW
lstrlenW
ntdll
RtlAllocateHeap
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
NlsMbCodePageTag
kernel32
_lwrite
_lread
_lopen
_lclose
_lcreat
_llseek
LZCreateFileW
LZCloseFile
LZInit
LZCopy
LZClose
MoveFileW
Exports
Exports
GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW
Sections
.text Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 708B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 28B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
vulkan.dll.dll windows x64
01f8e4c6f5b71d53ba85860813f6d82c
Code Sign
09:26:8f:aa:1a:d6:89:4d:17:9e:5b:87:a2:f0:64:62Certificate
IssuerCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before11/09/2017, 00:00Not After09/08/2020, 12:00SubjectCN=LunarG\, Inc.,O=LunarG\, Inc.,L=Fort Collins,ST=Colorado,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2014, 00:00Not After22/10/2024, 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10/11/2006, 00:00Not After10/11/2021, 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
09:26:8f:aa:1a:d6:89:4d:17:9e:5b:87:a2:f0:64:62Certificate
IssuerCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before11/09/2017, 00:00Not After09/08/2020, 12:00SubjectCN=LunarG\, Inc.,O=LunarG\, Inc.,L=Fort Collins,ST=Colorado,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/10/2019, 00:00Not After17/10/2030, 00:00SubjectCN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d5:57:ba:c0:59:76:66:45:f3:41:99:21:c1:8d:c6:be:dc:de:17:7f:da:14:01:0b:52:32:3f:68:1d:d2:98:84Signer
Actual PE Digestd5:57:ba:c0:59:76:66:45:f3:41:99:21:c1:8d:c6:be:dc:de:17:7f:da:14:01:0b:52:32:3f:68:1d:d2:98:84Digest Algorithmsha256PE Digest MatchestrueSignature Validations
TrustedtrueVerification
Signing CertificateCN=LunarG\, Inc.,O=LunarG\, Inc.,L=Fort Collins,ST=Colorado,C=US03/08/2020, 23:01 Valid: true
Chain 1
CN=LunarG\, Inc.,O=LunarG\, Inc.,L=Fort Collins,ST=Colorado,C=US
CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US
CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
23:ea:11:96:3b:fe:43:c9:9f:b4:57:b6:c4:8d:1e:67:18:40:28:55Signer
Actual PE Digest23:ea:11:96:3b:fe:43:c9:9f:b4:57:b6:c4:8d:1e:67:18:40:28:55Digest Algorithmsha1PE Digest MatchestrueSignature Validations
TrustedtrueVerification
Signing CertificateCN=LunarG\, Inc.,O=LunarG\, Inc.,L=Fort Collins,ST=Colorado,C=US03/08/2020, 23:01 Valid: true
Chain 1
CN=LunarG\, Inc.,O=LunarG\, Inc.,L=Fort Collins,ST=Colorado,C=US
CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US
CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
cfgmgr32
CM_Open_DevNode_Key
CM_Locate_DevNodeW
CM_Get_Sibling
CM_Get_DevNode_Status
CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW
CM_Get_Device_IDW
CM_Get_Child
kernel32
GetCurrentProcess
IsWow64Process
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryExA
LoadLibraryA
WideCharToMultiByte
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
CloseHandle
OutputDebugStringA
GetEnvironmentVariableA
GetSystemDirectoryA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ReadFile
FindClose
FindFirstFileExW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetFileSizeEx
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetCurrentThread
HeapReAlloc
GetTimeZoneInformation
MultiByteToWideChar
GetFileAttributesExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
FlushFileBuffers
WriteFile
GetConsoleCP
SetStdHandle
CreateFileW
GetStringTypeW
RaiseException
HeapSize
SetEndOfFile
WriteConsoleW
OutputDebugStringW
advapi32
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegCloseKey
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
Exports
Exports
vkAcquireNextImage2KHR
vkAcquireNextImageKHR
vkAllocateCommandBuffers
vkAllocateDescriptorSets
vkAllocateMemory
vkBeginCommandBuffer
vkBindBufferMemory
vkBindBufferMemory2
vkBindImageMemory
vkBindImageMemory2
vkCmdBeginQuery
vkCmdBeginRenderPass
vkCmdBeginRenderPass2
vkCmdBindDescriptorSets
vkCmdBindIndexBuffer
vkCmdBindPipeline
vkCmdBindVertexBuffers
vkCmdBlitImage
vkCmdClearAttachments
vkCmdClearColorImage
vkCmdClearDepthStencilImage
vkCmdCopyBuffer
vkCmdCopyBufferToImage
vkCmdCopyImage
vkCmdCopyImageToBuffer
vkCmdCopyQueryPoolResults
vkCmdDispatch
vkCmdDispatchBase
vkCmdDispatchIndirect
vkCmdDraw
vkCmdDrawIndexed
vkCmdDrawIndexedIndirect
vkCmdDrawIndexedIndirectCount
vkCmdDrawIndirect
vkCmdDrawIndirectCount
vkCmdEndQuery
vkCmdEndRenderPass
vkCmdEndRenderPass2
vkCmdExecuteCommands
vkCmdFillBuffer
vkCmdNextSubpass
vkCmdNextSubpass2
vkCmdPipelineBarrier
vkCmdPushConstants
vkCmdResetEvent
vkCmdResetQueryPool
vkCmdResolveImage
vkCmdSetBlendConstants
vkCmdSetDepthBias
vkCmdSetDepthBounds
vkCmdSetDeviceMask
vkCmdSetEvent
vkCmdSetLineWidth
vkCmdSetScissor
vkCmdSetStencilCompareMask
vkCmdSetStencilReference
vkCmdSetStencilWriteMask
vkCmdSetViewport
vkCmdUpdateBuffer
vkCmdWaitEvents
vkCmdWriteTimestamp
vkCreateBuffer
vkCreateBufferView
vkCreateCommandPool
vkCreateComputePipelines
vkCreateDescriptorPool
vkCreateDescriptorSetLayout
vkCreateDescriptorUpdateTemplate
vkCreateDevice
vkCreateDisplayModeKHR
vkCreateDisplayPlaneSurfaceKHR
vkCreateEvent
vkCreateFence
vkCreateFramebuffer
vkCreateGraphicsPipelines
vkCreateImage
vkCreateImageView
vkCreateInstance
vkCreatePipelineCache
vkCreatePipelineLayout
vkCreateQueryPool
vkCreateRenderPass
vkCreateRenderPass2
vkCreateSampler
vkCreateSamplerYcbcrConversion
vkCreateSemaphore
vkCreateShaderModule
vkCreateSharedSwapchainsKHR
vkCreateSwapchainKHR
vkCreateWin32SurfaceKHR
vkDestroyBuffer
vkDestroyBufferView
vkDestroyCommandPool
vkDestroyDescriptorPool
vkDestroyDescriptorSetLayout
vkDestroyDescriptorUpdateTemplate
vkDestroyDevice
vkDestroyEvent
vkDestroyFence
vkDestroyFramebuffer
vkDestroyImage
vkDestroyImageView
vkDestroyInstance
vkDestroyPipeline
vkDestroyPipelineCache
vkDestroyPipelineLayout
vkDestroyQueryPool
vkDestroyRenderPass
vkDestroySampler
vkDestroySamplerYcbcrConversion
vkDestroySemaphore
vkDestroyShaderModule
vkDestroySurfaceKHR
vkDestroySwapchainKHR
vkDeviceWaitIdle
vkEndCommandBuffer
vkEnumerateDeviceExtensionProperties
vkEnumerateDeviceLayerProperties
vkEnumerateInstanceExtensionProperties
vkEnumerateInstanceLayerProperties
vkEnumerateInstanceVersion
vkEnumeratePhysicalDeviceGroups
vkEnumeratePhysicalDevices
vkFlushMappedMemoryRanges
vkFreeCommandBuffers
vkFreeDescriptorSets
vkFreeMemory
vkGetBufferDeviceAddress
vkGetBufferMemoryRequirements
vkGetBufferMemoryRequirements2
vkGetBufferOpaqueCaptureAddress
vkGetDescriptorSetLayoutSupport
vkGetDeviceGroupPeerMemoryFeatures
vkGetDeviceGroupPresentCapabilitiesKHR
vkGetDeviceGroupSurfacePresentModesKHR
vkGetDeviceMemoryCommitment
vkGetDeviceMemoryOpaqueCaptureAddress
vkGetDeviceProcAddr
vkGetDeviceQueue
vkGetDeviceQueue2
vkGetDisplayModeProperties2KHR
vkGetDisplayModePropertiesKHR
vkGetDisplayPlaneCapabilities2KHR
vkGetDisplayPlaneCapabilitiesKHR
vkGetDisplayPlaneSupportedDisplaysKHR
vkGetEventStatus
vkGetFenceStatus
vkGetImageMemoryRequirements
vkGetImageMemoryRequirements2
vkGetImageSparseMemoryRequirements
vkGetImageSparseMemoryRequirements2
vkGetImageSubresourceLayout
vkGetInstanceProcAddr
vkGetPhysicalDeviceDisplayPlaneProperties2KHR
vkGetPhysicalDeviceDisplayPlanePropertiesKHR
vkGetPhysicalDeviceDisplayProperties2KHR
vkGetPhysicalDeviceDisplayPropertiesKHR
vkGetPhysicalDeviceExternalBufferProperties
vkGetPhysicalDeviceExternalFenceProperties
vkGetPhysicalDeviceExternalSemaphoreProperties
vkGetPhysicalDeviceFeatures
vkGetPhysicalDeviceFeatures2
vkGetPhysicalDeviceFormatProperties
vkGetPhysicalDeviceFormatProperties2
vkGetPhysicalDeviceImageFormatProperties
vkGetPhysicalDeviceImageFormatProperties2
vkGetPhysicalDeviceMemoryProperties
vkGetPhysicalDeviceMemoryProperties2
vkGetPhysicalDevicePresentRectanglesKHR
vkGetPhysicalDeviceProperties
vkGetPhysicalDeviceProperties2
vkGetPhysicalDeviceQueueFamilyProperties
vkGetPhysicalDeviceQueueFamilyProperties2
vkGetPhysicalDeviceSparseImageFormatProperties
vkGetPhysicalDeviceSparseImageFormatProperties2
vkGetPhysicalDeviceSurfaceCapabilities2KHR
vkGetPhysicalDeviceSurfaceCapabilitiesKHR
vkGetPhysicalDeviceSurfaceFormats2KHR
vkGetPhysicalDeviceSurfaceFormatsKHR
vkGetPhysicalDeviceSurfacePresentModesKHR
vkGetPhysicalDeviceSurfaceSupportKHR
vkGetPhysicalDeviceWin32PresentationSupportKHR
vkGetPipelineCacheData
vkGetQueryPoolResults
vkGetRenderAreaGranularity
vkGetSemaphoreCounterValue
vkGetSwapchainImagesKHR
vkInvalidateMappedMemoryRanges
vkMapMemory
vkMergePipelineCaches
vkQueueBindSparse
vkQueuePresentKHR
vkQueueSubmit
vkQueueWaitIdle
vkResetCommandBuffer
vkResetCommandPool
vkResetDescriptorPool
vkResetEvent
vkResetFences
vkResetQueryPool
vkSetEvent
vkSignalSemaphore
vkTrimCommandPool
vkUnmapMemory
vkUpdateDescriptorSetWithTemplate
vkUpdateDescriptorSets
vkWaitForFences
vkWaitSemaphores
Sections
.text Size: 777KB - Virtual size: 776KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 200KB - Virtual size: 200KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.cfguard Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 1024B - Virtual size: 786B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 283B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ