logmein[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

logmein.zip
Size

44.4MB
MD5

a68e9c6a9ff535fd6ca45ea1f1b29300
SHA1

8d653f56201701f3453c8a6ee71f65c8b8b9ef78
SHA256

243af384395ae2c40a12f7e2f182e463518ac7bcc9c04207ce5d14f33eb33b22
SHA512

92ffe3586db3407d4687cf9cda9e5ab18cc1c943ad7f71b22e4f9de18994de77d634405023d7801a4a70b20c9a65f3128ae01ec46da5f5b40119313a01871d98
SSDEEP

786432:uaGAWDe9C1Xby35Y1L105JN5bM5ky19/6t7OPK+sTzkQ8S82Wmd8f4fVerwT3Zjx:VGeE1Xby3aJ10575bttqPKpTTFBd8fXs

Score

1^/10

Malware Config

Signatures

Files

logmein.zip
.zip
WapClients.cfg
template.rab
x64/LMIGuardianDll.dll
.dll windows x64

2affc18c1d1b2fcd0047a0cb67552627

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f8:7b:4f:b9:10:83:91:fb:70:1e:e0:c6:0b:5c:28:12:94:74:60:e4:54:8b:4c:3a:7d:65:0b:f4:0d:24:61:74
Signer

Actual PE Digest

f8:7b:4f:b9:10:83:91:fb:70:1e:e0:c6:0b:5c:28:12:94:74:60:e4:54:8b:4c:3a:7d:65:0b:f4:0d:24:61:74

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:04
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

socket
closesocket
WSACleanup
WSAStartup

kernel32

WriteFile
GetFileAttributesW
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetModuleFileNameW
CreateProcessW
GetExitCodeProcess
CreateMutexW
OpenMutexW
ReleaseMutex
OpenProcess
TerminateProcess
SetEvent
DuplicateHandle
GetLocalTime
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
FlushInstructionCache
GetCurrentThread
ResumeThread
GetVersionExA
SuspendThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetEnvironmentVariableA
GetCurrentDirectoryA
GetWindowsDirectoryA
GetSystemDirectoryA
ReadProcessMemory
GetThreadContext
CreateEventW
OpenEventW
WaitForMultipleObjects
ResetEvent
GetCommandLineW
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToDosDateTime
ReadFile
CreateFileA
SetFilePointer
GetStdHandle
GetUserDefaultLangID
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
HeapFree
LoadLibraryExW
CreateThread
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
ExitProcess
lstrcmpiA
FlushFileBuffers
SetEndOfFile
SetErrorMode
GetVersion
GetModuleHandleA
CreateFileW
GetSystemTimeAsFileTime
GetTimeZoneInformation
FileTimeToSystemTime
QueryPerformanceCounter
EncodePointer
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
VirtualAlloc
VirtualFree
ExitThread
IsProcessorFeaturePresent
DeleteFileW
GetCPInfo
GetModuleHandleExW
AreFileApisANSI
MoveFileExW
GetCommandLineA
RtlPcToFileHeader
GetProcessHeap
RtlLookupFunctionEntry
RtlUnwindEx
FormatMessageW
HeapAlloc
WaitForSingleObject
GetCurrentThreadId
IsDebuggerPresent
GetTickCount
LoadLibraryA
SetLastError
GetCurrentProcess
FreeLibrary
DecodePointer
CloseHandle
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
LocalFree
LocalAlloc
GetOEMCP
GetFileType
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
ReadConsoleW
GetCurrentProcessId
InitializeCriticalSection
IsBadReadPtr
LeaveCriticalSection
EnterCriticalSection
GetSystemDirectoryW
Sleep
HeapSize
HeapReAlloc
HeapDestroy
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
GetFileInformationByHandle
PeekNamedPipe
GetFullPathNameW
GetCurrentDirectoryW
SetEnvironmentVariableA
lstrcmpiW
GetStringTypeW

user32

GetClassInfoExW
EnableWindow
MoveWindow
SetScrollInfo
GetScrollInfo
SystemParametersInfoW
SetScrollPos
ScrollWindowEx
UpdateWindow
ShowWindow
CreateDialogParamW
DialogBoxParamW
CallWindowProcW
DrawTextW
SetCursor
DestroyCursor
GetParent
InvalidateRect
EndPaint
BeginPaint
SetWindowLongPtrW
GetWindowLongPtrW
DrawTextExW
OffsetRect
GetDlgItem
LoadStringW
GetDlgItemTextW
SetActiveWindow
MapWindowPoints
ClientToScreen
GetClientRect
GetWindowRect
SetWindowPos
SetDlgItemTextW
CharNextW
CharUpperW
SetWindowTextW
ReleaseDC
SendMessageW
GetDC
PostThreadMessageW
DefWindowProcW
PostQuitMessage
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
EndDialog
IsWindow
IsDialogMessageW
PostMessageW
DestroyWindow
TranslateMessage
DispatchMessageW
GetMessageW
UnregisterClassW
PeekMessageW
MessageBoxW
CharNextExA
GetWindow
GetDesktopWindow

gdi32

CreateFontIndirectW
SetTextColor
SetBkMode
BitBlt
DeleteObject
GetTextMetricsW
DeleteDC
SelectObject
CreateCompatibleDC
GetTextExtentPoint32W
SetViewportOrgEx

advapi32

CreateServiceW
GetSecurityDescriptorLength
SetNamedSecurityInfoA
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
SetNamedSecurityInfoW
FreeSid
ChangeServiceConfig2W
QueryServiceObjectSecurity
SetServiceObjectSecurity
QueryServiceStatusEx
StartServiceW
RegisterServiceCtrlHandlerW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegQueryValueExW
RegDeleteValueW
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ControlService
DeleteService
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegCloseKey

shell32

SHGetFolderPathW

ole32

CoCreateInstance
CLSIDFromString
OleRun
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects
CoAddRefServerProcess
CoReleaseServerProcess
CLSIDFromProgID

oleaut32

SysAllocString
VarUI4FromStr
SysStringLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
GetErrorInfo
SysFreeString

comctl32

InitCommonControlsEx

wininet

InternetErrorDlg
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetSetOptionW
InternetQueryOptionW
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

ComMain
CrashMain
Escort2
EscortIE11
EscortStop
HttpMain
Init
IsSamePath
Manifest
OffLoad
SetLogLabelLow

Sections

.text
Size: 549KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LMIGuardianEvt.dll
.dll windows x64

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:9d:75:ac:9b:c4:aa:9a:d5:2a:e2:c5:19:23:43:8e:08:3c:6b:be:e0:35:88:0a:0b:d5:13:07:ef:fb:35:3d
Signer

Actual PE Digest

37:9d:75:ac:9b:c4:aa:9a:d5:2a:e2:c5:19:23:43:8e:08:3c:6b:be:e0:35:88:0a:0b:d5:13:07:ef:fb:35:3d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:04
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 298KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
x64/LMIGuardianSvc.exe
.exe windows x64

dcceb9d07116e088a4fd5bf23a82aec9

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:b1:da:fe:16:5a:56:d6:5a:f2:da:b5:6d:d6:3f:80:1a:98:61:fe:6c:ce:1b:bd:d6:50:55:24:a9:b4:d6:fb
Signer

Actual PE Digest

90:b1:da:fe:16:5a:56:d6:5a:f2:da:b5:6d:d6:3f:80:1a:98:61:fe:6c:ce:1b:bd:d6:50:55:24:a9:b4:d6:fb

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
RtlPcToFileHeader
GetCurrentThreadId
GetProcessHeap
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
GetModuleFileNameW
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentProcessId
GetCurrentProcess
CloseHandle
Sleep
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
ExitProcess
HeapAlloc
HeapSize
HeapFree
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetSystemTimeAsFileTime
QueryPerformanceCounter
WriteFile
FlushFileBuffers
CreateFileW
GetStdHandle
GetModuleHandleW
GetStartupInfoW
TerminateProcess
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
IsProcessorFeaturePresent
GetCommandLineW
RtlUnwindEx
RtlLookupFunctionEntry
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
EncodePointer
IsDebuggerPresent
OutputDebugStringW

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LMIRfsClientNP.dll
.dll windows x64

23c73bcb6e6e3b8b25fef05844ac7904

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:e6:b4:9e:d2:d0:31:4a:df:ee:23:32:8c:f3:62:ae
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/11/2021, 00:00

Not After

27/11/2024, 23:59

Subject

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:d1:69:66:1c:06:4a:07:c0:1c:00:00:00:00:00:d1
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:32

Not After

11/05/2023, 20:32

Subject

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/05/2013, 20:44

Not After

01/05/2028, 20:54

Subject

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

73:9a:21:2a:d3:9e:f2:8d:38:0c:5f:94:41:2f:c2:73:1d:18:5d:e9:a0:ff:7f:2a:38:28:7b:26:3f:82:c3:c5
Signer

Actual PE Digest

73:9a:21:2a:d3:9e:f2:8d:38:0c:5f:94:41:2f:c2:73:1d:18:5d:e9:a0:ff:7f:2a:38:28:7b:26:3f:82:c3:c5

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

73:9a:21:2a:d3:9e:f2:8d:38:0c:5f:94:41:2f:c2:73:1d:18:5d:e9:a0:ff:7f:2a:38:28:7b:26:3f:82:c3:c5
Signer

Actual PE Digest

73:9a:21:2a:d3:9e:f2:8d:38:0c:5f:94:41:2f:c2:73:1d:18:5d:e9:a0:ff:7f:2a:38:28:7b:26:3f:82:c3:c5

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

13/09/2022, 14:33
Valid: true

Chain 1

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileW
CloseHandle
GetLastError
DeviceIoControl
InitializeCriticalSection
DeleteCriticalSection
QueryDosDeviceW
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx

shell32

SHChangeNotify

Exports

Exports

NPAddConnection
NPCancelConnection
NPCloseEnum
NPEnumResource
NPGetCaps
NPGetConnection
NPGetConnectionPerformance
NPGetResourceInformation
NPOpenEnum
OnLogOff

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LMIRfsDriver.sys
.exe windows x64

7cdc7704a8e3750afd5d1f4de3abf8ca

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:0d:35:88:01:02:e2:3d:23:40:f6:9e:b3:c0:e5:61
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/06/2015, 00:00

Not After

22/06/2018, 12:00

Subject

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:12:b0:54:93:ea:dd:ce:eb:4b:00:00:00:00:00:12
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/02/2016, 00:59

Not After

12/05/2017, 00:59

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:ae:41:da:ea:51:84:3f:90:6b:13:3b:9e:12:74:63:34:bf:ca:54:52:01:1e:9d:ee:e6:bc:eb:2c:f1:19:19
Signer

Actual PE Digest

2e:ae:41:da:ea:51:84:3f:90:6b:13:3b:9e:12:74:63:34:bf:ca:54:52:01:1e:9d:ee:e6:bc:eb:2c:f1:19:19

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

08:c5:55:f7:34:a5:e5:36:18:6c:a7:a9:4f:5c:59:36:68:d7:34:7f
Signer

Actual PE Digest

08:c5:55:f7:34:a5:e5:36:18:6c:a7:a9:4f:5c:59:36:68:d7:34:7f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

10/01/2017, 10:59
Valid: true

Chain 1

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExReleaseResourceLite
IoRemoveShareAccess
IoGetRequestorProcess
FsRtlGetNextFileLock
FsRtlFastUnlockAll
FsRtlNotifyFullChangeDirectory
FsRtlNotifyCleanup
CcUninitializeCacheMap
CcPurgeCacheSection
CcFlushCache
__C_specific_handler
_local_unwind
IoAllocateWorkItem
IoFreeWorkItem
IoQueueWorkItem
IoSetTopLevelIrp
wcschr
wcsrchr
_wcsnicmp
IoCheckShareAccess
IoSetShareAccess
MmFlushImageSection
MmCanFileBeTruncated
FsRtlDoesNameContainWildCards
CcSetFileSizes
towupper
RtlCopyUnicodeString
ExInitializeResourceLite
ExReleaseResourceForThreadLite
MmForceSectionClosed
FsRtlNotifyInitializeSync
CcWaitForCurrentLazyWriterActivity
_vsnwprintf
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
IoAllocateMdl
IoFreeMdl
IoGetCurrentProcess
FsRtlFastCheckLockForRead
FsRtlFastCheckLockForWrite
FsRtlProcessFileLock
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
FsRtlCheckLockForReadAccess
CcInitializeCacheMap
CcCopyRead
CcMdlRead
CcMdlReadComplete
ExAcquireResourceExclusiveLite
KeSetEvent
KeEnterCriticalRegion
KeLeaveCriticalRegion
KeWaitForSingleObject
ExQueueWorkItem
IofCompleteRequest
ExDeleteResourceLite
RtlInitUnicodeString
RtlGetVersion
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ZwClose
ZwCreateDirectoryObject
FsRtlCopyRead
FsRtlCopyWrite
RtlCompareUnicodeString
RtlEqualUnicodeString
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
SeCaptureSubjectContext
SeLockSubjectContext
SeUnlockSubjectContext
SeReleaseSubjectContext
ObfReferenceObject
ObfDereferenceObject
SeQueryAuthenticationIdToken
IoRegisterFileSystem
IoUnregisterFileSystem
FsRtlInitializeFileLock
FsRtlUninitializeFileLock
FsRtlNotifyUninitializeSync
FsRtlNotifyFullReportChange
FsRtlRegisterUncProvider
FsRtlDeregisterUncProvider
wcsncmp
ObReferenceObjectByHandle
ExAcquireSharedStarveExclusive
FsRtlCheckLockForWriteAccess
CcCopyWrite
CcPrepareMdlWrite
CcMdlWriteComplete
KeBugCheckEx
ExAcquireResourceSharedLite
ExFreePoolWithTag
ExAllocatePoolWithTag
CcSetReadAheadGranularity
KeInitializeEvent

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LMIhook.dll
.dll windows x64

9de6cd5d0292805bb98fbb03c5851df0

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:e6:b4:9e:d2:d0:31:4a:df:ee:23:32:8c:f3:62:ae
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/11/2021, 00:00

Not After

27/11/2024, 23:59

Subject

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:d1:69:66:1c:06:4a:07:c0:1c:00:00:00:00:00:d1
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:32

Not After

11/05/2023, 20:32

Subject

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/05/2013, 20:44

Not After

01/05/2028, 20:54

Subject

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

21:ab:ad:37:de:98:2e:1d:3c:3b:4e:43:fd:dd:63:4a:08:d3:fe:11:7c:06:ce:53:d3:df:8b:08:8d:a8:87:b0
Signer

Actual PE Digest

21:ab:ad:37:de:98:2e:1d:3c:3b:4e:43:fd:dd:63:4a:08:d3:fe:11:7c:06:ce:53:d3:df:8b:08:8d:a8:87:b0

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

21:ab:ad:37:de:98:2e:1d:3c:3b:4e:43:fd:dd:63:4a:08:d3:fe:11:7c:06:ce:53:d3:df:8b:08:8d:a8:87:b0
Signer

Actual PE Digest

21:ab:ad:37:de:98:2e:1d:3c:3b:4e:43:fd:dd:63:4a:08:d3:fe:11:7c:06:ce:53:d3:df:8b:08:8d:a8:87:b0

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

13/09/2022, 14:33
Valid: true

Chain 1

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoA

ws2_32

WSACleanup
WSAStartup
WSAGetLastError
WSASetLastError
getservbyname
getservbyport
gethostname
gethostbyname
gethostbyaddr
socket
ntohs
ntohl
inet_ntoa
inet_addr
htons
htonl
getsockname
getpeername
closesocket

kernel32

GetProcAddress
GetCurrentProcess
GetSystemDirectoryW
IsWow64Process
GetSystemWow64DirectoryW
GetModuleFileNameW
LoadLibraryW
CloseHandle
GetLastError
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
VirtualQuery
GetModuleFileNameA
CreateDirectoryW
GetFileAttributesW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetTickCount
GetModuleHandleA
GetLocalTime
DecodePointer
RaiseException
SetLastError
InitializeCriticalSectionEx
SetEvent
WaitForSingleObject
CreateEventA
WaitForMultipleObjects
LocalFree
CreateEventW
GetSystemDirectoryA
LoadLibraryA
ReleaseMutex
CreateMutexW
GetProcessHeap
OutputDebugStringW
GetVersion
DisableThreadLibraryCalls
GetModuleHandleW
lstrcmpW
SetThreadPriority
GetExitCodeThread
FreeLibrary
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ReadFile
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
GetLocaleInfoEx
GetCPInfo
LCMapStringEx
CompareStringEx
EncodePointer
GetStringTypeW
GetFileType
GetConsoleCP
ResumeThread
GetConsoleMode
OpenEventW
WriteConsoleW
GetFileSizeEx
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
QueryPerformanceCounter
GetProductInfo
VerifyVersionInfoW
VerSetConditionMask
HeapReAlloc
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapFree
HeapSize
HeapAlloc
SetFilePointer
WriteFile
FlushFileBuffers
GetFileTime
FindClose
ResetEvent
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetTimeZoneInformation
FileTimeToSystemTime
SetErrorMode
ExitProcess

user32

CharNextExA
GetSystemMetrics
SetWindowsHookExW
GetParent
IsRectEmpty
GetCursor
GetWindowRect
IsWindowVisible
IsWindow
RegisterWindowMessageA
GetThreadDesktop
MsgWaitForMultipleObjects
TranslateMessage
CallNextHookEx
UnhookWindowsHookEx
CharLowerW
GetDesktopWindow
GetForegroundWindow
KillTimer
SetTimer
GetFocus
ChangeClipboardChain
SetClipboardViewer
DestroyWindow
DefWindowProcW
PostThreadMessageW
PostMessageW
SendMessageW
PeekMessageW
DispatchMessageW
GetMessageW
RegisterWindowMessageW
GetUserObjectInformationW
CloseDesktop
SetThreadDesktop
OpenInputDesktop

gdi32

DeleteDC
CreateDCW
ExtEscape

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ConvertSidToStringSidW
OpenThreadToken
GetTokenInformation
OpenProcessToken

shell32

SHGetFolderPathW

Exports

Exports

Cleanup
EnableLocalInput
GetBuildNumber
Init
RaguiSetHook
ReHookMirror
ScreenSaverControl
SetHook
SetHookCallback
SetHwnd
SetRestartHook
SetVirtScreenRes
UnHook

Sections

.text
Size: 551KB - Virtual size: 551KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shared
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LMIinfo.sys
.exe windows x64

d768989b5ac58cc45b6db16c3540a947

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:0d:35:88:01:02:e2:3d:23:40:f6:9e:b3:c0:e5:61
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/06/2015, 00:00

Not After

22/06/2018, 12:00

Subject

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:12:b0:54:93:ea:dd:ce:eb:4b:00:00:00:00:00:12
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/02/2016, 00:59

Not After

12/05/2017, 00:59

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:66:e2:bf:4e:19:0e:dd:87:17:f6:e8:46:6b:77:a6:6b:33:04:f5:ae:14:58:ca:44:00:02:5a:86:9f:df:d1
Signer

Actual PE Digest

e4:66:e2:bf:4e:19:0e:dd:87:17:f6:e8:46:6b:77:a6:6b:33:04:f5:ae:14:58:ca:44:00:02:5a:86:9f:df:d1

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

0a:e6:27:4d:4f:95:b6:44:15:c6:a5:ae:fe:3b:5d:6b:e8:d1:e4:a4
Signer

Actual PE Digest

0a:e6:27:4d:4f:95:b6:44:15:c6:a5:ae:fe:3b:5d:6b:e8:d1:e4:a4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

11/01/2017, 10:43
Valid: true

Chain 1

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
ZwOpenKey
ExFreePoolWithTag
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ObQueryNameString
ZwDuplicateObject
__C_specific_handler
KeBugCheckEx
RtlCopyUnicodeString
ExAllocatePoolWithTag
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ZwQueryValueKey
RtlInitUnicodeString

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LMIinit.dll
.dll windows x64

80fb12bd75029b237fe7b40b8dd16a39

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:06:17:cd:d6:90:8c:82:20:51:70:7c:24:04:9e:32:af:d9:2f:98:67:86:b4:02:d7:ca:a0:c6:c3:36:cb:e9
Signer

Actual PE Digest

a4:06:17:cd:d6:90:8c:82:20:51:70:7c:24:04:9e:32:af:d9:2f:98:67:86:b4:02:d7:ca:a0:c6:c3:36:cb:e9

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:04
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
VerSetConditionMask
HeapAlloc
HeapFree
GetProcessHeap
ReleaseMutex
WaitForMultipleObjects
GetCurrentProcessId
GetModuleHandleW
CreateProcessW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
DisableThreadLibraryCalls
VerifyVersionInfoW
WriteConsoleW
CreateFileW
CreateEventW
CreateMutexW
WaitForSingleObject
SetEvent
CloseHandle
GetComputerNameW
CreateThread
GetLastError
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
SetStdHandle
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc

user32

wsprintfW

advapi32

InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
FreeSid
AllocateAndInitializeSid
AddAce
SetSecurityDescriptorDacl

ole32

CoTaskMemFree
CoTaskMemAlloc

secur32

LsaLookupAuthenticationPackage
LsaConnectUntrusted
LsaDeregisterLogonProcess

shlwapi

SHStrDupW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
WLEventLock
WLEventLogoff
WLEventLogon
WLEventShutdown
WLEventStartScreenSaver
WLEventStartShell
WLEventStartup
WLEventStopScreenSaver
WLEventUnlock
pSetupGetRealSystemTimeEx

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LMImirr.cat
x64/LMImirr.dll
.dll windows x64

f631c51543f64b1e5c1830afc85e6e55

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:0d:35:88:01:02:e2:3d:23:40:f6:9e:b3:c0:e5:61
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/06/2015, 00:00

Not After

22/06/2018, 12:00

Subject

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:12:b0:54:93:ea:dd:ce:eb:4b:00:00:00:00:00:12
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/02/2016, 00:59

Not After

12/05/2017, 00:59

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9d:bd:ac:e3:b4:6a:e4:21:4f:98:75:e1:de:69:8c:83:8c:ae:38:e0:5c:38:5b:45:fc:20:ba:6e:b2:d2:bc:3d
Signer

Actual PE Digest

9d:bd:ac:e3:b4:6a:e4:21:4f:98:75:e1:de:69:8c:83:8c:ae:38:e0:5c:38:5b:45:fc:20:ba:6e:b2:d2:bc:3d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

96:06:1f:a0:02:a4:03:6b:0b:8f:06:d4:1b:ec:4b:b6:06:d3:ea:09
Signer

Actual PE Digest

96:06:1f:a0:02:a4:03:6b:0b:8f:06:d4:1b:ec:4b:b6:06:d3:ea:09

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

11/01/2017, 10:44
Valid: true

Chain 1

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

win32k.sys

EngUnloadImage
EngFindImageProcAddress
EngLoadImage
EngFreeMem
EngAllocMem
EngDeletePalette
EngModifySurface
EngCreateDeviceSurface
EngUnmapEvent
EngDeleteSurface
EngCreatePalette
EngCopyBits
EngBitBlt
EngTextOut
EngStrokePath
EngFillPath
EngStrokeAndFillPath
EngPlgBlt
EngStretchBlt
EngStretchBltROP
EngLineTo
EngAlphaBlend
EngTransparentBlt
EngGradientFill
EngSetEvent
EngMapEvent
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
EngBugCheckEx

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LMImirr.inf
x64/LMImirr.sys
.exe windows x64

715c39fe5bec009735221ebe60c90a5c

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:0d:35:88:01:02:e2:3d:23:40:f6:9e:b3:c0:e5:61
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/06/2015, 00:00

Not After

22/06/2018, 12:00

Subject

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:12:b0:54:93:ea:dd:ce:eb:4b:00:00:00:00:00:12
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/02/2016, 00:59

Not After

12/05/2017, 00:59

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:a9:db:ff:02:8e:8d:c1:58:e1:9e:6f:82:50:e4:28:3b:2b:45:7b:b9:c8:13:0b:6b:1d:e7:cf:11:4d:aa:d9
Signer

Actual PE Digest

20:a9:db:ff:02:8e:8d:c1:58:e1:9e:6f:82:50:e4:28:3b:2b:45:7b:b9:c8:13:0b:6b:1d:e7:cf:11:4d:aa:d9

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

5a:ce:29:ea:66:51:1b:a8:a6:d1:63:b1:d4:a7:a1:8f:1e:93:cf:91
Signer

Actual PE Digest

5a:ce:29:ea:66:51:1b:a8:a6:d1:63:b1:d4:a7:a1:8f:1e:93:cf:91

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

11/01/2017, 10:44
Valid: true

Chain 1

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

videoprt.sys

VideoPortZeroMemory
VideoPortInitialize

Sections

.text
Size: 512B - Virtual size: 309B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LMImirr2.dll
.exe windows x64

23c29e9c1a2ce09d0c683818311c80cc

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:0d:35:88:01:02:e2:3d:23:40:f6:9e:b3:c0:e5:61
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/06/2015, 00:00

Not After

22/06/2018, 12:00

Subject

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:12:b0:54:93:ea:dd:ce:eb:4b:00:00:00:00:00:12
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/02/2016, 00:59

Not After

12/05/2017, 00:59

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9f:61:91:38:9b:5f:29:92:50:3d:58:b8:9f:b6:0f:51:e9:14:42:b6:4f:54:33:c2:2d:a6:f8:fa:a0:59:92:20
Signer

Actual PE Digest

9f:61:91:38:9b:5f:29:92:50:3d:58:b8:9f:b6:0f:51:e9:14:42:b6:4f:54:33:c2:2d:a6:f8:fa:a0:59:92:20

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

8c:1e:ff:c8:c6:3b:30:fc:67:a0:4c:64:b7:aa:3b:62:06:71:88:93
Signer

Actual PE Digest

8c:1e:ff:c8:c6:3b:30:fc:67:a0:4c:64:b7:aa:3b:62:06:71:88:93

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

11/01/2017, 10:44
Valid: true

Chain 1

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

__C_specific_handler
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
MmUnlockPages
MmUnmapLockedPages
ExAllocatePoolWithTag
ExFreePoolWithTag
ObReferenceObjectByHandle
ObfDereferenceObject
KeWaitForSingleObject
KeReleaseMutex

Exports

Exports

AcquireMutex
AllocScreen
CopyScreenArea
FreeScreen
GetVersion
Map
MapUserModeMutex
Memmove
ReleaseMutex
UnMap
UnMapUserModeMutex

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 291B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LMIport.dll
.dll windows x64

0ad6fc1cc54e703157153dcc535938b5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1c:68:3f:7b:8f:fb:cd:ac:e1:92:7d:58:8d:49:06:cf
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/09/2015, 00:00

Not After

07/11/2018, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e4:44:9b:16:c2:f8:61:d1:cc:bb:a9:29:cb:54:42:c4:1e:e2:dc:30
Signer

Actual PE Digest

e4:44:9b:16:c2:f8:61:d1:cc:bb:a9:29:cb:54:42:c4:1e:e2:dc:30

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

29/01/2016, 09:53
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
lstrcatW
lstrcpyW
SetLastError
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
LocalFree
LocalReAlloc
SetNamedPipeHandleState
GetLastError
CreateFileW
CloseHandle
FlushFileBuffers
WriteFile
OutputDebugStringW
SetFilePointer
lstrlenW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTime
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
LCMapStringW
HeapFree
Sleep
VirtualProtect
VirtualAlloc
GetProcAddress
GetModuleHandleA
GetSystemInfo
VirtualQuery
GetLocaleInfoA
GetCPInfo
GetStringTypeA
GetStringTypeW
HeapAlloc
SetUnhandledExceptionFilter

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

user32

wvsprintfW
wsprintfW

spoolss

ClosePrinter
SetJobW
GetPrinterW
OpenPrinterW

Exports

Exports

DllEntryPoint
InitializePrintMonitor

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LMIprinter.dll
.dll windows x64

b68774514338bd18bc83b8468149d807

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1c:68:3f:7b:8f:fb:cd:ac:e1:92:7d:58:8d:49:06:cf
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/09/2015, 00:00

Not After

07/11/2018, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ba:4c:51:ed:ed:17:50:fb:e9:dc:72:41:60:06:ae:b8:e2:99:63:48
Signer

Actual PE Digest

ba:4c:51:ed:ed:17:50:fb:e9:dc:72:41:60:06:ae:b8:e2:99:63:48

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

29/01/2016, 09:53
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winspool.drv

GetPrinterW
EnumFormsW

kernel32

LocalFree
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
GetLastError
SetNamedPipeHandleState
CreateFileW
CloseHandle
FlushFileBuffers
WriteFile
OutputDebugStringW
SetFilePointer
lstrlenW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTime
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
lstrcpyW
lstrcatW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcess

user32

wsprintfW
wvsprintfW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyW

gdi32

EngAssociateSurface
EngCreateBitmap
EngCreatePalette
EngDeleteSurface

ntdll

wcsrchr
wcsncpy
memset
memcpy
wcschr
wcsstr
_wcslwr
wcsncmp
__chkstk
wcsncat
wcstoul

Exports

Exports

DllEntryPoint
DrvDisableDriver
DrvEnableDriver
DrvQueryDriverInfo

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 194B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LMIprinterui.dll
.dll windows x64

b5a190b912c826986e3eaeab0b441616

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1c:68:3f:7b:8f:fb:cd:ac:e1:92:7d:58:8d:49:06:cf
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/09/2015, 00:00

Not After

07/11/2018, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:dc:81:d9:c3:04:96:40:65:14:95:23:c3:dc:c5:1d:80:61:91:f7
Signer

Actual PE Digest

99:dc:81:d9:c3:04:96:40:65:14:95:23:c3:dc:c5:1d:80:61:91:f7

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

29/06/2017, 12:55
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FlushFileBuffers
WriteFile
CloseHandle
SetFilePointer
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTime
lstrcpyW
lstrcatW
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
GetModuleFileNameW
RtlPcToFileHeader
EncodePointer
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
CreateFileW
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
HeapAlloc
HeapFree
GetModuleHandleW
MultiByteToWideChar
GetACP
ExitProcess
GetModuleHandleExW
GetProcessHeap
WideCharToMultiByte
GetStdHandle
GetFileType
GetStartupInfoW
GetStringTypeW
GetSystemTimeAsFileTime
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetCPInfo
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapSize
HeapReAlloc
WriteConsoleW
LocalFree
LocalAlloc
SetUnhandledExceptionFilter
GetLastError
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
QueryPerformanceCounter
InitializeSListHead
DecodePointer
GetModuleFileNameA
FindClose
FindFirstFileExA
FindNextFileA
GetTimeZoneInformation

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

winspool.drv

EnumFormsW
GetPrinterW
SetPrinterW

user32

wvsprintfW
wsprintfW

Exports

Exports

DevQueryPrintEx
DrvConvertDevMode
DrvDeviceCapabilities
DrvDevicePropertySheets
DrvDocumentPropertySheets
DrvPrinterEvent
PrinterProperties

Sections

.text
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LMIproc.dll
.dll windows x64

24c87c88be5bdfa2faad242fd4448cd5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1c:68:3f:7b:8f:fb:cd:ac:e1:92:7d:58:8d:49:06:cf
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/09/2015, 00:00

Not After

07/11/2018, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e9:e1:4b:d4:4a:45:71:04:36:22:c0:35:ea:f5:b1:19:9e:32:7e:08
Signer

Actual PE Digest

e9:e1:4b:d4:4a:45:71:04:36:22:c0:35:ea:f5:b1:19:9e:32:7e:08

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

29/01/2016, 09:53
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

LocalAlloc
WriteFile
WaitForSingleObject
GetTempPathW
GlobalAlloc
SetNamedPipeHandleState
FlushFileBuffers
ReadFile
OutputDebugStringW
SetFilePointer
lstrcatW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTime
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
FindFirstFileW
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
GetStringTypeA
WideCharToMultiByte
GetStringTypeW
HeapFree
Sleep
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetLocaleInfoA
MultiByteToWideChar
GetCPInfo
LCMapStringA
LCMapStringW
HeapAlloc
CreateFileW
LocalFree
DeleteFileW
GetTempFileNameW
SetEvent
ResetEvent
CloseHandle
CreateEventW
SetLastError
GetModuleFileNameW
GetLastError
GlobalFree
lstrlenW
lstrcpyW
UnhandledExceptionFilter

user32

wvsprintfW
wsprintfW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

spoolss

StartDocPrinterW
ReadPrinter
EndDocPrinter
OpenPrinterW
ClosePrinter
GetPrinterW

gdi32

CreateDCW
CancelDC
GetDeviceCaps
EnumFontFamiliesExA
DeleteEnhMetaFile
PlayEnhMetaFile
SelectObject
CreateDIBSection
AddFontResourceExW
EnumEnhMetaFile
DeleteObject
CreateCompatibleDC
GetEnhMetaFileHeader
GetEnhMetaFileW
DeleteDC

Exports

Exports

ClosePrintProcessor
ControlPrintProcessor
EnumPrintProcessorDatatypesW
GetPrintProcessorCapabilities
OpenPrintProcessor
PrintDocumentOnPrintProcessor
RaprocDLLEntryFunc

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LMIvdd.cat
x64/LMIvdd.dll
.dll windows x64

c4babb9248a2bf0546176a9bb13c0247

Code Sign

03:23:91:2f:f1:df:a4:f8:b0:86:77:a2:35:58:73:9d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/11/2018, 00:00

Not After

24/11/2021, 12:00

Subject

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 22:25

Not After

02/12/2021, 22:25

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e8:de:b1:12:ef:26:bd:b4:b2:28:41:d3:f2:d7:47:a7:cc:89:45:47:82:b6:fc:0c:b1:b9:45:0f:82:4a:0e:f1
Signer

Actual PE Digest

e8:de:b1:12:ef:26:bd:b4:b2:28:41:d3:f2:d7:47:a7:cc:89:45:47:82:b6:fc:0c:b1:b9:45:0f:82:4a:0e:f1

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

e8:de:b1:12:ef:26:bd:b4:b2:28:41:d3:f2:d7:47:a7:cc:89:45:47:82:b6:fc:0c:b1:b9:45:0f:82:4a:0e:f1
Signer

Actual PE Digest

e8:de:b1:12:ef:26:bd:b4:b2:28:41:d3:f2:d7:47:a7:cc:89:45:47:82:b6:fc:0c:b1:b9:45:0f:82:4a:0e:f1

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

14/06/2021, 10:37
Valid: true

Chain 1

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlPcToFileHeader
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
DbgPrintEx

dxgi

CreateDXGIFactory2

d3d11

D3D11CreateDevice

kernel32

CloseHandle
RaiseException
GetLastError
CreateEventW
WaitForSingleObject
WaitForMultipleObjects
CreateThread
SetFilePointerEx
GetConsoleMode
CreateFileW
SetEvent
FreeLibrary
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteConsoleW
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize

ole32

CoCreateGuid

avrt

AvSetMmThreadCharacteristicsW
AvRevertMmThreadCharacteristics

Exports

Exports

FxDriverEntryUm

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LMIvdd.inf
x64/LogMeIn.dll
.dll windows x64

60d3f3e4b34e674ec9d73250fd9d5f5b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fb:54:74:60:53:69:42:51:e8:4b:fa:ab:97:18:ca:70:b3:15:37:29:a8:c8:41:6d:b5:0b:cd:04:d2:e9:a8:01
Signer

Actual PE Digest

fb:54:74:60:53:69:42:51:e8:4b:fa:ab:97:18:ca:70:b3:15:37:29:a8:c8:41:6d:b5:0b:cd:04:d2:e9:a8:01

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:04
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

logmeinav

LogMeInAV_Installed
LogMeInAV_HasLocalExclusions
LogMeInAV_Register
LogMeInAV_Unregister
DestroyServiceHandler
CreateServiceHandler
LogMeInAV_DropLocalExclusions

o2mrunner

O2MRunner_ClearImpersonationCredentials
O2MRunner_SetImpersonationCredentials
O2MRunner_StartTaskRunner
O2MRunner_CreateServiceHandler
O2MRunner_DestroyServiceHandler

ksu

DestroyKSUManager
CreateKSUManager

crypt32

CryptProtectData
CertGetNameStringW
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFreeCertificateContext
CryptBinaryToStringW
CryptStringToBinaryW
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CryptUnprotectData
CertOpenStore

mpr

WNetCancelConnection2W
WNetGetUniversalNameW
WNetAddConnection2W
WNetGetConnectionW

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupDiGetClassDevsW
SetupDiGetDevicePropertyW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

winmm

waveInGetNumDevs
waveInGetDevCapsW
mixerOpen
waveOutGetNumDevs
waveOutGetDevCapsW
mixerClose
mixerSetControlDetails
timeGetDevCaps
mixerGetControlDetailsW
mixerGetLineControlsW
timeSetEvent
timeKillEvent
timeBeginPeriod
timeEndPeriod
timeGetTime
mixerGetLineInfoW

msi

ord70
ord145
ord8
ord17
ord103
ord125
ord74
ord246

userenv

GetUserProfileDirectoryW
CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

CreateFileW
GetThreadLocale
SetEndOfFile
GetACP
CompareFileTime
HeapFree
GetProcessHeap
LocalAlloc
ReadProcessMemory
GetProcessTimes
GetPriorityClass
GetThreadTimes
OpenProcess
FileTimeToSystemTime
SetLocalTime
GetLocaleInfoA
DeleteFileA
GetFileAttributesA
CreateFileA
GetModuleHandleA
ResumeThread
SetThreadPriority
GlobalFree
GetPrivateProfileStringA
GetTempFileNameA
GetTempPathA
GetSystemDirectoryA
GetTempPathW
PeekNamedPipe
QueryInformationJobObject
TerminateJobObject
Process32Next
Process32First
AssignProcessToJobObject
CreateJobObjectW
SetHandleInformation
CreatePipe
QueryPerformanceFrequency
QueryPerformanceCounter
GenerateConsoleCtrlEvent
CreateMutexW
OpenEventW
GlobalAlloc
lstrcmpW
LockResource
SizeofResource
LoadResource
FindResourceW
SystemTimeToFileTime
UpdateProcThreadAttribute
HeapAlloc
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
UnmapViewOfFile
DuplicateHandle
MapViewOfFile
CreateFileMappingA
OpenEventA
GetStdHandle
SetFileTime
RemoveDirectoryW
GetFileAttributesW
GetLogicalDrives
SetFileAttributesW
DeleteFileW
VirtualQuery
SetCurrentDirectoryA
GetModuleFileNameA
GetCurrentDirectoryA
CreateDirectoryW
FindResourceA
HeapSize
HeapReAlloc
HeapDestroy
SetConsoleCtrlHandler
FreeConsole
GetTimeZoneInformation
WriteProcessMemory
VirtualFreeEx
VirtualAllocEx
ReleaseMutex
CreateProcessA
lstrlenA
lstrcpyW
OpenFileMappingA
SetErrorMode
FileTimeToLocalFileTime
lstrcmpA
GetWindowsDirectoryA
CreateRemoteThread
GetTimeFormatW
SetWaitableTimer
CreateWaitableTimerW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
SetThreadLocale
GetUserDefaultLangID
lstrcpynA
CloseHandle
GetFileType
lstrcmpiA
FormatMessageA
lstrcpynW
CreateFileMappingW
FindNextFileW
GlobalUnlock
GlobalLock
GetFileSizeEx
GetVersion
GlobalSize
SetConsoleActiveScreenBuffer
GetCurrentConsoleFont
GetConsoleScreenBufferInfo
FlushFileBuffers
GetOverlappedResult
GetVersionExA
ReleaseSemaphore
HeapCreate
GlobalMemoryStatus
CreateSemaphoreW
TryEnterCriticalSection
DefineDosDeviceW
CreateMutexA
WriteConsoleInputA
GetConsoleMode
WriteConsoleOutputA
ReadConsoleOutputA
SetConsoleCursorInfo
SetConsoleScreenBufferSize
QueryDosDeviceW
GetNumberOfConsoleInputEvents
GetConsoleOutputCP
GetConsoleCursorInfo
MultiByteToWideChar
lstrcatA
SetConsoleMode
SetStdHandle
ConnectNamedPipe
CreateNamedPipeA
SetConsoleTitleA
GetConsoleCP
SetConsoleCP
ExitProcess
GetLargestConsoleWindowSize
SetConsoleWindowInfo
LoadLibraryExW
GetFileInformationByHandle
WaitForSingleObjectEx
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
WakeAllConditionVariable
GetNativeSystemInfo
K32EnumProcesses
K32GetModuleFileNameExW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
GetDynamicTimeZoneInformation
GetDriveTypeW
GetUserDefaultLCID
GetStringTypeW
SwitchToThread
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
RtlPcToFileHeader
EncodePointer
CompareStringEx
GetCPInfo
LCMapStringEx
GetLocaleInfoEx
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
EnumSystemLocalesW
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FreeLibraryAndExitThread
InterlockedPushEntrySList
InterlockedFlushSList
VirtualProtect
GetEnvironmentVariableW
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
ReadConsoleA
ReadConsoleW
RtlUnwindEx
RtlUnwind
ExitThread
GetFullPathNameW
GetDateFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetCurrentProcessId
LoadLibraryW
IsWow64Process
GetCurrentProcess
GetSystemWow64DirectoryW
GetSystemDirectoryW
GetModuleFileNameW
GetProcAddress
FreeLibrary
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
SetConsoleTextAttribute
VirtualAlloc
lstrcpyA
SetPriorityClass
GetSystemInfo
SetUnhandledExceptionFilter
Thread32First
Thread32Next
RtlCaptureContext
OpenFileMappingW
FormatMessageW
TerminateThread
GetLocalTime
GetSystemDefaultLangID
GetFileSize
MulDiv
GetFileTime
CreateConsoleScreenBuffer
SetFilePointer
InitializeCriticalSectionAndSpinCount
OpenThread
GetProductInfo
WaitNamedPipeW
ReadFile
CreateNamedPipeW
VerSetConditionMask
VerifyVersionInfoW
VirtualLock
SetFilePointerEx
HeapQueryInformation
IsValidCodePage
FindFirstFileW
CreateThread
LocalFree
WideCharToMultiByte
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetSystemTimeAsFileTime
CreateProcessW
TerminateProcess
GetExitCodeProcess
GetExitCodeThread
GetTickCount
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
CreateEventA
ResetEvent
SetEvent
WaitForMultipleObjects
lstrlenW
CreateThreadpool
CreateThreadpoolCleanupGroup
CloseThreadpool
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
FindClose
ExpandEnvironmentStringsW
DeviceIoControl
LoadLibraryA
GetModuleHandleExW
CreateEventW
lstrcmpiW
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
GetModuleHandleW
DecodePointer
WaitForSingleObject
Sleep
OutputDebugStringW
GetCurrentThreadId
GetLastError
GetComputerNameA
GetCurrentThread
FindFirstFileExW
GetCurrentDirectoryW

user32

UpdateWindow
BeginPaint
GetClientRect
EndPaint
InvalidateRect
TrackMouseEvent
GetWindow
PostMessageW
CallWindowProcW
PostThreadMessageW
SetCursorPos
ReleaseCapture
SetCapture
SetForegroundWindow
MoveWindow
GetDlgItem
ScreenToClient
SetTimer
RegisterClipboardFormatW
KillTimer
SetLayeredWindowAttributes
SetCursor
GetParent
MapWindowPoints
GetWindowTextW
GetWindowTextLengthW
ClientToScreen
GetGUIThreadInfo
WindowFromPoint
GetCursorInfo
GetUserObjectInformationW
LoadCursorW
GetClassNameW
GetAncestor
GetForegroundWindow
MessageBeep
RegisterWindowMessageA
EnumDesktopWindows
CloseWindowStation
SetProcessWindowStation
OpenWindowStationW
SetFocus
EnableWindow
IsWindow
DestroyWindow
GetDesktopWindow
IsIconic
GetCursorPos
GetThreadDesktop
OpenInputDesktop
SetThreadDesktop
CloseDesktop
SystemParametersInfoW
UnionRect
LoadIconW
GetWindowRect
SetWindowPos
ShowWindow
QueryDisplayConfig
GetDisplayConfigBufferSizes
DisplayConfigGetDeviceInfo
LoadBitmapW
GetDC
ReleaseDC
wsprintfW
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
GetSystemMetrics
SendMessageTimeoutW
SetRect
FrameRect
FillRect
LoadIconA
DrawIconEx
DestroyIcon
DrawTextW
PeekMessageW
PostQuitMessage
GetWindowLongPtrW
DefWindowProcW
RegisterClassExW
CreateWindowExW
EndDialog
keybd_event
mouse_event
SetWindowLongPtrW
GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
MsgWaitForMultipleObjects
SetRectEmpty
EnumDisplayDevicesW
UnregisterClassW
BroadcastSystemMessageW
RegisterWindowMessageW
FindWindowW
VkKeyScanExW
MapVirtualKeyExW
SendInput
ToUnicodeEx
GetKeyboardState
CharNextExA
RedrawWindow
DisplayConfigSetDeviceInfo
SetDisplayConfig
GetProcessWindowStation
MessageBoxW
IntersectRect
GetWindowPlacement
SetWindowTextW
SetWindowRgn
GetPriorityClipboardFormat
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
SetKeyboardState
GetKeyState
GetKeyboardLayout
GetIconInfo
wsprintfA
MapVirtualKeyW
FindWindowA
SendMessageA
MapVirtualKeyA
VkKeyScanA
CharNextW
CharLowerW
CharLowerBuffA
CharLowerBuffW
SetWindowPlacement
OffsetRect

gdi32

GetFontData
CreateICW
CreateFontIndirectW
SetBkColor
GetObjectW
OffsetRgn
GetRgnBox
GetSystemPaletteEntries
CreateRectRgn
SetRectRgn
PtInRegion
CombineRgn
ExtEscape
CreateDCA
GetObjectA
GetStockObject
SelectPalette
RealizePalette
GetDIBits
CreateRoundRectRgn
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
BitBlt
SetStretchBltMode
StretchBlt
DeleteObject
CreateSolidBrush
CreateDIBSection
CreatePen
MoveToEx
LineTo
CreateFontW
SetTextColor
SetTextAlign
SetBkMode
SetDIBColorTable
CreateDIBitmap
DeleteDC
GetDeviceGammaRamp
CreateDCW
SetDeviceGammaRamp
SetPixel
CreateCompatibleDC
GetRegionData

winspool.drv

ClosePrinter
SetPrinterW
OpenPrinterW
AddPrinterW
EnumPrintersW
DeletePrinter

advapi32

RegDeleteKeyW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
CryptReleaseContext
RegDeleteKeyValueW
RegCreateKeyExW
FreeSid
RevertToSelf
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptGenRandom
CryptAcquireContextW
ReportEventW
RegQueryValueExA
RegOpenKeyExA
EqualSid
GetTokenInformation
CryptCreateHash
CryptDecrypt
CryptGetProvParam
CryptSetHashParam
StopTraceW
ControlTraceW
ImpersonateLoggedOnUser
IsTextUnicode
CreateProcessAsUserW
SetThreadToken
OpenThreadToken
SetTokenInformation
AdjustTokenPrivileges
RegisterEventSourceW
DeregisterEventSource
CloseEventLog
RegQueryInfoKeyW
CloseTrace
ProcessTrace
OpenTraceW
StartTraceW
CryptImportKey
CryptDestroyKey
CryptGetUserKey
CryptGetKeyParam
CryptExportKey
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
SetNamedSecurityInfoW
ConvertSidToStringSidW
LookupPrivilegeValueW
OpenProcessToken
GetUserNameW
CloseServiceHandle
AddAce
LogonUserW
GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
LookupAccountSidA

shell32

ShellExecuteW
SHChangeNotify
ShellExecuteExW
SHGetFileInfoW
SHGetFolderPathW
ord680
ExtractAssociatedIconA

ole32

CoInitializeEx
CoInitializeSecurity
PropVariantClear
CoTaskMemFree
OleRun
CoSetProxyBlanket
CreateBindCtx
GetRunningObjectTable
CoInitialize
OleUninitialize
OleInitialize
OleSetClipboard
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoImpersonateClient
CLSIDFromProgID
CLSIDFromString
StringFromCLSID
CreateStreamOnHGlobal
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance
DoDragDrop
CoRevertToSelf

oleaut32

SafeArrayUnaccessData
SysAllocString
SysFreeString
SafeArrayGetUBound
SafeArrayGetLBound
SysStringLen
VariantInit
SafeArrayLock
SafeArrayAccessData
VariantChangeType
VariantCopy
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreateVector
SysReAllocString
SafeArrayGetVartype
SafeArrayCopy
LoadRegTypeLi
SafeArrayGetDim
SafeArrayGetElement
GetRecordInfoFromGuids
SafeArrayCreateEx
SafeArrayCreate
RegisterTypeLi
SafeArrayUnlock
VarUI4FromStr
LoadTypeLi
UnRegisterTypeLi
VariantClear

ws2_32

listen
getsockname
accept
ioctlsocket
select
__WSAFDIsSet
WSAGetLastError
htons
bind
recv
setsockopt
connect
closesocket
WSAIoctl
sendto
gethostbyname
getsockopt
WSAAccept
WSAResetEvent
WSAEventSelect
WSACloseEvent
WSACreateEvent
shutdown
WSACleanup
WSAStartup
inet_pton
getaddrinfo
freeaddrinfo
socket
ntohs
WSASetLastError
getservbyport
inet_ntoa
gethostname
inet_addr
getpeername
ntohl
getservbyname
send
htonl
gethostbyaddr

shlwapi

ord176
SHDeleteKeyW

wsock32

recvfrom

wininet

DetectAutoProxyUrl
InternetQueryOptionA
InternetInitializeAutoProxyDll
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle
InternetOpenA
InternetConnectA

urlmon

URLDownloadToFileA

dnsapi

DnsFree
DnsQuery_W

wintrust

WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

iphlpapi

GetExtendedTcpTable
GetBestInterface
GetIfEntry
GetIpAddrTable
GetBestRoute
GetIpForwardTable
SendARP
GetExtendedUdpTable

gdiplus

GdipGetImageEncoders
GdipCloneImage
GdipAlloc
GdipSaveImageToStream
GdiplusStartup
GdipGetImageWidth
GdipGetImageHeight
GdiplusShutdown
GdipDisposeImage
GdipFree
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0

secur32

FreeCredentialsHandle
DeleteSecurityContext
CompleteAuthToken
InitializeSecurityContextA
AcquireCredentialsHandleA
FreeContextBuffer
QuerySecurityPackageInfoA

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGenRandom

Exports

Exports

DoSelfDestruction
RACleanup
RAwmain

Sections

.text
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 138KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LogMeIn.exe
.exe windows x64

5ec42f726061f5972d3f40d75f46ced5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:2b:2c:3c:d8:59:f9:61:d9:21:22:92:a7:2c:20:8b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/10/2009, 00:00

Not After

10/10/2012, 23:59

Subject

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

80:7e:b8:67:a2:d4:60:99:a8:7e:e1:26:d6:27:09:d8:11:30:b1:8d
Signer

Actual PE Digest

80:7e:b8:67:a2:d4:60:99:a8:7e:e1:26:d6:27:09:d8:11:30:b1:8d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

08/11/2010, 10:58
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OpenMutexW
CreateMutexW
CloseHandle
WaitForSingleObject
ReleaseMutex
GetModuleFileNameW
GetLocalTime
SetFilePointer
CreateFileW
GetProcAddress
LoadLibraryExW
GetLastError
WriteFile
FreeLibrary
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
HeapSize
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSection
HeapReAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlVirtualUnwind
FlushFileBuffers
CreateFileA

advapi32

RegQueryValueExW
RegOpenKeyExW

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LogMeInAV.dll
.dll windows x64

61a5c4f99b8dc9c3e75ae10cdf7a0dd8

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:5c:29:e7:e5:ce:e8:2f:b7:c3:8f:0b:c8:42:e5:0c:19:c5:0b:d1:4b:21:69:64:9e:b2:39:93:6f:45:66:e6
Signer

Actual PE Digest

e4:5c:29:e7:e5:ce:e8:2f:b7:c3:8f:0b:c8:42:e5:0c:19:c5:0b:d1:4b:21:69:64:9e:b2:39:93:6f:45:66:e6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:04
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlVirtualUnwind
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
VerSetConditionMask
RtlPcToFileHeader
NtQuerySystemInformation

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CryptUnprotectData
CertGetCertificateContextProperty

kernel32

LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsFree
GetSystemTimeAsFileTime
SystemTimeToFileTime
QueryPerformanceFrequency
GetTimeZoneInformation
LocalFree
Sleep
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionEx
GetLastError
GetExitCodeProcess
WaitForSingleObject
WaitForMultipleObjects
CreateProcessW
SetEvent
MultiByteToWideChar
FileTimeToSystemTime
CloseHandle
CreateEventW
GetTempPathW
GetModuleFileNameW
TlsSetValue
GetSystemDirectoryW
GetCurrentProcess
LoadLibraryW
EnterCriticalSection
WideCharToMultiByte
WriteConsoleW
SetStdHandle
GetConsoleCP
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
IsValidCodePage
GetFileSizeEx
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
InterlockedFlushSList
GetSystemTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
FindFirstFileW
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GetFileType
GetEnvironmentVariableW
GetStdHandle
GetModuleHandleExW
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
InitializeCriticalSectionAndSpinCount
GetLocaleInfoEx
CreateFileW
SetLastError
ReadFile
GetCurrentThread
GetTickCount
GetCommandLineA
QueryPerformanceCounter
HeapCreate
HeapDestroy
HeapAlloc
HeapSize
HeapFree
HeapReAlloc
VerifyVersionInfoW
FormatMessageA
lstrcmpiA
SetFilePointer
WriteFile
FlushFileBuffers
SetEndOfFile
FindClose
GetCPInfo
GetModuleHandleA
GetProcAddress
FreeLibrary
GetCurrentProcessId
LoadLibraryA
ExitProcess
GetProductInfo
GetSystemDirectoryA
OpenProcess
GetProcessTimes
OpenThread
GetThreadTimes
GetTempPathA
GetPrivateProfileStringA
GlobalFree
IsDebuggerPresent
OutputDebugStringW
GetCurrentDirectoryW
CreateDirectoryW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
MoveFileExW
GetFileInformationByHandleEx
WaitForSingleObjectEx
GetExitCodeThread
GetStringTypeW
EncodePointer
GetModuleHandleW
LCMapStringEx
CompareStringEx
SetErrorMode

user32

CharNextExA
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics
MessageBoxW

advapi32

CryptSignHashW
CryptDestroyHash
AllocateAndInitializeSid
EqualSid
CryptCreateHash
FreeSid
CryptDecrypt
CryptEnumProvidersW
CryptImportKey
CryptDestroyKey
CryptGetUserKey
InitiateSystemShutdownExW
DeregisterEventSource
OpenProcessToken
OpenThreadToken
RegisterEventSourceW
ReportEventW
GetTokenInformation
RegCloseKey
RegDeleteKeyExW
CryptAcquireContextW
CryptGenRandom
RegDeleteKeyValueW
RegCreateKeyExW
RegDeleteTreeW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
CryptReleaseContext
CryptGetKeyParam
CryptExportKey
CryptSetHashParam
CryptGetProvParam

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysAllocStringLen
SysAllocString
VariantClear
SysStringLen
SysFreeString

ws2_32

htonl
ntohs
htons
gethostbyname
inet_addr
WSASetLastError
getsockopt
setsockopt
shutdown
getservbyport
send
recv
connect
WSAGetLastError
WSACleanup
closesocket
socket
WSAStartup
gethostbyaddr
gethostname
getsockname
inet_pton
select
getservbyname
inet_ntoa

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

secur32

QuerySecurityPackageInfoA
FreeContextBuffer
AcquireCredentialsHandleA
InitializeSecurityContextA
CompleteAuthToken
DeleteSecurityContext
FreeCredentialsHandle

wininet

DetectAutoProxyUrl
InternetInitializeAutoProxyDll

bcrypt

BCryptGenRandom

Exports

Exports

CreateServiceHandler
DestroyServiceHandler
LogMeInAV_DropLocalExclusions
LogMeInAV_HasLocalExclusions
LogMeInAV_Installed
LogMeInAV_Register
LogMeInAV_Unregister

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 620KB - Virtual size: 619KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LogMeInAVServer.exe
.exe windows x64

4ec80a1548ef74f8ea62fdea95d589f2

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ae:56:90:3b:f2:ae:22:12:f9:3e:c1:bd:1a:76:34:0b:2f:5e:56:4a:6b:92:32:97:15:0b:24:e3:7b:f9:fe:1e
Signer

Actual PE Digest

ae:56:90:3b:f2:ae:22:12:f9:3e:c1:bd:1a:76:34:0b:2f:5e:56:4a:6b:92:32:97:15:0b:24:e3:7b:f9:fe:1e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:04
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertOpenStore
CryptStringToBinaryW
CertGetNameStringW
CryptProtectData
CryptUnprotectData
CryptBinaryToStringW
CertGetCertificateContextProperty
CertFreeCertificateContext

kernel32

OpenProcess
GetModuleHandleW
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
lstrcmpiW
MultiByteToWideChar
K32GetModuleFileNameExW
GetCommandLineW
SetEvent
WaitForSingleObject
CreateEventW
CreateThread
VerSetConditionMask
InitializeCriticalSection
GetSystemTimeAsFileTime
LoadLibraryExA
LoadLibraryA
VerifyVersionInfoW
LocalFree
GetTimeZoneInformation
FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToFileTime
QueryPerformanceCounter
FileTimeToLocalFileTime
ReadFile
SetLastError
CreateFileW
GetCurrentDirectoryW
FindClose
FindFirstFileW
FindNextFileW
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSectionEx
DecodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetExitCodeThread
Sleep
RaiseException
GetWindowsDirectoryA
GetSystemDirectoryA
GetTickCount
GetLocalTime
GetThreadContext
SuspendThread
SetThreadPriority
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetLastError
SetUnhandledExceptionFilter
CloseHandle
WriteFile
SetFilePointer
GetFileSize
GetFileAttributesA
GetProcessIdOfThread
CreateFileA
CreateDirectoryA
GetEnvironmentVariableA
GetProcAddress
GetModuleFileNameA
FreeLibrary
GetCurrentDirectoryA
SetCurrentDirectoryA
LoadLibraryW
GetModuleFileNameW
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
GetSystemInfo
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
GetProcessHeap
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
GetConsoleCP
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
SetEnvironmentVariableW
FreeLibraryAndExitThread
ExitThread
RtlUnwindEx
RtlPcToFileHeader
GetSystemTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertFiberToThread
DeleteFiber
GetFileType
GetEnvironmentVariableW
GetStdHandle
GetModuleHandleExW
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
GetSystemWow64DirectoryW
IsWow64Process
GetSystemDirectoryW
GetCurrentProcess
DeleteFileA
OpenThread
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
CreateEventA
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
HeapAlloc
HeapSize
HeapFree
HeapReAlloc
FlushFileBuffers
SetEndOfFile
GetFileTime
GetProductInfo
ResetEvent
SetErrorMode
GetModuleHandleA
ExitProcess
FormatMessageA
ReleaseMutex
WaitForSingleObjectEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
CreateDirectoryW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
GetStringTypeW
EncodePointer
InitOnceExecuteOnce
GetCurrentProcessorNumber

user32

CharNextExA
CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
CharUpperW
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
GetSystemMetrics

advapi32

CryptGetProvParam
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptSetHashParam
ReportEventW
RegisterEventSourceW
RevertToSelf
RegCloseKey
RegCreateKeyExW
OpenProcessToken
GetTokenInformation
OpenThreadToken
ConvertSidToStringSidW
CryptDestroyKey
CryptGetUserKey
CryptExportKey
DeregisterEventSource
RegDeleteKeyW
CryptAcquireContextW
CryptGenRandom
RegDeleteKeyValueW
RegQueryValueExW
CryptReleaseContext
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
CryptEnumProvidersW

shell32

SHGetFolderPathW
SHGetKnownFolderPath

ole32

StringFromGUID2
CoCreateGuid
CoUninitialize
CoInitializeEx
CoCreateInstance
CoGetCallerTID
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoRevokeClassObject
CoResumeClassObjects
CoAddRefServerProcess
CoReleaseServerProcess
CoInitialize
CoRegisterClassObject

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysFreeString
SysAllocString
VarUI4FromStr
SysStringLen
SysAllocStringLen

ws2_32

socket
closesocket
WSACleanup
WSAGetLastError
WSAStartup
bind
setsockopt
listen
inet_ntop
ntohs
WSASetLastError
htons
WSASend
WSARecv
WSASocketA
WSAIoctl
WSAGetOverlappedResult
freeaddrinfo
getaddrinfo
inet_pton
getsockname
getpeername
recv
send

version

GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 814KB - Virtual size: 813KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 298KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LogMeInRC.exe
.exe windows x64

a2a8ee2ed6f299aad0b6f07831cc51be

Code Sign

1c:68:3f:7b:8f:fb:cd:ac:e1:92:7d:58:8d:49:06:cf
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/09/2015, 00:00

Not After

07/11/2018, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

bc:be:ad:74:0d:00:5d:f0:86:6d:ea:cd:b4:e4:db:91:6a:ef:b8:36:7c:74:90:4e:fe:8d:d3:6f:71:77:4f:a3
Signer

Actual PE Digest

bc:be:ad:74:0d:00:5d:f0:86:6d:ea:cd:b4:e4:db:91:6a:ef:b8:36:7c:74:90:4e:fe:8d:d3:6f:71:77:4f:a3

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/10/2018, 11:55
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
OpenMutexW
WriteFile
GetLastError
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
SetFilePointerEx
SetFilePointer
GetLocalTime
CreateFileW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
WriteConsoleW

advapi32

RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LogMeInSystray.dll
.dll windows x64

34fae8ba0f3bc73acb9be653191809a6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:ca:74:3d:bf:66:16:02:d3:4e:0b:85:dd:83:45:32:91:57:53:0c:a2:3f:58:ef:e0:49:ce:d6:75:ef:c7:e1
Signer

Actual PE Digest

0e:ca:74:3d:bf:66:16:02:d3:4e:0b:85:dd:83:45:32:91:57:53:0c:a2:3f:58:ef:e0:49:ce:d6:75:ef:c7:e1

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:04
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CryptUnprotectData
CryptProtectData

ws2_32

gethostbyname
gethostname
getservbyport
getservbyname
WSASetLastError
closesocket
recv
select
send
WSAStartup
WSACleanup
gethostbyaddr
getsockname
getpeername
WSAGetLastError
socket
ntohs
ntohl
ioctlsocket
connect
inet_ntoa
inet_addr
htons
htonl

rntfywnd

?CreateInstance@@YAPEAUINotifyManager@@PEAUHWND__@@PEAUHINSTANCE__@@@Z
?InitComponents@@YAXPEAUHINSTANCE__@@@Z

kernel32

GlobalFlags
GetFullPathNameW
GetVolumeInformationW
LockFile
UnlockFile
DuplicateHandle
GlobalGetAtomNameW
VirtualProtect
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GlobalFindAtomW
GetSystemDefaultUILanguage
FindResourceExW
GetTempPathW
GetProfileIntW
GetTempFileNameW
GetUserDefaultLCID
WaitForSingleObjectEx
RtlLookupFunctionEntry
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
GetCPInfo
CompareStringEx
LCMapStringEx
GetStringTypeW
GetUserDefaultUILanguage
GetLocaleInfoW
GetCurrentDirectoryW
SystemTimeToTzSpecificLocalTime
EncodePointer
LocalReAlloc
GlobalHandle
GlobalReAlloc
CopyFileW
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
lstrcmpW
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
OutputDebugStringA
LocalAlloc
TerminateProcess
OpenEventW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
RtlCaptureContext
Thread32Next
Thread32First
CreateToolhelp32Snapshot
SetUnhandledExceptionFilter
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
GlobalFree
OpenProcess
QueryPerformanceCounter
GetProductInfo
VerifyVersionInfoW
VerSetConditionMask
ExitProcess
SetErrorMode
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemTimeAsFileTime
ResetEvent
CompareStringW
GetFileTime
SetEndOfFile
FlushFileBuffers
WriteFile
GetFileType
GetStdHandle
RtlVirtualUnwind
InitializeCriticalSection
GetFileSize
FormatMessageW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
GetExitCodeThread
SetThreadPriority
VirtualQuery
OpenEventA
CreateMutexA
lstrcmpiW
LoadLibraryExW
GetComputerNameW
lstrlenA
lstrcmpiA
FindResourceW
SizeofResource
LockResource
LoadResource
GetVersionExW
GetTickCount
CreateMutexW
DeleteFileW
GetEnvironmentVariableW
SetFilePointer
ReadFile
CreateFileW
CreateFileA
GetSystemDefaultLangID
GetUserDefaultLangID
WideCharToMultiByte
MultiByteToWideChar
GetSystemDirectoryA
GetModuleHandleW
GetWindowsDirectoryW
GetStartupInfoW
CreateProcessW
WaitForDebugEvent
ContinueDebugEvent
GetFileAttributesW
SearchPathW
GetCommandLineW
GlobalUnlock
OutputDebugStringW
GlobalLock
GlobalSize
Sleep
LeaveCriticalSection
EnterCriticalSection
FindNextFileW
FindFirstFileW
FindClose
GetTimeFormatW
lstrcatW
lstrcpyW
lstrcpynW
MulDiv
GetModuleHandleA
GetVersion
GetLocalTime
lstrlenW
LoadLibraryA
GetModuleHandleExW
CreateEventW
LocalFree
GetModuleFileNameA
WaitForMultipleObjects
CreateEventA
WaitForSingleObject
SetEvent
SetLastError
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetLastError
RaiseException
CloseHandle
DecodePointer
LoadLibraryW
GetModuleFileNameW
GetSystemWow64DirectoryW
IsWow64Process
GetSystemDirectoryW
GetCurrentProcess
GetProcAddress
FreeLibrary
GetLocaleInfoEx
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
GetSystemInfo
VirtualAlloc
CreateThread
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
GetCommandLineA
HeapQueryInformation
QueryPerformanceFrequency
SetStdHandle
GetDateFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
RtlUnwind

user32

DrawTextExW
RealChildWindowFromPoint
GetDesktopWindow
CopyImage
CheckDlgButton
GetMonitorInfoW
MonitorFromWindow
WinHelpW
SetScrollInfo
LoadIconW
GetWindow
GetTopWindow
GetClassNameW
GetClassLongPtrW
SetWindowLongW
PtInRect
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
ScrollWindow
EndPaint
BeginPaint
SetActiveWindow
SetMenu
GetMenu
GetCapture
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsChild
IsMenu
GetClassInfoExW
GetClassInfoW
GetMessageTime
GetMessagePos
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
GetFocus
GetLastActivePopup
GetWindowLongW
IsWindowEnabled
ShowOwnedPopups
CallNextHookEx
SetWindowsHookExW
ValidateRect
PeekMessageW
GetMessageW
CharNextExA
CharLowerW
MessageBoxW
BringWindowToTop
AttachThreadInput
SystemParametersInfoW
SystemParametersInfoA
UnhookWindowsHookEx
SendMessageTimeoutW
CharNextW
GetIconInfo
DrawIconEx
LoadImageW
DestroyIcon
DrawFocusRect
FindWindowW
SetRect
ChildWindowFromPoint
ScreenToClient
ReleaseDC
SetForegroundWindow
SetMenuDefaultItem
GetMenuItemInfoW
InsertMenuItemW
TrackPopupMenu
TabbedTextOutW
RemoveMenu
EnableMenuItem
DestroyMenu
CreatePopupMenu
LoadMenuW
SendDlgItemMessageW
SetDlgItemTextW
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
RegisterClassW
GetDoubleClickTime
CallWindowProcW
PostQuitMessage
IsRectEmpty
MessageBeep
EnableScrollBar
DispatchMessageW
TranslateMessage
RegisterWindowMessageW
UnregisterClassW
SendMessageW
PostMessageW
DestroyWindow
ShowWindow
RegisterWindowMessageA
wsprintfW
wsprintfA
EnumChildWindows
SetMenuItemInfoW
GetMenuItemCount
GetMenuItemID
GetSubMenu
LoadCursorW
GetParent
GetCursorPos
SetCursor
GetWindowTextW
GetDC
UpdateWindow
DrawTextW
ReleaseCapture
SetCapture
GetActiveWindow
KillTimer
SetTimer
IsWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
GetPriorityClipboardFormat
GetClipboardData
CloseClipboard
OpenClipboard
GetScrollInfo
IsDialogMessageW
SetWindowLongPtrW
GetWindowLongPtrW
FillRect
GetSysColor
ClientToScreen
GetWindowRect
GetClientRect
GetWindowTextLengthW
SetWindowTextW
SetScrollPos
RedrawWindow
InvalidateRect
GetForegroundWindow
GetSystemMetrics
EnableWindow
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
EndDialog
HideCaret
InvertRect
NotifyWinEvent
SetClipboardData
GetMenuDefaultItem
MapVirtualKeyW
GetKeyNameTextW
SetLayeredWindowAttributes
DestroyCursor
GetWindowRgn
CreateMenu
GetWindowDC
DialogBoxParamW
CreateDialogParamW
CharUpperW
GetSysColorBrush
InflateRect
SendDlgItemMessageA
SetRectEmpty
OffsetRect
CreateDialogIndirectParamW
GetNextDlgTabItem
GetAsyncKeyState
MoveWindow
SetWindowPos
SubtractRect
GrayStringW
MapDialogRect
IntersectRect
TrackMouseEvent
GetNextDlgGroupItem
DeleteMenu
WindowFromPoint
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
EnumDisplayMonitors
IsClipboardFormatAvailable
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
LockWindowUpdate
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
GetComboBoxInfo
ReuseDDElParam
UnpackDDElParam
TranslateAcceleratorW
LoadAcceleratorsW
MonitorFromPoint
UpdateLayeredWindow
UnionRect
DrawIcon
FrameRect
CopyIcon
SetCursorPos
GetSystemMenu
IsZoomed
DrawFrameControl
DrawEdge
SetParent
SetWindowRgn
SetClassLongPtrW
DrawStateW
EmptyClipboard
GetWindowThreadProcessId
GetUpdateRect

gdi32

TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextExtentPoint32W
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextMetricsW
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
SetPixel
StretchBlt
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
BitBlt
SetBkColor
CopyMetaFileW
CreateBitmap
CreateDCW
CreateDIBSection
GetTextExtentPointW
GetDIBits
GetObjectW
SetTextColor
SetBkMode
CreateFontIndirectW
MoveToEx
SelectObject
LineTo
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreatePen
GetTextCharsetInfo
CreateCompatibleDC

msimg32

TransparentBlt
AlphaBlend

comdlg32

ChooseFontW
ChooseColorW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

OpenSCManagerW
RegOpenKeyExW
OpenProcessToken
OpenThreadToken
RegQueryValueW
RegEnumKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupPrivilegeValueW
AdjustTokenPrivileges
SetNamedSecurityInfoW
StartServiceW
QueryServiceStatus
OpenServiceW
GetTokenInformation
ControlService
CloseServiceHandle
RegQueryValueExA
RegOpenKeyExA
RegQueryInfoKeyW
FreeSid
EqualSid
AllocateAndInitializeSid
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
RegQueryValueExW

shell32

DragQueryFileW
SHGetDesktopFolder
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
DragFinish
Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW
SHAppBarMessage
SHGetFileInfoW

comctl32

ord17

shlwapi

AssocQueryStringW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW

uxtheme

DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetThemePartSize
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
GetWindowTheme
IsAppThemed

ole32

RevokeDragDrop
ReleaseStgMedium
CoInitializeSecurity
CoCreateInstance
CreateGenericComposite
CreateFileMoniker
CreateItemMoniker
GetRunningObjectTable
OleInitialize
OleUninitialize
CoRegisterClassObject
CoRevokeClassObject
RegisterDragDrop
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoCreateGuid
CoInitialize
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoTaskMemAlloc
OleDuplicateData
CoDisconnectObject
CoInitializeEx
CreateStreamOnHGlobal
DoDragDrop
OleGetClipboard
CoLockObjectExternal
OleLockRunning

oleaut32

SafeArrayGetElement
VariantInit
VariantClear
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysAllocString
VariantChangeType
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayGetElemsize
VariantCopy
VarBstrFromDate
SafeArrayCreate
SysStringLen
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SysFreeString

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipDrawImageRectI
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipCreateBitmapFromStream
GdipGetImageWidth

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

msi

ord145
ord70
ord103
ord125
ord8
ord17
ord74
ord246

Exports

Exports

MessagePump
RAGuiCleanup
RAGuiInit

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 676KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LogMeInSystray.exe
.exe windows x64

aadd8f34f17ff26ce6200e8a485c0dd1

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:a3:06:85:36:a3:b9:5d:a9:60:21:c8:69:5e:68:d8:4f:e2:0e:c1:61:c5:65:71:5a:85:99:d5:02:3d:93:7a
Signer

Actual PE Digest

53:a3:06:85:36:a3:b9:5d:a9:60:21:c8:69:5e:68:d8:4f:e2:0e:c1:61:c5:65:71:5a:85:99:d5:02:3d:93:7a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 11:52
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
OpenMutexW
GetLocalTime
WriteFile
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
WriteConsoleW
SetFilePointer
GetLastError
CreateFileW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetFileType
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc

user32

GetMessageW

advapi32

RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/LogMeInToolkit.exe
.exe windows x64

400ca7288f4ab41ec2d1702ac2fca2f6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:5a:57:56:a5:29:38:ac:07:ad:a3:94:45:06:0a:ac:e0:23:f0:e4:b4:52:8d:05:f6:be:b4:84:04:90:09:99
Signer

Actual PE Digest

01:5a:57:56:a5:29:38:ac:07:ad:a3:94:45:06:0a:ac:e0:23:f0:e4:b4:52:8d:05:f6:be:b4:84:04:90:09:99

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:04
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileType
GetEnvironmentVariableW
GetStdHandle
RtlVirtualUnwind
ExitProcess
WideCharToMultiByte
FindNextFileW
FindFirstFileW
GetCurrentDirectoryW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetExitCodeThread
SetThreadPriority
ResumeThread
SetFilePointer
CreateFileA
GetSystemDefaultLangID
GetUserDefaultLangID
GetSystemDirectoryA
CreateEventA
InitializeCriticalSection
GetCurrentDirectoryA
GetModuleFileNameA
SetCurrentDirectoryA
VirtualQuery
ResetEvent
DeleteFileW
GetFileSize
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
GlobalAlloc
GlobalLock
GlobalUnlock
GetThreadLocale
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVersionExW
FindClose
CreateMutexW
GetComputerNameExW
SetLastError
GetTempPathA
GetTempFileNameA
GetPrivateProfileStringA
DeleteFileA
GlobalFree
LocalAlloc
lstrcpynW
GetCommandLineW
LocalFree
CreateToolhelp32Snapshot
Process32First
Process32Next
MultiByteToWideChar
SetEvent
ConnectNamedPipe
WaitForMultipleObjects
DisconnectNamedPipe
ReadFile
WaitNamedPipeW
CreateFileW
SetNamedPipeHandleState
WriteFile
FlushFileBuffers
CreateNamedPipeW
Sleep
GetComputerNameW
MulDiv
lstrlenW
LoadLibraryA
GetModuleHandleExW
CreateEventW
CreateDirectoryW
GetFileAttributesW
GetLastError
GetCurrentThread
HeapReAlloc
CloseHandle
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
GetCurrentThreadId
HeapSize
GetTickCount
OutputDebugStringW
SizeofResource
LockResource
LoadResource
FindResourceW
LoadLibraryW
IsWow64Process
GetCurrentProcess
GetSystemWow64DirectoryW
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
GetEnvironmentVariableA
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
SetStdHandle
HeapQueryInformation
GetCommandLineA
SetConsoleCtrlHandler
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetFileInformationByHandle
GetDriveTypeW
SetEnvironmentVariableW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
RtlUnwindEx
RtlPcToFileHeader
GetLocaleInfoEx
GetCPInfo
CompareStringEx
GetSystemDirectoryW
GetModuleFileNameW
GetProcAddress
FreeLibrary
GetCurrentProcessorNumber
InitOnceExecuteOnce
GetSystemTimeAsFileTime
QueryPerformanceCounter
SystemTimeToFileTime
QueryPerformanceFrequency
GetTimeZoneInformation
FormatMessageW
GetFileTime
SetEndOfFile
ReleaseMutex
GetModuleHandleA
SetErrorMode
VerifyVersionInfoW
VerSetConditionMask
PeekNamedPipe
FormatMessageA
GetProductInfo
GetThreadTimes
OpenThread
GetProcessTimes
OpenProcess
InitializeCriticalSectionAndSpinCount
OpenFileMappingW
CreateFileMappingW
RtlCaptureContext
Thread32Next
Thread32First
SetUnhandledExceptionFilter
GetExitCodeProcess
CreateProcessW
OpenEventW
TerminateProcess
DuplicateHandle
VirtualAlloc
lstrcmpW
CreateThread
lstrcmpiW
OutputDebugStringA
EncodePointer
LoadLibraryExW
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
CompareStringW
GlobalSize
CopyFileW
lstrcpyW
VirtualProtect
lstrcmpA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalGetAtomNameW
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
GetTempPathW
FindResourceExW
GetFullPathNameW
GetVolumeInformationW
LockFile
UnlockFile
GetWindowsDirectoryW
GetTempFileNameW
GetUserDefaultLCID
GetProfileIntW
SearchPathW
GetFileAttributesExW
GetFileSizeEx
WaitForSingleObjectEx
RtlLookupFunctionEntry
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
LCMapStringEx
LoadLibraryExA

user32

GetForegroundWindow
BeginPaint
EndPaint
ValidateRect
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
AdjustWindowRectEx
MapWindowPoints
SetWindowLongW
GetClassLongPtrW
GetTopWindow
GetLastActivePopup
GetWindow
SetScrollInfo
GetScrollInfo
WinHelpW
GetDlgItemTextW
CheckDlgButton
IsDlgButtonChecked
SendDlgItemMessageW
IsWindowEnabled
IsDialogMessageW
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
DrawTextExW
GrayStringW
TabbedTextOutW
ClientToScreen
GetMenuStringW
GetMenuState
InsertMenuW
AppendMenuW
RemoveMenu
GetWindowThreadProcessId
LoadMenuW
InflateRect
IntersectRect
CharNextW
CreateDialogIndirectParamW
GetNextDlgTabItem
GetActiveWindow
SendDlgItemMessageA
RegisterClassW
EnumDisplayMonitors
GetAsyncKeyState
MapDialogRect
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
SetWindowContextHelpId
WindowFromPoint
GetKeyNameTextW
MapVirtualKeyW
DestroyMenu
GetMenuItemInfoW
CopyImage
RealChildWindowFromPoint
SetCapture
ReleaseCapture
CopyAcceleratorTableW
InvalidateRgn
IsRectEmpty
LoadImageW
DrawEdge
DrawFrameControl
DrawStateW
SetWindowRgn
ToUnicodeEx
GetKeyboardLayout
CharUpperW
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
DestroyAcceleratorTable
GetSystemMenu
DeleteMenu
MessageBeep
NotifyWinEvent
SetCursorPos
SetParent
BringWindowToTop
CreatePopupMenu
LockWindowUpdate
SetClassLongPtrW
GetNextDlgGroupItem
WaitMessage
RegisterClipboardFormatW
GetMenuDefaultItem
EnableScrollBar
HideCaret
InvertRect
CopyIcon
FrameRect
MonitorFromPoint
UnionRect
GetDoubleClickTime
SetMenuDefaultItem
ModifyMenuW
IsCharLowerW
MapVirtualKeyExW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
CharUpperBuffW
UpdateLayeredWindow
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
GetComboBoxInfo
DestroyCursor
GetWindowRgn
EqualRect
GetClassNameW
IsWindow
SendMessageW
GetSystemMetrics
ReleaseDC
GetDC
GetWindowRect
GetParent
GetWindowDC
SetTimer
KillTimer
GetKeyState
GetClassInfoW
DefWindowProcW
GetDesktopWindow
IsWindowVisible
PostMessageW
FindWindowA
FindWindowW
GetSysColor
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
CallWindowProcW
GetMessageTime
GetMessagePos
PostThreadMessageW
PeekMessageW
DispatchMessageW
CharNextExA
CharLowerW
UpdateWindow
RedrawWindow
InvalidateRect
GetClientRect
FillRect
EnableWindow
BeginDeferWindowPos
SetWindowPlacement
PtInRect
ScreenToClient
DrawFocusRect
GetFocus
LoadCursorW
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
CreateWindowExW
IsZoomed
GetClassInfoExW
GetSysColorBrush
GetWindowLongW
LoadStringW
MsgWaitForMultipleObjects
SetRectEmpty
SetWindowTextW
EnumChildWindows
GetMenuItemCount
GetMenuItemID
SetMenuItemInfoW
GetSubMenu
OffsetRect
GetClassLongW
SetClassLongW
GetWindowTextW
SendNotifyMessageW
GetIconInfo
SetRect
DrawIconEx
DestroyIcon
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
EndDialog
GetTabbedTextExtentW
ShowWindow
IsIconic
SetWindowPos
SetActiveWindow
DrawIcon
PostQuitMessage
SetLayeredWindowAttributes
CopyRect
MonitorFromWindow
GetMonitorInfoW
SetForegroundWindow
SystemParametersInfoW
RegisterWindowMessageW
LoadIconW
TrackMouseEvent
SetWindowsHookExW
MessageBoxW
GetDlgItem
SetDlgItemTextW
DrawTextW
MoveWindow
UnhookWindowsHookEx
CallNextHookEx
AllowSetForegroundWindow
SetWindowLongPtrW
GetWindowLongPtrW
ShowScrollBar
UnregisterClassW

gdi32

MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
SetTextAlign
SetROP2
SetPolyFillMode
SetWindowOrgEx
GetLayout
SetLayout
SetMapMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
CopyMetaFileW
CreateRectRgn
GetTextExtentPointW
GetDIBits
GetTextExtentPoint32W
GetStockObject
CreateFontW
GetDeviceCaps
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetBkMode
GetObjectW
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
SetTextColor
SetBkColor
ScaleWindowExtEx
CreateSolidBrush
GetTextMetricsW
OffsetWindowOrgEx
Polyline
GetTextFaceW
SetPixelV
GetViewportOrgEx
GetWindowOrgEx
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
SetPaletteEntries
ExtFloodFill
RoundRect
OffsetRgn
Rectangle
LPtoDP
SetDIBColorTable
StretchBlt
SetPixel
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
CreateRoundRectRgn
CreateDCW
Polygon
CreatePolygonRgn
Ellipse
CreateEllipticRgn
GetRgnBox
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
GetTextColor
GetBkColor
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CreateRectRgnIndirect
CombineRgn
CreateFontIndirectW

comdlg32

GetOpenFileNameW

advapi32

CryptGenRandom
RegCreateKeyExW
CryptReleaseContext
ConvertSidToStringSidW
OpenThreadToken
SetNamedSecurityInfoW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegQueryValueExA
RegOpenKeyExA
FreeSid
EqualSid
GetTokenInformation
OpenProcessToken
AllocateAndInitializeSid
CryptAcquireContextW

shell32

SHGetFileInfoW
SHGetSpecialFolderLocation
SHAppBarMessage
DragQueryFileW
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderW
SHGetPathFromIDListW
DragFinish
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW

ole32

StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
OleLockRunning
CoGetClassObject
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoRevokeClassObject
CoRegisterMessageFilter
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoDisconnectObject
CoInitializeEx
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoCreateInstance
CoUninitialize
CoInitializeSecurity
StgCreateDocfileOnILockBytes
CoInitialize
CoTaskMemFree
CoFreeUnusedLibraries
CoTaskMemAlloc

oleaut32

VarBstrFromDate
LoadTypeLi
VariantInit
VarBstrCmp
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayGetUBound
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
OleCreateFontIndirect
VariantChangeType
SysAllocStringLen
SafeArrayGetElemsize
SafeArrayGetElement
SafeArrayUnlock
SafeArrayDestroy
VariantClear
SysAllocString
SysFreeString
SafeArrayGetLBound
SafeArrayAccessData

msimg32

AlphaBlend
TransparentBlt

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
StrFormatKBSizeW
PathFindFileNameW
PathFindExtensionW

uxtheme

DrawThemeText
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
DrawThemeParentBackground
GetThemeSysColor
GetWindowTheme
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetCurrentThemeName

oledlg

OleUIBusyW

urlmon

URLDownloadToFileA
CoInternetSetFeatureEnabled

gdiplus

GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCloneImage
GdipBitmapLockBits
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipBitmapUnlockBits
GdipDrawImageI

wininet

DetectAutoProxyUrl
InternetQueryOptionA
InternetCloseHandle

version

VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoA

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

msi

ord17
ord103
ord246
ord145
ord70
ord74
ord125
ord8

winmm

PlaySoundW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 788KB - Virtual size: 787KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/O2MRunner.dll
.dll windows x64

022d634b9523886b09739f4f3cd34833

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e5:fb:79:20:62:72:25:d9:28:5a:7a:5e:d5:c4:de:82:23:70:8c:df:a3:68:98:8c:1a:6e:ff:5f:f2:70:63:f7
Signer

Actual PE Digest

e5:fb:79:20:62:72:25:d9:28:5a:7a:5e:d5:c4:de:82:23:70:8c:df:a3:68:98:8c:1a:6e:ff:5f:f2:70:63:f7

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:04
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

userenv

DestroyEnvironmentBlock
LoadUserProfileW
UnloadUserProfile
CreateEnvironmentBlock

kernel32

GetExitCodeProcess
GetSystemDirectoryW
LocalFree
CreateFileW
WriteFile
ReadFile
SetHandleInformation
CreatePipe
CreateProcessW
GetModuleFileNameW
CloseHandle
WaitForMultipleObjects
GetLastError
CreateEventW
SetEvent
WaitForSingleObject
InitOnceBeginInitialize
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
GetProcessHeap
GetFileSizeEx
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
InitializeCriticalSectionEx
Sleep
GetTimeZoneInformation
FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetTickCount
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
SetLastError
MultiByteToWideChar
GetFileSize
WideCharToMultiByte
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
TlsAlloc
DeleteCriticalSection
TlsGetValue
TlsFree
HeapCreate
HeapDestroy
HeapAlloc
HeapSize
HeapFree
HeapReAlloc
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetFileTime
SetFileTime
FindClose
GetFileAttributesW
VerSetConditionMask
VerifyVersionInfoW
lstrcmpiA
FormatMessageA
SetErrorMode
GetModuleHandleA
GetProcAddress
FreeLibrary
GetCurrentProcessId
GetCurrentProcess
LoadLibraryA
ExitProcess
RaiseException
GetProductInfo
GetSystemDirectoryA
GetProcessTimes
OpenThread
GetThreadTimes
GetTempPathA
GetPrivateProfileStringA
GlobalFree
WaitForSingleObjectEx
GetExitCodeThread
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
RtlPcToFileHeader
IsProcessorFeaturePresent
InitOnceComplete
RtlUnwind
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
GetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
GetStringTypeW
EncodePointer
DecodePointer
LCMapStringEx
GetModuleHandleW
CompareStringEx
GetCPInfo
GetLocaleInfoEx
InitializeCriticalSectionAndSpinCount
GetStdHandle
GetEnvironmentVariableW
GetFileType
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
RtlVirtualUnwind
LoadLibraryW
FindFirstFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTime
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
InterlockedFlushSList
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale

advapi32

CryptReleaseContext
RegQueryValueExW
CryptExportKey
DeregisterEventSource
RegisterEventSourceW
RegSetValueExW
RegDeleteTreeW
RegCreateKeyExW
RegDeleteKeyValueW
CryptGenRandom
CryptAcquireContextW
RegDeleteKeyExW
OpenProcessToken
AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
CryptImportKey
CryptDestroyKey
ReportEventW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo
LogonUserW
CreateProcessAsUserW
CryptSetHashParam
CryptGetProvParam
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptGetUserKey
CryptSignHashW
CryptEnumProvidersW
CryptGetKeyParam

shell32

SHGetFolderPathW

crypt32

CryptUnprotectData
CertCloseStore
CertEnumCertificatesInStore
CryptProtectData
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

ws2_32

getservbyport
ntohs
inet_ntoa
htonl
getservbyname
htons
gethostbyname
inet_addr
WSASetLastError
getsockopt
gethostbyaddr
shutdown
select
send
recv
connect
WSAGetLastError
WSACleanup
closesocket
socket
WSAStartup
getsockname
inet_pton
setsockopt
gethostname

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

secur32

InitializeSecurityContextA
AcquireCredentialsHandleA
FreeContextBuffer
CompleteAuthToken
FreeCredentialsHandle
DeleteSecurityContext
QuerySecurityPackageInfoA

wininet

InternetInitializeAutoProxyDll
DetectAutoProxyUrl

bcrypt

BCryptGenRandom

user32

GetUserObjectInformationW
GetProcessWindowStation
CharNextExA
MessageBoxW
GetSystemMetrics

Exports

Exports

O2MRunner_ClearImpersonationCredentials
O2MRunner_CreateServiceHandler
O2MRunner_DestroyServiceHandler
O2MRunner_SetImpersonationCredentials
O2MRunner_StartTaskRunner

Sections

.text
Size: 2.4MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 630KB - Virtual size: 630KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/TouchFilter.cat
x64/TouchFilter.inf
x64/TouchFilter.sys
.exe windows x64

c50bc01005d200f048cd424633faeabd

Code Sign

03:23:91:2f:f1:df:a4:f8:b0:86:77:a2:35:58:73:9d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/11/2018, 00:00

Not After

24/11/2021, 12:00

Subject

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:25:3a:27:38:69:0a:34:51:c1:00:00:00:00:00:25
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/09/2018, 21:30

Not After

06/09/2019, 21:30

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

21:ad:23:f3:9f:4b:ab:82:39:5c:5d:c0:2a:04:77:78:07:a2:bf:61:e1:e8:ca:8a:37:4d:bd:3e:8b:5f:6e:c4
Signer

Actual PE Digest

21:ad:23:f3:9f:4b:ab:82:39:5c:5d:c0:2a:04:77:78:07:a2:bf:61:e1:e8:ca:8a:37:4d:bd:3e:8b:5f:6e:c4

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

21:ad:23:f3:9f:4b:ab:82:39:5c:5d:c0:2a:04:77:78:07:a2:bf:61:e1:e8:ca:8a:37:4d:bd:3e:8b:5f:6e:c4
Signer

Actual PE Digest

21:ad:23:f3:9f:4b:ab:82:39:5c:5d:c0:2a:04:77:78:07:a2:bf:61:e1:e8:ca:8a:37:4d:bd:3e:8b:5f:6e:c4

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

27/11/2018, 10:12
Valid: true

Chain 1

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlCopyUnicodeString
DbgPrint

wdfldr.sys

WdfVersionUnbind
WdfVersionBindClass
WdfVersionBind
WdfVersionUnbindClass

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 562B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Vista/LMIRfsDriver.sys
.exe windows x64

d19006c464f6626bf3f4f687adf7e266

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:c5:0c:01:52:ab:6d:16:2b:83:2a:c3:52:8b:10:f1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/10/2006, 00:00

Not After

11/10/2009, 23:59

Subject

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bc:97:43:1d:83:37:1d:21:19:bb:e1:4d:95:07:49:eb:3c:0c:49:26
Signer

Actual PE Digest

bc:97:43:1d:83:37:1d:21:19:bb:e1:4d:95:07:49:eb:3c:0c:49:26

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

27/02/2023, 09:32
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

__C_specific_handler
ExFreePoolWithTag
KeInitializeEvent
ExAcquireResourceSharedLite
ExAllocatePoolWithTag
IoRemoveShareAccess
CcUninitializeCacheMap
CcPurgeCacheSection
ExReleaseResourceLite
CcFlushCache
FsRtlGetNextFileLock
FsRtlFastUnlockAll
IoGetRequestorProcess
FsRtlNotifyCleanup
FsRtlNotifyFullChangeDirectory
ExAcquireResourceExclusiveLite
_local_unwind
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
IoSetTopLevelIrp
RtlMoveMemory
wcsrchr
wcschr
FsRtlDoesNameContainWildCards
RtlCopyMemory
KeGetCurrentThread
CcSetFileSizes
MmCanFileBeTruncated
MmFlushImageSection
IoSetShareAccess
IoCheckShareAccess
RtlCopyUnicodeString
RtlZeroMemory
_snwprintf
wcslen
towupper
CcWaitForCurrentLazyWriterActivity
MmForceSectionClosed
ExReleaseResourceForThreadLite
FsRtlNotifyInitializeSync
ExInitializeResourceLite
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
MmMapLockedPagesSpecifyCache
FsRtlFastCheckLockForWrite
FsRtlFastCheckLockForRead
IoGetCurrentProcess
FsRtlProcessFileLock
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
CcCopyRead
CcMdlRead
CcSetReadAheadGranularity
CcInitializeCacheMap
FsRtlCheckLockForReadAccess
CcMdlReadComplete
IofCompleteRequest
KeWaitForSingleObject
KeLeaveCriticalRegion
KeEnterCriticalRegion
KeSetEvent
ExQueueWorkItem
ExDeleteResourceLite
ZwClose
IoDeleteSymbolicLink
RtlInitUnicodeString
IoDeleteDevice
ExDeleteNPagedLookasideList
FsRtlCopyWrite
FsRtlCopyRead
ExInitializeNPagedLookasideList
IoCreateSymbolicLink
IoCreateDevice
ZwCreateDirectoryObject
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExQueryDepthSList
SeReleaseSubjectContext
SeUnlockSubjectContext
SeQueryAuthenticationIdToken
SeLockSubjectContext
SeCaptureSubjectContext
RtlEqualUnicodeString
ObfReferenceObject
ObfDereferenceObject
FsRtlNotifyUninitializeSync
RtlCompareUnicodeString
FsRtlInitializeFileLock
FsRtlUninitializeFileLock
FsRtlNotifyFullReportChange
FsRtlDeregisterUncProvider
IoUnregisterFileSystem
IoRegisterFileSystem
FsRtlRegisterUncProvider
wcsncmp
ObReferenceObjectByHandle
CcCopyWrite
CcPrepareMdlWrite
FsRtlCheckLockForWriteAccess
ExAcquireSharedStarveExclusive
CcMdlWriteComplete
_wcsnicmp

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Vista/LMIinfo.sys
.exe windows x64

4b188bd80f9ecf19c1be57090f959ccf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:7b:7e:4f:14:bb:04:bf:34:c2:66:86:a6:1a:bd:a0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/09/2012, 00:00

Not After

10/10/2015, 23:59

Subject

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

95:2f:f6:42:fd:e3:88:ae:79:9b:aa:fe:f5:55:d8:2f:3d:e3:82:a7
Signer

Actual PE Digest

95:2f:f6:42:fd:e3:88:ae:79:9b:aa:fe:f5:55:d8:2f:3d:e3:82:a7

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

11/01/2013, 12:22
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

__C_specific_handler
RtlFreeAnsiString
strncpy
RtlUnicodeStringToAnsiString
ObQueryNameString
ObfDereferenceObject
ObReferenceObjectByHandle
ZwClose
ZwDuplicateObject
ZwOpenProcess
KeDetachProcess
KeAttachProcess
PsLookupProcessByProcessId
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
ExFreePoolWithTag
RtlCopyMemory
wcslen
ExAllocatePoolWithTag
ZwQueryValueKey
ZwOpenKey

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 762B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Vista/LMImirr.cat
x64/Vista/LMImirr.dll
.dll windows x64

f631c51543f64b1e5c1830afc85e6e55

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:c5:0c:01:52:ab:6d:16:2b:83:2a:c3:52:8b:10:f1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/10/2006, 00:00

Not After

11/10/2009, 23:59

Subject

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

96:06:1f:a0:02:a4:03:6b:0b:8f:06:d4:1b:ec:4b:b6:06:d3:ea:09
Signer

Actual PE Digest

96:06:1f:a0:02:a4:03:6b:0b:8f:06:d4:1b:ec:4b:b6:06:d3:ea:09

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

27/02/2023, 09:32
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

win32k.sys

EngUnloadImage
EngFindImageProcAddress
EngLoadImage
EngFreeMem
EngAllocMem
EngDeletePalette
EngModifySurface
EngCreateDeviceSurface
EngUnmapEvent
EngDeleteSurface
EngCreatePalette
EngCopyBits
EngBitBlt
EngTextOut
EngStrokePath
EngFillPath
EngStrokeAndFillPath
EngPlgBlt
EngStretchBlt
EngStretchBltROP
EngLineTo
EngAlphaBlend
EngTransparentBlt
EngGradientFill
EngSetEvent
EngMapEvent
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
EngBugCheckEx

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Vista/LMImirr.inf
x64/Vista/LMImirr.sys
.exe windows x64

715c39fe5bec009735221ebe60c90a5c

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:c5:0c:01:52:ab:6d:16:2b:83:2a:c3:52:8b:10:f1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/10/2006, 00:00

Not After

11/10/2009, 23:59

Subject

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:ce:29:ea:66:51:1b:a8:a6:d1:63:b1:d4:a7:a1:8f:1e:93:cf:91
Signer

Actual PE Digest

5a:ce:29:ea:66:51:1b:a8:a6:d1:63:b1:d4:a7:a1:8f:1e:93:cf:91

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

27/02/2023, 09:32
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

videoprt.sys

VideoPortZeroMemory
VideoPortInitialize

Sections

.text
Size: 512B - Virtual size: 309B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Vista/LMImirr2.dll
.exe windows x64

23c29e9c1a2ce09d0c683818311c80cc

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:c5:0c:01:52:ab:6d:16:2b:83:2a:c3:52:8b:10:f1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/10/2006, 00:00

Not After

11/10/2009, 23:59

Subject

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:1e:ff:c8:c6:3b:30:fc:67:a0:4c:64:b7:aa:3b:62:06:71:88:93
Signer

Actual PE Digest

8c:1e:ff:c8:c6:3b:30:fc:67:a0:4c:64:b7:aa:3b:62:06:71:88:93

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

27/02/2023, 09:32
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

__C_specific_handler
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
MmUnlockPages
MmUnmapLockedPages
ExAllocatePoolWithTag
ExFreePoolWithTag
ObReferenceObjectByHandle
ObfDereferenceObject
KeWaitForSingleObject
KeReleaseMutex

Exports

Exports

AcquireMutex
AllocScreen
CopyScreenArea
FreeScreen
GetVersion
Map
MapUserModeMutex
Memmove
ReleaseMutex
UnMap
UnMapUserModeMutex

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 291B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Vista/radpms.cat
x64/Vista/radpms.inf
x64/Vista/radpms.sys
.exe windows x64

0a7fda824bcc3f37f05625ae3fe88238

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:2b:2c:3c:d8:59:f9:61:d9:21:22:92:a7:2c:20:8b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/10/2009, 00:00

Not After

10/10/2012, 23:59

Subject

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

58:0f:5a:72:96:19:40:b2:eb:8c:4d:c9:62:e7:8f:ff:a4:40:d5:78
Signer

Actual PE Digest

58:0f:5a:72:96:19:40:b2:eb:8c:4d:c9:62:e7:8f:ff:a4:40:d5:78

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

08/12/2010, 11:19
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
RtlInitUnicodeString
IoDeleteDevice
IofCompleteRequest
IoAttachDeviceToDeviceStack
IoCreateSymbolicLink
IoCreateDevice
IoGetDeviceProperty
KeSetEvent
KeInitializeEvent
PoRequestPowerIrp
KeWaitForSingleObject
DbgPrint
IoDeleteSymbolicLink
ExFreePoolWithTag
IoDetachDevice
IofCallDriver
PoSetPowerState
PoStartNextPowerIrp
PoCallDriver
KeBugCheckEx

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/cppwinrtdll.dll
.dll windows x64

caf3429ec6bd1bd98b5dc6a67f14be92

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:0d:23:35:67:43:64:ef:97:fa:b7:4a:9d:bf:db:e6:05:3b:34:66:72:60:b1:06:39:8c:66:ea:e2:f6:3b:ce
Signer

Actual PE Digest

69:0d:23:35:67:43:64:ef:97:fa:b7:4a:9d:bf:db:e6:05:3b:34:66:72:60:b1:06:39:8c:66:ea:e2:f6:3b:ce

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:04
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
TryEnterCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
AcquireSRWLockExclusive
DeleteCriticalSection
WaitForSingleObjectEx
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetStartupInfoW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlPcToFileHeader
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetFilePointerEx
FlushFileBuffers
GetFileType
GetStdHandle
RtlUnwindEx
WriteFile
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
LCMapStringW
HeapFree
EncodePointer
GetConsoleCP
WriteConsoleW
CreateFileW
HeapReAlloc
HeapSize
GetStringTypeW
SetStdHandle
GetConsoleMode
HeapAlloc
TlsAlloc
TlsGetValue
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsSetValue
TlsFree
FreeLibrary
GetProcessHeap

ole32

CoIncrementMTAUsage

oleaut32

SysFreeString

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

Exports

Exports

drop_cppwinrtdll
make_cppwinrtdll

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/ksu.dll
.dll windows x64

58bece8f6d4481d70e4b9b19676cfe63

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:ca:71:d5:67:96:f9:82:43:9d:21:0f:38:a8:ab:d4:27:3c:cb:2b:ac:50:32:84:aa:7a:49:85:d7:e8:63:8c
Signer

Actual PE Digest

8f:ca:71:d5:67:96:f9:82:43:9d:21:0f:38:a8:ab:d4:27:3c:cb:2b:ac:50:32:84:aa:7a:49:85:d7:e8:63:8c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:04
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsFree
EnterCriticalSection
TlsSetValue
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
SetLastError
GetTickCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
SystemTimeToFileTime
QueryPerformanceFrequency
FileTimeToSystemTime
GetTimeZoneInformation
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionEx
SetEvent
ReadFile
GetExitCodeProcess
SetHandleInformation
CreatePipe
WaitForSingleObject
WaitForMultipleObjects
CreateProcessW
GetLastError
WriteConsoleW
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetProcessHeap
GetConsoleCP
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
SetConsoleCtrlHandler
LoadLibraryExW
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
GetSystemTime
ReadConsoleW
CreateEventW
CloseHandle
LoadLibraryW
GetSystemDirectoryW
GetModuleFileNameW
GetCurrentProcess
HeapCreate
Sleep
HeapDestroy
HeapAlloc
HeapSize
HeapFree
HeapReAlloc
lstrcmpiA
SetFilePointer
WriteFile
FlushFileBuffers
SetEndOfFile
FindClose
ExitProcess
SetErrorMode
GetModuleHandleA
GetProcAddress
FreeLibrary
GetCurrentProcessId
LoadLibraryA
VerSetConditionMask
VerifyVersionInfoW
GetProductInfo
OpenProcess
GetProcessTimes
OpenThread
GetThreadTimes
GetSystemDirectoryA
GetTempPathA
GetPrivateProfileStringA
GlobalFree
GetStringTypeW
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetLocaleInfoEx
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
OutputDebugStringW
GetModuleHandleExW
GetStdHandle
GetEnvironmentVariableW
GetFileType
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
FindFirstFileW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
RtlUnwind

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
CharNextExA
GetSystemMetrics

shell32

SHGetKnownFolderPath
ShellExecuteW

ole32

CoTaskMemFree

ws2_32

gethostbyaddr
getservbyport
ntohs
gethostname
htonl
getservbyname
htons
getsockname
inet_pton
inet_ntoa
gethostbyname
inet_addr
WSASetLastError
getsockopt
setsockopt
shutdown
select
send
recv
connect
WSAGetLastError
WSACleanup
closesocket
socket
WSAStartup

secur32

FreeCredentialsHandle
DeleteSecurityContext
InitializeSecurityContextA
AcquireCredentialsHandleA
FreeContextBuffer
CompleteAuthToken
QuerySecurityPackageInfoA

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

DetectAutoProxyUrl
InternetInitializeAutoProxyDll

bcrypt

BCryptGenRandom

msi

ord70
ord74
ord145
ord125
ord8
ord103
ord17
ord246

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

advapi32

CryptReleaseContext
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptGetProvParam
CryptSetHashParam
OpenProcessToken
AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptGenRandom
ReportEventW
CryptImportKey
CryptDestroyKey
CryptGetUserKey
CryptGetKeyParam
CryptExportKey
DeregisterEventSource
RegisterEventSourceW

Exports

Exports

CreateKSUManager
DestroyKSUManager

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 606KB - Virtual size: 606KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/openssl.exe
.exe windows x64

7de0bb7ef6e541b51aa1f4afdfbe5208

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:ce:63:6e:74:52:60:78:f9:0b:60:f1:31:47:e1:4d:f4:c5:3f:06:c1:5f:f7:31:c9:44:fc:e7:bb:25:ae:99
Signer

Actual PE Digest

51:ce:63:6e:74:52:60:78:f9:0b:60:f1:31:47:e1:4d:f4:c5:3f:06:c1:5f:f7:31:c9:44:fc:e7:bb:25:ae:99

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:04
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

shutdown
__WSAFDIsSet
WSAGetLastError
socket
listen
connect
bind
accept
WSACleanup
WSAStartup
getsockname
ioctlsocket
getnameinfo
freeaddrinfo
getaddrinfo
ntohs
sendto
recvfrom
getsockopt
WSASetLastError
send
closesocket
recv
setsockopt
select

advapi32

CryptCreateHash
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
DeregisterEventSource
CryptDecrypt
CryptExportKey
CryptGetUserKey

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

bcrypt

BCryptGenRandom

kernel32

GetCurrentDirectoryW
GetFileSizeEx
GetFullPathNameW
GetFileAttributesExW
SetEndOfFile
GetNumberOfConsoleInputEvents
PeekConsoleInputA
HeapReAlloc
SetFileAttributesW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetFilePointerEx
ConvertThreadToFiber
FlushFileBuffers
SetStdHandle
CloseHandle
GetLastError
PeekNamedPipe
Sleep
ExitProcess
CreateThread
TerminateThread
GetStdHandle
DeleteFileW
GetFileAttributesW
ReadFile
WriteFile
GetProcessTimes
GetCurrentProcessId
OpenProcess
GetSystemTime
MoveFileW
SystemTimeToFileTime
MultiByteToWideChar
PeekConsoleInputW
GetCommandLineW
GetEnvironmentVariableW
FindFirstFileW
FindNextFileW
WideCharToMultiByte
GetConsoleOutputCP
SetConsoleOutputCP
SetLastError
GetFileType
GetModuleHandleW
GetProcAddress
FormatMessageW
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
RtlUnwind
RtlVirtualUnwind
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
FindClose
QueryPerformanceCounter
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryA
LoadLibraryW
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
LCMapStringW
RtlUnwindEx
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetConsoleCtrlHandler
GetModuleFileNameW
GetCommandLineA
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 632KB - Virtual size: 631KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/racodec.ax
.dll regsvr32 windows x64

7cfe778abe1ba7c18d79e039d133ea9b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

88:a5:5f:e7:6e:f7:0a:f7:87:3a:b6:c6:0e:a6:6a:41:79:f9:28:e4:43:ff:f0:c4:d2:7f:58:2a:f6:32:01:3a
Signer

Actual PE Digest

88:a5:5f:e7:6e:f7:0a:f7:87:3a:b6:c6:0e:a6:6a:41:79:f9:28:e4:43:ff:f0:c4:d2:7f:58:2a:f6:32:01:3a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:04
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FormatMessageW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
GetModuleHandleW
DecodePointer
WriteConsoleW
CreateFileW
ReadConsoleW
ReadFile
FreeLibrary
LoadLibraryW
CloseHandle
DuplicateHandle
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
CreateSemaphoreW
GetCurrentProcess
GetCurrentThreadId
GetSystemInfo
VirtualAlloc
VirtualFree
lstrcmpW
lstrcpynW
lstrlenW
GetModuleFileNameA
lstrlenA
MultiByteToWideChar
GetVersionExW
DisableThreadLibraryCalls
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
GetTickCount
GetProcAddress
lstrcmpiW
IsDebuggerPresent
OutputDebugStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
HeapReAlloc
GetStdHandle
GetFileType
HeapSize
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
RtlUnwind

user32

DispatchMessageW
PostThreadMessageW
GetQueueStatus
MsgWaitForMultipleObjects
MessageBoxW
PeekMessageW
RegisterWindowMessageW
UnregisterClassW

ole32

CoUninitialize
CoFreeUnusedLibraries
CoTaskMemAlloc
CoInitialize
StringFromGUID2
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

winmm

timeSetEvent
timeGetTime

advapi32

RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueW
RegSetValueExW
RegCreateKeyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/radpms.cat
x64/radpms.inf
x64/radpms.sys
.exe windows x64

2e463015a6726795c8aaeb21f362453e

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:0d:35:88:01:02:e2:3d:23:40:f6:9e:b3:c0:e5:61
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/06/2015, 00:00

Not After

22/06/2018, 12:00

Subject

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:12:b0:54:93:ea:dd:ce:eb:4b:00:00:00:00:00:12
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/02/2016, 00:59

Not After

12/05/2017, 00:59

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:ed:7b:0a:e7:91:8d:45:49:6c:17:9c:77:6d:6a:e0:8a:fe:3e:ec:a7:8f:83:ef:4e:06:af:8a:83:9a:64:d2
Signer

Actual PE Digest

ea:ed:7b:0a:e7:91:8d:45:49:6c:17:9c:77:6d:6a:e0:8a:fe:3e:ec:a7:8f:83:ef:4e:06:af:8a:83:9a:64:d2

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

6b:13:d4:dc:cc:4a:6a:d7:65:c2:0a:30:53:fd:12:58:98:75:dd:c8
Signer

Actual PE Digest

6b:13:d4:dc:cc:4a:6a:d7:65:c2:0a:30:53:fd:12:58:98:75:dd:c8

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

10/01/2017, 10:59
Valid: true

Chain 1

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IofCallDriver
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDetachDevice
IoGetDeviceProperty
KeInitializeEvent
IoAttachDeviceToDeviceStack
KeWaitForSingleObject
PoRequestPowerIrp
IoDeleteSymbolicLink
PoRegisterPowerSettingCallback
PoUnregisterPowerSettingCallback
PoSetPowerState
KeBugCheckEx
RtlCopyUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlGetVersion
KeSetEvent
DbgPrint

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/rainst.exe
.exe windows x64

40bb64d186ad541de4147214332c06db

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:09:e3:7b:5d:dc:76:a7:65:1e:67:82:63:c9:fa:7a:8a:dd:97:03:f5:0f:09:88:37:f0:17:28:6b:f8:f2:68
Signer

Actual PE Digest

46:09:e3:7b:5d:dc:76:a7:65:1e:67:82:63:c9:fa:7a:8a:dd:97:03:f5:0f:09:88:37:f0:17:28:6b:f8:f2:68

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:04
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

recv
closesocket
connect
WSACleanup
WSAStartup
send
sendto
setsockopt
getpeername
getsockname
htonl
WSAGetLastError
WSASetLastError
getservbyname
getservbyport
gethostname
gethostbyaddr
socket
ntohs
ntohl
htons
inet_addr
inet_ntoa
gethostbyname

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoA
VerQueryValueA

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

setupapi

SetupDiGetDriverInfoDetailW
SetupDiCreateDeviceInfoList
SetupCopyOEMInfW
SetupDiSetSelectedDriverW
SetupUninstallOEMInfW
SetupDiDestroyDriverInfoList
SetupDiBuildDriverInfoList
CM_Reenumerate_DevNode
CM_Locate_DevNodeW
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceRegistryPropertyW
SetupDiRemoveDevice
SetupDiInstallDevice
SetupDiCallClassInstaller
SetupDiGetClassDevsW
SetupDiCreateDeviceInfoW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiEnumDriverInfoW

kernel32

GetCurrentThread
GetCurrentThreadId
SetCurrentDirectoryA
GetCurrentDirectoryA
VirtualQuery
GetModuleFileNameA
CreateDirectoryW
GetFileAttributesW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetTickCount
GetModuleHandleA
GetLocalTime
DecodePointer
RaiseException
SetLastError
InitializeCriticalSectionEx
SetEvent
WaitForSingleObject
CreateEventA
WaitForMultipleObjects
LocalFree
ExpandEnvironmentStringsW
FindClose
lstrlenW
CompareFileTime
GetFileSize
ReadFile
WriteFile
GetExitCodeProcess
GetSystemTimeAsFileTime
LocalAlloc
SystemTimeToFileTime
GetEnvironmentVariableA
CreateDirectoryA
CreateFileA
DeleteFileA
GetFileAttributesA
SetFilePointer
SetUnhandledExceptionFilter
SetThreadPriority
SuspendThread
GetThreadContext
GetSystemDirectoryA
GetWindowsDirectoryA
LoadLibraryA
DeleteFileW
GetWindowsDirectoryW
MoveFileW
MoveFileExW
GetTempPathA
GetExitCodeThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
MultiByteToWideChar
CreateThread
LoadResource
LockResource
FindResourceW
CreateFileW
FormatMessageW
WideCharToMultiByte
FindFirstFileW
FindNextFileW
RemoveDirectoryW
GetTimeZoneInformation
FileTimeToSystemTime
GetLastError
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
RtlVirtualUnwind
GetStdHandle
GetEnvironmentVariableW
GetFileType
GetModuleHandleW
GetModuleHandleExW
DeleteFiber
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
ExitThread
LoadLibraryExW
RtlUnwindEx
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetLocaleInfoEx
CloseHandle
LoadLibraryW
GetModuleFileNameW
GetSystemWow64DirectoryW
IsWow64Process
GetSystemDirectoryW
GetCurrentProcess
GetProcAddress
FreeLibrary
FreeLibraryAndExitThread
SetConsoleCtrlHandler
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetCommandLineA
GetCommandLineW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentProcessId
GetConsoleCP
GetProcessHeap
GetFileSizeEx
SetFilePointerEx
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
FindFirstFileExW
RtlUnwind
IsValidCodePage
GetACP
GetOEMCP
WaitForSingleObjectEx
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
IsProcessorFeaturePresent
RtlPcToFileHeader
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetStringTypeW
HeapReAlloc
HeapFree
HeapSize
HeapAlloc
GetThreadTimes
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
QueryPerformanceFrequency
OpenThread
GetProcessTimes
OpenProcess
ExitProcess
CreateEventW
FlushFileBuffers
SetEndOfFile
GetFileTime
ResetEvent
ReleaseMutex
VerSetConditionMask
VerifyVersionInfoW
GetProductInfo
SetErrorMode

user32

CharNextExA
GetSystemMetrics
SendMessageTimeoutW
FindWindowW
CharLowerW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

winspool.drv

GetPrinterDriverDirectoryW
DeletePrinterDriverW
AddPrintProcessorW
EnumPrintProcessorsW
GetPrintProcessorDirectoryW
DeleteMonitorW
DeletePrintProcessorW
EnumPrinterDriversW
EnumMonitorsW
AddMonitorW
AddPrinterDriverW

advapi32

CryptDestroyHash
CryptGenRandom
ConvertSidToStringSidW
OpenThreadToken
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
CryptEnumProvidersW
CryptSignHashW
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
RegOpenKeyExW
RegSetValueExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
OpenSCManagerW
OpenServiceW
StartServiceW
DeleteService
ControlService
RegOpenKeyW
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
GetLengthSid
QueryServiceStatus
CloseServiceHandle
RegQueryInfoKeyW
RevertToSelf
FreeSid

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CoRevertToSelf
CoCreateInstance
CoUninitialize
CoInitialize

bcrypt

BCryptGenRandom

newdev

UpdateDriverForPlugAndPlayDevicesW
DiUninstallDevice

msi

ord145
ord8
ord103
ord70
ord74
ord125
ord17
ord246

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 611KB - Virtual size: 611KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/ramaint.exe
.exe windows x64

9f8b491e9748aaf4e0d87e26dbd70bc3

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

97:eb:97:53:f5:57:56:54:9f:b4:a4:b7:ae:a5:44:4a:73:9e:20:73:36:98:b1:97:24:7e:7d:06:c5:2d:15:c1
Signer

Actual PE Digest

97:eb:97:53:f5:57:56:54:9f:b4:a4:b7:ae:a5:44:4a:73:9e:20:73:36:98:b1:97:24:7e:7d:06:c5:2d:15:c1

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:04
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA

kernel32

CreateDirectoryA
CreateFileA
DeleteFileA
GetFileAttributesA
GetFileSize
SetFilePointer
WriteFile
CloseHandle
SetUnhandledExceptionFilter
GetLastError
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
SuspendThread
GetThreadContext
GetLocalTime
GetTickCount
GetSystemDirectoryA
GetWindowsDirectoryA
SetLastError
GetProcAddress
WaitForSingleObject
Sleep
TerminateProcess
RaiseException
GetExitCodeThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
CompareStringW
GetTimeFormatW
GetModuleFileNameA
FreeLibrary
VirtualQuery
GetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
LoadLibraryW
GetModuleFileNameW
GetSystemWow64DirectoryW
IsWow64Process
GetSystemDirectoryW
GetCurrentProcess
GetLocaleInfoW
SetEvent
GetDateFormatW
GetCommandLineW
GetCommandLineA
GetStdHandle
WriteConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RtlUnwindEx
GetProcessHeap
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
RtlPcToFileHeader
InitializeSListHead
GetStartupInfoW
VerSetConditionMask
VerifyVersionInfoW
GetProductInfo
ExitProcess
HeapAlloc
HeapSize
HeapFree
HeapReAlloc
GetSystemTimeAsFileTime
GetTimeZoneInformation
QueryPerformanceCounter
FlushFileBuffers
FindClose
GetStringTypeW
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateEventW
GetModuleHandleW
IsDebuggerPresent
IsValidLocale

user32

CharLowerW
GetSystemMetrics

advapi32

RegCloseKey
RegQueryValueExW
SetServiceStatus
CloseServiceHandle
RevertToSelf
RegOpenKeyExW

ole32

CoRevertToSelf

Sections

.text
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/rntfywnd.dll
.dll windows x64

5f8d48f329f7d9ac0e58939b0463728a

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:72:ad:dc:03:ce:ea:26:08:44:9e:b6:d6:20:71:5e:94:c4:c5:4f:8d:a0:7d:a8:a7:50:4a:da:1b:96:73:92
Signer

Actual PE Digest

47:72:ad:dc:03:ce:ea:26:08:44:9e:b6:d6:20:71:5e:94:c4:c5:4f:8d:a0:7d:a8:a7:50:4a:da:1b:96:73:92

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:04
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetStdHandle
SetFilePointerEx
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
FlushFileBuffers
GetStdHandle
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
LoadLibraryExW
GetProcAddress
FreeLibrary
WriteFile
GetConsoleCP
GetConsoleMode
CloseHandle
CreateFileW
WriteConsoleW
GetCurrentThreadId
Sleep
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
LoadLibraryW
GetModuleFileNameW
GetSystemWow64DirectoryW
IsWow64Process
GetSystemDirectoryW
GetFileType
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
EncodePointer
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
RtlPcToFileHeader
RtlUnwindEx
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

user32

LoadCursorW
LoadBitmapW
SetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
PtInRect
WindowFromPoint
ClientToScreen
GetCursorPos
GetWindowRect
GetWindowTextW
SetWindowTextW
InvalidateRect
SetWindowRgn
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
DrawTextW
DeleteMenu
GetSystemMenu
SystemParametersInfoW
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetCapture
SetWindowPos
MoveWindow
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
SendMessageW
RegisterWindowMessageW
GetUserObjectInformationW
GetThreadDesktop
CloseDesktop
OpenInputDesktop
GetSystemMetrics

gdi32

MoveToEx
GetObjectW
GetTextMetricsW
SetTextColor
StretchBlt
SetBkMode
SelectObject
LineTo
GetStockObject
GetClipBox
GetCharWidthW
FrameRgn
FillRgn
DeleteObject
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgn
CreatePen
CreateFontIndirectW
CreateCompatibleDC

Exports

Exports

?CreateInstance@@YAPEAUINotifyManager@@PEAUHWND__@@PEAUHINSTANCE__@@@Z
?InitComponents@@YAXPEAUHINSTANCE__@@@Z

Sections

.text
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/zip.exe
.exe windows x64

20ed91a1104a55eed248a7638dce015e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fa:e5:17:e9:52:1d:47:2e:91:27:79:de:2f:33:db:36:24:1c:fb:d9:2e:90:b0:3d:f9:5c:81:0e:39:dd:d8:30
Signer

Actual PE Digest

fa:e5:17:e9:52:1d:47:2e:91:27:79:de:2f:33:db:36:24:1c:fb:d9:2e:90:b0:3d:f9:5c:81:0e:39:dd:d8:30

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:04
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentProcess
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
CreateMutexA
lstrcpynA
GetDriveTypeA
GetVolumeInformationA
LeaveCriticalSection
lstrcmpiA
EnterCriticalSection
lstrlenA
GetFileAttributesA
GetFullPathNameA
CreateFileA
FileTimeToLocalFileTime
FindClose
FindFirstFileA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetVersion
GetFileType
GetFileTime
ReadFile
SetConsoleMode
GetConsoleMode
FindNextFileA
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
FileTimeToSystemTime
CloseHandle
GetSystemTimeAsFileTime
MultiByteToWideChar
GetCPInfo
MoveFileA
SetStdHandle
GetFileInformationByHandle
PeekNamedPipe
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
SetConsoleCtrlHandler
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetCommandLineA
GetVersionExA
RtlUnwindEx
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
Sleep
FatalAppExitA
GetCurrentDirectoryA
SetCurrentDirectoryA
WideCharToMultiByte
GetTimeZoneInformation
HeapSetInformation
HeapCreate
HeapDestroy
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
TlsAlloc
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
TlsSetValue
GetCurrentThread
FlsAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteFile
GetModuleFileNameA
GetConsoleCP
RtlVirtualUnwind
RtlLookupFunctionEntry
HeapSize
SetFilePointer
FlushFileBuffers
FreeLibrary
LoadLibraryA
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetEndOfFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
DeleteFileA
SetFileAttributesA
RemoveDirectoryA
SetEnvironmentVariableW
GetExitCodeProcess
CreateProcessA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetKernelObjectSecurity
GetSecurityDescriptorLength

Sections

.text
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
x86/LMIGuardianDll.dll
.dll windows x86

fb58c3f00758d1bd09170afda60d839d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:ac:d1:04:62:b3:dc:fd:d0:61:20:71:c9:73:bb:fe:76:e1:39:10:ca:21:b2:dc:39:d7:ee:5f:23:62:f2:a2
Signer

Actual PE Digest

0d:ac:d1:04:62:b3:dc:fd:d0:61:20:71:c9:73:bb:fe:76:e1:39:10:ca:21:b2:dc:39:d7:ee:5f:23:62:f2:a2

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
closesocket
WSACleanup
WSAStartup

kernel32

FormatMessageW
CreateFileW
WriteFile
GetFileAttributesW
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetModuleFileNameW
CreateProcessW
GetExitCodeProcess
CreateMutexW
OpenMutexW
ReleaseMutex
OpenProcess
TerminateProcess
SetEvent
DuplicateHandle
GetLocalTime
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
FlushInstructionCache
GetCurrentThread
ResumeThread
GetVersionExA
SuspendThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetEnvironmentVariableA
GetCurrentDirectoryA
GetWindowsDirectoryA
GetSystemDirectoryA
GetThreadContext
CreateEventW
OpenEventW
WaitForMultipleObjects
ResetEvent
GetCommandLineW
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToDosDateTime
ReadFile
CreateFileA
SetFilePointer
GetStdHandle
GetUserDefaultLangID
WideCharToMultiByte
MultiByteToWideChar
HeapFree
lstrcmpiW
LoadLibraryExW
InterlockedExchange
CreateThread
InterlockedCompareExchange
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
ExitProcess
lstrcmpiA
FlushFileBuffers
SetEndOfFile
SetErrorMode
GetModuleHandleA
GetSystemTimeAsFileTime
GetTimeZoneInformation
FileTimeToSystemTime
QueryPerformanceCounter
GetProcessHeap
HeapAlloc
WaitForSingleObject
GetCurrentThreadId
IsDebuggerPresent
GetTickCount
LoadLibraryA
GetStringTypeW
EncodePointer
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
SetLastError
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
ExitThread
DeleteFileW
GetCPInfo
GetModuleHandleExW
AreFileApisANSI
MoveFileExW
GetCurrentProcessId
GetCurrentProcess
FreeLibrary
DecodePointer
CloseHandle
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
LocalFree
LocalAlloc
GetOEMCP
GetFileType
GetCommandLineA
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
ReadConsoleW
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSection
IsBadReadPtr
LeaveCriticalSection
EnterCriticalSection
GetSystemDirectoryW
InterlockedDecrement
InterlockedIncrement
Sleep
HeapSize
HeapReAlloc
GetVersion
HeapDestroy
SetStdHandle
WriteConsoleW
GetFileInformationByHandle
PeekNamedPipe
GetFullPathNameW
GetCurrentDirectoryW
SetEnvironmentVariableA
GetModuleHandleW

user32

CharNextExA
MessageBoxW
PeekMessageW
CharUpperW
CharNextW
LoadStringW
SystemParametersInfoW
GetClassInfoExW
EnableWindow
MoveWindow
SetScrollInfo
GetScrollInfo
SetScrollPos
ScrollWindowEx
UpdateWindow
ShowWindow
CreateDialogParamW
DialogBoxParamW
CallWindowProcW
DrawTextW
SetCursor
DestroyCursor
GetParent
InvalidateRect
EndPaint
BeginPaint
GetWindowLongW
SetWindowLongW
DrawTextExW
OffsetRect
GetDlgItem
GetWindow
GetDlgItemTextW
SetActiveWindow
MapWindowPoints
ClientToScreen
GetClientRect
GetWindowRect
SetWindowPos
SetDlgItemTextW
SetWindowTextW
ReleaseDC
SendMessageW
GetDC
GetDesktopWindow
PostThreadMessageW
DefWindowProcW
PostQuitMessage
RegisterClassExW
LoadCursorW
LoadIconW
EndDialog
IsWindow
IsDialogMessageW
PostMessageW
DestroyWindow
TranslateMessage
DispatchMessageW
GetMessageW
UnregisterClassW
CreateWindowExW

gdi32

CreateFontIndirectW
SetTextColor
SetBkMode
BitBlt
DeleteObject
GetTextMetricsW
DeleteDC
SelectObject
CreateCompatibleDC
GetTextExtentPoint32W
SetViewportOrgEx

advapi32

RegisterEventSourceW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceW
QueryServiceStatusEx
SetServiceObjectSecurity
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
SetNamedSecurityInfoW
FreeSid
ReportEventW
DeregisterEventSource
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegDeleteValueW
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ControlService
DeleteService
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetNamedSecurityInfoA
GetSecurityDescriptorLength
CreateServiceW
ChangeServiceConfig2W
QueryServiceObjectSecurity

shell32

SHGetFolderPathW

ole32

CoCreateInstance
OleRun
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects
CoAddRefServerProcess
CoReleaseServerProcess
CLSIDFromProgID

oleaut32

SysFreeString
SysAllocString
VarUI4FromStr
SysStringLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
GetErrorInfo

comctl32

InitCommonControlsEx

wininet

InternetErrorDlg
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetSetOptionW
InternetQueryOptionW
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

ComMain
CrashMain
Escort2
EscortIE11
EscortStop
HttpMain
Init
IsSamePath
Manifest
OffLoad
SetLogLabelLow

Sections

.text
Size: 479KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LMIGuardianEvt.dll
.dll windows x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:c6:4b:aa:b0:da:a8:3e:fb:46:7a:90:8d:4a:6f:4d:7a:51:b3:18:66:e4:35:1e:ce:65:a9:22:cb:23:21:0a
Signer

Actual PE Digest

13:c6:4b:aa:b0:da:a8:3e:fb:46:7a:90:8d:4a:6f:4d:7a:51:b3:18:66:e4:35:1e:ce:65:a9:22:cb:23:21:0a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 298KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
x86/LMIGuardianSvc.exe
.exe windows x86

85fc130cfcc91b0efcdc280185c10766

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:b2:a4:34:1b:5e:d7:67:24:9e:df:2d:f7:8b:ec:3d:ca:eb:df:9a:25:25:ac:be:2d:0b:22:02:db:e8:0c:ea
Signer

Actual PE Digest

3e:b2:a4:34:1b:5e:d7:67:24:9e:df:2d:f7:8b:ec:3d:ca:eb:df:9a:25:25:ac:be:2d:0b:22:02:db:e8:0c:ea

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
GetCurrentThreadId
GetProcessHeap
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
GetModuleFileNameW
GetStdHandle
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentProcessId
GetCurrentProcess
CloseHandle
Sleep
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
ExitProcess
HeapAlloc
HeapSize
HeapFree
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetSystemTimeAsFileTime
QueryPerformanceCounter
WriteFile
FlushFileBuffers
CreateFileW
GetModuleHandleW
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetCommandLineW
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
EncodePointer
OutputDebugStringW
IsDebuggerPresent

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LMIRfsClientNP.dll
.dll windows x86

74b77a553188f3c772032f5b68bba3cc

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:e6:b4:9e:d2:d0:31:4a:df:ee:23:32:8c:f3:62:ae
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/11/2021, 00:00

Not After

27/11/2024, 23:59

Subject

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:d1:69:66:1c:06:4a:07:c0:1c:00:00:00:00:00:d1
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:32

Not After

11/05/2023, 20:32

Subject

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/05/2013, 20:44

Not After

01/05/2028, 20:54

Subject

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

98:e2:93:f5:b2:0b:bb:af:78:96:ac:3f:f0:e8:46:5f:55:a3:37:c6:d0:27:2d:c6:6e:4f:a9:99:e9:28:c1:dc
Signer

Actual PE Digest

98:e2:93:f5:b2:0b:bb:af:78:96:ac:3f:f0:e8:46:5f:55:a3:37:c6:d0:27:2d:c6:6e:4f:a9:99:e9:28:c1:dc

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

98:e2:93:f5:b2:0b:bb:af:78:96:ac:3f:f0:e8:46:5f:55:a3:37:c6:d0:27:2d:c6:6e:4f:a9:99:e9:28:c1:dc
Signer

Actual PE Digest

98:e2:93:f5:b2:0b:bb:af:78:96:ac:3f:f0:e8:46:5f:55:a3:37:c6:d0:27:2d:c6:6e:4f:a9:99:e9:28:c1:dc

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

13/09/2022, 14:34
Valid: true

Chain 1

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
CloseHandle
GetLastError
DeviceIoControl
InitializeCriticalSection
DeleteCriticalSection
QueryDosDeviceW
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer

shell32

SHChangeNotify

Exports

Exports

NPAddConnection
NPCancelConnection
NPCloseEnum
NPEnumResource
NPGetCaps
NPGetConnection
NPGetConnectionPerformance
NPGetResourceInformation
NPOpenEnum
OnLogOff

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LMIRfsDriver.sys
.exe windows x86

8ba79399338fc099fc0842d6cb470fd1

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:0d:35:88:01:02:e2:3d:23:40:f6:9e:b3:c0:e5:61
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/06/2015, 00:00

Not After

22/06/2018, 12:00

Subject

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:12:b0:54:93:ea:dd:ce:eb:4b:00:00:00:00:00:12
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/02/2016, 00:59

Not After

12/05/2017, 00:59

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:62:55:82:d0:ee:68:3d:08:e4:aa:02:c6:49:a5:ca:ea:46:ac:4e:92:8d:96:1d:2a:39:8e:e9:6b:1d:c8:ea
Signer

Actual PE Digest

c3:62:55:82:d0:ee:68:3d:08:e4:aa:02:c6:49:a5:ca:ea:46:ac:4e:92:8d:96:1d:2a:39:8e:e9:6b:1d:c8:ea

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

56:9b:84:bc:08:8c:33:7b:87:e1:a9:64:90:0e:2d:b1:24:5a:20:58
Signer

Actual PE Digest

56:9b:84:bc:08:8c:33:7b:87:e1:a9:64:90:0e:2d:b1:24:5a:20:58

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

10/01/2017, 10:59
Valid: true

Chain 1

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

FsRtlGetNextFileLock
FsRtlFastUnlockAll
FsRtlNotifyFullChangeDirectory
FsRtlNotifyCleanup
CcUninitializeCacheMap
CcPurgeCacheSection
CcFlushCache
IoAllocateWorkItem
IoFreeWorkItem
IoQueueWorkItem
IoSetTopLevelIrp
memmove
wcschr
wcsrchr
_wcsnicmp
KeGetCurrentThread
IoCheckShareAccess
IoSetShareAccess
MmFlushImageSection
MmCanFileBeTruncated
FsRtlDoesNameContainWildCards
CcSetFileSizes
memcpy
towupper
RtlCopyUnicodeString
ExInitializeResourceLite
ExReleaseResourceForThreadLite
MmForceSectionClosed
FsRtlNotifyInitializeSync
CcWaitForCurrentLazyWriterActivity
_vsnwprintf
memset
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
IoAllocateMdl
IoFreeMdl
IoGetCurrentProcess
FsRtlFastCheckLockForRead
FsRtlFastCheckLockForWrite
FsRtlProcessFileLock
KeQuerySystemTime
FsRtlCheckLockForReadAccess
CcInitializeCacheMap
CcCopyRead
CcMdlRead
CcMdlReadComplete
CcSetReadAheadGranularity
IoGetRequestorProcess
KeEnterCriticalRegion
KeLeaveCriticalRegion
KeWaitForSingleObject
ExQueueWorkItem
IofCompleteRequest
ExDeleteResourceLite
RtlInitUnicodeString
RtlGetVersion
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ZwClose
ZwCreateDirectoryObject
FsRtlCopyRead
FsRtlCopyWrite
RtlCompareUnicodeString
RtlEqualUnicodeString
InterlockedPopEntrySList
InterlockedPushEntrySList
SeCaptureSubjectContext
SeLockSubjectContext
SeUnlockSubjectContext
SeReleaseSubjectContext
ObfReferenceObject
ObfDereferenceObject
SeQueryAuthenticationIdToken
IoRegisterFileSystem
IoUnregisterFileSystem
FsRtlInitializeFileLock
FsRtlUninitializeFileLock
FsRtlNotifyUninitializeSync
FsRtlNotifyFullReportChange
FsRtlRegisterUncProvider
FsRtlDeregisterUncProvider
wcsncmp
ObReferenceObjectByHandle
ExAcquireSharedStarveExclusive
FsRtlCheckLockForWriteAccess
CcCopyWrite
CcPrepareMdlWrite
CcMdlWriteComplete
KeBugCheckEx
RtlUnwind
IoRemoveShareAccess
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
ExFreePoolWithTag
ExAllocatePoolWithTag
KeSetEvent
KeInitializeEvent

hal

KfReleaseSpinLock
KfAcquireSpinLock

wdfldr.sys

WdfVersionUnbind
WdfVersionBind
WdfVersionBindClass
WdfVersionUnbindClass

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LMIhook.dll
.dll windows x86

7e7ba1f6edfe14f4d9aeea074b34554d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:e6:b4:9e:d2:d0:31:4a:df:ee:23:32:8c:f3:62:ae
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/11/2021, 00:00

Not After

27/11/2024, 23:59

Subject

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:d1:69:66:1c:06:4a:07:c0:1c:00:00:00:00:00:d1
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:32

Not After

11/05/2023, 20:32

Subject

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/05/2013, 20:44

Not After

01/05/2028, 20:54

Subject

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:40:12:f1:0b:74:9e:63:50:bb:d6:40:10:3e:ad:b7:9c:06:fe:ce:41:c5:4d:e8:a2:68:c3:2c:e5:a9:cc:77
Signer

Actual PE Digest

ea:40:12:f1:0b:74:9e:63:50:bb:d6:40:10:3e:ad:b7:9c:06:fe:ce:41:c5:4d:e8:a2:68:c3:2c:e5:a9:cc:77

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

ea:40:12:f1:0b:74:9e:63:50:bb:d6:40:10:3e:ad:b7:9c:06:fe:ce:41:c5:4d:e8:a2:68:c3:2c:e5:a9:cc:77
Signer

Actual PE Digest

ea:40:12:f1:0b:74:9e:63:50:bb:d6:40:10:3e:ad:b7:9c:06:fe:ce:41:c5:4d:e8:a2:68:c3:2c:e5:a9:cc:77

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

13/09/2022, 14:34
Valid: true

Chain 1

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoA

ws2_32

WSACleanup
WSAStartup
WSAGetLastError
WSASetLastError
getservbyname
getservbyport
gethostname
gethostbyname
gethostbyaddr
socket
ntohs
ntohl
inet_ntoa
inet_addr
htons
htonl
getsockname
getpeername
closesocket

kernel32

GetProcAddress
GetCurrentProcess
GetSystemDirectoryW
IsWow64Process
GetSystemWow64DirectoryW
GetModuleFileNameW
LoadLibraryW
CloseHandle
GetLastError
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
VirtualQuery
GetModuleFileNameA
CreateDirectoryW
GetFileAttributesW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetTickCount
GetModuleHandleA
GetLocalTime
DecodePointer
RaiseException
SetLastError
InitializeCriticalSectionEx
SetEvent
WaitForSingleObject
CreateEventA
WaitForMultipleObjects
LocalFree
CreateEventW
GetSystemDirectoryA
LoadLibraryA
ReleaseMutex
CreateMutexW
OpenEventW
GetConsoleCP
GetVersion
DisableThreadLibraryCalls
GetModuleHandleW
lstrcmpW
SetThreadPriority
GetExitCodeThread
FreeLibrary
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ReadFile
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
GetLocaleInfoEx
GetCPInfo
LCMapStringEx
CompareStringEx
EncodePointer
GetStringTypeW
GetProcessHeap
EnumSystemLocalesW
GetStdHandle
ResumeThread
GetFileType
GetConsoleMode
OutputDebugStringW
QueryPerformanceCounter
WriteConsoleW
GetFileSizeEx
SetFilePointerEx
SetStdHandle
GetProductInfo
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
VerifyVersionInfoW
VerSetConditionMask
HeapReAlloc
HeapFree
HeapSize
HeapAlloc
IsValidCodePage
FindNextFileW
FindFirstFileExW
ExitProcess
SetFilePointer
WriteFile
FlushFileBuffers
GetFileTime
FindClose
ResetEvent
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetTimeZoneInformation
FileTimeToSystemTime
SetErrorMode

user32

GetSystemMetrics
CharNextExA
CharLowerW
GetParent
IsRectEmpty
GetWindowRect
IsWindowVisible
IsWindow
RegisterWindowMessageA
GetThreadDesktop
MsgWaitForMultipleObjects
TranslateMessage
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetCursor
GetForegroundWindow
KillTimer
SetTimer
GetFocus
ChangeClipboardChain
SetClipboardViewer
DestroyWindow
DefWindowProcW
PostThreadMessageW
PostMessageW
SendMessageW
PeekMessageW
DispatchMessageW
GetMessageW
RegisterWindowMessageW
GetUserObjectInformationW
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetDesktopWindow

gdi32

DeleteDC
CreateDCW
ExtEscape

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ConvertSidToStringSidW
OpenThreadToken
GetTokenInformation
OpenProcessToken

shell32

SHGetFolderPathW

Exports

Exports

Cleanup
EnableLocalInput
GetBuildNumber
Init
RaguiSetHook
ReHookMirror
ScreenSaverControl
SetHook
SetHookCallback
SetHwnd
SetRestartHook
SetVirtScreenRes
UnHook

Sections

.text
Size: 417KB - Virtual size: 417KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LMIinfo.sys
.exe windows x86

56d1ec325793bf5bc833a9d45761506a

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:0d:35:88:01:02:e2:3d:23:40:f6:9e:b3:c0:e5:61
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/06/2015, 00:00

Not After

22/06/2018, 12:00

Subject

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:12:b0:54:93:ea:dd:ce:eb:4b:00:00:00:00:00:12
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/02/2016, 00:59

Not After

12/05/2017, 00:59

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4f:ba:db:94:da:03:9f:1d:b3:c8:98:1a:5d:0e:8a:21:e7:4c:fc:d9:0c:6d:a4:ae:02:3b:af:76:de:46:05:7b
Signer

Actual PE Digest

4f:ba:db:94:da:03:9f:1d:b3:c8:98:1a:5d:0e:8a:21:e7:4c:fc:d9:0c:6d:a4:ae:02:3b:af:76:de:46:05:7b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

d0:24:7b:eb:62:38:69:ed:de:72:30:68:22:22:4a:39:6a:c7:7b:89
Signer

Actual PE Digest

d0:24:7b:eb:62:38:69:ed:de:72:30:68:22:22:4a:39:6a:c7:7b:89

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

11/01/2017, 10:43
Valid: true

Chain 1

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
ZwOpenKey
ZwQueryValueKey
ExFreePoolWithTag
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ObQueryNameString
ZwDuplicateObject
memcpy
KeBugCheckEx
RtlUnwind
RtlCopyUnicodeString
ExAllocatePoolWithTag
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ZwOpenProcess
RtlInitUnicodeString

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 870B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LMIinit.dll
.dll windows x86

bf69bc10bd67f0d5b75790fd1df33367

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e8:f4:de:74:b4:fc:45:5a:f9:0b:b0:eb:3e:5c:9d:9d:40:c1:67:9d:da:ed:a7:9f:62:0d:b7:30:b1:96:ab:42
Signer

Actual PE Digest

e8:f4:de:74:b4:fc:45:5a:f9:0b:b0:eb:3e:5c:9d:9d:40:c1:67:9d:da:ed:a7:9f:62:0d:b7:30:b1:96:ab:42

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
VerSetConditionMask
HeapAlloc
HeapFree
GetProcessHeap
ReleaseMutex
WaitForMultipleObjects
GetCurrentProcessId
GetModuleHandleW
CreateProcessW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
DisableThreadLibraryCalls
VerifyVersionInfoW
WriteConsoleW
CreateFileW
CreateEventW
CreateMutexW
WaitForSingleObject
SetEvent
CloseHandle
GetComputerNameW
CreateThread
GetLastError
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
InterlockedFlushSList
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
DecodePointer

user32

wsprintfW

advapi32

InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
FreeSid
AllocateAndInitializeSid
AddAce
SetSecurityDescriptorDacl

ole32

CoTaskMemFree
CoTaskMemAlloc

secur32

LsaLookupAuthenticationPackage
LsaConnectUntrusted
LsaDeregisterLogonProcess

shlwapi

SHStrDupW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
WLEventLock
WLEventLogoff
WLEventLogon
WLEventShutdown
WLEventStartScreenSaver
WLEventStartShell
WLEventStartup
WLEventStopScreenSaver
WLEventUnlock
pSetupGetRealSystemTimeEx

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LMImirr.cat
x86/LMImirr.dll
.dll windows x86

9ef4cf7d2f8d21095fd621e3300926cd

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:0d:35:88:01:02:e2:3d:23:40:f6:9e:b3:c0:e5:61
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/06/2015, 00:00

Not After

22/06/2018, 12:00

Subject

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:12:b0:54:93:ea:dd:ce:eb:4b:00:00:00:00:00:12
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/02/2016, 00:59

Not After

12/05/2017, 00:59

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:6c:e6:ff:da:00:78:f8:45:96:9e:41:04:8f:a3:38:d6:b2:42:4b:ac:0a:5b:ab:dd:74:b2:38:36:a4:fe:0f
Signer

Actual PE Digest

70:6c:e6:ff:da:00:78:f8:45:96:9e:41:04:8f:a3:38:d6:b2:42:4b:ac:0a:5b:ab:dd:74:b2:38:36:a4:fe:0f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

23:ec:8b:51:82:8a:33:82:ff:ce:a7:08:29:a6:54:7d:69:01:23:b0
Signer

Actual PE Digest

23:ec:8b:51:82:8a:33:82:ff:ce:a7:08:29:a6:54:7d:69:01:23:b0

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

11/01/2017, 10:44
Valid: true

Chain 1

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

win32k.sys

EngUnloadImage
EngFindImageProcAddress
EngLoadImage
EngFreeMem
EngAllocMem
EngDeletePalette
EngModifySurface
EngCreateDeviceSurface
EngUnmapEvent
EngDeleteSurface
EngCreatePalette
EngCopyBits
EngBitBlt
EngTextOut
EngStrokePath
EngFillPath
EngStrokeAndFillPath
EngPlgBlt
EngStretchBlt
EngStretchBltROP
EngLineTo
EngAlphaBlend
EngTransparentBlt
EngGradientFill
EngSetEvent
EngMapEvent
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 609B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 652B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 382B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LMImirr.inf
x86/LMImirr.sys
.exe windows x86

518167d6aeefde1975592d28cbae7110

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:0d:35:88:01:02:e2:3d:23:40:f6:9e:b3:c0:e5:61
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/06/2015, 00:00

Not After

22/06/2018, 12:00

Subject

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:12:b0:54:93:ea:dd:ce:eb:4b:00:00:00:00:00:12
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/02/2016, 00:59

Not After

12/05/2017, 00:59

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4f:d6:72:bb:40:35:37:4f:1e:ae:60:e6:27:c2:01:da:32:bc:e0:30:3f:19:18:2c:ef:1b:ca:62:9e:65:c5:b5
Signer

Actual PE Digest

4f:d6:72:bb:40:35:37:4f:1e:ae:60:e6:27:c2:01:da:32:bc:e0:30:3f:19:18:2c:ef:1b:ca:62:9e:65:c5:b5

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

5f:03:72:82:51:dc:7c:ed:a0:0b:77:f8:0f:5a:72:0e:99:b7:f3:a8
Signer

Actual PE Digest

5f:03:72:82:51:dc:7c:ed:a0:0b:77:f8:0f:5a:72:0e:99:b7:f3:a8

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

11/01/2017, 10:44
Valid: true

Chain 1

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeTickCount

videoprt.sys

VideoPortZeroMemory
VideoPortInitialize

Sections

.text
Size: 256B - Virtual size: 214B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 198B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 256B - Virtual size: 222B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LMImirr2.dll
.exe windows x86

bdf655d478f0384765ba2f10718461c9

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:0d:35:88:01:02:e2:3d:23:40:f6:9e:b3:c0:e5:61
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/06/2015, 00:00

Not After

22/06/2018, 12:00

Subject

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:12:b0:54:93:ea:dd:ce:eb:4b:00:00:00:00:00:12
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/02/2016, 00:59

Not After

12/05/2017, 00:59

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:3a:34:30:9b:ed:dd:bb:7f:f3:ba:b6:cd:6a:8f:17:f9:9b:0a:c2:c2:97:3d:e3:a9:c1:28:ea:15:4f:3a:7d
Signer

Actual PE Digest

4a:3a:34:30:9b:ed:dd:bb:7f:f3:ba:b6:cd:6a:8f:17:f9:9b:0a:c2:c2:97:3d:e3:a9:c1:28:ea:15:4f:3a:7d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

07:11:f0:86:68:4a:19:40:ef:07:79:04:ce:d2:92:a4:94:d9:bb:bd
Signer

Actual PE Digest

07:11:f0:86:68:4a:19:40:ef:07:79:04:ce:d2:92:a4:94:d9:bb:bd

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

11/01/2017, 10:44
Valid: true

Chain 1

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoFreeMdl
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
_except_handler3
MmUnlockPages
MmUnmapLockedPages
ExAllocatePoolWithTag
ExFreePool
ObReferenceObjectByHandle
ObfDereferenceObject
KeWaitForSingleObject
_allmul
KeReleaseMutex
memmove
KeTickCount

Exports

Exports

AcquireMutex
AllocScreen
CopyScreenArea
FreeScreen
GetVersion
Map
MapUserModeMutex
Memmove
ReleaseMutex
UnMap
UnMapUserModeMutex

Sections

.text
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 384B - Virtual size: 291B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 114B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LMIport.dll
.dll windows x86

a5860973a270ef5fb020b492bdadfd3b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1c:68:3f:7b:8f:fb:cd:ac:e1:92:7d:58:8d:49:06:cf
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/09/2015, 00:00

Not After

07/11/2018, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:90:94:8a:4e:2c:91:b3:5d:95:46:40:f9:4a:8a:8a:74:54:9e:38
Signer

Actual PE Digest

69:90:94:8a:4e:2c:91:b3:5d:95:46:40:f9:4a:8a:8a:74:54:9e:38

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

29/01/2016, 09:53
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind

kernel32

GetModuleFileNameW
lstrcatW
lstrcpyW
SetLastError
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
LocalFree
LocalReAlloc
SetNamedPipeHandleState
GetLastError
CreateFileW
CloseHandle
FlushFileBuffers
WriteFile
OutputDebugStringW
SetFilePointer
lstrlenW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTime
TerminateProcess
GetCurrentProcess
InitializeCriticalSection
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
MultiByteToWideChar
DeleteCriticalSection
WideCharToMultiByte
LCMapStringW
HeapFree
Sleep
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetLocaleInfoA
GetCPInfo
GetStringTypeA
GetStringTypeW
VirtualFree
HeapAlloc
HeapReAlloc
InterlockedExchange
GetProcAddress
LCMapStringA

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

user32

wvsprintfW
wsprintfW

spoolss

GetPrinterW
SetJobW
ClosePrinter
OpenPrinterW

Exports

Exports

DllEntryPoint
InitializePrintMonitor

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LMIprinter.dll
.dll windows x86

1618772260d87b8129cfbff79359e8c4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1c:68:3f:7b:8f:fb:cd:ac:e1:92:7d:58:8d:49:06:cf
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/09/2015, 00:00

Not After

07/11/2018, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8b:65:72:3f:bc:30:d8:5b:e6:1c:73:fe:81:ad:81:2a:6d:e3:92:ca
Signer

Actual PE Digest

8b:65:72:3f:bc:30:d8:5b:e6:1c:73:fe:81:ad:81:2a:6d:e3:92:ca

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

29/01/2016, 09:53
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

GetPrinterW
EnumFormsW

kernel32

LocalFree
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
GetLastError
SetNamedPipeHandleState
CreateFileW
CloseHandle
FlushFileBuffers
WriteFile
OutputDebugStringW
SetFilePointer
lstrlenW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTime
TerminateProcess
GetCurrentProcess
GetProcAddress
SetLastError
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
lstrcpyW
lstrcatW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleA

user32

wsprintfW
wvsprintfW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyW

gdi32

EngAssociateSurface
EngCreateBitmap
EngCreatePalette
EngDeleteSurface

ntdll

wcslen
wcsrchr
wcscpy
wcsncpy
wcschr
wcsstr
_wcslwr
wcsncmp
_chkstk
wcscat
wcsncat
wcstoul

Exports

Exports

DllEntryPoint
DrvDisableDriver
DrvEnableDriver
DrvQueryDriverInfo

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LMIprinternt.dll
.dll windows x86

cd915d410c64afb67b1d8fe6ba948e54

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:05:e8:aa:d7:0b:70:6b:0a:74:47:dc:46:98:46:fc:e4:61:b6:0d:3b:25:f9:a9:a2:d5:f9:b6:2f:38:88:0c
Signer

Actual PE Digest

33:05:e8:aa:d7:0b:70:6b:0a:74:47:dc:46:98:46:fc:e4:61:b6:0d:3b:25:f9:a9:a2:d5:f9:b6:2f:38:88:0c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

win32k.sys

EngSetLastError
EngCreateBitmap
EngWritePrinter
EngAssociateSurface
EngDeleteSurface
EngGetPrinter
EngCreatePalette
EngEnumForms
EngAllocMem
EngFreeMem

user32

wsprintfW
wvsprintfW

kernel32

GetSystemTime
CreateFileW
SetFilePointer
lstrlenW
lstrcatW
WriteFile
CloseHandle
OutputDebugStringW
lstrcpyW

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 576B - Virtual size: 548B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LMIprinterui.dll
.dll windows x86

643eeaccb28babf1cb6656acfeedecdb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1c:68:3f:7b:8f:fb:cd:ac:e1:92:7d:58:8d:49:06:cf
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/09/2015, 00:00

Not After

07/11/2018, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f0:ee:07:e1:57:38:42:07:e1:5f:60:72:80:21:6b:1f:d6:8b:0d:ee
Signer

Actual PE Digest

f0:ee:07:e1:57:38:42:07:e1:5f:60:72:80:21:6b:1f:d6:8b:0d:ee

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

29/06/2017, 12:55
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
WriteFile
CloseHandle
SetFilePointer
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTime
lstrcpyW
lstrcatW
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
GetModuleFileNameW
EncodePointer
RaiseException
RtlUnwind
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CreateFileW
HeapAlloc
HeapFree
GetModuleHandleW
MultiByteToWideChar
GetACP
ExitProcess
GetModuleHandleExW
GetProcessHeap
WideCharToMultiByte
GetStdHandle
GetFileType
GetStartupInfoW
GetStringTypeW
GetSystemTimeAsFileTime
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetCPInfo
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapSize
HeapReAlloc
DecodePointer
WriteConsoleW
LocalFree
LocalAlloc
IsProcessorFeaturePresent
GetLastError
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
QueryPerformanceCounter
InitializeSListHead
GetModuleFileNameA
FindClose
FindFirstFileExA
FindNextFileA
GetTimeZoneInformation

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

winspool.drv

EnumFormsW
GetPrinterW
SetPrinterW

user32

wvsprintfW
wsprintfW

Exports

Exports

DevQueryPrintEx
DrvConvertDevMode
DrvDeviceCapabilities
DrvDevicePropertySheets
DrvDocumentPropertySheets
DrvPrinterEvent
PrinterProperties

Sections

.text
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LMIprinteruint.dll
.dll windows x86

3392d611ee199d67a7c05d43bc45a6b8

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:63:aa:16:2d:a6:02:1b:30:80:0d:82:87:54:f4:da:a4:ad:1e:53:34:18:cd:f8:86:13:ee:c1:70:87:0a:9b
Signer

Actual PE Digest

bf:63:aa:16:2d:a6:02:1b:30:80:0d:82:87:54:f4:da:a4:ad:1e:53:34:18:cd:f8:86:13:ee:c1:70:87:0a:9b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

wcscpy
wcsncat
wcscat
wcschr
wcslen
wcsncpy
wcsrchr

user32

wvsprintfW
wsprintfW

kernel32

GetProcAddress
LoadLibraryA
LocalAlloc
GetSystemTime
SetFilePointer
OutputDebugStringW
lstrlenW
FreeLibrary
GetWindowsDirectoryW
WriteFile
GetModuleFileNameW
lstrcatW
lstrcpyW
LocalFree
GetTempPathW
SetLastError
CloseHandle
GetLastError
CreateFileW

winspool.drv

GetPrinterW
SetPrinterW

Exports

Exports

DevQueryPrintEx
DrvConvertDevMode
DrvDeviceCapabilities
DrvDevicePropertySheets
DrvDocumentPropertySheets
DrvPrinterEvent
PrinterProperties
RaprinterUIDLLEntryFunc

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 302B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LMIproc.dll
.dll windows x86

717215df0b4d9d36e01f9f6f3d90fd00

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1c:68:3f:7b:8f:fb:cd:ac:e1:92:7d:58:8d:49:06:cf
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/09/2015, 00:00

Not After

07/11/2018, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ab:0e:1d:bd:10:33:dd:31:f4:8b:ab:b1:f3:87:a5:b2:28:1b:a6:15
Signer

Actual PE Digest

ab:0e:1d:bd:10:33:dd:31:f4:8b:ab:b1:f3:87:a5:b2:28:1b:a6:15

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

29/01/2016, 09:53
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind

kernel32

GetTempPathW
GlobalAlloc
SetNamedPipeHandleState
FlushFileBuffers
ReadFile
OutputDebugStringW
SetFilePointer
lstrcatW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTime
TerminateProcess
GetCurrentProcess
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
WaitForSingleObject
WideCharToMultiByte
GetStringTypeW
InterlockedExchange
VirtualQuery
HeapFree
Sleep
VirtualProtect
VirtualAlloc
GetSystemInfo
GetLocaleInfoA
MultiByteToWideChar
GetCPInfo
LCMapStringA
LCMapStringW
VirtualFree
HeapAlloc
HeapReAlloc
WriteFile
LocalAlloc
FindFirstFileW
CreateFileW
LocalFree
DeleteFileW
GetTempFileNameW
SetEvent
ResetEvent
CloseHandle
CreateEventW
SetLastError
GetModuleFileNameW
GetLastError
GlobalFree
lstrlenW
lstrcpyW
GetStringTypeA

user32

wvsprintfW
wsprintfW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

spoolss

StartDocPrinterW
ReadPrinter
EndDocPrinter
OpenPrinterW
ClosePrinter
GetPrinterW

gdi32

DeleteDC
DeleteEnhMetaFile
PlayEnhMetaFile
CancelDC
CreateDIBSection
CreateCompatibleDC
GetEnhMetaFileHeader
GetEnhMetaFileW
GetDeviceCaps
EnumEnhMetaFile
SelectObject
CreateDCW
EnumFontFamiliesExA
AddFontResourceExW
DeleteObject

Exports

Exports

ClosePrintProcessor
ControlPrintProcessor
EnumPrintProcessorDatatypesW
GetPrintProcessorCapabilities
OpenPrintProcessor
PrintDocumentOnPrintProcessor
RaprocDLLEntryFunc

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LMIprocnt.dll
.dll windows x86

b13435b7a8fe7f5628c847b92a3e1732

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:1c:64:12:4e:ad:a3:be:a6:41:7b:c1:7c:b2:ad:ac:01:25:48:1f:1d:dd:d1:15:8f:20:e5:46:96:75:70:91
Signer

Actual PE Digest

07:1c:64:12:4e:ad:a3:be:a6:41:7b:c1:7c:b2:ad:ac:01:25:48:1f:1d:dd:d1:15:8f:20:e5:46:96:75:70:91

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

wcstoul
RtlUnwind
wcsncat
wcscat
_chkstk
wcsncpy
_wcsicmp
wcscpy
wcsrchr
wcslen
wcschr
_wcsnicmp
iswctype

kernel32

GetTempPathW
lstrcpyW
lstrlenW
GlobalFree
GetLastError
GetModuleFileNameW
lstrcatW
SetLastError
CreateEventW
CloseHandle
ResetEvent
SetEvent
WaitForSingleObject
GetTempFileNameW
DeleteFileW
LocalFree
CreateFileW
FindFirstFileW
LocalAlloc
WriteFile
ReadFile
GlobalAlloc
SetNamedPipeHandleState
FlushFileBuffers
GetWindowsDirectoryW
OutputDebugStringW
SetFilePointer
GetSystemTime

user32

wvsprintfW
wsprintfW

spoolss

EndDocPrinter
OpenPrinterW
StartDocPrinterW
GetPrinterW
ClosePrinter
ReadPrinter

gdi32

CreateCompatibleDC
CreateDCW
GetEnhMetaFileW
GetEnhMetaFileHeader
GetDeviceCaps
DeleteDC
CreateDIBSection
SelectObject
PlayEnhMetaFile
DeleteEnhMetaFile
DeleteObject
CancelDC

Exports

Exports

ClosePrintProcessor
ControlPrintProcessor
EnumPrintProcessorDatatypesW
GetPrintProcessorCapabilities
OpenPrintProcessor
PrintDocumentOnPrintProcessor
RaprocDLLEntryFunc

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LMIvdd.cat
x86/LMIvdd.dll
.dll windows x86

117876b7b5d2c313f51ae437296a5fc9

Code Sign

03:23:91:2f:f1:df:a4:f8:b0:86:77:a2:35:58:73:9d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/11/2018, 00:00

Not After

24/11/2021, 12:00

Subject

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 22:25

Not After

02/12/2021, 22:25

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b0:a0:2a:5c:e6:b4:62:90:b0:a9:5b:3b:44:c9:53:ba:27:51:fc:95:fb:1e:0b:46:09:99:24:1b:4b:ec:fe:5b
Signer

Actual PE Digest

b0:a0:2a:5c:e6:b4:62:90:b0:a9:5b:3b:44:c9:53:ba:27:51:fc:95:fb:1e:0b:46:09:99:24:1b:4b:ec:fe:5b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

b0:a0:2a:5c:e6:b4:62:90:b0:a9:5b:3b:44:c9:53:ba:27:51:fc:95:fb:1e:0b:46:09:99:24:1b:4b:ec:fe:5b
Signer

Actual PE Digest

b0:a0:2a:5c:e6:b4:62:90:b0:a9:5b:3b:44:c9:53:ba:27:51:fc:95:fb:1e:0b:46:09:99:24:1b:4b:ec:fe:5b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

14/06/2021, 10:37
Valid: true

Chain 1

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

DbgPrintEx
RtlUnwind

dxgi

CreateDXGIFactory2

d3d11

D3D11CreateDevice

kernel32

CloseHandle
RaiseException
GetLastError
CreateEventW
CreateFileW
WaitForSingleObject
WaitForMultipleObjects
CreateThread
SetFilePointerEx
WriteConsoleW
SetEvent
LoadLibraryExW
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
DecodePointer
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP

ole32

CoCreateGuid

avrt

AvSetMmThreadCharacteristicsW
AvRevertMmThreadCharacteristics

Exports

Exports

_FxDriverEntryUm@16

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LMIvdd.inf
x86/LogMeIn.dll
.dll windows x86

7b7090a7f932c25efc41d641c33bd79c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:57:6a:2a:f7:11:86:d5:bb:e2:86:08:4d:74:0e:39:63:a2:1b:5f:0b:22:78:3f:15:e0:05:19:63:da:de:53
Signer

Actual PE Digest

71:57:6a:2a:f7:11:86:d5:bb:e2:86:08:4d:74:0e:39:63:a2:1b:5f:0b:22:78:3f:15:e0:05:19:63:da:de:53

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

logmeinav

LogMeInAV_HasLocalExclusions
LogMeInAV_DropLocalExclusions
LogMeInAV_Register
LogMeInAV_Unregister
DestroyServiceHandler
CreateServiceHandler
LogMeInAV_Installed

o2mrunner

O2MRunner_SetImpersonationCredentials
O2MRunner_StartTaskRunner
O2MRunner_DestroyServiceHandler
O2MRunner_CreateServiceHandler
O2MRunner_ClearImpersonationCredentials

ksu

CreateKSUManager
DestroyKSUManager

crypt32

CertGetNameStringW
CryptProtectData
CryptUnprotectData
CertOpenStore
CertCloseStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CryptBinaryToStringW
CryptStringToBinaryW
CertFindCertificateInStore

mpr

WNetGetUniversalNameW
WNetGetConnectionW
WNetAddConnection2W
WNetCancelConnection2W

version

VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueW

setupapi

SetupDiGetDevicePropertyW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod
mixerGetLineControlsW
mixerGetControlDetailsW
mixerSetControlDetails
mixerGetLineInfoW
mixerOpen
mixerClose
waveInGetNumDevs
waveInGetDevCapsW
waveOutGetNumDevs
waveOutGetDevCapsW
timeSetEvent
timeGetDevCaps
timeKillEvent

msi

ord74
ord145
ord103
ord246
ord70
ord125
ord8
ord17

userenv

GetUserProfileDirectoryW
CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

GetPriorityClass
GetThreadTimes
OpenProcess
FileTimeToSystemTime
SetLocalTime
GetLocaleInfoA
DeleteFileA
GetFileAttributesA
CreateFileA
GetModuleHandleA
ResumeThread
SetThreadPriority
GlobalFree
GetPrivateProfileStringA
GetTempFileNameA
GetTempPathA
GetSystemDirectoryA
GetThreadSelectorEntry
UnmapViewOfFile
MapViewOfFile
GetTempPathW
PeekNamedPipe
QueryInformationJobObject
TerminateJobObject
Process32Next
Process32First
AssignProcessToJobObject
CreateJobObjectW
SetHandleInformation
CreatePipe
QueryPerformanceFrequency
QueryPerformanceCounter
GenerateConsoleCtrlEvent
CreateMutexW
OpenEventW
GlobalAlloc
lstrcmpW
LockResource
SizeofResource
LoadResource
FindResourceW
SystemTimeToFileTime
UpdateProcThreadAttribute
HeapAlloc
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
DuplicateHandle
CreateFileMappingA
OpenEventA
GetStdHandle
SetFileTime
RemoveDirectoryW
GetFileAttributesW
GetLogicalDrives
SetFileAttributesW
DeleteFileW
VirtualQuery
SetCurrentDirectoryA
GetModuleFileNameA
GetCurrentDirectoryA
CreateDirectoryW
FindResourceA
SetConsoleCtrlHandler
FreeConsole
HeapSize
HeapReAlloc
HeapDestroy
GetTimeZoneInformation
WriteProcessMemory
VirtualFreeEx
VirtualAllocEx
ReleaseMutex
CreateProcessA
lstrlenA
lstrcpyW
OpenFileMappingA
SetErrorMode
FileTimeToLocalFileTime
lstrcmpA
GetWindowsDirectoryA
CreateRemoteThread
GetTimeFormatW
SetWaitableTimer
CreateWaitableTimerW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
SetThreadLocale
GetUserDefaultLangID
lstrcpynA
GetFileType
lstrcmpiA
QueryDosDeviceW
lstrcpynW
CreateFileMappingW
FindNextFileW
GlobalUnlock
GlobalLock
GetFileSizeEx
GetVersion
GlobalSize
SetConsoleActiveScreenBuffer
GetCurrentConsoleFont
GetConsoleScreenBufferInfo
FlushFileBuffers
GetOverlappedResult
GetVersionExA
ReleaseSemaphore
HeapCreate
GlobalMemoryStatus
CreateSemaphoreW
TryEnterCriticalSection
DefineDosDeviceW
CreateMutexA
ReadProcessMemory
GetConsoleMode
WriteConsoleOutputA
ReadConsoleOutputA
SetConsoleCursorInfo
SetConsoleScreenBufferSize
CreateConsoleScreenBuffer
GetNumberOfConsoleInputEvents
GetConsoleOutputCP
GetConsoleCursorInfo
GetComputerNameA
lstrcatA
SetConsoleMode
SetStdHandle
ConnectNamedPipe
CreateNamedPipeA
SetConsoleTitleA
GetConsoleCP
SetConsoleCP
ExitProcess
GetLargestConsoleWindowSize
SetConsoleWindowInfo
LoadLibraryExW
GetFileInformationByHandle
WaitForSingleObjectEx
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
WakeAllConditionVariable
GetNativeSystemInfo
SetConsoleTextAttribute
ReadConsoleW
ReadConsoleA
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GetEnvironmentVariableW
VirtualProtect
InterlockedFlushSList
InterlockedPushEntrySList
FreeLibraryAndExitThread
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
UnhandledExceptionFilter
GetLocaleInfoEx
LCMapStringEx
GetCPInfo
CompareStringEx
EncodePointer
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
SwitchToThread
GetStringTypeW
VirtualAlloc
SetUnhandledExceptionFilter
Thread32First
Thread32Next
OpenFileMappingW
InitializeCriticalSectionAndSpinCount
OpenThread
GetProductInfo
WaitNamedPipeW
CreateNamedPipeW
VerSetConditionMask
VerifyVersionInfoW
VirtualLock
GetDriveTypeW
GetDynamicTimeZoneInformation
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
K32GetModuleFileNameExW
K32EnumProcesses
FormatMessageW
TerminateThread
GetLocalTime
GetSystemDefaultLangID
GetProcessTimes
LocalAlloc
GetProcessHeap
HeapFree
CompareFileTime
GetACP
SetEndOfFile
GetThreadLocale
WriteConsoleInputA
GetFileSize
MulDiv
GetFileTime
SetFilePointer
MultiByteToWideChar
lstrcpyA
SetPriorityClass
GetSystemInfo
ReadFile
FindFirstFileW
CreateThread
LocalFree
WideCharToMultiByte
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetSystemTimeAsFileTime
CreateProcessW
TerminateProcess
GetExitCodeProcess
GetExitCodeThread
GetTickCount
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
CreateEventA
ResetEvent
SetEvent
WaitForMultipleObjects
lstrlenW
CreateThreadpool
CreateThreadpoolCleanupGroup
CloseThreadpool
WriteConsoleW
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
FindClose
ExpandEnvironmentStringsW
DeviceIoControl
LoadLibraryA
GetModuleHandleExW
CreateEventW
lstrcmpiW
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
GetModuleHandleW
DecodePointer
WaitForSingleObject
Sleep
OutputDebugStringW
GetCurrentThreadId
GetLastError
GetCurrentThread
CloseHandle
GetCurrentProcessId
LoadLibraryW
IsWow64Process
GetCurrentProcess
GetSystemWow64DirectoryW
GetSystemDirectoryW
GetModuleFileNameW
GetProcAddress
FreeLibrary
RtlUnwind
ExitThread
CreateFileW
GetFullPathNameW
GetDateFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
HeapQueryInformation
GetCurrentDirectoryW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
FormatMessageA

user32

SetRectEmpty
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
wsprintfW
ReleaseDC
GetDC
LoadBitmapW
DisplayConfigGetDeviceInfo
GetDisplayConfigBufferSizes
CloseClipboard
GetClipboardData
OpenClipboard
SetKeyboardState
GetKeyState
GetKeyboardLayout
GetIconInfo
wsprintfA
MapVirtualKeyW
EmptyClipboard
SetClipboardData
GetPriorityClipboardFormat
SetWindowRgn
QueryDisplayConfig
ShowWindow
SetWindowPos
GetWindowRect
LoadIconW
OffsetRect
UnionRect
SystemParametersInfoW
MessageBoxW
GetProcessWindowStation
SetDisplayConfig
DisplayConfigSetDeviceInfo
RedrawWindow
CharNextExA
CharLowerW
SetWindowPlacement
CharLowerBuffW
CharLowerBuffA
GetKeyboardState
ToUnicodeEx
SendInput
MapVirtualKeyExW
VkKeyScanExW
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetThreadDesktop
GetCursorPos
IsIconic
GetDesktopWindow
DestroyWindow
IsWindow
PostMessageW
GetWindow
FindWindowA
SendMessageA
MapVirtualKeyA
TrackMouseEvent
InvalidateRect
EndPaint
GetClientRect
BeginPaint
UpdateWindow
CallWindowProcW
PostThreadMessageW
SetCursorPos
ReleaseCapture
SetCapture
SetForegroundWindow
MoveWindow
GetDlgItem
ScreenToClient
SetWindowTextW
GetWindowPlacement
SetTimer
RegisterClipboardFormatW
FindWindowW
RegisterWindowMessageW
BroadcastSystemMessageW
IntersectRect
mouse_event
keybd_event
EndDialog
EnableWindow
SetFocus
OpenWindowStationW
SetProcessWindowStation
CloseWindowStation
UnregisterClassW
EnumDisplayDevicesW
GetSystemMetrics
MsgWaitForMultipleObjects
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SetWindowLongW
CreateWindowExW
RegisterClassExW
DefWindowProcW
GetWindowLongW
VkKeyScanA
CharNextW
KillTimer
SetLayeredWindowAttributes
SetCursor
GetParent
EnumDesktopWindows
RegisterWindowMessageA
MessageBeep
GetForegroundWindow
MapWindowPoints
GetWindowTextW
PostQuitMessage
PeekMessageW
DrawTextW
DestroyIcon
GetWindowTextLengthW
DrawIconEx
LoadIconA
FillRect
FrameRect
SetRect
SendMessageTimeoutW
GetAncestor
GetClassNameW
LoadCursorW
GetUserObjectInformationW
GetCursorInfo
WindowFromPoint
GetGUIThreadInfo
ClientToScreen

gdi32

GetDeviceCaps
CreateCompatibleBitmap
SelectObject
BitBlt
SetStretchBltMode
StretchBlt
DeleteObject
CreateSolidBrush
CreatePen
MoveToEx
LineTo
CreateFontW
SetTextColor
SetTextAlign
SetBkMode
SetDIBColorTable
CreateDIBitmap
DeleteDC
GetDeviceGammaRamp
CreateCompatibleDC
SetDeviceGammaRamp
GetStockObject
GetObjectA
CreateDCA
ExtEscape
CombineRgn
PtInRegion
SetRectRgn
CreateRectRgn
GetSystemPaletteEntries
GetRgnBox
OffsetRgn
GetObjectW
SetBkColor
CreateFontIndirectW
CreateICW
GetFontData
GetDIBits
RealizePalette
CreateDCW
CreateRoundRectRgn
SetPixel
SelectPalette
GetRegionData
CreateDIBSection

winspool.drv

SetPrinterW
ClosePrinter
OpenPrinterW
AddPrinterW
EnumPrintersW
DeletePrinter

advapi32

AdjustTokenPrivileges
SetTokenInformation
OpenThreadToken
SetThreadToken
CreateProcessAsUserW
IsTextUnicode
ImpersonateLoggedOnUser
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptGetProvParam
CryptSetHashParam
StopTraceW
ControlTraceW
CloseTrace
GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSid
SetSecurityDescriptorDacl
ProcessTrace
OpenTraceW
StartTraceW
CryptImportKey
CryptDestroyKey
CryptGetUserKey
CryptGetKeyParam
CryptExportKey
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
SetNamedSecurityInfoW
ConvertSidToStringSidW
CryptAcquireContextA
CryptReleaseContext
RegDeleteKeyValueW
CryptGenRandom
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetTokenInformation
EqualSid
RegOpenKeyExA
RegQueryValueExA
RevertToSelf
FreeSid
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
LookupPrivilegeValueW
OpenProcessToken
GetUserNameW
CloseServiceHandle
AddAce
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
LookupAccountSidA
RegOpenKeyW
RegQueryInfoKeyW
CloseEventLog
LogonUserW

shell32

SHGetFileInfoW
ord680
SHChangeNotify
ExtractAssociatedIconA
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW

ole32

CoFreeUnusedLibraries
CLSIDFromProgID
CoImpersonateClient
CoRevertToSelf
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
OleSetClipboard
OleInitialize
OleUninitialize
DoDragDrop
GetRunningObjectTable
CreateBindCtx
CoSetProxyBlanket
CreateStreamOnHGlobal
CoUninitialize
StringFromCLSID
OleRun
CoTaskMemFree
PropVariantClear
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoInitialize
CLSIDFromString

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayCopy
LoadRegTypeLi
VariantTimeToSystemTime
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantClear
SysReAllocString
RegisterTypeLi
SafeArrayDestroy
VariantChangeType
VariantCopy
SysStringByteLen
SysAllocStringByteLen
SafeArrayGetElement
SysAllocStringLen
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayGetDim
GetRecordInfoFromGuids
SafeArrayCreateEx
SafeArrayCreate
SafeArrayLock
SafeArrayUnlock
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi

ws2_32

connect
setsockopt
recv
bind
htons
WSAGetLastError
__WSAFDIsSet
select
send
accept
getsockname
listen
WSAIoctl
socket
ntohs
WSASetLastError
getservbyport
closesocket
sendto
gethostbyname
ioctlsocket
gethostname
inet_ntoa
inet_addr
getpeername
ntohl
gethostbyaddr
freeaddrinfo
getaddrinfo
htonl
getservbyname
getsockopt
inet_pton
WSAStartup
WSACleanup
shutdown
WSACreateEvent
WSACloseEvent
WSAEventSelect
WSAResetEvent
WSAAccept

shlwapi

SHDeleteKeyW
ord176

wsock32

recvfrom

wininet

InternetQueryOptionA
InternetInitializeAutoProxyDll
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle
InternetOpenA
InternetConnectA
DetectAutoProxyUrl

urlmon

URLDownloadToFileA

dnsapi

DnsFree
DnsQuery_W

wintrust

WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperProvDataFromStateData

iphlpapi

GetIpForwardTable
GetBestRoute
GetIpAddrTable
GetIfEntry
GetBestInterface
GetExtendedTcpTable
GetExtendedUdpTable
SendARP

gdiplus

GdipDisposeImage
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToStream
GdiplusStartup
GdipCreateBitmapFromScan0
GdipGetImageEncoders
GdipCloneImage
GdipAlloc
GdiplusShutdown
GdipFree
GdipGetImageEncodersSize

secur32

FreeCredentialsHandle
DeleteSecurityContext
QuerySecurityPackageInfoA
InitializeSecurityContextA
AcquireCredentialsHandleA
FreeContextBuffer
CompleteAuthToken

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

Exports

Exports

DoSelfDestruction
RACleanup
RAwmain

Sections

.text
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LogMeIn.exe
.exe windows x86

946ecc9255b1e2c2b4f8073af6f9e4e1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:2b:2c:3c:d8:59:f9:61:d9:21:22:92:a7:2c:20:8b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/10/2009, 00:00

Not After

10/10/2012, 23:59

Subject

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:b3:6d:d0:b1:82:40:56:46:02:4a:29:bd:99:92:5d:3f:11:73:43
Signer

Actual PE Digest

6f:b3:6d:d0:b1:82:40:56:46:02:4a:29:bd:99:92:5d:3f:11:73:43

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

08/11/2010, 10:57
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenMutexW
CreateMutexW
CloseHandle
WaitForSingleObject
ReleaseMutex
GetModuleFileNameW
GetLocalTime
SetFilePointer
CreateFileW
GetProcAddress
LoadLibraryExW
GetLastError
WriteFile
FreeLibrary
RtlUnwind
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
Sleep
HeapSize
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSection
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
CreateFileA

advapi32

RegQueryValueExW
RegOpenKeyExW

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LogMeInAV.dll
.dll windows x86

b933444ffad6146b3b14cc2825ba3267

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:63:80:2c:d2:6a:64:fe:82:59:8e:4c:4d:ab:6f:84:2f:74:f2:32:d6:2c:de:69:82:7d:03:77:2a:53:d4:43
Signer

Actual PE Digest

59:63:80:2c:d2:6a:64:fe:82:59:8e:4c:4d:ab:6f:84:2f:74:f2:32:d6:2c:de:69:82:7d:03:77:2a:53:d4:43

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtQuerySystemInformation
VerSetConditionMask
RtlUnwind

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptUnprotectData
CertFreeCertificateContext
CertGetCertificateContextProperty

kernel32

LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsFree
GetSystemTimeAsFileTime
SystemTimeToFileTime
QueryPerformanceFrequency
WriteConsoleW
GetTimeZoneInformation
LocalFree
Sleep
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionEx
GetLastError
GetExitCodeProcess
WaitForSingleObject
WaitForMultipleObjects
CreateProcessW
SetEvent
MultiByteToWideChar
FileTimeToSystemTime
CloseHandle
CreateEventW
GetTempPathW
TlsSetValue
GetModuleFileNameW
GetSystemDirectoryW
GetCurrentProcess
SetStdHandle
GetConsoleCP
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
WideCharToMultiByte
GetFileSizeEx
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
InterlockedFlushSList
GetSystemTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
FindFirstFileW
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GetFileType
GetEnvironmentVariableW
GetStdHandle
GetModuleHandleExW
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
LoadLibraryW
EnterCriticalSection
CreateFileW
SetLastError
ReadFile
GetCurrentThread
GetTickCount
IsValidCodePage
QueryPerformanceCounter
HeapCreate
HeapDestroy
HeapAlloc
HeapSize
HeapFree
HeapReAlloc
VerifyVersionInfoW
FormatMessageA
lstrcmpiA
SetFilePointer
WriteFile
FlushFileBuffers
SetEndOfFile
FindClose
SetErrorMode
UnhandledExceptionFilter
GetProcAddress
FreeLibrary
GetCurrentProcessId
LoadLibraryA
ExitProcess
GetProductInfo
GetSystemDirectoryA
OpenProcess
GetProcessTimes
OpenThread
GetThreadTimes
GetTempPathA
GetPrivateProfileStringA
GlobalFree
IsDebuggerPresent
OutputDebugStringW
GetCurrentDirectoryW
CreateDirectoryW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
MoveFileExW
GetFileInformationByHandleEx
WaitForSingleObjectEx
GetExitCodeThread
GetStringTypeW
EncodePointer
GetModuleHandleW
LCMapStringEx
CompareStringEx
GetCPInfo
GetLocaleInfoEx
InitializeCriticalSectionAndSpinCount
ResetEvent
GetModuleHandleA

user32

GetSystemMetrics
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
CharNextExA

advapi32

CryptGetUserKey
CryptDestroyKey
CryptGetKeyParam
CryptExportKey
CryptImportKey
CryptSetHashParam
CryptAcquireContextA
CryptGetProvParam
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
InitiateSystemShutdownExW
DeregisterEventSource
OpenProcessToken
OpenThreadToken
RegisterEventSourceW
ReportEventW
GetTokenInformation
RegCloseKey
RegDeleteKeyExW
CryptAcquireContextW
CryptGenRandom
RegDeleteKeyValueW
RegCreateKeyExW
RegDeleteTreeW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
CryptReleaseContext
AllocateAndInitializeSid
EqualSid
FreeSid

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

VariantClear
SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString

ws2_32

select
send
recv
connect
WSAGetLastError
WSACleanup
closesocket
socket
WSAStartup
shutdown
WSASetLastError
inet_addr
gethostbyname
htons
getservbyname
htonl
inet_ntoa
ntohs
getservbyport
gethostbyaddr
gethostname
getsockname
inet_pton
setsockopt
getsockopt

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

secur32

DeleteSecurityContext
AcquireCredentialsHandleA
FreeContextBuffer
QuerySecurityPackageInfoA
FreeCredentialsHandle
InitializeSecurityContextA
CompleteAuthToken

wininet

DetectAutoProxyUrl
InternetInitializeAutoProxyDll

bcrypt

BCryptGenRandom

Exports

Exports

CreateServiceHandler
DestroyServiceHandler
LogMeInAV_DropLocalExclusions
LogMeInAV_HasLocalExclusions
LogMeInAV_Installed
LogMeInAV_Register
LogMeInAV_Unregister

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 442KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LogMeInAVServer.exe
.exe windows x86

0bc8061a95c9870a2af9f8fd134d62d2

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ec:f6:a1:59:51:a4:c0:53:ae:44:d0:05:00:d7:c1:c0:cb:92:93:26:69:49:68:78:36:e8:e8:c7:33:e8:2b:ea
Signer

Actual PE Digest

ec:f6:a1:59:51:a4:c0:53:ae:44:d0:05:00:d7:c1:c0:cb:92:93:26:69:49:68:78:36:e8:e8:c7:33:e8:2b:ea

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CryptStringToBinaryW
CertGetCertificateContextProperty
CertGetNameStringW
CryptProtectData
CryptUnprotectData
CryptBinaryToStringW
CertOpenStore
CertFreeCertificateContext

kernel32

OpenProcess
GetModuleHandleW
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
lstrcmpiW
MultiByteToWideChar
K32GetModuleFileNameExW
GetCommandLineW
SetEvent
WaitForSingleObject
CreateEventW
CreateThread
VerSetConditionMask
InitializeCriticalSection
GetSystemTimeAsFileTime
LoadLibraryExA
LoadLibraryA
VerifyVersionInfoW
LocalFree
GetTimeZoneInformation
FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToFileTime
QueryPerformanceCounter
FileTimeToLocalFileTime
ReadFile
SetLastError
CreateFileW
GetCurrentDirectoryW
FindClose
FindFirstFileW
FindNextFileW
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSectionEx
DecodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetExitCodeThread
Sleep
RaiseException
GetWindowsDirectoryA
GetSystemDirectoryA
GetTickCount
GetLocalTime
GetThreadContext
SuspendThread
SetThreadPriority
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetLastError
SetUnhandledExceptionFilter
CloseHandle
WriteFile
SetFilePointer
GetFileSize
GetFileAttributesA
DeleteFileA
GetProcessIdOfThread
CreateDirectoryA
GetEnvironmentVariableA
GetProcAddress
GetModuleFileNameA
FreeLibrary
GetCurrentDirectoryA
SetCurrentDirectoryA
LoadLibraryW
GetModuleFileNameW
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
GetSystemInfo
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
GetProcessHeap
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
GetConsoleCP
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
SetEnvironmentVariableW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
GetSystemTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertFiberToThread
DeleteFiber
GetFileType
GetEnvironmentVariableW
GetStdHandle
GetModuleHandleExW
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
GetSystemWow64DirectoryW
IsWow64Process
GetSystemDirectoryW
GetCurrentProcess
CreateFileA
OpenThread
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
GetCPInfo
CreateEventA
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
HeapAlloc
HeapSize
HeapFree
HeapReAlloc
FlushFileBuffers
SetEndOfFile
GetFileTime
GetProductInfo
ResetEvent
SetErrorMode
GetModuleHandleA
ExitProcess
FormatMessageA
ReleaseMutex
WaitForSingleObjectEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
CreateDirectoryW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
GetStringTypeW
EncodePointer
InitOnceExecuteOnce
GetCurrentProcessorNumber

user32

GetSystemMetrics
CharNextExA
PostThreadMessageW
CharUpperW
TranslateMessage
GetMessageW
CharNextW
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
DispatchMessageW

advapi32

CryptSetHashParam
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptGetProvParam
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RevertToSelf
RegCloseKey
OpenProcessToken
GetTokenInformation
OpenThreadToken
ConvertSidToStringSidW
CryptDestroyKey
CryptGetUserKey
CryptExportKey
CryptEnumProvidersW
CryptAcquireContextW
CryptGenRandom
RegDeleteKeyValueW
RegQueryValueExW
CryptReleaseContext
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

shell32

SHGetFolderPathW
SHGetKnownFolderPath

ole32

StringFromGUID2
CoCreateGuid
CoUninitialize
CoInitializeEx
CoCreateInstance
CoGetCallerTID
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoAddRefServerProcess
CoInitialize
CoReleaseServerProcess

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysFreeString
SysAllocString
VarUI4FromStr
SysStringLen
SysAllocStringLen

ws2_32

WSAStartup
closesocket
WSACleanup
setsockopt
WSAGetLastError
bind
socket
inet_ntop
WSASend
listen
getsockname
WSASetLastError
htons
WSARecv
WSASocketA
WSAIoctl
WSAGetOverlappedResult
freeaddrinfo
getaddrinfo
getpeername
ntohs
recv
inet_pton
send

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 589KB - Virtual size: 589KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 298KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LogMeInRC.exe
.exe windows x86

983de707a86a1cd3ca780d92ed483d07

Code Sign

1c:68:3f:7b:8f:fb:cd:ac:e1:92:7d:58:8d:49:06:cf
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/09/2015, 00:00

Not After

07/11/2018, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

44:1e:61:46:f2:ab:24:8b:fa:6b:c3:e2:13:07:43:56:54:a7:d9:63:6c:65:56:c1:d8:f2:c3:12:78:70:a7:5c
Signer

Actual PE Digest

44:1e:61:46:f2:ab:24:8b:fa:6b:c3:e2:13:07:43:56:54:a7:d9:63:6c:65:56:c1:d8:f2:c3:12:78:70:a7:5c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/10/2018, 11:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
OpenMutexW
WriteFile
GetLastError
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
WriteConsoleW
SetFilePointer
GetLocalTime
CreateFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
SetFilePointerEx
DecodePointer

advapi32

RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LogMeInSystray.dll
.dll windows x86

ed0518725eb323cc21531e726ba38fd9

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:0d:8d:62:42:f2:b9:85:51:9c:47:cc:b5:1b:ef:68:6d:9e:8f:5d:85:a3:50:05:5f:d4:fa:d2:b8:a8:da:17
Signer

Actual PE Digest

53:0d:8d:62:42:f2:b9:85:51:9c:47:cc:b5:1b:ef:68:6d:9e:8f:5d:85:a3:50:05:5f:d4:fa:d2:b8:a8:da:17

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptUnprotectData
CryptProtectData

kernel32

FormatMessageW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
GetExitCodeThread
SetThreadPriority
VirtualQuery
OpenEventA
CreateMutexA
lstrcmpiW
LoadLibraryExW
GetComputerNameW
lstrlenA
lstrcmpiA
FindResourceW
SizeofResource
LockResource
LoadResource
GetVersionExW
GetTickCount
CreateMutexW
DeleteFileW
GetEnvironmentVariableW
SetFilePointer
ReadFile
CreateFileW
CreateFileA
GetSystemDefaultLangID
GetUserDefaultLangID
WideCharToMultiByte
MultiByteToWideChar
GetSystemDirectoryA
GetModuleHandleW
GetWindowsDirectoryW
GetStartupInfoW
CreateProcessW
WaitForDebugEvent
ContinueDebugEvent
GetFileAttributesW
SearchPathW
GetCommandLineW
GlobalUnlock
OutputDebugStringW
GlobalLock
GlobalSize
Sleep
LeaveCriticalSection
EnterCriticalSection
FindNextFileW
FindFirstFileW
FindClose
GetTimeFormatW
lstrcatW
lstrcpyW
lstrcpynW
GetFileSize
MulDiv
GetModuleHandleA
GetVersion
GetLocalTime
lstrlenW
LoadLibraryA
GetModuleHandleExW
CreateEventW
LocalFree
GetModuleFileNameA
WaitForMultipleObjects
CreateEventA
WaitForSingleObject
SetEvent
SetLastError
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetLastError
RaiseException
CloseHandle
DecodePointer
LoadLibraryW
GetModuleFileNameW
GetSystemWow64DirectoryW
IsWow64Process
GetSystemDirectoryW
GetCurrentProcess
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetProcAddress
InitializeCriticalSection
LCMapStringW
GetDateFormatW
SetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetCommandLineA
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualAlloc
GetSystemInfo
InterlockedFlushSList
RtlUnwind
GetLocaleInfoEx
GetCPInfo
CompareStringEx
LCMapStringEx
GetStringTypeW
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
GetUserDefaultLCID
GetTempFileNameW
GetProfileIntW
GetTempPathW
FindResourceExW
SystemTimeToTzSpecificLocalTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
VirtualProtect
GlobalGetAtomNameW
DuplicateHandle
UnlockFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetCurrentDirectoryW
CompareStringW
GlobalFindAtomW
EncodePointer
LocalReAlloc
GlobalHandle
GlobalReAlloc
CopyFileW
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpW
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
OutputDebugStringA
LocalAlloc
TerminateProcess
OpenEventW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
Thread32Next
Thread32First
CreateToolhelp32Snapshot
SetUnhandledExceptionFilter
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
GlobalFree
OpenProcess
QueryPerformanceCounter
GetProductInfo
VerifyVersionInfoW
VerSetConditionMask
ExitProcess
SetErrorMode
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetStdHandle
GetFileType
FreeLibrary
WriteFile
ResetEvent
GetFileTime
SetEndOfFile
FlushFileBuffers

advapi32

StartServiceW
RegQueryValueExW
OpenProcessToken
OpenThreadToken
SetNamedSecurityInfoW
AdjustTokenPrivileges
LookupPrivilegeValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyW
RegQueryValueW
GetTokenInformation
LookupAccountSidW
RegCloseKey
RegOpenKeyExW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
RegQueryValueExA
RegOpenKeyExA
RegQueryInfoKeyW
FreeSid
EqualSid
AllocateAndInitializeSid
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

user32

IsDialogMessageW
GetScrollInfo
OpenClipboard
CloseClipboard
GetClipboardData
GetPriorityClipboardFormat
DefWindowProcW
RegisterClassExW
CreateWindowExW
IsWindow
SetTimer
KillTimer
GetDlgCtrlID
SetFocus
GetKeyState
EnableWindow
GetSystemMetrics
GetForegroundWindow
InvalidateRect
RedrawWindow
SetScrollPos
GetDlgItem
EndDialog
DialogBoxParamW
CreateDialogParamW
SetWindowPos
MoveWindow
GetActiveWindow
SetCapture
ReleaseCapture
DrawTextW
UpdateWindow
GetDC
GetWindowTextW
SetCursor
GetCursorPos
GetParent
LoadCursorW
GetSubMenu
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
EnumChildWindows
wsprintfA
wsprintfW
RegisterWindowMessageA
RegisterWindowMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
CallWindowProcW
GetDoubleClickTime
RegisterClassW
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
SetDlgItemTextW
SendDlgItemMessageW
LoadMenuW
CreatePopupMenu
DestroyMenu
EnableMenuItem
RemoveMenu
DeleteMenu
SetWindowLongW
SetWindowTextW
GetWindowTextLengthW
CharNextExA
GetMessageW
PeekMessageW
ValidateRect
SetWindowsHookExW
CallNextHookEx
ShowOwnedPopups
IsWindowEnabled
ShowWindow
GetFocus
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuStringW
GetMenuState
InsertMenuW
AppendMenuW
GetMessagePos
GetMessageTime
GetClassInfoW
GetClassInfoExW
IsMenu
IsChild
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsIconic
GetCapture
GetMenu
SetMenu
SetActiveWindow
BeginPaint
GetClientRect
ScrollWindow
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
AdjustWindowRectEx
MapWindowPoints
CopyRect
EqualRect
PtInRect
GetClassLongW
GetClassNameW
GetTopWindow
GetWindow
LoadIconW
SetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
CheckDlgButton
CopyImage
GetDesktopWindow
RealChildWindowFromPoint
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
CharUpperW
GetSysColorBrush
InflateRect
SendDlgItemMessageA
SetRectEmpty
OffsetRect
CreateDialogIndirectParamW
GetNextDlgTabItem
GetAsyncKeyState
MapDialogRect
IntersectRect
TrackMouseEvent
GetNextDlgGroupItem
WindowFromPoint
DrawFocusRect
IsRectEmpty
MessageBeep
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
GetMenuDefaultItem
MapVirtualKeyW
GetKeyNameTextW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClipboardData
EmptyClipboard
DrawStateW
SetClassLongW
SetWindowRgn
SetParent
DrawEdge
DrawFrameControl
IsZoomed
GetSystemMenu
SetCursorPos
TrackPopupMenu
FrameRect
DrawIcon
UnionRect
UpdateLayeredWindow
MonitorFromPoint
LoadAcceleratorsW
TranslateAcceleratorW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
LockWindowUpdate
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
GetWindowRect
ClientToScreen
GetSysColor
FillRect
EndPaint
InsertMenuItemW
GetMenuItemInfoW
SetMenuDefaultItem
SetForegroundWindow
ReleaseDC
ScreenToClient
ChildWindowFromPoint
DestroyWindow
PostMessageW
GetWindowLongW
SendMessageW
UnregisterClassW
GetLastActivePopup
SetRect
CharLowerW
MessageBoxW
BringWindowToTop
AttachThreadInput
SystemParametersInfoW
SystemParametersInfoA
UnhookWindowsHookEx
SendMessageTimeoutW
CharNextW
GetIconInfo
DrawIconEx
LoadImageW
DestroyIcon
GetWindowThreadProcessId
FindWindowW
CopyIcon

gdi32

PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
CreateCompatibleDC
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextExtentPoint32W
GetTextFaceW
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
LineTo
SelectObject
MoveToEx
CreateFontIndirectW
SetBkMode
SetTextColor
GetObjectW
GetDIBits
GetTextExtentPointW
CreateDIBSection
CreateDCW
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
BitBlt
SetBkColor
CopyMetaFileW
CreateBitmap
IntersectClipRect
SetMapMode
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
StretchBlt
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
CreateCompatibleBitmap
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
GetTextMetricsW
DPtoLP
SetRectRgn
PatBlt
CreateRectRgnIndirect
CombineRgn

shell32

ShellExecuteW
SHAppBarMessage
SHBrowseForFolderW
Shell_NotifyIconW
ShellExecuteExW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
DragFinish

ole32

RevokeDragDrop
CoUninitialize
CoCreateGuid
CoInitialize
OleDuplicateData
CoDisconnectObject
CoInitializeEx
CreateStreamOnHGlobal
DoDragDrop
OleGetClipboard
CoLockObjectExternal
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
ReleaseStgMedium
CoInitializeSecurity
CoCreateInstance
CreateGenericComposite
CreateFileMoniker
CreateItemMoniker
GetRunningObjectTable
OleInitialize
OleUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
RegisterDragDrop

comdlg32

ChooseFontW
ChooseColorW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wsock32

connect
send
select
recv
WSASetLastError
getservbyname
closesocket
gethostname
gethostbyname
gethostbyaddr
socket
ntohs
inet_ntoa
getservbyport
ntohl
inet_addr
ioctlsocket
htons
htonl
getsockname
getpeername
WSAGetLastError

comctl32

ord17

ws2_32

WSAStartup
WSACleanup

rntfywnd

?CreateInstance@@YAPAUINotifyManager@@PAUHWND__@@PAUHINSTANCE__@@@Z
?InitComponents@@YAXPAUHINSTANCE__@@@Z

msimg32

AlphaBlend
TransparentBlt

shlwapi

StrFormatKBSizeW
PathRemoveFileSpecW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
AssocQueryStringW

uxtheme

CloseThemeData
GetThemePartSize
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetWindowTheme
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
OpenThemeData
DrawThemeParentBackground
DrawThemeText

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
SysFreeString
SafeArrayCreate
SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
SysStringLen
SafeArrayGetElemsize
SafeArrayGetElement
VariantInit
VariantChangeType
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysAllocString
VarBstrFromDate
VariantCopy

gdiplus

GdipCreateBitmapFromScan0
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdiplusShutdown
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

msi

ord17
ord8
ord125
ord74
ord70
ord103
ord246
ord145

winmm

PlaySoundW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

Exports

Exports

MessagePump
RAGuiCleanup
RAGuiInit

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 422KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LogMeInSystray.exe
.exe windows x86

23bd5f8e3fdc9929d2a7ad14d169df50

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:f2:c9:f1:96:4f:1b:44:70:ad:bd:5b:e5:a8:f3:07:57:39:ea:4d:30:53:b6:5d:07:a0:5d:58:4a:fe:ba:de
Signer

Actual PE Digest

27:f2:c9:f1:96:4f:1b:44:70:ad:bd:5b:e5:a8:f3:07:57:39:ea:4d:30:53:b6:5d:07:a0:5d:58:4a:fe:ba:de

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 11:41
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
OpenMutexW
GetLocalTime
WriteFile
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
DecodePointer
SetFilePointer
GetLastError
CreateFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetFileType
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
WriteConsoleW

user32

GetMessageW

advapi32

RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LogMeInToolkit.exe
.exe windows x86

2799b8fe6688b45e1cf4848c48a27c2f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:21:d5:91:b1:83:5c:d2:06:a1:b7:17:a0:c5:c5:b5:99:ca:9c:00:6a:e7:e6:b0:39:28:5e:ee:e9:43:08:47
Signer

Actual PE Digest

9a:21:d5:91:b1:83:5c:d2:06:a1:b7:17:a0:c5:c5:b5:99:ca:9c:00:6a:e7:e6:b0:39:28:5e:ee:e9:43:08:47

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
GetEnvironmentVariableW
GetStdHandle
ExitProcess
WideCharToMultiByte
FindNextFileW
FindFirstFileW
GetCurrentDirectoryW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetExitCodeThread
SetThreadPriority
ResumeThread
SetFilePointer
CreateFileA
GetSystemDefaultLangID
GetUserDefaultLangID
GetSystemDirectoryA
CreateEventA
InitializeCriticalSection
GetCurrentDirectoryA
GetModuleFileNameA
SetCurrentDirectoryA
VirtualQuery
ResetEvent
DeleteFileW
GetFileSize
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
GlobalAlloc
GlobalLock
GlobalUnlock
GetThreadLocale
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVersionExW
FindClose
CreateMutexW
GetComputerNameExW
SetLastError
GetTempPathA
GetTempFileNameA
GetPrivateProfileStringA
DeleteFileA
GlobalFree
LocalAlloc
lstrcpynW
GetCommandLineW
LocalFree
CreateToolhelp32Snapshot
Process32First
Process32Next
MultiByteToWideChar
SetEvent
ConnectNamedPipe
WaitForMultipleObjects
DisconnectNamedPipe
ReadFile
WaitNamedPipeW
CreateFileW
SetNamedPipeHandleState
WriteFile
FlushFileBuffers
CreateNamedPipeW
Sleep
GetComputerNameW
MulDiv
lstrlenW
LoadLibraryA
GetModuleHandleExW
CreateEventW
CreateDirectoryW
GetFileAttributesW
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
GetCurrentThreadId
HeapSize
GetLastError
GetCurrentThread
HeapReAlloc
CloseHandle
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetTickCount
OutputDebugStringW
SizeofResource
LockResource
LoadResource
FindResourceW
LoadLibraryW
IsWow64Process
GetCurrentProcess
GetSystemWow64DirectoryW
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
GetEnvironmentVariableA
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
SetStdHandle
HeapQueryInformation
GetCommandLineA
SetConsoleCtrlHandler
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetFileInformationByHandle
GetDriveTypeW
SetEnvironmentVariableW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
GetLocaleInfoEx
GetCPInfo
CompareStringEx
GetSystemDirectoryW
GetModuleFileNameW
GetProcAddress
FreeLibrary
GetCurrentProcessorNumber
InitOnceExecuteOnce
GetSystemTimeAsFileTime
QueryPerformanceCounter
SystemTimeToFileTime
QueryPerformanceFrequency
GetTimeZoneInformation
FormatMessageW
GetFileTime
SetEndOfFile
ReleaseMutex
GetModuleHandleA
SetErrorMode
VerifyVersionInfoW
VerSetConditionMask
PeekNamedPipe
FormatMessageA
GetProductInfo
GetThreadTimes
OpenThread
GetProcessTimes
OpenProcess
InitializeCriticalSectionAndSpinCount
OpenFileMappingW
CreateFileMappingW
Thread32Next
Thread32First
SetUnhandledExceptionFilter
GetExitCodeProcess
CreateProcessW
OpenEventW
TerminateProcess
DuplicateHandle
VirtualAlloc
lstrcmpW
CreateThread
lstrcmpiW
OutputDebugStringA
EncodePointer
LoadLibraryExW
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
GlobalSize
CopyFileW
lstrcpyW
VirtualProtect
lstrcmpA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalGetAtomNameW
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
GetTempPathW
FindResourceExW
GetFullPathNameW
GetVolumeInformationW
LockFile
UnlockFile
GetWindowsDirectoryW
GetTempFileNameW
GetUserDefaultLCID
GetProfileIntW
SearchPathW
GetFileAttributesExW
GetFileSizeEx
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
LCMapStringEx
LoadLibraryExA

user32

BeginPaint
EndPaint
ValidateRect
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
AdjustWindowRectEx
MapWindowPoints
GetTopWindow
GetLastActivePopup
GetWindow
SetScrollInfo
GetScrollInfo
WinHelpW
GetDlgItemTextW
CheckDlgButton
IsDlgButtonChecked
SendDlgItemMessageW
IsWindowEnabled
IsDialogMessageW
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
DrawTextExW
GrayStringW
TabbedTextOutW
ClientToScreen
GetMenuStringW
GetMenuState
InsertMenuW
AppendMenuW
RemoveMenu
GetWindowThreadProcessId
LoadMenuW
InflateRect
IntersectRect
CharNextW
CreateDialogIndirectParamW
GetNextDlgTabItem
GetActiveWindow
SendDlgItemMessageA
GetSysColorBrush
EnumDisplayMonitors
GetAsyncKeyState
MapDialogRect
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
SetWindowContextHelpId
WindowFromPoint
GetKeyNameTextW
MapVirtualKeyW
DestroyMenu
CopyImage
RealChildWindowFromPoint
SetCapture
ReleaseCapture
CopyAcceleratorTableW
InvalidateRgn
IsRectEmpty
LoadImageW
DrawEdge
DrawFrameControl
DrawStateW
SetWindowRgn
ToUnicodeEx
GetKeyboardLayout
CharUpperW
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
DestroyAcceleratorTable
IsZoomed
GetSystemMenu
DeleteMenu
MessageBeep
NotifyWinEvent
SetCursorPos
SetParent
BringWindowToTop
CreatePopupMenu
LockWindowUpdate
GetNextDlgGroupItem
WaitMessage
RegisterClipboardFormatW
GetMenuDefaultItem
EnableScrollBar
HideCaret
InvertRect
CopyIcon
FrameRect
MonitorFromPoint
UnionRect
GetDoubleClickTime
SetMenuDefaultItem
ModifyMenuW
IsCharLowerW
MapVirtualKeyExW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
CharUpperBuffW
UpdateLayeredWindow
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
GetComboBoxInfo
DestroyCursor
GetWindowRgn
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetMenuItemInfoW
GetDlgCtrlID
EnableWindow
FillRect
GetClientRect
InvalidateRect
RedrawWindow
UpdateWindow
EqualRect
GetClassNameW
IsWindow
SendMessageW
GetSystemMetrics
ReleaseDC
GetDC
GetWindowRect
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
CallWindowProcW
GetMessageTime
GetMessagePos
PostThreadMessageW
PeekMessageW
DispatchMessageW
CharNextExA
CharLowerW
GetParent
PtInRect
ScreenToClient
DrawFocusRect
GetFocus
LoadCursorW
DefWindowProcW
GetClassInfoW
GetKeyState
KillTimer
SetTimer
UnregisterClassW
GetWindowDC
GetDesktopWindow
FindWindowA
FindWindowW
IsWindowVisible
PostMessageW
GetWindowLongW
LoadStringW
SetRectEmpty
MsgWaitForMultipleObjects
SetWindowTextW
EnumChildWindows
GetMenuItemCount
GetMenuItemID
SetMenuItemInfoW
GetSubMenu
OffsetRect
GetClassLongW
SetClassLongW
GetWindowTextW
SendNotifyMessageW
GetIconInfo
SetRect
DrawIconEx
DestroyIcon
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
EndDialog
GetTabbedTextExtentW
ShowWindow
IsIconic
SetWindowPos
SetActiveWindow
DrawIcon
PostQuitMessage
SetLayeredWindowAttributes
CopyRect
MonitorFromWindow
GetMonitorInfoW
SetForegroundWindow
SystemParametersInfoW
RegisterWindowMessageW
LoadIconW
TrackMouseEvent
SetWindowsHookExW
MessageBoxW
GetDlgItem
SetDlgItemTextW
DrawTextW
MoveWindow
UnhookWindowsHookEx
CallNextHookEx
AllowSetForegroundWindow
SetWindowLongW
ShowScrollBar
GetSysColor

gdi32

MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SetTextAlign
SetROP2
SetWindowOrgEx
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
CreateSolidBrush
CreateRectRgn
GetTextExtentPointW
GetDIBits
GetTextExtentPoint32W
GetStockObject
CreateFontW
GetDeviceCaps
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
SetTextColor
SetBkColor
GetTextMetricsW
CreateFontIndirectW
GetObjectW
OffsetWindowOrgEx
Polyline
GetTextFaceW
SetPixelV
GetViewportOrgEx
GetWindowOrgEx
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
SetPaletteEntries
ExtFloodFill
RoundRect
OffsetRgn
Rectangle
LPtoDP
SetDIBColorTable
StretchBlt
SetPixel
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
CreateRoundRectRgn
CopyMetaFileW
Polygon
CreatePolygonRgn
Ellipse
CreateEllipticRgn
GetRgnBox
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
GetTextColor
GetBkColor
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CreateRectRgnIndirect
CombineRgn
CreateDCW
SetBkMode

comdlg32

GetOpenFileNameW

advapi32

CryptGenRandom
RegCreateKeyExW
CryptReleaseContext
ConvertSidToStringSidW
OpenThreadToken
CryptAcquireContextA
SetNamedSecurityInfoW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegQueryValueExA
RegOpenKeyExA
FreeSid
EqualSid
GetTokenInformation
OpenProcessToken
AllocateAndInitializeSid
CryptAcquireContextW

shell32

SHGetDesktopFolder
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHAppBarMessage
SHGetMalloc
DragQueryFileW
DragFinish

ole32

StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
OleFlushClipboard
DoDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoRevokeClassObject
CoRegisterMessageFilter
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoGetClassObject
ReleaseStgMedium
OleDuplicateData
CoFreeUnusedLibraries
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeSecurity
StgCreateDocfileOnILockBytes
CoTaskMemAlloc
CoDisconnectObject
CoInitialize
CoInitializeEx
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
OleIsCurrentClipboard

oleaut32

VarBstrFromDate
LoadTypeLi
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
OleCreateFontIndirect
SysAllocStringLen
VariantChangeType
VariantInit
VarBstrCmp
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayGetElemsize
SafeArrayGetElement
SafeArrayUnlock
SafeArrayDestroy
VariantClear
SysAllocString
SysFreeString
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound

msimg32

AlphaBlend
TransparentBlt

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathFindExtensionW

uxtheme

GetThemeColor
DrawThemeText
OpenThemeData
CloseThemeData
DrawThemeBackground
GetCurrentThemeName
GetThemeSysColor
GetWindowTheme
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeParentBackground

oledlg

OleUIBusyW

urlmon

CoInternetSetFeatureEnabled
URLDownloadToFileA

gdiplus

GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipAlloc
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipDeleteGraphics
GdiplusStartup
GdipFree
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipCloneImage
GdipGetImagePaletteSize

wininet

InternetQueryOptionA
DetectAutoProxyUrl
InternetCloseHandle

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

msi

ord145
ord246
ord103
ord8
ord17
ord70
ord125
ord74

winmm

PlaySoundW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 698KB - Virtual size: 697KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 788KB - Virtual size: 787KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/LogMeInXP.exe
.exe windows x86

a1f607e95543d4a1d86b76f80f621764

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1c:68:3f:7b:8f:fb:cd:ac:e1:92:7d:58:8d:49:06:cf
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/09/2015, 00:00

Not After

07/11/2018, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

92:98:cc:85:56:89:54:e8:27:e3:42:c2:02:7a:c0:18:50:ed:e7:72
Signer

Actual PE Digest

92:98:cc:85:56:89:54:e8:27:e3:42:c2:02:7a:c0:18:50:ed:e7:72

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

03/02/2016, 16:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
CloseHandle
GetLocalTime
CreateMutexW
OpenMutexW
WriteFile
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryExW
GetModuleFileNameW
WaitForSingleObject
CreateFileW
ReleaseMutex
RtlUnwind
GetCommandLineW
HeapAlloc
EncodePointer
DecodePointer
RaiseException
HeapFree
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
SetStdHandle
WriteConsoleW
GetStringTypeW
HeapReAlloc
FlushFileBuffers
HeapSize
LCMapStringW

advapi32

RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/O2MRunner.dll
.dll windows x86

edb32eb360fe8da7b0c272d0d1b41490

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:c9:38:d8:14:77:0b:40:d7:e8:c6:f4:f0:05:8a:6b:b3:00:9f:ea:5d:7a:5d:e8:a4:60:50:10:20:3a:b9:a7
Signer

Actual PE Digest

2d:c9:38:d8:14:77:0b:40:d7:e8:c6:f4:f0:05:8a:6b:b3:00:9f:ea:5d:7a:5d:e8:a4:60:50:10:20:3a:b9:a7

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
UnloadUserProfile
LoadUserProfileW

kernel32

GetExitCodeProcess
GetSystemDirectoryW
LocalFree
CreateFileW
WriteFile
ReadFile
SetHandleInformation
CreatePipe
CreateProcessW
GetModuleFileNameW
CloseHandle
WaitForMultipleObjects
GetLastError
CreateEventW
SetEvent
IsProcessorFeaturePresent
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
GetProcessHeap
GetFileSizeEx
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
InitializeCriticalSectionEx
Sleep
GetTimeZoneInformation
FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetTickCount
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
SetLastError
MultiByteToWideChar
GetFileSize
WideCharToMultiByte
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
TlsAlloc
DeleteCriticalSection
TlsGetValue
TlsFree
HeapCreate
HeapDestroy
HeapAlloc
HeapSize
HeapFree
HeapReAlloc
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetFileTime
SetFileTime
FindClose
GetFileAttributesW
VerSetConditionMask
VerifyVersionInfoW
GetCurrentProcess
lstrcmpiA
FormatMessageA
SetErrorMode
GetModuleHandleA
GetProcAddress
FreeLibrary
GetCurrentProcessId
LoadLibraryA
ExitProcess
RaiseException
GetProductInfo
GetSystemDirectoryA
GetProcessTimes
OpenThread
GetThreadTimes
GetTempPathA
GetPrivateProfileStringA
GlobalFree
WaitForSingleObjectEx
GetExitCodeThread
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
WaitForSingleObject
InitOnceComplete
InitOnceBeginInitialize
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
GetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
GetStringTypeW
EncodePointer
DecodePointer
LCMapStringEx
GetModuleHandleW
CompareStringEx
GetCPInfo
GetLocaleInfoEx
InitializeCriticalSectionAndSpinCount
GetStdHandle
GetEnvironmentVariableW
GetFileType
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryW
FindFirstFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTime
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
InterlockedFlushSList
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW

advapi32

CryptReleaseContext
CryptGetKeyParam
CryptExportKey
DeregisterEventSource
RegisterEventSourceW
RegQueryValueExW
RegSetValueExW
RegDeleteTreeW
RegCreateKeyExW
RegDeleteKeyValueW
CryptGenRandom
CryptAcquireContextW
RegDeleteKeyExW
OpenProcessToken
AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
CryptAcquireContextA
CryptImportKey
ReportEventW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo
LogonUserW
CreateProcessAsUserW
CryptSetHashParam
CryptGetProvParam
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptEnumProvidersW
CryptSignHashW
CryptGetUserKey

shell32

SHGetFolderPathW

crypt32

CertCloseStore
CertOpenStore
CryptUnprotectData
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptProtectData

ws2_32

getservbyport
ntohs
inet_ntoa
htonl
getservbyname
htons
gethostbyname
inet_addr
WSASetLastError
getsockopt
gethostname
shutdown
select
send
recv
connect
WSAGetLastError
WSACleanup
closesocket
socket
WSAStartup
getsockname
inet_pton
setsockopt
gethostbyaddr

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

secur32

InitializeSecurityContextA
AcquireCredentialsHandleA
FreeContextBuffer
CompleteAuthToken
FreeCredentialsHandle
DeleteSecurityContext
QuerySecurityPackageInfoA

wininet

InternetInitializeAutoProxyDll
DetectAutoProxyUrl

bcrypt

BCryptGenRandom

user32

GetProcessWindowStation
CharNextExA
GetSystemMetrics
MessageBoxW
GetUserObjectInformationW

Exports

Exports

O2MRunner_ClearImpersonationCredentials
O2MRunner_CreateServiceHandler
O2MRunner_DestroyServiceHandler
O2MRunner_SetImpersonationCredentials
O2MRunner_StartTaskRunner

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 448KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/TouchFilter.cat
x86/TouchFilter.inf
x86/TouchFilter.sys
.exe windows x86

b685c7ac4ce27b8c7385bbc64ce0db19

Code Sign

03:23:91:2f:f1:df:a4:f8:b0:86:77:a2:35:58:73:9d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/11/2018, 00:00

Not After

24/11/2021, 12:00

Subject

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:25:3a:27:38:69:0a:34:51:c1:00:00:00:00:00:25
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/09/2018, 21:30

Not After

06/09/2019, 21:30

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

95:e3:06:d7:50:c5:5e:89:0b:d0:45:a0:de:78:8c:56:8e:18:28:71:ad:cb:f9:13:9f:8b:6f:da:6e:12:95:fd
Signer

Actual PE Digest

95:e3:06:d7:50:c5:5e:89:0b:d0:45:a0:de:78:8c:56:8e:18:28:71:ad:cb:f9:13:9f:8b:6f:da:6e:12:95:fd

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

95:e3:06:d7:50:c5:5e:89:0b:d0:45:a0:de:78:8c:56:8e:18:28:71:ad:cb:f9:13:9f:8b:6f:da:6e:12:95:fd
Signer

Actual PE Digest

95:e3:06:d7:50:c5:5e:89:0b:d0:45:a0:de:78:8c:56:8e:18:28:71:ad:cb:f9:13:9f:8b:6f:da:6e:12:95:fd

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

27/11/2018, 10:12
Valid: true

Chain 1

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

DbgPrint
memset
RtlCopyUnicodeString

wdfldr.sys

WdfVersionUnbindClass
WdfVersionBindClass
WdfVersionUnbind
WdfVersionBind

Sections

.text
Size: 1024B - Virtual size: 865B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/Vista/LMIRfsDriver.sys
.exe windows x86

5a302fec82293b4539f4ddf55930f8aa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:c5:0c:01:52:ab:6d:16:2b:83:2a:c3:52:8b:10:f1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/10/2006, 00:00

Not After

11/10/2009, 23:59

Subject

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:1c:26:3a:9a:1e:ce:f2:4d:d7:b3:c3:e1:24:aa:48:c3:4c:dc:6b
Signer

Actual PE Digest

e2:1c:26:3a:9a:1e:ce:f2:4d:d7:b3:c3:e1:24:aa:48:c3:4c:dc:6b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

27/02/2023, 09:32
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoRemoveShareAccess
CcUninitializeCacheMap
CcPurgeCacheSection
ExReleaseResourceLite
CcFlushCache
FsRtlGetNextFileLock
FsRtlFastUnlockAll
IoGetRequestorProcess
FsRtlNotifyCleanup
FsRtlNotifyFullChangeDirectory
ExAcquireResourceExclusiveLite
_except_handler3
_local_unwind2
IoFreeWorkItem
IoQueueWorkItem
IoAllocateWorkItem
IoSetTopLevelIrp
memmove
wcsrchr
wcschr
FsRtlDoesNameContainWildCards
KeGetCurrentThread
CcSetFileSizes
MmCanFileBeTruncated
MmFlushImageSection
IoSetShareAccess
IoCheckShareAccess
_abnormal_termination
RtlCopyUnicodeString
_snwprintf
wcslen
towupper
CcWaitForCurrentLazyWriterActivity
MmForceSectionClosed
ExReleaseResourceForThreadLite
FsRtlNotifyInitializeSync
ExInitializeResourceLite
KeInitializeSpinLock
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
MmMapLockedPagesSpecifyCache
FsRtlFastCheckLockForWrite
FsRtlFastCheckLockForRead
IoGetCurrentProcess
FsRtlProcessFileLock
KeQuerySystemTime
CcCopyRead
ExAcquireResourceSharedLite
CcSetReadAheadGranularity
CcInitializeCacheMap
FsRtlCheckLockForReadAccess
CcMdlReadComplete
IofCompleteRequest
KeWaitForSingleObject
KeLeaveCriticalRegion
KeEnterCriticalRegion
KeSetEvent
ExQueueWorkItem
ExDeleteResourceLite
ZwClose
IoDeleteSymbolicLink
RtlInitUnicodeString
IoDeleteDevice
ExDeleteNPagedLookasideList
FsRtlCopyWrite
FsRtlCopyRead
ExInitializeNPagedLookasideList
IoCreateSymbolicLink
IoCreateDevice
ZwCreateDirectoryObject
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
SeReleaseSubjectContext
SeUnlockSubjectContext
SeQueryAuthenticationIdToken
SeLockSubjectContext
SeCaptureSubjectContext
RtlEqualUnicodeString
ObfReferenceObject
ObfDereferenceObject
FsRtlNotifyUninitializeSync
RtlCompareUnicodeString
FsRtlInitializeFileLock
FsRtlUninitializeFileLock
FsRtlNotifyFullReportChange
FsRtlDeregisterUncProvider
IoUnregisterFileSystem
IoRegisterFileSystem
FsRtlRegisterUncProvider
wcsncmp
ObReferenceObjectByHandle
CcCopyWrite
CcPrepareMdlWrite
FsRtlCheckLockForWriteAccess
ExAcquireSharedStarveExclusive
CcMdlWriteComplete
KeInitializeEvent
CcMdlRead
ExFreePool
_wcsnicmp

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/Vista/LMIinfo.sys
.exe windows x86

d5d239cb5b9a2e75d73c841fdd1417ca

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:7b:7e:4f:14:bb:04:bf:34:c2:66:86:a6:1a:bd:a0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/09/2012, 00:00

Not After

10/10/2015, 23:59

Subject

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:bb:72:63:d8:d8:f8:ca:30:4c:89:f2:54:48:5f:eb:95:43:6a:33
Signer

Actual PE Digest

6c:bb:72:63:d8:d8:f8:ca:30:4c:89:f2:54:48:5f:eb:95:43:6a:33

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

11/01/2013, 09:35
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeAnsiString
strncpy
RtlUnicodeStringToAnsiString
ObQueryNameString
_except_handler3
ObfDereferenceObject
ObReferenceObjectByHandle
ZwClose
ZwDuplicateObject
ZwOpenProcess
KeDetachProcess
KeAttachProcess
PsLookupProcessByProcessId
IofCompleteRequest
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
ExFreePoolWithTag
wcslen
ExAllocatePoolWithTag
ZwQueryValueKey
ZwOpenKey

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 266B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 634B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/Vista/LMImirr.cat
x86/Vista/LMImirr.dll
.dll windows x86

9ef4cf7d2f8d21095fd621e3300926cd

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:c5:0c:01:52:ab:6d:16:2b:83:2a:c3:52:8b:10:f1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/10/2006, 00:00

Not After

11/10/2009, 23:59

Subject

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:ec:8b:51:82:8a:33:82:ff:ce:a7:08:29:a6:54:7d:69:01:23:b0
Signer

Actual PE Digest

23:ec:8b:51:82:8a:33:82:ff:ce:a7:08:29:a6:54:7d:69:01:23:b0

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

27/02/2023, 09:32
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

win32k.sys

EngUnloadImage
EngFindImageProcAddress
EngLoadImage
EngFreeMem
EngAllocMem
EngDeletePalette
EngModifySurface
EngCreateDeviceSurface
EngUnmapEvent
EngDeleteSurface
EngCreatePalette
EngCopyBits
EngBitBlt
EngTextOut
EngStrokePath
EngFillPath
EngStrokeAndFillPath
EngPlgBlt
EngStretchBlt
EngStretchBltROP
EngLineTo
EngAlphaBlend
EngTransparentBlt
EngGradientFill
EngSetEvent
EngMapEvent
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 609B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 652B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 382B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/Vista/LMImirr.inf
x86/Vista/LMImirr.sys
.exe windows x86

518167d6aeefde1975592d28cbae7110

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:c5:0c:01:52:ab:6d:16:2b:83:2a:c3:52:8b:10:f1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/10/2006, 00:00

Not After

11/10/2009, 23:59

Subject

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:03:72:82:51:dc:7c:ed:a0:0b:77:f8:0f:5a:72:0e:99:b7:f3:a8
Signer

Actual PE Digest

5f:03:72:82:51:dc:7c:ed:a0:0b:77:f8:0f:5a:72:0e:99:b7:f3:a8

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

27/02/2023, 09:32
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeTickCount

videoprt.sys

VideoPortZeroMemory
VideoPortInitialize

Sections

.text
Size: 256B - Virtual size: 214B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 198B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 256B - Virtual size: 222B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/Vista/LMImirr2.dll
.exe windows x86

bdf655d478f0384765ba2f10718461c9

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:c5:0c:01:52:ab:6d:16:2b:83:2a:c3:52:8b:10:f1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/10/2006, 00:00

Not After

11/10/2009, 23:59

Subject

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:11:f0:86:68:4a:19:40:ef:07:79:04:ce:d2:92:a4:94:d9:bb:bd
Signer

Actual PE Digest

07:11:f0:86:68:4a:19:40:ef:07:79:04:ce:d2:92:a4:94:d9:bb:bd

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

27/02/2023, 09:32
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoFreeMdl
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
_except_handler3
MmUnlockPages
MmUnmapLockedPages
ExAllocatePoolWithTag
ExFreePool
ObReferenceObjectByHandle
ObfDereferenceObject
KeWaitForSingleObject
_allmul
KeReleaseMutex
memmove
KeTickCount

Exports

Exports

AcquireMutex
AllocScreen
CopyScreenArea
FreeScreen
GetVersion
Map
MapUserModeMutex
Memmove
ReleaseMutex
UnMap
UnMapUserModeMutex

Sections

.text
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 384B - Virtual size: 291B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 114B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/Vista/radpms.cat
x86/Vista/radpms.inf
x86/Vista/radpms.sys
.exe windows x86

5e75957cf7cc43010e1e26681e44f50e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:2b:2c:3c:d8:59:f9:61:d9:21:22:92:a7:2c:20:8b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/10/2009, 00:00

Not After

10/10/2012, 23:59

Subject

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:e9:55:bb:9e:e1:16:c0:d2:bf:29:3e:dc:09:70:94:0b:f5:ab:35
Signer

Actual PE Digest

46:e9:55:bb:9e:e1:16:c0:d2:bf:29:3e:dc:09:70:94:0b:f5:ab:35

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

17/05/2010, 14:41
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateSymbolicLink
IoDeleteDevice
IoAttachDeviceToDeviceStack
ExAllocatePoolWithTag
IoCreateDevice
RtlInitUnicodeString
IoGetDeviceProperty
memcpy
memset
IofCompleteRequest
KeSetEvent
DbgPrint
KeWaitForSingleObject
PoRequestPowerIrp
KeInitializeEvent
IoDetachDevice
ExFreePoolWithTag
IoDeleteSymbolicLink
IofCallDriver
PoCallDriver
PoStartNextPowerIrp
PoSetPowerState
KeTickCount
KeBugCheckEx

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 253B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 690B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/cppwinrtdll.dll
.dll windows x86

23602e4a8a9f7ceeb2cdc682d4bc966e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:7e:03:8e:5e:bb:5d:db:5d:6f:4f:c4:81:d6:a2:1a:0c:04:6c:8e:65:03:53:6b:3b:f1:0a:2e:11:3d:bd:68
Signer

Actual PE Digest

07:7e:03:8e:5e:bb:5d:db:5d:6f:4f:c4:81:d6:a2:1a:0c:04:6c:8e:65:03:53:6b:3b:f1:0a:2e:11:3d:bd:68

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable

api-ms-win-core-synch-l1-1-0

SetEvent
InitializeCriticalSectionAndSpinCount
CreateEventW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeSRWLock
ResetEvent
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetStartupInfoW
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetFilePointerEx
GetFileType
GetStdHandle
FlushFileBuffers
LCMapStringW
HeapFree
HeapAlloc
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
WriteFile
GetConsoleCP
DecodePointer
WriteConsoleW
CreateFileW
HeapReAlloc
HeapSize
GetStringTypeW
SetStdHandle
GetConsoleMode
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
SetLastError
GetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetProcessHeap

ole32

CoIncrementMTAUsage

oleaut32

SysFreeString

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

Exports

Exports

drop_cppwinrtdll
make_cppwinrtdll

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/dbghelp.dll
.dll windows x86

515ee46e8930abe46e0569a1a18643ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_initterm
_adjust_fdiv
__dllonexit
_except_handler3
wcscmp
memmove
_ftol
swprintf
calloc
wcscat
_ltoa
__CxxFrameHandler
_wcsicmp
_wsplitpath
_wcsnicmp
towlower
wcsncmp
__unDName
wcsncpy
_wfopen
fopen
_osver
fclose
fread
fseek
_CxxThrowException
bsearch
_snwprintf
mbstowcs
wcstol
_mbsnbcpy
fflush
_iob
time
_wmakepath
wcsrchr
_strnicmp
_wcsdup
ftell
_wgetenv
_mbsicmp
_fullpath
_access
_fsopen
_wfsopen
_sopen
_wsopen
_wfullpath
_read
_write
_lseeki64
_chsize
_close
_open_osfhandle
_waccess
_mbscmp
_memicmp
wcsncat
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_itoa
printf
_vsnprintf
strncat
tolower
_strcmpi
_makepath
_purecall
malloc
free
_strlwr
isspace
ctime
strstr
??2@YAPAXI@Z
??3@YAXPAX@Z
qsort
strncmp
isxdigit
wcslen
sprintf
_onexit
wcscpy
strrchr
strncpy
_splitpath
_stricmp
strchr
wprintf

kernel32

CreateFileMappingW
DeviceIoControl
ExpandEnvironmentStringsW
CopyFileA
Sleep
CopyFileW
GetFileAttributesW
SetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LCMapStringA
GetDriveTypeW
GetDriveTypeA
SetEndOfFile
MapViewOfFileEx
FlushViewOfFile
SetFileAttributesA
CreateThread
TerminateThread
SuspendThread
GetThreadSelectorEntry
GetCurrentThreadId
GetCurrentProcess
UnmapViewOfFile
GetEnvironmentVariableA
SetLastError
CloseHandle
CreateFileA
GetLastError
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetFullPathNameA
LocalAlloc
LocalFree
lstrcpyA
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
GetProcAddress
GetModuleHandleA
lstrlenA
HeapDestroy
HeapCreate
DisableThreadLibraryCalls
GetVersionExA
MapViewOfFile
CreateFileMappingA
FreeLibrary
GetFileSize
LoadLibraryA
DuplicateHandle
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
VirtualFree
SetErrorMode
GetFileAttributesA
ReadProcessMemory
VirtualProtect
VirtualAlloc
DeleteFileW
WriteFile
CreateFileW
OutputDebugStringA
GetSystemInfo
GetSystemTimeAsFileTime
VirtualQueryEx
GetProcessHeap
ResumeThread
GetThreadContext

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
StackWalk
StackWalk64
SymCleanup
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromName
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromName
SymGetLineFromName64
SymGetLineNext
SymGetLineNext64
SymGetLinePrev
SymGetLinePrev64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetSearchPath
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetTypeFromName
SymGetTypeInfo
SymInitialize
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymMatchFileName
SymMatchString
SymRegisterCallback
SymRegisterCallback64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSetContext
SymSetOptions
SymSetSearchPath
SymSetSymWithAddr64
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnmapDebugInformation
WinDbgExtensionDllInit
dbghelp
dh
lm
lmi
omap
srcfiles
sym
vc7fpo

Sections

.text
Size: 437KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/ksu.dll
.dll windows x86

9b642bd0569e490c1702ef3771d3d526

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:1f:98:60:33:1a:3f:bd:93:05:7c:e5:7b:62:99:69:41:8e:86:7b:86:2a:b4:f5:5e:9c:59:ae:96:12:82:4b
Signer

Actual PE Digest

ba:1f:98:60:33:1a:3f:bd:93:05:7c:e5:7b:62:99:69:41:8e:86:7b:86:2a:b4:f5:5e:9c:59:ae:96:12:82:4b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsFree
EnterCriticalSection
TlsSetValue
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
SetLastError
GetTickCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
SystemTimeToFileTime
QueryPerformanceFrequency
FileTimeToSystemTime
GetTimeZoneInformation
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionEx
SetEvent
ReadFile
GetExitCodeProcess
SetHandleInformation
CreatePipe
WaitForSingleObject
WaitForMultipleObjects
CreateProcessW
GetLastError
WriteConsoleW
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetProcessHeap
GetConsoleCP
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
SetConsoleCtrlHandler
LoadLibraryExW
InterlockedFlushSList
RtlUnwind
GetSystemTime
ReadConsoleW
ReadConsoleA
CreateEventW
CloseHandle
LoadLibraryW
GetSystemDirectoryW
GetModuleFileNameW
GetCurrentProcess
HeapCreate
Sleep
HeapDestroy
HeapAlloc
HeapSize
HeapFree
HeapReAlloc
lstrcmpiA
SetFilePointer
WriteFile
FlushFileBuffers
SetEndOfFile
FindClose
ExitProcess
SetErrorMode
GetModuleHandleA
GetProcAddress
FreeLibrary
GetCurrentProcessId
LoadLibraryA
VerSetConditionMask
VerifyVersionInfoW
GetProductInfo
OpenProcess
GetProcessTimes
OpenThread
GetThreadTimes
GetSystemDirectoryA
GetTempPathA
GetPrivateProfileStringA
GlobalFree
GetStringTypeW
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetLocaleInfoEx
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
OutputDebugStringW
GetModuleHandleExW
GetStdHandle
GetEnvironmentVariableW
GetFileType
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
FindFirstFileW
FindNextFileW
GetConsoleMode
SetConsoleMode

user32

CharNextExA
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics
MessageBoxW

shell32

ShellExecuteW
SHGetKnownFolderPath

ole32

CoTaskMemFree

ws2_32

gethostname
gethostbyaddr
getsockname
inet_pton
inet_ntoa
htonl
getservbyname
htons
ntohs
getservbyport
gethostbyname
inet_addr
WSASetLastError
getsockopt
setsockopt
shutdown
select
send
recv
connect
WSAGetLastError
WSACleanup
closesocket
socket
WSAStartup

secur32

QuerySecurityPackageInfoA
CompleteAuthToken
DeleteSecurityContext
FreeContextBuffer
AcquireCredentialsHandleA
InitializeSecurityContextA
FreeCredentialsHandle

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

DetectAutoProxyUrl
InternetInitializeAutoProxyDll

bcrypt

BCryptGenRandom

msi

ord103
ord125
ord17
ord8
ord145
ord74
ord70
ord246

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

advapi32

CryptReleaseContext
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptGetProvParam
CryptSetHashParam
OpenProcessToken
AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptAcquireContextA
CryptGenRandom
ReportEventW
CryptImportKey
CryptDestroyKey
CryptGetUserKey
CryptGetKeyParam
CryptExportKey
DeregisterEventSource
RegisterEventSourceW

Exports

Exports

CreateKSUManager
DestroyKSUManager

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 430KB - Virtual size: 430KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/openssl.exe
.exe windows x86

6f7a6e9ccda4bdb7e1fbc26cb5ad4f41

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:d0:f0:9a:43:89:73:5b:b1:3b:87:05:43:14:14:45:cb:7d:65:84:00:eb:f0:5f:2e:dc:05:db:34:e4:84:f8
Signer

Actual PE Digest

32:d0:f0:9a:43:89:73:5b:b1:3b:87:05:43:14:14:45:cb:7d:65:84:00:eb:f0:5f:2e:dc:05:db:34:e4:84:f8

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

shutdown
__WSAFDIsSet
WSAGetLastError
socket
listen
connect
bind
accept
WSACleanup
WSAStartup
getsockname
ioctlsocket
getnameinfo
freeaddrinfo
getaddrinfo
ntohs
sendto
recvfrom
getsockopt
WSASetLastError
send
closesocket
recv
setsockopt
select

advapi32

CryptCreateHash
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
DeregisterEventSource
CryptDecrypt
CryptExportKey
CryptGetUserKey

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

bcrypt

BCryptGenRandom

kernel32

GetCurrentDirectoryW
GetFileSizeEx
GetFullPathNameW
GetFileAttributesExW
SetEndOfFile
GetNumberOfConsoleInputEvents
PeekConsoleInputA
HeapReAlloc
SetFileAttributesW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetFilePointerEx
SwitchToFiber
FlushFileBuffers
SetStdHandle
CloseHandle
GetLastError
PeekNamedPipe
Sleep
ExitProcess
CreateThread
TerminateThread
GetStdHandle
DeleteFileW
GetFileAttributesW
ReadFile
WriteFile
GetProcessTimes
GetCurrentProcessId
OpenProcess
GetSystemTime
MoveFileW
SystemTimeToFileTime
MultiByteToWideChar
PeekConsoleInputW
GetCommandLineW
GetEnvironmentVariableW
FindFirstFileW
FindNextFileW
WideCharToMultiByte
GetConsoleOutputCP
SetConsoleOutputCP
SetLastError
GetFileType
GetModuleHandleW
GetProcAddress
FormatMessageW
DecodePointer
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
FindClose
QueryPerformanceCounter
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryA
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
LCMapStringW
RtlUnwind
LoadLibraryExW
EncodePointer
RaiseException
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetConsoleCtrlHandler
GetModuleFileNameW
GetCommandLineA
HeapAlloc
HeapFree
CompareStringW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 454KB - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/psapi.dll
.dll windows x86

69c69277db2a092f4a3cfb6230e1e086

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntdll

NtCreateProfile
RtlUnicodeToOemN
RtlNtStatusToDosError
_stricmp
RtlUnwind
atoi
sprintf
NtStopProfile
NtAllocateVirtualMemory
NtSetIntervalProfile
NtStartProfile
DbgPrint
NtWriteFile
NtSetInformationProcess
NtQueryInformationProcess
NtQueryVirtualMemory
NtQuerySystemInformation

kernel32

MultiByteToWideChar
SetProcessWorkingSetSize
GetProcessWorkingSetSize
WideCharToMultiByte
ReadProcessMemory
UnmapViewOfFile
DisableThreadLibraryCalls
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
LocalFree
SetLastError
LocalAlloc
GetSystemInfo
CreateFileA
CloseHandle

imagehlp

SymGetSymFromAddr
SymInitialize
SymGetSearchPath
SymLoadModule
SymGetModuleInfo
FindExecutableImage
ImageNtHeader

Exports

Exports

EmptyWorkingSet
EnumDeviceDrivers
EnumProcessModules
EnumProcesses
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetMappedFileNameA
GetMappedFileNameW
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleInformation
GetProcessMemoryInfo
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/racodec.ax
.dll regsvr32 windows x86

4abb0f625fbf2d8151648c088a6f33cf

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:9b:a8:a1:ed:ab:bc:a0:e8:cb:60:93:62:d4:af:8e:f1:1f:1e:4c:c5:43:5d:4e:4b:36:bc:94:1f:de:33:b9
Signer

Actual PE Digest

d9:9b:a8:a1:ed:ab:bc:a0:e8:cb:60:93:62:d4:af:8e:f1:1f:1e:4c:c5:43:5d:4e:4b:36:bc:94:1f:de:33:b9

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
GetModuleHandleW
DecodePointer
WriteConsoleW
CreateFileW
ReadConsoleW
ReadFile
FreeLibrary
LoadLibraryW
CloseHandle
DuplicateHandle
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
CreateSemaphoreW
GetCurrentProcess
GetCurrentThreadId
GetSystemInfo
VirtualAlloc
VirtualFree
lstrcmpW
lstrcpynW
lstrlenW
GetModuleFileNameA
lstrlenA
MultiByteToWideChar
GetVersionExW
DisableThreadLibraryCalls
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
GetTickCount
GetProcAddress
lstrcmpiW
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
HeapReAlloc
GetStdHandle
GetFileType
HeapSize
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode

user32

RegisterWindowMessageW
DispatchMessageW
MessageBoxW
PostThreadMessageW
GetQueueStatus
MsgWaitForMultipleObjects
UnregisterClassW
PeekMessageW

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoFreeUnusedLibraries
CoTaskMemAlloc
CoInitialize
StringFromGUID2

oleaut32

SysFreeString
SysAllocString

winmm

timeSetEvent
timeGetTime

advapi32

RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueW
RegSetValueExW
RegCreateKeyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/radpms.cat
x86/radpms.inf
x86/radpms.sys
.exe windows x86

aee4b52b0d1d5af1871c14d34f27ee02

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:0d:35:88:01:02:e2:3d:23:40:f6:9e:b3:c0:e5:61
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/06/2015, 00:00

Not After

22/06/2018, 12:00

Subject

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:12:b0:54:93:ea:dd:ce:eb:4b:00:00:00:00:00:12
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/02/2016, 00:59

Not After

12/05/2017, 00:59

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:0b:17:c4:88:bd:10:9f:b8:00:9a:5b:0e:a9:82:30:43:25:bb:3e:f0:63:25:9a:fb:e4:a7:d8:43:00:71:95
Signer

Actual PE Digest

12:0b:17:c4:88:bd:10:9f:b8:00:9a:5b:0e:a9:82:30:43:25:bb:3e:f0:63:25:9a:fb:e4:a7:d8:43:00:71:95

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:32
Valid: false

40:d9:41:0c:4f:e2:a8:f4:f7:08:5b:3f:82:ad:52:cd:b9:5e:8c:6d
Signer

Actual PE Digest

40:d9:41:0c:4f:e2:a8:f4:f7:08:5b:3f:82:ad:52:cd:b9:5e:8c:6d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

10/01/2017, 10:59
Valid: true

Chain 1

SERIALNUMBER=3830661,CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,POSTALCODE=02210,STREET=320 Summer Street,L=Boston,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IofCallDriver
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDetachDevice
IoGetDeviceProperty
memcpy
KeInitializeEvent
IoAttachDeviceToDeviceStack
KeWaitForSingleObject
PoRequestPowerIrp
IoDeleteSymbolicLink
PoRegisterPowerSettingCallback
PoUnregisterPowerSettingCallback
PoSetPowerState
KeBugCheckEx
RtlCopyUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlGetVersion
KeSetEvent
DbgPrint

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 826B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/rainst.exe
.exe windows x86

bacbebda763b2d63f2f22061a86869df

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:d1:58:aa:68:57:ce:eb:88:5a:62:d9:79:97:2b:b8:9d:3a:c7:1e:10:96:b3:d0:b5:83:32:a1:a7:98:c0:ae
Signer

Actual PE Digest

14:d1:58:aa:68:57:ce:eb:88:5a:62:d9:79:97:2b:b8:9d:3a:c7:1e:10:96:b3:d0:b5:83:32:a1:a7:98:c0:ae

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

sendto
send
connect
inet_ntoa
getpeername
ntohs
socket
gethostbyaddr
gethostname
getservbyport
getservbyname
WSASetLastError
WSAGetLastError
closesocket
WSAStartup
WSACleanup
setsockopt
recv
getsockname
htonl
htons
ntohl
inet_addr
gethostbyname

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW

crypt32

CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertGetCertificateContextProperty

setupapi

SetupDiCreateDeviceInfoList
SetupCopyOEMInfW
SetupDiGetDriverInfoDetailW
SetupUninstallOEMInfW
CM_Reenumerate_DevNode
CM_Locate_DevNodeW
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceRegistryPropertyW
SetupDiRemoveDevice
SetupDiInstallDevice
SetupDiCallClassInstaller
SetupDiGetClassDevsW
SetupDiSetSelectedDriverW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiCreateDeviceInfoW
SetupDiDestroyDriverInfoList

kernel32

GetCurrentThread
GetCurrentThreadId
SetCurrentDirectoryA
GetCurrentDirectoryA
VirtualQuery
GetModuleFileNameA
CreateDirectoryW
GetFileAttributesW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetTickCount
GetModuleHandleA
GetLocalTime
DecodePointer
RaiseException
SetLastError
InitializeCriticalSectionEx
SetEvent
WaitForSingleObject
CreateEventA
WaitForMultipleObjects
LocalFree
ExpandEnvironmentStringsW
FindClose
lstrlenW
CompareFileTime
GetFileSize
ReadFile
WriteFile
GetExitCodeProcess
GetSystemTimeAsFileTime
LocalAlloc
SystemTimeToFileTime
GetEnvironmentVariableA
CreateDirectoryA
CreateFileA
DeleteFileA
GetFileAttributesA
SetFilePointer
SetUnhandledExceptionFilter
SetThreadPriority
SuspendThread
GetThreadContext
GetSystemDirectoryA
GetWindowsDirectoryA
LoadLibraryA
DeleteFileW
GetWindowsDirectoryW
MoveFileW
MoveFileExW
GetTempPathA
GetExitCodeThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
MultiByteToWideChar
CreateThread
LoadResource
LockResource
FindResourceW
CreateFileW
FormatMessageW
WideCharToMultiByte
FindFirstFileW
FindNextFileW
RemoveDirectoryW
GetTimeZoneInformation
FileTimeToSystemTime
QueryPerformanceFrequency
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetStdHandle
GetEnvironmentVariableW
GetFileType
GetModuleHandleW
GetModuleHandleExW
DeleteFiber
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetLastError
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
GetProcAddress
FreeLibrary
WaitForSingleObjectEx
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
IsProcessorFeaturePresent
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetCurrentProcessId
GetCurrentProcess
CloseHandle
SetFilePointerEx
GetFileSizeEx
GetProcessHeap
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCommandLineW
GetCommandLineA
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
LoadLibraryW
InitializeSRWLock
SleepConditionVariableSRW
SleepConditionVariableCS
GetDriveTypeW
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
WakeAllConditionVariable
RtlUnwind
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
UnhandledExceptionFilter
GetLocaleInfoEx
WakeConditionVariable
InitializeConditionVariable
GetStringTypeW
HeapReAlloc
HeapFree
HeapSize
HeapAlloc
GetThreadTimes
OpenThread
GetProcessTimes
OpenProcess
ExitProcess
GetModuleFileNameW
GetSystemWow64DirectoryW
IsWow64Process
GetSystemDirectoryW
SetErrorMode
GetProductInfo
VerifyVersionInfoW
VerSetConditionMask
ReleaseMutex
CreateEventW
FlushFileBuffers
SetEndOfFile
GetFileTime
ResetEvent

user32

CharNextExA
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
CharLowerW
FindWindowW
SendMessageTimeoutW
GetSystemMetrics

winspool.drv

EnumPrintProcessorsW
AddMonitorW
DeleteMonitorW
AddPrintProcessorW
DeletePrinterDriverW
EnumMonitorsW
DeletePrintProcessorW
GetPrinterDriverDirectoryW
EnumPrinterDriversW
GetPrintProcessorDirectoryW
AddPrinterDriverW

advapi32

CryptDecrypt
CryptAcquireContextA
ConvertSidToStringSidW
OpenThreadToken
GetTokenInformation
OpenProcessToken
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptGenRandom
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
OpenSCManagerW
OpenServiceW
StartServiceW
DeleteService
ControlService
RegOpenKeyW
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
GetLengthSid
QueryServiceStatus
CloseServiceHandle
RegQueryInfoKeyW
RevertToSelf
FreeSid
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoRevertToSelf

bcrypt

BCryptGenRandom

newdev

DiUninstallDevice
UpdateDriverForPlugAndPlayDevicesW

msi

ord70
ord74
ord145
ord8
ord17
ord246
ord103
ord125

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/ramaint.exe
.exe windows x86

ac921af4808f09ca918a9d90ca77eeeb

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:5d:71:0d:1f:f4:39:af:b7:f3:29:c3:0e:96:4f:9e:29:63:57:33:a5:9e:08:87:ba:11:c5:60:29:b8:ad:0e
Signer

Actual PE Digest

70:5d:71:0d:1f:f4:39:af:b7:f3:29:c3:0e:96:4f:9e:29:63:57:33:a5:9e:08:87:ba:11:c5:60:29:b8:ad:0e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA

kernel32

CreateDirectoryA
CreateFileA
DeleteFileA
GetFileAttributesA
GetFileSize
SetFilePointer
WriteFile
CloseHandle
SetUnhandledExceptionFilter
GetLastError
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
SuspendThread
GetThreadContext
GetLocalTime
GetTickCount
GetSystemDirectoryA
GetWindowsDirectoryA
SetLastError
GetProcAddress
WaitForSingleObject
Sleep
TerminateProcess
RaiseException
GetExitCodeThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
GetTimeFormatW
GetDateFormatW
GetModuleFileNameA
FreeLibrary
VirtualQuery
GetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
LoadLibraryW
GetModuleFileNameW
GetSystemWow64DirectoryW
IsWow64Process
GetSystemDirectoryW
GetCurrentProcess
LCMapStringW
SetEvent
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleHandleExW
WriteConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetProcessHeap
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetStartupInfoW
IsDebuggerPresent
GetModuleHandleW
VerSetConditionMask
VerifyVersionInfoW
GetProductInfo
ExitProcess
HeapAlloc
HeapSize
HeapFree
HeapReAlloc
GetSystemTimeAsFileTime
GetTimeZoneInformation
QueryPerformanceCounter
FlushFileBuffers
FindClose
GetStringTypeW
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateEventW
GetLocaleInfoW

user32

CharLowerW
GetSystemMetrics

advapi32

RegOpenKeyExW
RegQueryValueExW
SetServiceStatus
CloseServiceHandle
RevertToSelf
RegCloseKey

ole32

CoRevertToSelf

Sections

.text
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/rntfywnd.dll
.dll windows x86

633245cc04fdc3c9108358481814dcc4

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:c1:7b:83:bf:c4:3f:bb:74:cc:f1:1a:b4:a9:46:33:6d:d7:60:44:29:f6:ae:29:48:4e:b8:c4:7b:ff:09:21
Signer

Actual PE Digest

08:c1:7b:83:bf:c4:3f:bb:74:cc:f1:1a:b4:a9:46:33:6d:d7:60:44:29:f6:ae:29:48:4e:b8:c4:7b:ff:09:21

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointerEx
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
GetFileType
SetStdHandle
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
CloseHandle
CreateFileW
GetCurrentThreadId
Sleep
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
LoadLibraryW
GetModuleFileNameW
GetSystemWow64DirectoryW
IsWow64Process
GetSystemDirectoryW
GetCurrentProcess
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
EncodePointer
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
RtlUnwind
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
WriteConsoleW

user32

LoadCursorW
LoadBitmapW
SetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
WindowFromPoint
ClientToScreen
GetCursorPos
GetWindowRect
GetWindowTextW
SetWindowTextW
InvalidateRect
SetWindowRgn
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
DrawTextW
DeleteMenu
GetSystemMenu
SystemParametersInfoW
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetCapture
SetWindowPos
MoveWindow
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
SendMessageW
RegisterWindowMessageW
GetUserObjectInformationW
GetThreadDesktop
CloseDesktop
OpenInputDesktop
GetSystemMetrics

gdi32

MoveToEx
GetObjectW
GetTextMetricsW
SetTextColor
StretchBlt
SetBkMode
SelectObject
LineTo
GetStockObject
GetClipBox
GetCharWidthW
FrameRgn
FillRgn
DeleteObject
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgn
CreatePen
CreateFontIndirectW
CreateCompatibleDC

Exports

Exports

?CreateInstance@@YAPAUINotifyManager@@PAUHWND__@@PAUHINSTANCE__@@@Z
?InitComponents@@YAXPAUHINSTANCE__@@@Z

Sections

.text
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/zip.exe
.exe windows x86

2eb381c42cafa04b05dc1ec9378a5f8b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:98:7f:b6:f9:8f:24:10:d5:f7:af:5e:4e:7d:b8:f7:b2:99:b8:4d:3e:18:d1:05:56:2b:18:f9:78:48:f2:f4
Signer

Actual PE Digest

9e:98:7f:b6:f9:8f:24:10:d5:f7:af:5e:4e:7d:b8:f7:b2:99:b8:4d:3e:18:d1:05:56:2b:18:f9:78:48:f2:f4

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

25/11/2022, 12:03
Valid: true

Chain 1

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
InterlockedExchange
CreateMutexA
lstrcpynA
GetDriveTypeA
GetVolumeInformationA
lstrcmpiA
LeaveCriticalSection
EnterCriticalSection
lstrlenA
GetFileAttributesA
CreateFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetVersion
GetFileType
GetFileTime
ReadFile
SetConsoleMode
GetConsoleMode
FindNextFileA
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
GetFullPathNameA
CloseHandle
GetSystemTimeAsFileTime
MultiByteToWideChar
InterlockedDecrement
GetCPInfo
MoveFileA
SetStdHandle
GetFileInformationByHandle
PeekNamedPipe
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
SetConsoleCtrlHandler
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InterlockedIncrement
GetCommandLineA
GetVersionExA
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
Sleep
FatalAppExitA
GetCurrentDirectoryA
SetCurrentDirectoryA
WideCharToMultiByte
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteFile
GetModuleFileNameA
GetConsoleCP
RtlUnwind
HeapSize
SetFilePointer
FlushFileBuffers
FreeLibrary
LoadLibraryA
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetEndOfFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
DeleteFileA
SetFileAttributesA
RemoveDirectoryA
SetEnvironmentVariableW
GetExitCodeProcess
CreateProcessA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetKernelObjectSecurity
GetSecurityDescriptorLength

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2affc18c1d1b2fcd0047a0cb67552627

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fbCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

f8:7b:4f:b9:10:83:91:fb:70:1e:e0:c6:0b:5c:28:12:94:74:60:e4:54:8b:4c:3a:7d:65:0b:f4:0d:24:61:74Signer

Signature Validations

Verification

25/11/2022, 12:04 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

wininet

version

Exports

Exports

Sections

.text Size: 549KB - Virtual size: 548KB

.rdata Size: 176KB - Virtual size: 176KB

.data Size: 16KB - Virtual size: 39KB

.pdata Size: 25KB - Virtual size: 25KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 4KB - Virtual size: 4KB

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fbCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

37:9d:75:ac:9b:c4:aa:9a:d5:2a:e2:c5:19:23:43:8e:08:3c:6b:be:e0:35:88:0a:0b:d5:13:07:ef:fb:35:3dSigner

Signature Validations

Verification

25/11/2022, 12:04 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 188B

.rsrc Size: 298KB - Virtual size: 297KB

dcceb9d07116e088a4fd5bf23a82aec9

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

f8:7b:4f:b9:10:83:91:fb:70:1e:e0:c6:0b:5c:28:12:94:74:60:e4:54:8b:4c:3a:7d:65:0b:f4:0d:24:61:74
Signer

25/11/2022, 12:04
Valid: true

.text
Size: 549KB - Virtual size: 548KB

.rdata
Size: 176KB - Virtual size: 176KB

.data
Size: 16KB - Virtual size: 39KB

.pdata
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 4KB - Virtual size: 4KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

37:9d:75:ac:9b:c4:aa:9a:d5:2a:e2:c5:19:23:43:8e:08:3c:6b:be:e0:35:88:0a:0b:d5:13:07:ef:fb:35:3d
Signer

25/11/2022, 12:04
Valid: true

.rdata
Size: 512B - Virtual size: 188B

.rsrc
Size: 298KB - Virtual size: 297KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

90:b1:da:fe:16:5a:56:d6:5a:f2:da:b5:6d:d6:3f:80:1a:98:61:fe:6c:ce:1b:bd:d6:50:55:24:a9:b4:d6:fb
Signer

25/11/2022, 12:03
Valid: true

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 6KB - Virtual size: 22KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 299KB - Virtual size: 299KB

.reloc
Size: 2KB - Virtual size: 1KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:e6:b4:9e:d2:d0:31:4a:df:ee:23:32:8c:f3:62:ae
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

33:00:00:00:d1:69:66:1c:06:4a:07:c0:1c:00:00:00:00:00:d1
Certificate

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

73:9a:21:2a:d3:9e:f2:8d:38:0c:5f:94:41:2f:c2:73:1d:18:5d:e9:a0:ff:7f:2a:38:28:7b:26:3f:82:c3:c5
Signer

27/02/2023, 09:32
Valid: false

73:9a:21:2a:d3:9e:f2:8d:38:0c:5f:94:41:2f:c2:73:1d:18:5d:e9:a0:ff:7f:2a:38:28:7b:26:3f:82:c3:c5
Signer

13/09/2022, 14:33
Valid: true